Consumer Data Right PIA

the national Treasury Department's response to the commissioned report by Maddocks on a privacy impact assessment in relation to the problematic Consumer Data Right (CDR) is unenthusiastic. 

Treasury notes that

The Privacy (Australian Government Agencies – Governance) APP Code 2017 requires a Privacy Impact Assessment (PIA) to be conducted for all high privacy risk projects, and must identify impacts on the privacy of individuals and set out recommendations for managing, minimising or eliminating that impact. The likely effect of making the rules on privacy or confidentiality of consumers’ information must be considered by the Minister before making rules. This must be considered alongside a range of other matters, including the likely effect of making the instrument on the interests of consumers, the efficiency of relevant markets, promoting competition, promoting data driven innovation, any intellectual property in the information to be covered by the instrument, the public interest, as well as the likely regulatory impact of the making of the rules. 

Treasury engaged Maddocks to conduct a PIA for the proposed changes to assist the development of the version 3 rules and to inform the Minister’s decision to amend the CDR rules. The PIA was informed by submissions to the exposure draft rules and a consumer privacy roundtable held on privacy issues relating to the proposed rules. The PIA was prepared on the basis that it was an update to previous PIAs Maddocks prepared in relation to earlier versions of the CDR Rules.

 The Treasury response to the final PIA recommendations is as follows.  Of 19 recommendations 15 were either rejected outright or 'noted'.

1 - Complexity of the CDR regime 

We recommend that detailed, comprehensive, and clear guidance about the intended application and operation of the CDR Rules be issued, or previously issued guidance amended, in order to explain the proposed changes. We suggest that different forms of guidance could be developed and specifically tailored to assist: • CDR Consumers; • Data Holders; • Accredited Persons at both the unrestricted level and the sponsored level; and • persons receiving CDR Data who are outside of the CDR regime (including CDR Representatives, Trusted Advisers and recipients of CDR Insights). 

Response – Noted: In addition to the explanation of the intended operation of the rules in the Explanatory Statement accompanying the version 3 rules, regulatory guidance will be provided in relation to the new rules by the OAIC and the ACCC as relevant to their CDR regulatory functions. 

2 - Transfer of CDR Data 

We recommend that Treasury consider whether it is appropriate to amend the Data Standards, and/or ensure that appropriate guidance is provided, so that it is clear that all CDR Data (including CDR Insights) must be appropriately encrypted in accordance with Schedule 2 to the CDR Rules, from the time the data leaves the Accredited Data Recipient’s CDR data environment until it reaches the recipient’s IT environment. 

Response – Noted: The obligations in Schedule 2 require, as a default, an accredited data recipient to have in place security controls to encrypt data-in-transit in accordance with data standards (if any) and industry best practice. This would apply whenever an accredited data recipient makes a disclosure to another entity as permitted by the rules. New rule 7.5(2)(a) requires disclosures to be done in accordance with data standards. This would require an accredited data recipient to comply with any standards that might be made by the Data Standards Chair in relation to secure disclosure of data to other entities, should such standards be made in the future. If such standards are made, they would apply in addition to the controls in Schedule 2. 

3 – Trusted Advisers 

We recommend that Treasury consider: • only allowing CDR Data to be disclosed outside of the CDR regime to Trusted Advisers who are APP entities for the purposes of the Privacy Act; • if the above is not possible or practical (e.g. it would defeat the policy objective by excluding many small businesses who are Trusted Advisers (and not Accredited Data Recipients) from receiving the CDR Data), only allowing CDR Data to be disclosed outside of the CDR regime to Trusted Advisers who have agreed (through a contractual arrangement with the Accredited Data Recipient) to effectively comply with the requirements of APP 1, APP 6 and APP 11, and the Notifiable Data Breach scheme; or • if the above is not possible or practical, requiring the Accredited Data Recipient to tell the Trusted Adviser of the scope of the CDR Consumer’s consent, and to remind the recipient (i.e. the Trusted Adviser) of their fiduciary or regulatory obligations in relation to the CDR Consumer. Additionally, we recommend that Treasury consider undertaking an analysis of whether each of the proposed classes of Trusted Adviser will at least be subject to obligations that will require the recipient to use CDR Data that it receives consistently with the consents provided by the CDR Consumer (e.g. if they would be required to do so as part of ethical obligations). 

Response – Not accepted: The classes of trusted adviser include professions that are regulated and subject to professional duties and oversight that provide an appropriate level of consumer protections. While many trusted advisers will be APP entities under the Privacy Act, requiring all trusted advisers to be subject to the Privacy Act may unduly impede consumer choice in circumstances where professional oversight and regulation exists. 

4 - Transparency for CDR Consumers 

We recommend that Treasury consider whether it would be appropriate to continue, in consultation with the Data Standards Body, to conduct consumer research on what is the best way to present a CDR Consumer with information on the implications of providing a disclosure consent which permits the disclosure of their CDR Data to Trusted Advisers (and therefore outside of the CDR regime), to ensure that CDR Consumers are provided with an adequate amount of information before providing their consent, but balancing this against the risk of “information overload” for the CDR Consumer. We suggest this could be achieved by expanding proposed Rule 8.11(1A) to require the Data Standards to include provisions that cover ensuring that CDR Consumers are made aware that if they provide a TA disclosure consent, their CDR Data will leave the CDR system. We also recommend that Treasury consider whether the CDR Rules should allow the Data Standards to specify different standards for obtaining consent to disclose CDR Data to Trusted Advisers, depending on whether: • the CDR Consumer is an individual or sole trader and consenting to disclosure of their CDR Data; and • the CDR Consumer is a company or other business and is consenting to disclosure of CDR Data about their business. 

Response – Noted: The rules require consumer experience (CX) standards to be made by the Data Standards Chair for the disclosure of CDR data to trusted advisers. CX data standards may also be made about the process for obtaining consents to disclose to trusted advisers. The Data Standards Body routinely conducts consumer research to assist the development of CX data standards. The rules do not preclude the Data Standards Chair from making CX data standards that differ based on the context in which the consent is sought. 

5 - Classes of Trusted Advisers 

We recommend that further guidance be provided about what constitutes the ‘reasonable steps’ that an Accredited Data Recipient is required to take to establish that a Trusted Adviser falls within a class of persons to which CDR Data can be transferred. For example, we suggest that it might be best practice for the CDR Rules, or the Data Standards, to require the Accredited Data Recipient to: • obtain evidence that the Trusted Adviser falls within a class specified in proposed Rule 1.10C(2); or • check a public register for the relevant class of Trusted Adviser. We also recommend that Treasury confirm that proposed Rule 1.10C(2) will not have the unintended effect of allowing persons who have been banned or disqualified by their profession, or who are subject to an enforceable undertaking, being included in a class of Trusted Adviser. 

