andrew rosewarne, director of nmi gaming. presentation at gaming in holland 2016

Andrew RosewarneNMi Gaming DivisionDirector

Raising the Bar The expanding role and continuous improvement in Testing Labs

• Weights & Measures• Metering• Calibration• Auditing of processesTo ensure the consumer gets what they pay for - including• Gaming

The role of a certification body

The modern compliance manager has no appetite for Risk

The first questi

on

Then

Now

Best Practice in Testing• Game testing vs RNG testing• Simulation vs Theoretical (UK Level 3)• Randomness vs Returns• Identification of Software• Pre live testing vs post live auditing

• Malta• Alderney• Isle of Man• Gibraltar• Jersey• United Kingdom• Denmark• Belgium• Estonia• Romania

• Spain• Madrid• British Columbia• Quebec • Ontario• Manitoba• Italy• Latvia• Republika Srpska• Croatia

• Bulgaria• Lithuania• Delaware• Nevada• New Jersey• Philippines -

PAGCOR• Philippines - First

Cagayan• Portugal

Barriers to Entry Spain • 20+ labs (1 customer labs)• No ISO requirement

Denmark • No list• Continual monitoring of personnel involved• Problems for B2B situations

United Kingdom• Report level• Level 3

Romania – Financial barriers• 250K bank guarantee• Additional 6K fees per licence

Canada (BC, Quebec, Ontario) • Heavy investigative costs• Proof of competence

Czech Republic • ISO 17065

Don’t get left out in the cold• Only a small number of labs in the world that can

cover all these jurisdictions• Significant or unassailable barriers for new labs in

some areas

• Your business may depend on access to these markets• Work by a lab may not hold any status in a jurisdiction where they are not licenced.

B2B & B2C CertificationMost places accept B2B and B2C reports separately, or from the operator.Where a certification of the whole system is required by a single entity the process becomes more complex.

Spain

Romania

Example: RomaniaWhere NMi is the certifier for the Class 1 licencee we adopt the following position when dealing with integrated B2B suppliers and the documentation required:

• When presented with certification or test reports specifically covering the requirements of the jurisdiction of Romania as detailed in Order no. 93/2016, issued by a Romanian Class 2 licenced lab, we accept these without the requirement for any further work and incorporate them into the Class 1 certification.

• When presented with reports not specifically covering the requirements of the jurisdiction of Romania but confirming the RTP (e.g UK reports), issued by a Romanian Class 2 licenced lab: we accept the RTP / maths component but request additional work by a Romanian Class 2 licenced lab covering Romanian requirements.

• Documents received from entities not licenced in Romania have no legal status in the certification process.

Expanded role of the Modern Test Lab• Platform Testing• Game Testing• Live Dealer Studio Audits• Policy Review• Change Management• Live RTP monitoring• Development best practice• Responsible Gaming• Anti Money Laundering

Expanded role of the Modern Test Lab

Security

• ISO 27001 or other audit• Non technical, good practice. Site visit.

• PCI ASV • Vulnerability Scanning• Penetration Testing

• Application Security• Static Code Analysis

• Social Engineering

Lab Qualifications: ISO’s17025 – Testing17020 – Inspection17021 – Required to certify to ISO 27001.

UKGC - “the name of the audit firm and how they are suitably qualified to test compliance with BS ISO/IEC 27001:2013 (ISO 27001)”

17065 – Czech Republic

PCI-ASVWorld Lottery Association

RTP MonitoringUKGC: “Licensees must ensure sufficient RTP monitoring is in place for both under and overpayments.”

What if your 96% game is returning 95.5%? As a business you have a problem.

What is your response? Looks about right – really?Too few a games. Not an adequate assessment.

“Volatility is vital to these calculations regardless of volume of play and will be a key parameter to include when establishing the allowable tolerance for each game”.

Explanation of volatilityThere is a method of confirming 95.5% is OK against hard edges.

If you have a best practice test report with these graphs

Content of Game Reports & how to read them• A report is NOT a certificate

• In the UK, and other areas where the lab is not a certifying body, test reports may contain details of significant failings.

• NMi include non compliances in the executive summary on page 1. • Not all reports are the same

• RISK: Do not file test reports without reading them and making your own assessment of whether the game is legal.

Confidence Volatility

ConclusionThere’s much more to a modern test lab than testing your RNG- A Multi Skilled and Multi National Team Multi Skilled

Doctorates, Masters and Degrees in pure mathematics and other numerate fields. Software engineers, IT systems engineers, ISO 27001 Lead Auditors and Security Specialists. Professional qualifications include; ISC2 CISSP, CISM, CEH, Prince II.

Multi National

Local knowledge is the key to understanding compliance issues and the NMi team is comprised of experienced professionals across Europe with offices in the UK, Canada, Italy and the Netherlands.

www.nmi-gaming.comFor more information contact sales@nmi-gaming.com