Monthly Deep Dive

The clearest signal of supervisory intent came not from an enforcement action but from a promotion. Ng Wai Han, who took the chair of the Gaming Inspection and Coordination Bureau in May 2025 as the first woman to lead it, was elevated by a State Council decision on 10 June to Secretary for Economy and Finance — the portfolio that sits above the gaming regulator and owns the concession relationship. The official most associated with the bureau’s activist line now sets economic policy for the operators she lately supervised. That activist line is a matter of record: through 2026 the DICJ signalled it would "fine-tune" the scope of the six concessionaires’ non-gaming investment, pressing on whether promised hotels, arenas and MICE capacity genuinely advance Macau’s economic and reputational goals rather than merely discharging a licence condition. The junket channel reflects the same instinct — 29 promoters sanctioned for 2026, up about 21% year-on-year yet far below the cap of 50, a larger but more tightly structured book. With the bureau’s top job awaiting a named successor, the half closed with the most interventionist personality in recent Macau gaming history moved up rather than out. Operators expecting a softer touch in the second half are reading the appointment backwards.

If Macau supplied the direction, Australia supplied the precedent. In finalising the Australian Securities and Investments Commission’s case against former Star Entertainment officers, the Federal Court disqualified former chief executive Matthias Bekier for six years with a A$700,000 penalty, and former chief legal and risk officer Paula Martin for seven years with a A$400,000 penalty — while finding that the non-executive directors had not breached their duties. The court drew its line not around the whole board but around the two officers who owned the risk function. And the conduct it turned on is the monitoring room’s own daily work: the failure to deal properly with a KPMG report that had already identified deficiencies in Star’s anti-money-laundering processes, the unmanaged risk from a junket’s operations in a private salon, and the failure to escalate the impermissible use of China UnionPay cards by patrons. None of that is exotic. It is seeing a control gap, escalating it, and acting on it — the elementary loop of a control function. The officer who can produce a contemporaneous record of what was flagged, when, and what was done has a defence; the officer reconstructing that record after the regulator asks does not. AUSTRAC’s separate civil-penalty case against the operator, in which the regulator seeks at least A$400 million, remains live and is the larger exposure still to land. The personal bans are the half-year’s sharpest instruction: accountability now attaches to the human who held the role.

Where Australia personalised accountability, Singapore operationalised proof. The Gambling Regulatory Authority censured the operator of Resorts World Sentosa not for lacking an internal control but for failing to implement one it had designed and the regulator had approved — a membership account-status check that ran on incomplete data because of a single configuration error. No fraud, no money lost, no patron harm cited, and still a formal enforcement action, because an approved control that does not run as approved is, to a modern regulator, not a control at all. The discomfort is in the pattern: it is the third time since 2020 that the same operator has been cited under the same internal-controls regulation. The half-year’s commercial data sharpened the point. Resorts World Sentosa entered a period of transformation with first-quarter revenue down about 3%, adjusted EBITDA down about 24%, and its rolling-chip share at an all-time low near 20%, even as Marina Bay Sands pulled away with net revenue up roughly 28% and began an US$8 billion expansion. Transformation — new systems, layouts, staff and thresholds — is exactly when approved controls drift from what is actually running. Singapore’s message is that the regulator will now look for the drift, and will treat the gap between approved and operating as the violation itself.

Manila spent the half-year redrawing a structural line: the separation of the regulator from the operator. PAGCOR’s plan to "decouple" — to sell the state-owned Casino Filipino estate and become a pure licensing-and-supervision body — advanced toward a green light from the Governance Commission for GOCCs, with privatisation targeted for late 2026 into 2027. The reform follows the 2024 prohibition of offshore operators and a deliberate pivot toward cleaner books over headline revenue. The surveillance relevance is institutional: a regulator that no longer runs casinos can supervise them without the conflict of grading its own homework, and the regional direction of travel — toward regulators that test and licence rather than operate — is unmistakable when read alongside Macau’s and Singapore’s moves.

Put the four jurisdictions on one page and the instruction is singular. Supervision became personal — the individual who owns a control owns its failure — and it became active — the regulator wants to see the control run, not read that it exists. Both axes converge on the same artefact: a dated, contemporaneous record. The Star officers were undone by the absence of evidence that they had escalated and acted; Resorts World Sentosa was caught by the absence of evidence that an approved control was operating on complete data. In each case the missing thing was not a policy but a proof. This is the regulatory technology of the moment: from possessing a risk assessment to running one on a documented cycle, from approving a control to assuring it operates, from a board that oversees to an officer who is named. The departments that thrive in the second half will be those that treat their own evidence trail as a deliverable.

The work is unglamorous and entirely within reach. Inventory every internal control your department owns, beginning with those a regulator has approved, and for each confirm three things in order: that it is configured and actually running in the system meant to enforce it; that the data it depends on arrives complete and current; and that its output reaches a named human on a path that works in real time. Then schedule a periodic re-test, assign an owner, and log the result so the assurance is itself evidenced. Separately, audit your escalation trail: for the risks your function has identified this year, can you produce the dated record of what was flagged, to whom, and what was done? If the answer is reconstructed rather than contemporaneous, that is the gap the Star judgment says will cost an individual their registration. Build the record before you need it, because its entire value is that it predates the question.

Three developments will set the tone. Who succeeds Ng Wai Han at the DICJ, and whether the appointment preserves the activist supervisory line into a softer-revenue half. The progression of AUSTRAC’s civil-penalty case against Star, which will price how a mature market values an AML-control failure at the institutional, not just the individual, level. And whether other Asia-Pacific regulators follow Singapore toward explicit control-implementation testing rather than design approval alone. The throughline for surveillance and compliance directors is simple to state and hard to live: in 2026 an approved control is a promise and a written policy is an intention. Only a dated record that the control ran, reaching a named person who acted, is a fact — and facts are the only thing that survives an audit.

Ng Wai Han’s elevation to Secretary for Economy and Finance (State Council decision, 10 June 2026) and DICJ tenure — GGRAsia, Asia Gaming Brief, Inside Asian Gaming, Macau Daily Times, iGaming Business. DICJ non-gaming "fine-tuning" and the 2026 junket count — Focus Gaming News, Yogonet. Star Entertainment officer penalties (ASIC v Bekier and Martin) and the live AUSTRAC civil-penalty case — Federal Court of Australia outcome via ASIC, Inside Asian Gaming and the Australian financial press, as documented in this publication’s June Weekly Briefs. Resorts World Sentosa censure and internal-controls history — Singapore Gambling Regulatory Authority enforcement record via GGRAsia, Inside Asian Gaming and SiGMA World; Q1 2026 results for Marina Bay Sands and Resorts World Sentosa — Las Vegas Sands and Genting Singapore disclosures. PAGCOR decoupling and Casino Filipino privatisation — Philstar, Asia Gaming Brief, GMA News. Interpretation and recommendations are Surveillance Intelligence Asia’s own analysis.