Response – Accepted in part: The intended operation of the ‘reasonable steps’ provision is described in the Explanatory Statement accompanying the version 3 rules. This provides that a person is taken to be a member of a trusted adviser class for the purpose of the rules where the accredited person has taken reasonable steps to confirm that they are a member of the class. The reasonable steps that an accredited person may take to confirm that a nominated trusted adviser is a member of a trusted adviser class is a flexible concept that will depend on the circumstances. It may include seeking confirmation that the person is a member of trusted adviser class or some other form of representation from an adviser, or searching publicly available information. 

6 - Clarity regarding the CDR Rules 

We recommend that Treasury consider whether it is appropriate for the CDR Rules to be further developed and refined for further clarity regarding the definition of CDR Insights, and/or that Treasury work with the relevant regulators of the CDR regime to ensure that further detailed guidance is issued about CDR Insights, before the proposed amendments to the CDR Rules are introduced. 

Response – Not accepted: The intended operation of the rules for the disclosure of CDR insights is described in the Explanatory Statement accompanying the version 3 rules. The rules require CX standards to be made by the Data Standards Chair for the consent and disclosure of CDR insights. Treasury will support the OAIC and the ACCC as needed in the preparation of guidance related to their functions.   

7 - Disclosing CDR Insights 

We recommend that Treasury consider: • only allowing CDR Insights to be disclosed outside of the CDR regime to recipients who are APP entities for the purposes of the Privacy Act; or • if the above is not possible or practical, only allowing CDR Insights to be disclosed outside of the CDR regime to recipients who have agreed (through a contractual arrangement with the Accredited Data Recipient) to effectively comply with the requirements of APP 1, APP 6 and APP 11, and the Notifiable Data Breach scheme. 

Response – Not accepted: The CDR insights model allows consumers to consent to insights generated or derived from CDR data being shared outside the system for a range of prescribed purposes. The rules also facilitate informed consumer consent by requiring CX standards to be made to ensure consumers understand the nature of the information they are agreeing to disclose outside the CDR regime. 

8 - Transparency regarding CDR Insights 

We recommend that Treasury consider amending the proposed CDR Rules to specify that Data Standards must be made to ensure that, in addition to the fact that the CDR Data will leave the CDR system, the CDR Consumer is made aware of the implications and consequences of their CDR Data leaving the CDR system (such as that their data will be afforded fewer privacy protections). Additionally, we recommend that Treasury consider: • whether different rules should be able to apply for CDR Consumers who are individuals or sole traders, and for CDR Consumers who are businesses; • providing clear and detailed guidance to the market to ensure that potential recipients of CDR Insights understand that they must not seek to pressure a CDR Consumer to consent to the disclosure of their CDR Insight; • whether (through the Data Standards) CDR Consumers should be made aware of the implications and consequences of their CDR Data leaving the CDR system; • working with the Data Standards Body to develop appropriate Data Standards (in consultation with industry and informed by consumer research), to ensure that CDR Consumers fully understand what it is they are consenting to in relation to their CDR Insights; and • CDR Consumers should be required to be shown the particular CDR Insight before it is disclosed (as opposed to simply being provided with an explanation of the CDR Insight or the purpose for its disclosure), so that they can decide not to provide their consent if they do not wish it to be disclosed. For example, CDR Insights in relation to verifying credits and debits on an account may potentially disclose information which an individual CDR Consumer may be uncomfortable about disclosing. We also recommend that Treasury consider requiring that further consumer research be conducted on whether CDR Consumers understand the difference between a one-off versus an ongoing use and disclosure consent in relation to CDR Insights, and based on this research, determine whether it would be appropriate for the CDR Rules and/or Data Standards to prescribe how such consent must be sought from CDR Consumers. Finally, we recommend that Treasury consider whether it would be appropriate to: • consolidate the requirements on Accredited Persons to update Consumer Dashboards in relation to CDR Insights (as there is some overlap in requirements); and • similar to the information provided when a CDR Consumer provides their consent, include a requirement for an Accredited Person to provide the preview (if that is the approach adopted) of the CDR Insight disclosed in its Consumer Dashboard. 

Response – Accepted in part: The rules require CX standards to be made in relation to disclosure of insights to ensure consumers properly understand the nature of the information they are agreeing to disclose as an insight and that their data will leave the CDR system when disclosed. They do not preclude the Data Standards Chair from making CX data standards that differ based on the context in which the consent is sought. Additionally, the Data Standards Body routinely conducts consumer research to assist the development of CX data standards. Consent dashboards allow a consumer to easily track how they have shared their CDR data. Requiring the consumer to be shown the CDR insight before it is disclosed may not aid consumer comprehension in all circumstances. 

9 - Role of Affiliates 

We recommend that Treasury consider whether it would be appropriate to continue, in consultation with the Data Standards Body, conducting consumer research on what is the best way to present a CDR Consumer with information on the implications of providing a consent which will permit the collection of CDR Data by a Sponsor at the request of an Affiliate, and the disclosure of that CDR Data to the Affiliate. 

Response – Noted: The Data Standards Body routinely conducts consumer research to assist the development of data standards as appropriate.   

10 – Compliance by Affiliate 

We recommend that Treasury takes steps to ensure that there is appropriate guidance about what is required for a Sponsor in relation to its Affiliate (particularly in relation to actively monitoring and ensuring that the Affiliate is suitable to handle CDR Data). For example, it is not clear whether a Sponsor would satisfy the test by simply including appropriate warranties or obligations in the Sponsorship Arrangement. 

Response – Noted: Treasury will support the OAIC and the ACCC as needed in relation to the preparation of guidance relating to their functions. 

11 - Disclosure of CDR Data to CDR Representatives 

We recommend that Treasury consider strengthening the requirements for CDR Representative Arrangements, to further ensure that a CDR Representative will only use and disclose CDR Data after receipt from the CDR Principal (i.e., the Accredited Data Recipient) in accordance with the consent of the CDR Consumer. This could be achieved by: • extending the matters that must be in a CDR Representative Arrangement to include a contractual obligation on the CDR Representative to comply with section 56EI (Privacy Safeguard 6) of the CC Act, in respect of Service Data, as if it were an Accredited Person; or • including a requirement that the CDR Representative Arrangement must include an obligation on CDR Representative to comply with APP 6 of the Privacy Act (as if it were an ‘organisation’ under the Privacy Act). 

Response – Not accepted: Any use or disclosure by a CDR representative is taken to have been by the unrestricted accredited data recipient principal, including those that occur outside the scope of the CDR representative arrangement. Principals are therefore incentivised to ensure CDR representatives only make permitted uses or disclosures of CDR data, as they would be liable for contraventions of Privacy Safeguard 6 in the event of any non-permitted uses or disclosures. 

