Despite recent improvements in the gaming industry’s efforts to combat money laundering, enforcement actions by U.S. and foreign regulators have put casino operators on notice that their anti-money laundering (AML) programs and related internal controls are being subjected to greater scrutiny. Consequences have escalated for programs that are determined to be weak or ineffective, and that trend is expected to continue. Compliance officers are facing personal consequences for violations by their companies since a court confirmed the Bank Secrecy Act allows penalties against a “partner, director, officer, or employee.”
Regulators Step Up Enforcement Actions
In June 2015, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) fined the Tinian Dynasty Hotel & Casino $75 million for “willful and egregious” Bank Secrecy Act (BSA) compliance violations. The civil fine was the largest ever issued against a casino by FinCEN. At the time, the agency had only issued three larger fines to any entity, all three large banks. The casino based in the Northern Mariana Islands (a U.S. commonwealth) had allegedly systemically failed to file suspicious activity reports (SARs) or currency transaction reports (CTRs). In fact, a 2013 investigation uncovered a backlog of more than 2,000 unfiled CTRs. FinCEN also fined the VIP services manager of the casino for AML violations and has permanently prohibited him from working at any US financial institutions.
Before the Tinian Dynasty fine, the largest FinCEN- issued civil penalty against a casino was a $10 million fine to the Trump Taj Mahal in Atlantic City, issued in March of 2015. The casino acknowledged the violations of AML laws, which again included the failure to file required CTRs and SARs, in addition to violating record-keeping requirements.
There were only three civil penalties issued by FinCEN against casinos in the period from 2003 to 2014, totaling just $1.6 million.Since the beginning of 2015 through November 2016, seven civil penalties have been issued against casinos amounting to approximately $110 million. In fact, during the same period, approximately half of FINCEN’s enforcement actions were against casinos. These increases in the amount and frequency of penalties are evidence that FinCEN is taking action to encourage casinos and the individuals responsible for AML compliance to improve the effectiveness of their AML programs.
Future penalties may also be on the rise. On June 30, 2016, FinCEN announced amendments to regulations under the Bank Secrecy Act (BSA) to increase the maximum amount or range of civil monetary penalties. The changes follow Congress’ passage of the Federal Civil Penalties Inflation Adjustment Improvements Act of 2015, which amended the 1990 act of the same name, and went into effect August 1, 2016. The amendment now requires agencies (including FinCEN) to make an initial “catch-up” adjustment as well as subsequent annual adjustments for inflation and changes in the cost of living. Many of FinCEN’s civil penalty amounts have not been adjusted for decades, meaning that these penalties will rise by substantial amounts. For example, FinCEN’s announcement described increases to the “willful or grossly negligent recordkeeping violations” penalty as follows:
“The $10,000 penalty amount set out in 12 U.S.C. 1955 was last adjusted by statute in 1988. The inflation factor for 1988 is 1.97869. Multiplying the penalty amount of $10,000 by the inflation factor of 1.97869 results in an inflation-adjusted maximum penalty amount of $19,787, when rounded to the nearest dollar.” Other regulators will also be required to make similar adjustments to penalties because of the Act.
FinCEN isn’t the only regulatory body issuing fines and enforcement actions in the United States. Las Vegas Sands was required to return $47.4 million to the U.S. Treasury in 2013 when the U.S. Department of Justice (DOJ) asserted that the casino operator failed to notify regulators or file SARs when a high-stakes gambler, who was later connected to international drug trafficking, made multiple large and suspicious deposits at The Venetian in 2006 and 2007. The Nevada Gaming Control Board (NGCB) fined Las Vegas Sands another $2 million in 2016, related to the original DOJ complaint. Separately, the NGCB fined Caesars Entertainment $1.5 million in 2015 due to what it referred to as multiple “systemic and severe” gaps in its AML program.
The U.S. government has repeatedly told casinos to improve their compliance standards. “[Casinos] must continue their progress in thinking more like other financial institutions” to identify money-laundering risks, said Jennifer Shasky Calvery, then director of FinCEN, at a conference in June of 2014. She reiterated this point at the ACAMS AML Conference in April of 2016, stating, “We have worked hard at FinCEN over the years to ‘level the playing field’ in the AML space. That means ensuring that banks, credit unions, money services businesses, casinos, card clubs, and many others all have appropriate AML protections.”
The increase in regulatory scrutiny and enforcement actions challenges an industry that has worked to protect the privacy of VIP customers. Those who work in the industry fear that high-roller patrons might be apprehensive to play if they knew their activity would be recorded, monitored and potentially provided to the government via CTRs or SARs. While other financial institutions have historically invested more in dedicated, third-party AML transaction monitoring systems, casinos have tools at their disposal as well. Regulators have recently called for better utilization of casinos’ automated player-tracking systems to aid in compliance efforts, such as identifying suspicious patterns of play or activity.
