Follow up of Regulating Gambling and Liquor

Tabled: 28 November 2019

3 Assuring compliance

The 2017 audit found that VCGLR was not adequately monitoring compliance with gambling and liquor legislation.

Compliance activities were not sufficiently risk-based and failed to target inspections to areas of high risk or high potential for harm.

These issues arose due to longstanding, systemic weaknesses in the design and operation of VCGLR's compliance activities. Key issues included:

  • inflexible allocation of resources to compliance activities based on factors other than risk
  • a management approach and culture focused on meeting quotas, which encouraged superficial inspection activities rather than activities to address harms
  • inadequate guidance and training for inspectors
  • unreliable data about liquor and gambling inspections.

VCGLR identified and started to address many of these issues in late 2015. However, its actions were not yet sufficiently developed for the 2017 audit to assess if they would improve the effectiveness of VCGLR's compliance.

The 2017 audit made recommendations on improving VCGLR compliance arrangements related to data integrity checks, risk-based approaches to compliance, quality assurance and training for compliance inspectors.

3.1 Data integrity checks

Data integrity is critical when that data is relied on for reporting and decision‑making.

Recommendation 7

We recommend that VCGLR conduct robust data integrity checks across all divisions, particularly when relying on data for reporting purposes.

Key points underpinning past audit recommendation

  • VCGLR could not provide assurance on the number of inspections it reported as part of its BP3 data due to inaccurate recording of inspection data.
  • Data recorded on liquor licence compliance activities was not reliable. Analysis showed anomalies with inspection activities data.
  • A 2015 internal audit of VCGLR's compliance functions reported that:
    • 8 per cent, or 1 100, of all liquor inspections undertaken in 2014–15 were external observations without staff physically entering the premises
    • VCGLR had not consistently retained supporting documentation or evidence on file to support the inspections performed.



VCGLR has undertaken action to improve data integrity, including implementation of a new reporting system (Figure 3A).

Within the its compliance division, a strategic intelligence unit supports VCGLR's data integrity work. The unit provides VCGLR and commissioners with data and intelligence on activity in the gaming and liquor industries, and the effect of regulatory policies and practices. The unit has a lead role in resolving data integrity issues that impact the new reporting system.

Figure 3A
VCGLR progress implementing recommendation 7

VCGLR has:

  • implemented a new reporting system. Real-time access to data extracted from VCGLR's ICT systems allows management to identify issues with data integrity. Management can then resolve those issues in the ICT systems. Systemic issues requiring changes to policies or procedures can also be addressed
  • established a system and process to exclude incorrect data from reporting. VCGLR undertakes a series of data validity tests before including data in the new reporting system. It raises data integrity issues with relevant business areas to resolve in the source systems.


  • continuing work to improve integrity of its datasets.

Source: VAGO.

3.2 Compliance risk-based approach

A risk-based approach helps VCGLR to allocate its finite resources to areas that have the greatest impact on limiting the negative effects of gambling and alcohol. It also provides VCGLR with a transparent, defensible approach to its regulatory work.

Recommendation 8

We recommend that VCGLR continue to revise the risk-based approach to compliance to ensure better targeting of compliance activities.

Key points underpinning past audit recommendation

  • VCGLR recognised that its risk-based compliance approach was not sufficiently robust or mature.
  • VCGLR reviewed and improved its compliance activities by:
    • collecting intelligence and producing reports on issues and risks in the community to inform the targeting of compliance activities
    • producing maps identifying high-risk venues not inspected within 12 months, recent licence transfers and recidivism of licensees
    • producing maps cross-referencing police assault and ambulance call-out data with licensed venue locations.



VCGLR's risk-based approach to compliance involves collection and analysis of data from a range of internal and external sources. External sources include:

  • Emergency Services Telecommunications Authority
  • VicRoads
  • Victorian Responsible Gambling Foundation
  • local councils
  • interstate counterparts
  • open sources.