 12 – CDR Representative Arrangements 

We recommend that Treasury consider amending the draft CDR Rules so that CDR Representative Arrangements are expressly required to contain an obligation: • upon the CDR Representative to accurately communicate the CDR Consumer’s consent to the CDR Principal; and • in relation to withdrawal of a CDR Consumer’s consent or authorisation: o upon the CDR Representative to notify the CDR Principal if the CDR Representative becomes aware that the CDR Consumer has withdrawn their consent; and o upon the CDR Principal to notify the CDR Representative if they otherwise become aware that the consent or authorisation has been withdrawn or expired, so that the CDR Representative and the CDR Principal do not inadvertently continue to collect, use or disclose CDR Data without an appropriate consent and authorisation. 

Response – Not accepted: The liability framework for the conduct of CDR representatives ensures that it is incumbent on the principal to ensure CDR representatives do not use or disclosure data when there is no legal basis for them to do so (i.e. where consent has been withdrawn). 

13 - Continued use of CDR Data by a CDR Representative 

We recommend that Treasury consider amending the draft CDR Rules to provide that CDR Representative Arrangements must include a requirement for Accredited Data Recipients to notify a CDR Representative if their accreditation ends, and: • notify the CDR Representative that any consents it has collected in relation to the CDR Consumer’s CDR Data expire (explaining the consequences of this i.e. the CDR Representative can no longer use the CDR Data, nor further disclose this CDR Data); and • promptly direct them to delete any CDR Data (in accordance with the CDR Data deletion process). We also recommend that similar protections could be imposed if a CDR Consumer subsequently withdraws their consent (or the consent otherwise expires), so that both the CDR Principal and the CDR Representative are made aware of the status of the consent and required to take appropriate actions. 

Response – Not accepted: See Recommendation 12 response. A principal is in breach of the rules if it does not direct its representative to cease (or the representative does not cease) using data when there is no longer a relevant consent. Similarly, if the principal does not direct the representative to delete data, or the representative does not delete data in response to the instruction, in accordance with the rules, the principal is in breach of the rules.   

14 - Implementation of the default pre-approval model 

We recommend that the decrease in privacy protections that would be afforded to joint account holders under the proposed changes to the CDR Rules be carefully considered by Treasury, as part of the balancing of relevant factors. We also recommend that if a decision is made to implement the default pre-approval model despite the impact on privacy rights, consideration be given to implementing a process (if technically possible) so that: • after one joint account holder (JAH A) makes a Consumer Data Request in respect of joint account CDR Data, the data is not immediately shared; • after JAH A makes the Consumer Data Request, the other joint account holder(s) (JAH B) is notified of the request and given a reasonable window of time in which to select a disclosure option (and notified that if the pre-approval option (or no option) is selected in the given timeframe, the joint account CDR Data will be shared in accordance with the Consumer Data Request); and • the joint account CDR Data is then: o if JAH B selects the pre-approval option (or does not select an option in the given timeframe), shared in accordance with the Consumer Data Request; o if JAH B selects the co-approval option and consents to the disclosure of the CDR Data, shared in accordance with the Consumer Data Request; o if JAH B selects the co-approval option and does not consent to the disclosure of the CDR Data, not shared (i.e. the Consumer Data Request is not given effect); and o if JAH B selects the no disclosure option, not shared (i.e. the Consumer Data Request is not given effect). 

Response – Not accepted: The consumer privacy protections provided to joint account holders have been considered carefully and have been balanced with the other statutory factors that must be considered in relation to the making of the CDR rules. The single consent model has privacy-enhancing features compared to data sharing on joint accounts that exists outside of the CDR. The CDR provides a safe and secure means of sharing data and also provides consumers with control and visibility over data sharing that does not exist outside of the CDR. In particular, data holders must provide notifications that ensure all joint account holders are aware of when sharing arrangements commence, are amended or cease. Introducing a delay in data sharing to give time for the other joint account holder(s) to either agree to or disagree to the proposed sharing would be technically complex and would not achieve the intended policy outcome of ensuring that joint account data sharing is convenient for consumers and does not impose undue friction.   

15 - Protecting joint account holders from harm 

We recommend that Treasury consider amending the draft CDR Rules to provide more detail about the standard to which the Data Holder must be satisfied that a joint account holder is at risk of physical, psychological or financial harm or abuse (e.g. an obligation for them to be reasonably satisfied or to reasonably believe this), so that the protection of that joint account holder from harm outweighs the impact on another joint account holder’s right to know how their joint account CDR Data is being shared. 

Response – Not accepted: The rules provide exceptions to the joint account provisions that data holders can rely on where they consider it necessary to prevent physical, psychological or financial harm or abuse. Making this rule more prescriptive by specifying a standard to which the Data Holder must be satisfied that the joint account holder is at risk of harm would increase complexity of this provision and consequentially risk poorer outcomes for consumers. 

16 - Giving effect to elections made through DOMS 

We recommend that Treasury work with the regulators of the CDR regime to ensure that appropriate guidance (including guidance about technical requirements) is provided to Data Holders to ensure that they understand what ‘as soon as practicable’ means in the context of an election made through DOMS (which we consider should be as near real time as is technically possible). 

Response – Noted: Treasury will support the OAIC and the ACCC as needed in relation to the preparation of guidance relating to their functions. 

17 - Ensuring CDR Consumers who are joint account holders are aware of the default pre-approval setting 

We recommend that if Treasury implements the proposed amendments to the CDR Rules, Treasury ensure that all CDR Consumers are made aware, prior to the commencement of the amended CDR Rules, of the change to the default disclosure option setting. For example, a broad education campaign could be a mechanism to: • advise joint account holders of the default data setting for data sharing on joint accounts being set to ‘pre-approval’; • inform joint account holders about what options are available in relation to joint accounts; • explain the effect of each disclosure option and how it operates; • inform joint account holders about how they can change the default sharing setting on their joint accounts. Additionally, we recommend that Treasury implement the above a reasonable amount of time before the default disclosure option is implemented. This will give joint account holders the opportunity to consider the impact of the various disclosure options and make an informed choice. 

Response – Not accepted: Following consultation Treasury considers that a specific consumer awareness campaign in advance of the single consent model commencing in CDR would create undue confusion for consumers having regard to the nature of data sharing that currently occurs in relation to joint accounts now outside of the CDR and because it would occur without the context of a consumer commencing a CDR data sharing process. 

18 - Notifications for joint account holders 

We recommend that Treasury consider whether it would be appropriate to: • ensure that CDR Consumers who are joint account holders are provided with appropriate guidance about what type of notifications they can disable, and the impacts of disabling those notifications; and • regularly remind joint account holders if they have disabled notifications, such that they are prompted to consider whether they should re-enable the notifications. 

Response – Accepted in part: The rules enable data standards to be developed about how data holders must present information to consumers about managing their notification preferences. The rules also require data holders to allow consumers to reverse any decision relating to their notification preferences. With respect to including requirements to regularly remind consumers about disabled notifications and prompting consumers to reconsider their decision, this is likely to undermine consumers’ preference to receive fewer notifications, and may contribute to ‘notification fatigue’. 

