.svg)
Australia鈥檚 Tabcorp Holdings has been fined A$1m ($642,000) by the Victoria state gambling regulator for failing to follow directions in the aftermath of a data centre outage in late 2020.
The Victorian Gambling and Casino Control Commission (VGCCC) on Monday (September 4) issued the fine to subsidiary Tabcorp Wagering (VIC) Pty Ltd for failing to provide an adequate third-party assessment of Tabcorp鈥檚 disaster recovery capability and a subsequent due diligence report on deadline.
鈥淲hat this disciplinary action should show, to Tabcorp and to others, [is] that non-compliance with directions will not be tolerated and cannot be treated as a mere cost of doing business,鈥 the said.
The A$1m fine, a record for the company in Victoria, was at the lower end of a maximum permitted fine of just over A$9m for the two breaches.
Triggered by a 鈥渟moke and likely fire鈥 incident, the data centre outage in Sydney in November 2020 resulted in disruption of 鈥渃ore Tabcorp internal and customer-facing systems, and subsequently the shutdown of core customer services鈥, according to the decision.
The system outage affected 鈥渁pproximately 700 servers 鈥 across the business, further impacting applications in the managed private cloud environment 鈥 across Gaming, Lotteries and Keno, Wagering, and Tabcorp鈥檚 corporate systems鈥, it said.
The outage, which occurred during the 2020 Spring Racing Carnival, also caused an EBITDA loss of around A$10m for the company.
However, Tabcorp鈥檚 regulatory response to the incident began to fall apart when it refused to provide an initial Deloitte report into the incident to the VGCCC, forcing the regulator to 鈥渢urn to its compulsory powers to gain assurance that another outage would not occur鈥.
Subsequently, the regulator ordered Tabcorp to deliver an independent expert assessment of its 鈥渂usiness continuity and disaster recovery infrastructure and processes for the wagering and betting system鈥 by the end of August 2021.
That report, also by Deloitte, was delivered late and failed to satisfy the regulator that the company鈥檚 amended disaster recovery protocols were 鈥渇it for purpose鈥.
Tabcorp further antagonised the regulator when it delivered a separate due diligence assessment by Deloitte of disaster recovery capacities some four months after an extended deadline.
Although the VGCCC decision said it could not find that Tabcorp acted with 鈥渃apriciousness鈥, it criticised 鈥淭abcorp鈥檚 apparent lack of interest in engaging positively, proactively and promptly with the commission to resolve areas of disagreement or matters requiring clarification鈥.
It also expressed concern that 鈥渃urrent Tabcorp management continues to show an inclination towards minimising its own responsibility for the contravening conduct by pointing the finger at others, namely the commission and Deloitte鈥.
VGCCC chair Fran Thorn said in a statement on Tuesday (September 5) that the regulator 鈥渨ill not tolerate licensees that are not forthcoming and cooperative when the commission investigates鈥.
She said: 鈥淭he commission had to use its compulsory powers and issue directions because Tabcorp did not provide the information we required about the business continuity and disaster recovery capability of its systems.
鈥淚t is Tabcorp鈥檚 failure to comply with these directions that has led to the fine announced today.鈥
The Tabcorp fine is one of a growing number of punitive actions by the VGCCC against non-compliant licensees and confirms its aggressive approach in overseeing all gaming segments.