VCGLR uses this information to build an understanding of the nature and scope of alcohol and gambling-related harm. The intelligence team consolidates and analyses collected information and inputs the results into the compliance division's operational and strategic planning processes.

VCGLR's progress implementing the 2017 audit recommendation is summarised in Figure 3B. As previously noted, while VCGLR has implemented this recommendation in relation to liquor licence compliance, it is still implementing it in relation to gambling.

Figure 3B
VCGLR progress implementing recommendation 8

VCGLR has:

  • reviewed and enhanced its intelligence capability
  • developed an annual compliance operational strategy to outline details of the compliance division's strategic and operational focus for the year
  • implemented the liquor harm risk prioritisation tool. The tool records information on each licenced venue as it relates to high-harm incidents and provides a priority rating for each venue. The tool also provides empirical data and greater transparency on the prioritisation of inspections of premises with liquor licences
  • established a tactical tasking and coordination committee. The committee meets monthly and applies a dynamic, risk-based approach to govern the selection, execution and reporting of high-risk compliance activities
  • introduced training, guidance, tools and templates to support staff to capture and report on intelligence regarding liquor and gambling venues.


  • implementing its risk-based approach to monitoring compliance of gaming venues.

Source: VAGO.

3.3 Compliance quality assurance framework

Implementation of a quality assurance framework is critical to ensuring the effectiveness of VCGLR's compliance work.

Recommendation 9

We recommend that VCGLR complete its quality assurance framework for compliance, and ensure it focuses on key divisional processes that contribute to the targeting and quality of inspections.

Key points underpinning past audit recommendation

  • The standard operating procedures (SOP) and manuals for liquor and gambling inspections were lengthy, technical documents that did not always provide practical guidance on how to undertake key processes.
  • VCGLR lacked a documented and consistently applied quality assurance process for routine compliance inspection activities.
  • New SOPs had been circulated to compliance inspectors, but were not yet being consistently applied. The lack of a consistently applied inspection methodology limited VCGLR's ability to regulate gambling and liquor effectively.
  • Some draft documents in the quality assurance process focused on assuring adherence to schedules and administrative requirements, rather than monitoring the comprehensiveness and quality of compliance activities.



VCGLR has made progress in implementing this recommendation (Figure 3C). VCGLR's current management accountability framework for compliance details the standards regarding the operational and administrative duties undertaken within the compliance division. Specifically, the framework:

  • sets the expectation that all staff conform with compliance division standards
  • defines roles and responsibilities for compliance division staff members, including compliance inspectors
  • details compliance activities and the standards required when performing these activities. SOPs specify how to undertake each type of compliance work activity and their proposed frequencies
  • lists the scope of formal training and feedback to be provided to staff members
  • identifies two types of periodic quality checks on compliance division work—internal audits and quality assurance checks.

Figure 3C
VCGLR progress implementing recommendation 9

VCGLR has:

  • completed its quality assurance framework for compliance
  • completed implementation of a single ICT system to manage liquor, gambling and casino compliance work.


  • continuing to develop its suite of SOPs to support compliance work. We found multiple examples of SOPs that predated the previous audit and that did not address the key points underpinning the recommendation. For example, some SOPs did not include process steps for staff to follow.

Source: VAGO.

3.4 Training of compliance inspectors

Training is a key tool for building workforce capability. Monitoring staff participation in training provides assurance that staff across the organisation develop and maintain capabilities to perform their duties.

Recommendation 10

We recommend that VCGLR continue to rollout its training and ensure there is regular, ongoing training for compliance inspectors.

Key points underpinning past audit recommendation

  • Lack of formal ongoing training had contributed to inconsistencies in inspection practices and reduced VCGLR's ability to effectively regulate gambling and liquor.
  • Efforts to train inspectors had been largely ad hoc and not covered all inspectors. In addition, there was no evidence of any evaluation of training.
  • The compliance division drafted training plans in 2014 and 2015 for up to 10 modules, but there was no evidence that this training had been implemented.
  • Implementation of a training plan had commenced. If followed, 75 per cent of VCGLR inspectors would have completed 11 of 15 modules towards a Certificate IV in Government Investigations (Regulatory Compliance) by 30 June 2017.