19 - Application of the joint account CDR Rules to other designated Sectors 

We recommend that, because the privacy risks and issues for joint account holders may be very different for different Sectors, the privacy implications of joint accounts for any new Sector(s) are considered by Treasury for each current and new Sector, including whether it is necessary to adjust the application of the general joint account CDR Rules for a new sector through a Sector-specific schedule. (For example, if all Data Holders in a Sector are not likely to already have mature processes in place to consider the likelihood that a joint account holder may suffer physical, psychological or financial harm or abuse, Treasury should consider whether proposed Rule 4.15A should be further supplemented by way of a Sector-specific Schedule). 

Response – Noted: The amended rules allow for sector-specific rules to be made in relation to joint accounts.

Casino Regulation

The report of the Royal Commission into the Casino Operator and Licence (aka the Finkelstein inquiry into Melbourne's Crown Casino) offers a bleak view of governance

The report states that the Royal Commission was

 established to inquire into, and report on, the suitability of Crown Melbourne to hold its casino licence. The precursor was two findings in the Bergin Report: Crown Melbourne facilitated millions of dollars to be laundered through a bank account of its subsidiary. Crown Melbourne allowed operators with links to organised crime to arrange for junket players to gamble at the casino. The main focus of the Commission’s inquiries was to discover whether the misconduct identified in the Bergin Report was more widespread and, if it was, who was involved and what should be done. 

Within a very short time, the Commission discovered that for many years Crown Melbourne had engaged in conduct that is, in a word, disgraceful. This is a convenient shorthand for describing conduct that was variously illegal, dishonest, unethical and exploitative. The catalogue of wrongdoing is alarming, all the more so because it was engaged in by a regulated entity whose privilege to hold a casino licence is dependent upon it being, at all times, a person of good character, honesty and integrity. 

It is difficult to grade the seriousness of the misconduct. Some was so callous that it is hard to imagine it could be engaged in by such a well-known corporation whose Melbourne Casino Complex is visited by millions annually. 

A trigger for the Bergin Inquiry was the arrest in October 2016 of 19 China-based Crown staff, and the subsequent imprisonment of 16 of those staff. The staff had been illegally promoting gambling in Australia to Chinese residents who would gamble large sums. Crown executives were warned that Chinese officials intended to crack down on this activity. Yet they did nothing to protect their staff. Despite knowing that staff who worked in Indonesia, Malaysia, Taiwan and Singapore were also likely contravening their local laws, Crown let them carry out promotional activities as the chance of them being charged was not significant. To have done so after the China arrests is nothing short of appalling. 

Crown’s underpayment of casino tax shows a similar disregard of the law. In 2011, Crown Melbourne embarked upon a plan to minimise its casino tax by claiming as a deduction amounts that its internal and external lawyers said were not, or were probably not, deductible items. The plan involved concealing from the regulator the true nature of the deductions for fear of getting caught. In the end the plan failed when its existence was exposed by the Commission. Already, over $61.5 million in back taxes and interest has been repaid. More is likely due. 

Not only was Crown Melbourne content to breach local laws, it also happily assisted its wealthy Chinese patrons to breach the currency laws of their country. Between 2012 and 2016, those patrons transferred up to $160 million from accounts in China to the Crown Towers Hotel. Purportedly this was to pay for hotel services, but in reality it was to spend at the gambling tables. In addition to Crown Melbourne assisting to breach Chinese currency laws, what occurred also contravened local laws and likely allowed money laundering to take place. 

Crown Melbourne’s relationship with the regulator provides more evidence of its indifference to acceptable conduct. Over the years the regulator conducted several investigations into Crown Melbourne’s affairs. Instead of cooperating with those investigations in the manner that is expected of a regulated entity, Crown Melbourne took the opposite tack. It bullied the regulator. It provided it with false or misleading information. It delayed the investigatory process. All in all, it took what steps it could to frustrate the regulator’s investigations. 

Perhaps the most damning discovery by the Commission is the manner in which Crown Melbourne deals with the many vulnerable people who have a gambling problem. The cost to the community of problem gambling is enormous. It is not only the gambler who suffers. It also affects many other people, and institutions. 

Crown Melbourne had for years held itself out as having a world’s best approach to problem gambling. Nothing can be further from the truth. The Commission heard many distressing stories from people whose lives were ruined by gambling but whose situation might have been improved if casino staff had carried out their obligations under Crown Melbourne’s Gambling Code. 

The Commission looked for reasons to explain why Crown Melbourne acted as it did. Not all the reasons are known. But some stand out. First, Crown Melbourne’s board failed to carry out one of its prime responsibilities; namely, to ensure that the organisation satisfied its legal and regulatory obligations. Perhaps the board was not told what was going on. The alternative, to adopt an old expression from the railroad industry, is that the board ‘fell asleep at the wheel’. 

Second, many senior executives involved in the misconduct were indifferent to their ethical, moral and sometimes legal obligations. Some were motivated by a drive for profit. Some simply did what they did because they could. Third and regrettably, both internal and external lawyers who knew that Crown Melbourne was wanting to engage in conduct that contravened some laws failed to counsel Crown Melbourne not to go ahead. They would say this is not the function of a lawyer, whose only role is to advise on what the law is. While that might sometimes be a defensible position, it cannot be right when the client/employer is a regulated entity that must remain of good repute, having regard to its ‘character, honesty and integrity’. 

Last, there is the Packer/CPH influence. This was dealt with in great detail by the Hon. Patricia Bergin, AO, SC who found that their influence encouraged Crown to put profit ahead of other motives for action. The Packer/CPH influence was only touched upon during this Commission’s inquiries and then largely through the evidence given by Crown’s directors. That evidence confirmed Ms Bergin, SC’s views. When these facts came to light, it was inevitable that Crown Melbourne would be found unsuitable to hold its casino licence. No other finding was open. The only difficult question was what should be done in that circumstance. 

Deciding what to recommend was a demanding task. It required the weighing up of two almost irreconcilable positions. On one side, there was the overriding need to maintain the integrity of the licensing system. That requires the cancellation of a casino licence held by an unsuitable person. On the other side, there were two factors: the risk that cancellation of Crown Melbourne’s licence would cause considerable harm to the Victorian economy and innocent third parties; and whether, in a short time, Crown Melbourne could so ‘remake’ itself that it would once again become suitable to hold a casino licence. 

In reality there is no correct view. It was simply necessary to make a recommendation knowing that whatever the decision, there will be legitimate criticism from those who would go the other way. 

Although Crown Melbourne rightly deserves criticism for its past misconduct, and no one connected with the organisation is entitled to much sympathy, what tipped the balance against the cancellation of its licence was that Crown Melbourne has, at great financial cost, embarked on a significant reform program led by people of good will and skill. The program is likely to succeed. If it does, that will be to the benefit of Victoria. 

