GGB is committed to providing updated news and analysis on our weekly news site,

Ultimate Guest Service

Why enterprise risk management is crucial to your gaming organization

Ultimate Guest Service

The gaming industry operates in varying degrees of modernization. Many companies employ old-school business practices simultaneously with high-tech, cutting-edge examples. One of the most frequently observed “old-school” business practices is the manner in which organizations handle the risk management function.

From the earliest forms of gaming to today, successful operators deploy a wealth of knowledge in managing the risks of probability and wagering. An organization’s individual appetite for risk in table games and slots is well-known both internally and externally. Casino management consistently practices risk management in the form of applying odds and limits to live games and managing payout parameters on slot machines.

This attention to detail helps the organization develop a framework of typical outcomes and normalized hold percentage, which allows the owners, leadership and other stakeholders to have a set of general operating expectations. The risks are either accepted or not based on the predetermined risk appetite of the company.

The team members of table games and slot operations groups know their role when it comes to individual responsibility for asset protection and compliance. These team members work in unison to ensure that the accepted risks are properly managed. Accepted risks are controlled by management through close procedure, policy and compliance monitoring. This attention to detail is common for all modern gaming operations.

Chain of Command

Risk management in casino gaming operations is typically handled by an in-house risk manager who either employs a small team comprising of adjusters and/or coordinators or oversees an outside third-party claims administrator (TPA), who process the actual claims. Some operators also have a safety manager or the equivalent. The security department typically has the responsibility of responding to, investigating and documenting the incident. The legal department normally oversees the risk management function with close interaction of the finance group. In many companies, these are the only departments that may have an overall picture of the risk management process.

Each of these departments has its own set of responsibilities and objectives when conducting risk management functions. When one looks at the other operating departments of the organization, like the table games and slot department examples mentioned above, each is managing its own risks within a silo and is generally devoid of enterprise risk understanding and prevention. This silo effect causes the company’s team members to overlook risks, because they are not involved in the process and therefore indoctrinated to believe that a risk or hazard is someone else’s problem.

Millions of dollars can be saved by operators if each and every employee within the organization is considering an all-risk and all-hazard approach to risk management and claims. Enterprise risk management (ERM), in simple terms, is the company-wide inclusion of all levels and disciplines into the risk management process. The effective minimization or prevention of organizational hazards is achieved through the empowerment of the entire company, not just individual and specialized work units.

Costs vs. Benefits

Most operators spend considerable resources on customer service standards and education. Today, it’s one of the only standing forms of training and communication that has survived our downsized economy. Companies know the cost to retain a guest, and also know how much it costs to recover a guest after a negative incident.

Sadly, many companies also know the hard cost of critical incidents. One negative incident in the form of a violent crime, endangered child, guest accident or defect can cause millions of dollars in a claim, increased insurance expense, and irreparable reputation damage. Minor claims as a result of property damage, theft and spoilage often accumulate into thousands of dollars of expense.

If each and every member of the organization is educated, involved and made responsible for the overall safety of the property’s occupants, incidents are prevented and minimized. Instead of allocating resources after the fact, in increasing attorney fees, insurance premiums and TPA costs, owners should consider allocating resources to an ongoing enterprise risk management program that emphasizes education and empowerment of all team members in incident prevention and mitigation. Operators who are missing this core concept of risk management will always be in the lurch when it comes to trying to get a handle on the frequency and severity of claims.

Who is minding the store? Sometimes, we tend to focus on the reactive process and get mired in the claim churn instead of trying to change the game. The outside third-party claims administrator makes its money from processing claims; the more there are, the more complicated and severe they are, the more the cost and expense of the service.

Defense counsels are retained, at great expense, to defend and protect the organization after the incident and the filing of an action. If an organization is really serious about saving money, a shift in resource allocation from reactive measures to proactive measures should be undertaken.

Step  By Step

These are some basic steps for implementing an ERM program:

Executive Committee: The executive committee should know what exactly the risks to the organization are. A three-year summary of claims and filings should be delivered in addition to an executive summary detailing the cost of claims, legal fees, TPA expense and insurance premiums. Once informed of the history, a clear picture of potential risks to the organization should be presented. An ERM committee should be established to spearhead the program. A cross-section of rank should be included, with the chair being a representative of the executive committee. The CEO or COO should endorse the committee and mandate participation.

ERM Committee: This should develop an incident prevention and mitigation strategy and communication and education plan drafts. A clear set of company-wide goals and objectives should be established for prevention and mitigation. A clear set of departmental goals should be established for prevention and mitigation. A clear set of individual goals should be established for education prevention and mitigation.

Management Team: The management team should be given an overview of the claims history and educated on the financial impacts of the claims history. Input should be solicited on the prevention and mitigation plan. Direction should be given on how to implement the line-level ERM prevention and mitigation program with mandatory participation.

Front-line Supervision/Line Employees: Every employee should be required to receive education on the ERM program and their roles and responsibilities for prevention and mitigation. Type of events, specific responses and team accountability should be stressed. All new hires should receive the ERM module as part of their initial training.

Risk Management: The ERM program should be developed with the direct involvement of the risk manager. The risk manager should possess the necessary communication skills to deliver, educate and monitor the plan. Measurement criteria should be established to serve as a benchmark to track and monitor the ERM program year over year.

Human Resources: ERM should become an evaluation point to be added to all performance reviews.

The economic challenges to the gaming industry of the past three years are not over yet. Most companies have undergone downsizings and substantial cost control initiatives that helped improve bottom-line results. Those that do not have an ERM program can add another level of financial relief to their balance sheets. An ERM program adds value to the organization in many ways, namely as a result of the efforts of team members who are engaged and cognizant of clearly defined and monitored risk management goals and standards.

If these standards are embraced by the executive management team at the same level of customer service standards, and then descend to each and every team member, the organization will benefit financially.

Every organization will have incidents and claims. The manner in which organizations deal with these claims and the risk management function differ greatly. One message is apparent: The organizations which implement an enterprise risk management program will deliver the ultimate form of customer service to their valued guests, empower employees to play a vital role, and also protect the assets of the organization.

Rick Santoro, CPP, owns and operates Interbrief.Org LLC, an Atlantic City based security and risk management consulting company. He is an experienced hospitality/gaming- security and risk management executive and serves as a subject matter expert and advisor for numerous public sector agencies and non-gaming private organizations. For more information, visit, or email at

    Recent Feature Articles

  • Funding the Future

    Gary Ellis’ vision of a cashless casino ecosystem with Marker Trax and Koin

  • Age of the ETG

    Electronic table games have grown from simple automated roulette machines into a genre that is steeped in innovation.

  • Online in Ontario

    Stakeholders deem Ontario a success, but also a work in progress.

  • Mixing It Up

    Developing slot floor strategies for emerging markets.

  • Gaming & Diversity: Staying the Course

    DEI has encountered big resistance of late. Here’s how gaming companies continue to build a fairer workplace.