VCGLR has implemented this recommendation (Figure 3D). Within the compliance division, team leaders manage training for compliance inspectors. An inspector training program covers the core functions and activities of compliance inspectors. Supplementary training, including on specialist and low-volume compliance work, is provided on a topic-by-topic basis. The rationale for this is that team leaders will best understand the needs of their team members, and it is not cost-effective to train all staff in specialist and low-volume compliance work.

VCGLR has a whole-of-agency learning management system for managing the learning and development needs of its staff members, including recording attendance at training courses and other capability building activities.

Figure 3D
VCGLR progress implementing recommendation 10

VCGLR has:

  • designed and implemented inspector training and investigator training programs in conjunction with a registered training provider. Completion of both programs provides compliance inspectors with a Certificate IV in Government Investigations (Regulatory Compliance). Permanent staff are expected to attain the qualification within 12 months of appointment
  • implemented a leadership development program for regulatory team leaders and managers in a compliance and enforcement environment
  • provided intelligence training to assist team leaders and compliance inspectors to better use intelligence and information gathered by VCGLR
  • provided evidence of the content of training programs.

Source: VAGO.

3.5 Supervision of casino operations

Crown Casino is the only licensed casino in Victoria. It holds 14 liquor licences and is the only venue in Victoria that provides gambling and alcohol 24 hours a day.

The 2017 audit found that VCGLR acted to address the lack of a coherent organisation-wide approach to casino supervision across its licensing and compliance functions. However, its compliance division had not applied a level of focus on the casino that reflected its status and risk as the largest gaming venue in the state, and its approach lacked continuity.

Recommendation 11

We recommend that VCGLR complete its planned actions to improve the supervision of casino operations.

Key points underpinning past audit recommendation

  • establish a dedicated casino team
  • adopt a more risk-based approach (after a review of the key risks associated with the casino and the VCGLR's current regulatory work)
  • develop expertise of licensing and compliance staff working on casino matters through regular training
  • identify and advise the government of any legislative impediments to a more risk-based approach
  • establish a cross-organisation casino risk group to monitor risks, share casino intelligence and information, engage with co-regulators, adapt VCGLR practice, and report regularly to senior management.
  • work with co-regulators to clarify roles and responsibilities.



In April 2017, VCGLR established a dedicated team to monitor activities at Crown Casino and areas in its vicinity. The dedicated casino team has progressed implementation of planned actions to improve supervision of casino operations.

Dedicated casino team

The dedicated casino team comprises one manager, one team leader and 12 inspectors. The team is located at the Crown Casino and provides 24‑hour, seven-days-a-week monitoring of the casino's operations.

The dedicated casino team is supported by other VCGLR teams and co‑regulators such as Victoria Police and AUSTRAC. For example, other VCGLR teams monitor the ICT systems that underpin electronic gaming. VCGLR has memorandums of understanding (MoU) with both Victoria Police and AUSTRAC. These MoUs detail their respective roles and responsibilities, and the mechanisms to share intelligence.

In response to the 2017 audit recommendation, VCGLR reviewed its regulatory approach to Crown Casino. The review identified criteria for a risk-based approach to its regulatory work. Priorities and allocation of resources are now operationalised in an annual audit schedule that lists the types, number and frequency of audits conducted by the dedicated casino team.

Work with co-regulators to clarify roles and responsibilities

VCGLR is responsible for regulating and monitoring Crown Casino under the provisions of the CC Act. One of the principal aims of the CC Act is to ensure that the management and operations of Crown Casino remain free from criminal influence or exploitation, and that gaming in casinos is conducted honestly.