Important steps towards reform have been taken. Most significant among them is the appointment of a new board and new and highly motivated senior executives. 

Still, the road forward will not be easy. If the recommendations are accepted, Crown Melbourne will not be in control of its own destiny. For the next two years, the ultimate decision maker at Crown Melbourne will be a Special Manager. This manager, most likely a firm, will oversee all aspects of the casino’s operations. It will keep a watchful eye on the progress of reform. It will make sure that all rules and regulations are complied with. It will investigate particular aspects of the casino’s operations. 

At the end of the two-year period, the Special Manager will report what has occurred to the regulator. The regulator will then decide whether it is ‘clearly satisfied’ that Crown Melbourne has returned to suitability. This will be a tough test to satisfy. The regulator will be tasked to make its decision ‘on the papers’. That is, there will be no further inquiries. The regulator will undertake its task by reference only to the results of the three inquiries into the Crown companies that have been carried out or are presently underway and the reports of the Special Manager. 

If, after taking that material into account, the regulator is not ‘clearly satisfied’ that Crown Melbourne is suitable to hold its casino licence, the licence will be cancelled forthwith.

The Report states 

My Terms of Reference raise a number of questions. Those questions and my answers are: 

Q: Whether Crown Melbourne is a suitable person to continue to hold the casino licence under the Casino Control Act. A: No. 

Q: Whether Crown Melbourne is complying with the Casino Control Act, the Casino (Management Agreement) Act, the Gambling Regulation Act (together with any regulations or other instruments made under any of those Acts), and any other applicable laws. A: No. Crown Melbourne has contravened the Casino Control Act in various respects and has contravened the Casino (Management Agreement) Act in various respects. The details are found in Part 2 of this Report. 

Q: Whether Crown Melbourne is complying with the Crown Melbourne Contracts. A: No. Crown Melbourne has contravened provisions of the Management Agreement and the Casino Agreement. The details are found in Part 2 of this Report. 

Q: Whether it is in the public interest for Crown Melbourne to continue to hold the casino licence in Victoria. A: Not necessary to answer. 

Q: If you consider that Crown Melbourne is not a suitable person, or that it is not in the public interest for Crown Melbourne to hold the casino licence in Victoria, what action (if any) would be required for Crown Melbourne to become a suitable person, or for it to be in the public interest for Crown Melbourne to continue to hold the casino licence in Victoria. A: I recommend that the Casino Control Act be amended to create the position of a Special Manager with power to oversee and exercise control over the affairs of a casino operator who has been found to be unsuitable. In relation to Crown Melbourne, the Special Manager should be appointed to oversee and control its affairs for a period of two years. At the end of that period, the regulator should determine whether it is clearly satisfied that Crown Melbourne has become a suitable person to hold its casino licence and that it is in the public interest for it to do so. Details are explained in Chapter 16. 

Q: Whether Crown Resorts is a Suitable Associate of Crown Melbourne. A: No. 

Q: If you consider that Crown Resorts is not a Suitable Associate of Crown Melbourne, what action (if any) would be required for Crown Resorts to become a Suitable Associate of Crown Melbourne. A: No action is required. If, in two years, the regulator decides that Crown Melbourne is a suitable person to continue to hold its casino licence, it is likely that Crown Resorts will be a suitable associate of Crown Melbourne. 

Q: Whether any other existing associates of Crown Melbourne are not Suitable Associates of Crown Melbourne. A: It is unlikely that James Packer and the CPH group are presently associates of Crown Melbourne. However, they will become associates on the expiry of the undertakings they have given to the Independent Liquor and Gaming Authority (NSW). Details are explained in Chapter 20. 

Q: If you consider that any other existing associates of Crown Melbourne are not Suitable Associates of Crown Melbourne, what action (if any) would be required for those persons to become Suitable Associates of Crown Melbourne. A: Although the CPH group is not currently an associate of Crown Melbourne, I recommend that the Casino Control Act be amended to require the group to reduce its shareholding in Crown Resorts from its current 37 per cent holding to less than a 5 per cent holding. In that event, neither Mr Packer nor the CPH group will become an associate of Crown Melbourne after their undertakings to ILGA have expired. 

Q: Whether you consider changes to relevant Victorian legislation, including the Casino Control Act and the Victorian Commission for Gambling and Liquor Regulation Act, as well as the Crown Melbourne Contracts, are necessary for the State to address your findings and implement your recommendations. A: Yes. The details of all proposed legislative and other changes are found in my recommendations. 

Q: Whether there are any other matters necessary to satisfactorily resolve the matters set out above. A: Yes. The details are found in my recommendations.

The consequent recommendations have two main objectives -  to add to the regulator’s power to obtain information and to create the office of a Special Manager, who may be appointed by the Minister or the regulator to take control of a casino in certain limited circumstances. 

Specific recommendations are

Recommendation 20: New powers for the regulator 

It is recommended that the Casino Control Act be amended to permit the regulator: to require any person attending for an examination under section 26(1)(c) to answer questions on oath or affirmation in addition to the powers conferred by section 26, to require a casino operator or an associate to provide it with a written statement (verified on oath or affirmation) containing such information as the regulator reasonably requires to carry out its duties or perform its functions to make a costs order in respect of any action under section 20 to require the casino operator to retain at its own cost and pay for a suitably qualified expert: approved by the regulator engaged on terms approved by the regulator to inquire into and report to the regulator on any matter the regulator reasonably requires to carry out its duties or perform its functions to direct the casino operator to provide the expert with all information the expert reasonably requires to require the casino operator to comply with any recommendation made by the regulator as a result of an investigation under section 25. 

