when using multiple conditions in an access rule, the first condition that it comes to that passes will cause the rule to pass.
IT's not a matter of each rule being separated by AND or OR.
in each rule, the first condition is:
Allow If $_SESSION['SecurityAssist_MemberID'] NOT Equal "" (in other words, Empty)
so if the SecurityAssist_MemberID session has a value, the rule will pass since it knows to allow in that case. it does not process the other conditions.
your login page should be set to set the SecurityAssist_MemberID and RegType sessions when the login happens, in other words, the RegType session should not be able to have a value without the SecurityAssist_MemberID session also having a vaue. So in reality, both checks arent needed.
you really only need the condition for
Allow If RegType = 1
you dont really need the first condition.
but if you want to double check the SecurityAssist_MemberID, use the condition:
Restrict IF $_SESSION['SecurityAssist_MemberID'] EQUALS ""