(1) Each Licensee shall maintain an organizational structure that meets the following minimum criteria designed to preserve the integrity of the Interactive Sports Gaming operation:
- (a) A system of personnel and chain of command which permits management and supervisory personnel to be held accountable for actions or omissions within their area of responsibility;
- (b) The segregation of incompatible functions so that no employee is in a position either to commit an error or perpetrate a fraud or to conceal an error or fraud in the normal course of his or her duties;
- (c) Primary and secondary supervisory positions which permit the authorization or supervision of necessary transactions at all relevant times; and
- (d) Areas of responsibility that are not so extensive as to be impractical for one individual to monitor.
(2) In addition to satisfying the above requirements, each Licensee’s organizational structure shall include, at a minimum, the following functions, responsibilities, and supervisory roles:
(a) Accounting.
- 1. Each Licensee shall have one or more individuals responsible for and dedicated to verifying financial transactions, and reviewing and controlling accounting forms and data. This function, which is sometimes referred to as “income or revenue audit,” shall be independent of the transactions under review.
- 2. An accounting officer, or equivalent, shall supervise the accounting functions, responsibilities, and supervisory roles as provided for in this section.
(b) Interactive Sports Gaming.
- 1. Each Licensee shall have Interactive Sports Gaming functions, responsibilities, and supervisory roles for Interactive Sports Gaming, which shall be responsible for the conduct of the Interactive Sports Gaming in accordance with the Rules.
- 2. Interactive Sports Gaming shall be supervised by a management-level employee who ensures that there is sufficient supervision, knowledge, and training to provide for the proper and fair conduct of sports gaming.
- 3. Key Personnel shall supervise the Interactive Sports Gaming functions, responsibilities, and supervisory roles as provided for in this section.
(c) Internal Audit.
- 1. Each Licensee shall maintain an Internal Audit function for Interactive Sports Gaming either through an employee serving as internal auditor with sufficient background and experience to fulfill the role, through the use of company Internal Audit, or through outsourcing of this function. The Internal Audit function shall be responsible for, without limitation, the following:
- (i) Reviewing and appraising the adequacy of Internal Control Standards;
- (ii) Ensuring compliance with Internal Control Standards through observations, interviews and review of accounting documentation;
- (iii) Reporting instances of non-compliance with the system of Internal Control Standards;
- (iv) Reporting any material weaknesses in the system of Internal Control Standards; and
(v) Recommending improvements in the system of Internal Control Standards.
- 2. If maintained in-house, the Internal Audit function shall be supervised by an accounting officer, or equivalent.
- 3. The Internal Audit function shall maintain its independence through an organizational reporting line that is outside the management of the sports gaming operation. The supervisor of the Internal Audit function shall have authority to access and report to any Person or group independent of the business, such as to a non-executive independent director, compliance committee member, or independent audit committee.
- 4. Reports documenting all performed internal audits shall be maintained for a minimum of five years and shall be provided to the Council within ten (10) days of completion. Documentation of Internal Control Standards testing shall be made available to the Council upon request.
- 5. All material exceptions resulting from Internal Audit work shall be investigated and resolved with the results of such being provided to the Council within ten (10) days of the resolution of the exception, and thereafter retained by the Licensee for a minimum of five (5) years.
- 6. Material Internal Audit findings shall be reported to management within ten (10) days of the finding. Non-material Internal Audit findings shall be reported to management within ten (10) days of the finding validation.
- 7. Management shall be required to respond to Internal Audit findings stating corrective measures to be taken to avoid recurrence of the audit exception. A report on corrective measures to be taken shall be sent to the Council simultaneously with or within ten (10) days of the Internal Audit non-compliance report.
(d) Management Information Systems (MIS).
- 1. Each Licensee shall maintain an MIS function, which shall be responsible for:
- (i) The operation and integrity of the Sports Gaming System;
- (ii) The quality, reliability, and accuracy of all computer systems used in the operation;
- (iii) Compliance with the change management provisions contained in Rule 1350-03-.02; and
(iv) The implementation of technology related to Voluntary Self-Exclusion and other Prohibited Players.
- 2. The MIS function shall also be responsible for, without limitation, the specification of appropriate computer software, hardware, and procedures for security, physical integrity, business continuity, and maintenance of:
- (i) Access codes and other data-related security controls used to ensure appropriately limited access to computers and the system-wide reliability of data;
- (ii) Computer tapes, disks, or other electronic storage media containing data relevant to sports wagering operations;
- (iii) Computer hardware, communications equipment and software used in the conduct of sports gaming operations; and
(iv) Adequate segregation of duties exists among developers, testing personnel, administrators, personnel who may promote changes into production, personnel who may access frozen code, etc.
- 3. A chief information officer, or equivalent, shall supervise the MIS function.
- 4. All incidents related to information systems security, which may compromise the confidentiality, integrity, or availability of the Sports Gaming System, or involving Player Personally Identifiable Information (PII) shall be reported to the Council Immediately.
(e) Compliance.
- 1. Each Licensee shall maintain a Compliance function, which shall be responsible for, without limitation, the following:
- (i) Due diligence and regulating reporting requirements;
- (ii) Serving as contact with the Council on regulatory matters;
- (iii) Monitoring the Voluntary Self-Exclusion program;
- (iv) Player complaints;
- (v) Investigating Unusual and Suspicious Wagering Activity; and
(vi) AML monitoring and reporting pursuant to federal law.
- 2. A compliance officer, or equivalent, shall supervise the Compliance function.
(f) Risk Management
- 1. If a Licensee maintains an internal Risk Management function, the Licensee’s internal Risk Management function shall be supervised separately from the Licensee’s marketing team.
Authority: T.C.A. §§ 4-49-106, 4-49-110, 4-49-115, 4-49-115(f), 4-49-119(b), and 4-49-125. Administrative History: Emergency rules filed December 22, 2021 to become effective January 1, 2022; effective through June 30, 2022. New rules filed March 22, 2022; effective June 20, 2022. Amendments filed September 15, 2023; effective December 14, 2023. Amendments filed April 1, 2025; effective June 30, 2025.