Recommendation 21: Special Manager 

It is recommended that the Casino Control Act be amended to the following effect: The regulator has power by an instrument in writing to appoint a Special Manager to oversee the affairs of the casino operator: if the regulator is directed to do so by the Minister; or where it appears to the regulator that at least one of the following situations exist: there are reasonable grounds to suspect that the casino operator has contravened, in a material respect, a provision of its casino licence, the Casino Control Act, or any agreement entered into under sections 15 or 142 of the Casino Control Act the casino operator is or may no longer be a suitable person to hold a casino licence it is in the public interest because fraud, misfeasance or other misconduct by a person concerned with the affairs of the casino operator is alleged in any case it is in the public interest. The Special Manager: may be a body corporate or unincorporate if a body corporate or unincorporate, the Special Manager must nominate one or more individuals to carry out any of its functions that can only be undertaken by a natural person. The Special Manager must be qualified for appointment by virtue of their knowledge of, or experience in, industry, commerce, law or public administration. The instrument appointing the Special Manager must specify: the period of the appointment the terms and conditions (if any) to which the appointment is subject any particular functions the Special Manager is to perform any other matter the regulator considers appropriate if appointed at the direction of the Minister, any function specified in the Minister’s direction. The functions of the Special Manager shall be to: oversee the affairs of the casino operator including the casino operations carry out investigations that are specified in the instrument of appointment report to the regulator on any matter it has investigated otherwise comply with any direction in the instrument of appointment. The Special Manager or, if a body corporate or unincorporate, the nominated person(s), should have the following rights, privileges and powers: the rights and privileges of a director of the casino operator, but not the right to vote despite not having the right to vote, the power to: direct the board of directors of the casino operator to take particular action direct the board of directors of the casino operator to refrain from taking particular action if the Special Manager believes that the direction: is in the best interests of the casino operator or of the casino operations; or is necessary to secure compliance with any law or regulation governing the casino operator or the casino operations. A failure to comply with a direction should be a strict liability offence carrying a significant penalty. Without limiting its rights, privileges and powers, the Special Manager may: investigate the affairs of the casino operator and the casino operations attend meetings of the board of directors and any subcommittee of the board attend meetings of the casino operator’s management, including meetings of any audit committee and compliance committee inspect all the books and records of the casino operator obtain the advice of, or services from, any third party including experts require any director, officer, employee or agent of the casino operator to provide such information, including confidential or privileged information, as the Special Manager requires to carry out its duties. A person who fails to comply with a requirement to provide information will be guilty of a strict liability offence with a significant penalty. The court may direct the person to comply with the requirement. The Special Manager may carry out its functions, and any director or officer of the casino operator acting under the direction of the Special Manager must observe that direction, despite: the Corporations Act, except to the extent of any inconsistency the casino operator’s constitution. The Special Manager may if special circumstances arise, and if so directed by the regulator must, make interim reports to the regulator and on the termination of its appointment shall report its opinion on, or in relation to: the conduct of the casino operator and casino operations the particular affairs of the casino operator or casino operations that the instrument of appointment requires the Special Manager to investigate. A report may contain confidential or privileged information. A copy of any interim report and the final report must be forwarded to the Minister. Neither the Minister nor the regulator is to provide a copy of a report to any person unless it is in the public interest to do so. If the report contains information the subject of legal professional privilege, the privilege does not cease. The regulator must consider any interim report or the final report and decide what action, including disciplinary action, it should take. The costs and expenses of the Special Manager and any costs incurred by the regulator in connection with the Special Manager process must be paid by the casino operator. The Special Manager is to be given an indemnity by the State for properly incurred debts. If a Special Manager is appointed to Crown Melbourne: The regulator must within 90 days of receiving the Special Manager’s final report decide whether it is clearly satisfied that: Crown Melbourne has become a suitable person to continue to hold its casino licence; and it is in the public interest that Crown Melbourne’s casino licence should continue in force. The regulator must engage a senior counsel to assist in its deliberations. For the purposes of its decision, the regulator must only have regard to: the Bergin Report (and documents/evidence tendered) the Report of this Royal Commission (and documents/ evidence tendered) the Reports of the Perth Royal Commission (and documents/evidence tendered) the report(s) of the Special Manager. If the regulator is not clearly satisfied that: Crown Melbourne has become a suitable person to continue to hold its casino licence; and it is in the public interest that Crown Melbourne’s casino licence should continue in force, the casino licence granted to Crown Melbourne on 19 November 1993 under Part 2 of the Casino Control Act should forthwith be cancelled. If the regulator has not made a decision within 90 days of receiving the Special Manager’s final report, the casino licence should be cancelled forthwith. 

Recommendation 22: Appointment of the Special Manager 

It is recommended that the Minister direct the regulator to appoint the Special Manager to Crown Melbourne for a period of two years. The direction should specify the matters the Special Manager is required to investigate and report on. Those matters could include the following: details of each direction the Special Manager has given to members of the board whether the direction was complied with whether the casino operator has put in place appropriate policies, processes and structures to meet its obligations under the Anti-Money Laundering and Counter-Terrorism Financing Act whether those Anti-Money Laundering/Counter-Terrorism Financing policies, processes and structures are being implemented whether the casino operator has put in place appropriate risk management policies, processes and structures whether those risk management policies, processes and structures are being implemented whether the casino operator has revised its Responsible Service of Gambling practices to take account of the concerns highlighted in this Commission’s Report whether the casino operator has adopted policies, processes and structures that will enable it to comply with its Responsible Gambling Code of Conduct in force whether the casino operator is complying with its Responsible Gambling Code of Conduct whether the casino operator is conducting its casino operations in a manner that has regard to the best operating practices in casinos of a similar size and nature to the Melbourne Casino whether the casino operator has conducted a ‘root cause’ analysis into the failures outlined in the Bergin Report and in the Report of this Commission, and what the findings were whether there is any evidence of maladministration whether there is any evidence of illegal or improper conduct whether the casino operator has engaged in any conduct that may give rise to a material contravention of any law the conduct of the casino operations generally. Further details of the matters the Special Manager could investigate are set out in Appendix I. 

Recommendation 23: Periodic review 

It is recommended that, if, following the receipt of the Special Manager’s report, the regulator does not cancel Crown Melbourne’s casino licence, the Casino Control Act be amended so that the next investigation due to be undertaken pursuant to section 25 of the Casino Control Act is deferred for at least three years. The manager The following recommendations are designed to assist a manager who is appointed to operate a casino on the cancellation or suspension of a casino licence. Currently, under the Casino Control Act, a manager must manage the casino on their own account. The recommendations will enable the manager to step into the shoes of the casino operator. They also prevent owners of personal property used in the casino operations from taking possession of their property while used by the manager. 

Recommendation 24: Additional functions and powers of the manager 

It is recommended that the Casino Control Act be amended to include the following provisions relating to the manager: Upon appointment the manager: has control of the casino operator’s casino operations and all the property used in those operations may carry on those operations and manage that property may dispose of any of the property used in the casino operations and pay the net proceeds of sale to the persons entitled to the proceeds may perform any function and exercise any power that the casino operator or any of its officers could have exercised in relation to the casino operations when performing a function or exercising a power as manager of the casino operator, is taken to be acting as the casino operator’s agent. The regulator is to determine the rate of compensation payable to the manager by the former casino operator and to approve the costs and expenses incurred by the manager. During the period of management, the former casino operator must: use its best endeavours to facilitate the operation of the casino within the casino complex afford the manager all appropriate rights, including rights of access and egress over the casino complex, as are necessary to enable the manager to operate a casino in the casino complex. The manager is to be given an indemnity by the State for properly incurred debts. 

Recommendation 25: Property rights of third parties 

It is recommended that the Casino Control Act be amended so that a third party cannot, without the regulator’s permission: enforce any security interest (as defined in the Corporations Act) over property that the manager retains for use in the casino’s operations take possession of any property retained by the manager for use in the casino’s operations levy execution on any judgment obtained against the former casino operator. Inspectors Inspectors are in attendance at the casino. These recommendations broaden the inspectors’ functions and give them additional powers. Their purpose is to ensure there is appropriate supervision of conduct on the casino floor and to assist in the detection of criminal activity. 

