Section 1350-03-.04 - SEGREGATION OF DUTIES(1) Each Licensee shall maintain an organizational structure that meets the following minimum criteria designed to preserve the integrity of the Interactive Sports Gaming operation:(a) A system of personnel and chain of command which permits management and supervisory personnel to be held accountable for actions or omissions within their area of responsibility;(b) The segregation of incompatible functions so that no employee is in a position either to commit an error or perpetrate a fraud or to conceal an error or fraud in the normal course of his or her duties;(c) Primary and secondary supervisory positions which permit the authorization or supervision of necessary transactions at all relevant times; and(d) Areas of responsibility that are not so extensive as to be impractical for one individual to monitor.(2) In addition to satisfying the above requirements, each Licensee's organizational structure shall include, at a minimum, the following functions, responsibilities, and supervisory roles: (a) Accounting. 1. Each Licensee shall have one or more individuals responsible for and dedicated to verifying financial transactions, and reviewing and controlling accounting forms and data. This function, which is sometimes referred to as "income or revenue audit," shall be independent of the transactions under review.2. Key Personnel serving as accounting officer, or equivalent, shall supervise the accounting functions, responsibilities, and supervisory roles as provided for in this section.(b) Interactive Sports Gaming.1. Each Licensee shall have Interactive Sports Gaming functions, responsibilities, and supervisory roles for Interactive Sports Gaming, which shall be responsible for the conduct of the Interactive Sports Gaming in accordance with the Rules.2. Interactive Sports Gaming shall be supervised by a management-level employee who ensures that there is sufficient supervision, knowledge, and training to provide for the proper and fair conduct of sports gaming.3. Key Personnel shall supervise the Interactive Sports Wagering functions, responsibilities, and supervisory roles as provided for in this section.(c) Internal Audit.1. Each Licensee shall maintain an Internal Audit function for Interactive Sports Gaming either through an employee serving as internal auditor with sufficient background and experience to fulfill the role, through the use of company Internal Audit, or through outsourcing of this function. The Internal Audit function shall be responsible for, without limitation, the following:(i) Reviewing and appraising the adequacy of internal controls;(ii) Ensuring compliance with internal controls through observations, interviews and review of accounting documentation; and(iii) Reporting instances of non-compliance with the system of internal controls.2. Reporting of any material weaknesses in the system of internal controls.3. Recommending improvements in the system of internal controls.4. If maintained in-house, the Internal Audit function shall be supervised by Key Personnel serving as accounting officer, or equivalent.5. The Internal Audit function shall maintain its independence through an organizational reporting line that is outside the management of the sports gaming operation. The supervisor of the Internal Audit function shall have authority to access and report to any Person or group independent of the business, such as to a non-executive independent director, compliance committee member, or independent audit committee.6. Reports documenting audits performed shall be maintained for a minimum of five years and shall be provided to the Council within ten (10) days of completion.7. All material exceptions resulting from Internal Audit work shall be investigated and resolved with the results of such being provided to the Council within ten (10) days of the resolution of the exception, and thereafter retained by the Licensee for a minimum of five (5) years.8. Material Internal Audit findings shall be reported to management within ten (10) days of the finding. Non-material Internal Audit findings shall be reported to management within ten (10) days of the finding validation.9. Management shall be required to respond to Internal Audit findings stating corrective measures to be taken to avoid recurrence of the audit exception. A report on corrective measures to be taken shall be sent to the Council simultaneously with or within ten (10) days of the Internal Audit non-compliance report.(d) Management Information Systems (MIS). 1. Each Licensee shall maintain an MIS function, which shall be responsible for the operation and integrity of the Sports Gaming System and the quality, reliability, and accuracy of all computer systems used in the operation.2. The MIS function shall be responsible for, without limitation, the specification of appropriate computer software, hardware, and procedures for security, physical integrity, business continuity, and maintenance of: (i) Access codes and other data-related security controls used to ensure appropriately limited access to computers and the system-wide reliability of data;(ii) Computer tapes, disks, or other electronic storage media containing data relevant to sports wagering operations;(iii) Computer hardware, communications equipment and software used in the conduct of sports gaming operations; and(iv) Adequate segregation of duties exists among developers, testing personnel, administrators, personnel who may promote changes into production, personnel who may access frozen code, etc.3. Key Personnel holding the position of an administrative officer, or equivalent, shall supervise the MIS function.4. All incidents related to information systems security, which may compromise the confidentiality, integrity, or availability of the Sports Gaming System, or involving Player Personally Identifiable Information (PII) shall be reported to the Council Immediately.(e) Compliance.1. Each Licensee shall maintain a Compliance function, which shall be responsible for, without limitation, the following:(i) Due diligence and regulating reporting requirements;(ii) Serving as contact with the Council on regulatory matters;(iii) Monitoring self-exclusion program;(v) Investigating Unusual and Suspicious Wagering Activity; and(vi) AML monitoring and reporting pursuant to federal law.2. Key Personnel serving in the role of a compliance officer, or equivalent, shall supervise the Compliance function.Tenn. Comp. R. & Regs. 1350-03-.04
Emergency rules filed December 22, 2021 to become effective January 1, 2022; effective through June 30, 2022. New rules filed March 22, 2022; effective June 20, 2022. Amendments filed September 15, 2023; effective 12/14/2023.Authority: T.C.A. §§ 4-49-106, 4-49-110, 4-49-115, and 4-49-125.