Crown Casino is also regulated by a wide range of state and federal regulators and law enforcement agencies that are responsible for many other areas of its operations. The 2017 audit noted that VCGLR should work with co‑regulators to clarify roles and responsibilities.

VCGLR's key co-regulators are AUSTRAC in relation to money laundering activities and Victoria Police in relation to criminal matters.

AUSTRAC is a federal agency that uses financial intelligence and regulation to disrupt money laundering, terrorism financing and other serious crime under the Anti-Money Laundering and Counter-Terrorism Financing Act 2006.

VCGLR cannot take enforcement action in relation to suspected money laundering but refers such matters to relevant authorities such as AUSTRAC. In March 2018, VCGLR entered into a MoU with AUSTRAC. The MoU aims to facilitate a cooperative framework within which the parties work together to perform their respective functions, including facilitating VCGLR's access to and use of AUSTRAC's information in a tightly controlled manner. VCGLR advises that it regularly engaged with AUSTRAC during the 2018–19 financial year.

VCGLR updated its audit program in early 2019 to better align with its regulatory role and responsibilities. Where VCGLR identifies evidence or intelligence in relation to suspected criminal activity (such as money laundering) from any of its audits, or from other sources (such as complaints or the observations of inspectors at the casino), it refers this material to law enforcement agencies such as AUSTRAC. We reviewed evidence that VCGLR passed on information about suspicious activity to law enforcement agencies.

During this follow up audit, a number of agencies started investigating Crown Casino in relation to allegations of money laundering, crime and corruption. VCGLR advises that it will continue to engage with law enforcement agencies and other regulators to further clarify respective roles and responsibilities and any collaborative arrangements.

As the regulator that ensures the management and operation of the casino remains free from criminal influence, it is critical for VCGLR to continually provide training to its operational staff regarding the respective roles and responsibilities of all relevant regulators and law enforcement agencies and monitor that its staff have acted in accordance with their obligations in practice.

Figure 3E summarises VCGLR's progress in implementing the 2017 audit recommendation. The established dedicated casino team has implemented various actions to improve the supervision of casino operations. Work continues to improve its effectiveness and maturity.

Figure 3E
VCGLR progress implementing recommendation 11

VCGLR has:

  • established a casino team with a dedicated cohort of staff. The team is located at the Crown Casino site and operates 24 hours a day and seven days a week
  • adopted a more risk-based approach to monitoring activities. The approach takes into account the risk of non-compliance with provisions from the CC Act and likely drivers of compliance by Crown Casino. The approach informs the development of the annual audit schedule that sets out the frequency and timing of audits
  • developed staff capability through formal qualifications, recruitment of staff with casino expertise and informal training practices such as mentoring. The team is looking at training courses on gaming regulation, which were developed in Las Vegas on casino games
  • established oversight and reporting protocols to support monitoring of dedicated casino team work by VCGLR senior executives and commissioners. The team provides weekly reports on operational compliance to the director of the compliance division, and monthly reports to VCGLR's executive sub-committee and commissioners on significant complaints, investigations and outcomes
  • established a MoU with AUSTRAC. VCGLR also has an existing MoU with Victoria Police.

VCGLR could improve implementation by:


  • clearly defining the key risks related to casino operation and explicitly linking the regulatory work performed by VCGLR and other co-regulators to mitigation of those risks. At present, staff must understand the implicit risks associated with purposes such as 'promoting tourism, employment and economic development generally in the state'. Greater clarity will improve transparency of the work done by the dedicated casino team. It will also support VCGLR senior executives and commissioners to have input into the direction and prioritisation of the team's work
  • consolidating the roles and responsibilities of VCGLR and co-regulators into a single reference so relevant staff and stakeholders can easily access it. Further promoting the regulatory roles and responsibilities will help operational staff understand their role, and VCGLR can communicate to external stakeholders the regulatory regime used to oversee casino operations.

Source: VAGO.

Back to Top