Recommendation 17: Functions of inspectors 

It is recommended that the Casino Control Act be amended to add to inspectors’ functions the following: to ascertain whether money laundering is taking place to ascertain whether loansharking is taking place to ascertain whether illicit drugs are being sold to make an exclusion order when appropriate on behalf of the casino operator, to withdraw a person’s licence to remain on the casino premises any other functions as are prescribed by regulation. 

Recommendation 18: Powers of inspectors 

It is recommended that the Casino Control Act be further amended so that: inspectors have free and unfettered access to all parts of the casino, all the surveillance equipment used by the casino operator, and all the books and records of the casino wherever they be located any interference with inspectors’ performance of their functions is to be a strict liability offence the contravention of which should carry a significant penalty. The casino operator These recommendations impose obligations on a casino operator to cooperate with the regulator and prohibit the casino operator from giving false or misleading information to the regulator. 

Recommendation 19: Cooperation with the regulator 

It is recommended that the Casino Control Act be amended: to oblige a casino operator to cooperate with the regulator in relation to the performance by the regulator of its functions. Cooperation requires the licensee to make full and frank disclosure of all information that relates to the performance by the regulator of a particular function to oblige the casino operator to notify the regulator of a material breach, or a likely material breach, of the Casino Control Act, the Casino (Management Agreement) Act, the Gambling Regulation Act, its Responsible Gambling Code of Conduct and any agreements made pursuant to sections 15 and 142 of the Casino Control Act. A breach or likely breach will be material having regard to, among other things, the number and frequency of similar previous breaches or likely breaches, the impact of the breach or likely breach and any other matter prescribed by regulation to prohibit the casino operator from making false or misleading statements or providing false or misleading material to the regulator to make a contravention of those obligations a strict liability offence that carries a significant penalty. Structure of the casino operator There are two reasons for these recommendations. One is to put a limit on the ownership of shares in a casino operator to prevent outside influence. The other is to secure the independence of the board and the senior management of the casino operator. 

Recommendation 28: Limit on shareholding 

It is recommended that the Casino Control Act be amended as follows: No person shall have or acquire a relevant interest in 5 per cent or more of the issued capital in a casino operator or 5 per cent or more of the issued capital in the holding company or intermediate holding company of which the casino operator is a subsidiary, without the regulator’s approval. If a person does hold or acquire a relevant interest in 5 per cent or more of the issued capital of a casino operator, or 5 per cent or more of the issued capital in the holding company or intermediate holding company of a casino operator without the regulator’s approval, that holding or acquisition should be deemed to be a breach by the casino operator of its casino licence. ‘Relevant interest’ should have the same meaning as in sections 608 and 609 of the Corporations Act. If the regulator requests the casino operator, its holding company or any intermediate holding company of a casino operator to take steps to discover who holds a relevant interest in the casino operator, or its holding company or any intermediate holding company and they fail to do so, that failure should be deemed to be a breach of the casino licence. The restriction on shareholding should not apply to any existing shareholding in Crown Resorts (at the current holding) and Crown Melbourne, other than CPH’s shareholding in Crown Resorts. It should apply to CPH with effect from September 2024. If a person contravenes the 5 per cent rule, the regulator may serve that person with a notice requiring the person to dispose of the relevant interest within a specified time. A failure to comply with the notice should be an offence with a significant penalty. In addition, the Supreme Court should have power to make any order it considers appropriate to secure compliance with the regulator’s notice, including an order directing the person to dispose of any relevant interest. 

Recommendation 29: An independent board 

It is recommended that the Casino Control Act be amended to impose an obligation that a casino operator must have a majority of its board as independent directors, including independent of any ultimate or intermediate holding company. 

Recommendation 30: Independence of senior management 

For the avoidance of any doubt about the construction of the Casino Agreement, it is recommended that the Casino Control Act be amended so that: the board of a casino operator is not permitted to delegate any of its functions to any person or body of persons other than a subcommittee of the board or an individual director the casino operator must appoint a full-time: chief executive officer (however described) chief financial officer (however described) chief operating officer (however described) heads of Gaming, Surveillance, International and Domestic VIP Business and Compliance (however described) and ensure that those persons do not report to, or take instructions from, any person or group of persons other than the board of the casino operator or an officer of the casino operator the Minister has power to vary these requirements. The amending legislation should make clear that it does not diminish any of the other obligations imposed by clauses 22 and 28 of the Casino Agreement. Money laundering The following recommendations are designed to reduce the incidence of money laundering in a casino. They cover junkets, carded and cashless play, the proper identification of customers, and enhanced cooperation with law enforcement agencies. 

Recommendation 2: Carded play 

It is recommended that a direction be given to Crown Melbourne pursuant to section 23(1) of the Casino Control Act to the effect that carded play be compulsory at the Melbourne Casino for all gaming. 

Recommendation 3: Cashless play 

It is recommended that a direction be given to Crown Melbourne pursuant to section 23(1) of the Casino Control Act to the effect that Crown Melbourne phase out the use of cash at the Melbourne Casino, save for gaming transactions of $1,000 or less. 

Recommendation 1: Improved identification 

It is recommended that section 122 of the Casino Control Act be amended to include a new sub-paragraph for procedures for the verification of the identity of all persons seeking to enter the Melbourne Casino. The system should include requirements for the retention of customer data. 

Recommendation 6: Single patron bank account 

It is recommended that a direction be given to Crown Melbourne pursuant to section 23(1) of the Casino Control Act to the effect that on and from 30 June 2022, it must keep and maintain a single account as approved by the regulator at an authorised deposit-taking institution in the state for use for all banking transactions by patrons. 

Recommendation 8: Regulation of junkets 

It is recommended that the Casino Control Act be amended to prohibit a casino operator from dealing with junket tour operators. 

Recommendation 7: Surveillance footage 

It is recommended a direction be given to Crown Melbourne pursuant to section 23(1) of the Casino Control Act to the effect that it retain all security and surveillance CCTV footage for a period of 12 months. 

Recommendation 4: Information sharing with state law enforcement 

It is recommended that a direction be given to Crown Melbourne pursuant to section 23(1) of the Casino Control Act to the effect that it enter into an information-sharing protocol with Victoria Police. The protocol must set out, to the satisfaction of Victoria Police, the information-sharing arrangements between Crown Melbourne and Victoria Police, which against the background of what Victoria Police needs, prescribes what information Crown Melbourne must provide, and the format and timeframes for the provision of that information. 

Recommendation 5: Information sharing with federal law enforcement 

It is recommended that the regulator, if it deems appropriate, give a direction to Crown Melbourne pursuant to section 23(1) of the Casino Control Act to the effect that Crown Melbourne enter into a similar arrangement with the Australian Criminal Intelligence Commission and the Australian Federal Police. Responsible service of gambling The purpose of the following recommendations is to deal with problem gambling. One recommendation is to make compulsory a pre-commitment system that imposes limits on time and money spent on gambling. The other recommendation is to impose obligations on the casino operator to properly supervise the gaming floor. There are also recommendations dealing with the collection of data that may be used for research into problem gambling. 

Recommendation 9: Player card data 

It is recommended that a direction be given to Crown Melbourne pursuant to section 23(1) of the Casino Control Act that the player card collect, to the extent practicable, data relating to: player buy-in (time, amount) player buy-out (time, amount) play periods (date, start time, end time) player turnover player losses and wins gambling product such further information as the regulator reasonably requires for anti-money laundering and Responsible Service of Gaming purposes. 

Recommendation 10: Pre-commitment and time limits 

It is recommended that as soon as possible, the YourPlay system be a full, mandatory, binding, pre-commitment system for Australian residents gambling on EGMs at the Melbourne Casino. The pre-commitment system should operate in the following manner: Each player must set a daily, weekly or monthly time limit and a daily, weekly or monthly loss limit. If the pre-set time limit or the pre-set loss limit is reached, the player cannot continue to gamble on an EGM and the limit(s) cannot be altered, for 36 hours. No player can gamble on an EGM for more than 12 hours in any 24-hour period. If a player has gambled for 12 hours in any 24-hour period, the player must take a break for 24 hours. A player cannot gamble continuously on an EGM for more than three hours. A player must take a break of at least 15 minutes after three hours of continuous gambling. A player cannot gamble on EGMs for more than 36 hours per week. There should be a default pre-set loss limit that the player can modify. The default pre-set loss limit should be set by regulation. It could be calculated by reference to the median income of a wage earner less the standard cost of living. Or it could be calculated by estimating the median losses of a recreational gambler. The pre-set loss limit should be reviewed at least annually. For the effective operation of a full, mandatory, binding YourPlay system, internal control systems are needed to ensure that a customer is unable to acquire more than one card. The systems need to be approved under section 122 of the Casino Control Act. 

Recommendation 11: Gambling Code 

It is recommended that a new Ministerial Direction be made under section 10.6.6 of the Gambling Regulation Act, in respect of a casino operator, which includes the following requirements: a duty to take all reasonable steps to prevent and minimise harm from gambling, including by monitoring the welfare of players, discouraging intensive and prolonged play and intervening when a person is displaying behaviour that is consistent with gambling harm a duty to take all reasonable steps to ensure that players on the gambling floor are regularly observed to monitor behaviour that is consistent with gambling harm a duty to ensure that there is a sufficient number of responsible gambling officers (however called) at the casino. It is recommended that the Ministerial Direction: set maximum play period limits prescribe how long a break in play should be identify the period at which players should be interacted with, and the form of interaction, while gambling. Different rules will be needed for different gambling products. For EGMs, the periods of play should mirror those recommended for YourPlay. For other gambling products, the limits should not be less onerous than those approved by Crown Resorts in May 2021 for domestic customers. 

Recommendation 12: Data collection 

It is recommended that to facilitate data collection for research purposes there should be established a Gambling Data Committee made up of three persons, one appointed by the regulator, one appointed by Crown Melbourne and one appointed by the Victorian Responsible Gambling Foundation. The committee should have the following functions: to identify the data to be included in a repository to ensure the data is up-to-date and comprehensive. The committee should be required to carry out the following tasks: oversee the design and structure of the repository and its user interface identify the data that is to be publicly available and data that will have restricted access ensure processes and procedures are put in place for the efficient maintenance and updating of the repository establish protocols to anonymise data to respect the privacy of gamblers establish a register of recognised researchers establish a simple process by which a request for data is to be made. 

Recommendation 13: Crown Melbourne data 

It is recommended that the committee have power to direct Crown Melbourne and the monitoring licensee for the YourPlay system to provide data that is reasonably required and in a particular format. 

Recommendation 14: Costs of data collection 

It is recommended that the cost of establishment and operation of the committee is paid for by the government, with staff and Secretariat support provided by the Victorian Responsible Gambling Foundation. Miscellaneous The following recommendations deal with a variety of subjects such as the consequence of the non-payment of casino tax, removing the circumstances in which the State may be liable to pay damages for action taken in consequence of a casino operator’s conduct and the review of penalties under the Casino Control Act that were fixed 20 years ago. There is also a recommendation to clarify the definition of an ‘associate’. 

Recommendation 16: Unpaid casino tax 

It is recommended that the Taxation Administration Act be amended to cover casino tax payable under the Management Agreement as well as any other taxes payable under the Casino Control Act. 

Recommendation 31: Actions against the State 

It is recommended that legislation be enacted to the effect that: no action claim or demand whatsoever may be made or allowed against the State of Victoria or any responsible Minister of the State in respect of any damage, loss or injury alleged to have been sustained as a result of the implementation of any recommendation made in this Report no decision made to implement any recommendation in this Report may be subject to any appeal or any order in the nature of certiorari, prohibition or mandamus or the grant of any declaration or injunction. 

Recommendation 15: Damages payable by the State 

It is recommended that the following obligations under the Management Agreement be repealed: the obligation on the State or the regulator to obtain the written consent of Crown Melbourne before action is taken to cancel or vary Crown Melbourne’s casino licence pursuant to section 20(1)(e) of the Casino Control Act the obligation on the State to pay compensation pursuant to clauses 24A.3 or 24A.4 for action taken by the State or the regulator that is a Trigger Event, if a reason for the cancellation or variation or action (as the case may be) is the conduct of Crown Melbourne. 

Recommendation 27: Penalties 

It is recommended that there be a thorough review of all the penalties imposed by the Casino Control Act. Most should be substantially increased. Special attention should be given to the penalty to be imposed for disciplinary action. Currently the penalty is a fine not exceeding $1 million. It is recommended that the penalty be increased to at least $10 million. 

Recommendation 32: Definition of associate 

It is recommended that the Casino Control Act be amended so that ‘associate’ means: the holding company and each intermediate holding company of the casino operator (holding company to be defined as in the Corporations Act); any person who has a relevant interest (as defined in the Corporations Act) in at least 5 per cent of the issued capital of the casino operator, or any of its intermediate holding companies or its ultimate holding company; any director or officer (as defined in the Corporations Act) of the casino operator, any of its intermediate holding companies or its ultimate holding company; and any individual or company certified by the regulator to be an associate. 

Recommendation 33: Increase in shareholding 

It is recommended that an associate cannot increase its relevant interest in the issued capital of the casino operator, or any of its intermediate holding companies or its ultimate holding company, without the written approval of the regulator. 

Recommendation 26: The area of the sub-lease 

It is recommended that steps be taken to ensure that the area in which the Melbourne Casino’s casino operations are being conducted and the area that is to be the subject of a sub-lease under the Management Agreement are the same. If the matter cannot be agreed then legislation will be necessary.