In its December 2016 Mutual Evaluation Report of the United States’ compliance with Financial Action Task Force (FATF) guidelines, FATF commented on the increased number of quality SAR filings by casinos as a positive development. “Because of FinCEN’s focus on casinos, more robust monitoring of activity is occurring, as demonstrated by increases in both quantity and quality of CTR and SAR reporting by casinos.”
FATF also credited the casino industry’s overall improved compliance posture:
“Casinos have developed a good understanding of risks and obligations and apply preventive measures. […] The recent AGA (American Gaming Association) research study supports the view that the gaming industry has taken significant steps to comply with AML/CFT requirements and to prevent potential ML (money laundering) and TF (terrorist financing) in the last five years. This industry specific-survey […] indicates that casinos have not only increased their compliance spending but have also put in place mitigating measures above the requirements of the BSA based on their risk. This was confirmed by on-site discussions with casinos and their regulators.”
While progress has been made in the industry, much of it is in response to the increased regulatory scrutiny. Casinos must remain vigilant in their compliance efforts or risk financial and reputational damage, as well as personal liability for compliance officers and other casino directors.
Background on Casino AML Programs
Financial transactions for casinos can differ from other financial institutions. These include:
- Purchases or redemptions of chips, tokens and gaming instruments
- Front money deposits or withdrawals
- Safekeeping deposits or withdrawals
- Payments of advances on any form of credit, including markers and counter checks
- Bets or payments of bets in currency
- Currency received by a casino for transmittal of funds through wire transfer for a customer
- Purchases or cashing of checks or other negotiable instruments
- Facilitating foreign currency exchanges
- Reimbursement for customers’ travel and entertainment expenses by the casino.
Since 1985, casinos have been required to comply with various reporting and record-keeping requirements of the Bank Secrecy Act (BSA). In 2001, Congress’ passing of the USA PATRIOT Act further defined licensed casinos with annual gaming revenue of more than $1,000,000 as “covered financial institutions,” therefore requiring that they maintain a formal, risk- based AML program. As non-depository institutions, casinos are specifically referred to in the USA PATRIOT Act as non-banking financial institutions (NBFI). Casinos, as NBFIs, are subject to a number of elevated money laundering and terrorist financing risks due to the nature of the business. Those risks include, but are not limited to:
- Cash intensiveness
- High volume of transactions
- High-risk nature of customer base (e.g., high net worth; geographically dispersed; lack of ongoing relationships with customers)
- Subject to varying, often fewer, levels of regulatory requirements and oversight as compared to traditional financial institutions (e.g., banks and credit unions)
- Potentially weaker controls than traditional financial institutions.
To combat those risks, casinos, similar to other financial institutions, are required to maintain four fundamental pillars of an effective AML program, in addition to the reporting and record-keeping requirements of the BSA. Those four pillars include:
- Development of written internal policies, procedures and controls
- Designation of an AML compliance officer
- Ongoing AML employee-training program
- Independent testing of the AML program.
On May 11, 2016, FinCEN issued its long-awaited final rule on customer due diligence (CDD) and beneficial ownership information requirements. As a result of the rule, an additional CDD pillar has been added to the original four and currently applies to banks and broker dealers, but does not include casinos. Given some of the recent issues in which transactions were performed through third parties (for example, junket operators or sports betting conducted on behalf of someone else), casinos would be well-advised to follow the principles set forth in the final CDD rule.
Point of View
Although the gaming industry has shown improvements in efforts to combat money laundering and terrorist financing, as evidenced by the Mutual Evaluation Report, there is more ground to cover. We have highlighted certain actions that can be performed by casinos if they are not occurring yet:
Risk assessments should be shared with the proper stakeholders in the organization: Effective BSA/ AML programs should take a risk-based approach, which starts with conducting a risk assessment, at the property level. Each property has unique demographics, customer types, and regulations that need to be assessed. Risk assessments should be reported to executive leadership. Risk assessment results should be used to customize AML compliance programs, including placing focus where it is most needed—in customer due diligence (CDD) and transaction/customer monitoring processes. While there is no standard frequency at which risk assessments should be completed, management should establish and adhere to a reasonable frequency.
Standards for customer due diligence (CDD) should be developed and shared with the employees: CDD programs must evolve and take a risk-based approach to gaining a better understanding of patron relationships and identifying those that may pose the greatest risk of money laundering. This starts with the risk assessment. Additional scrutiny should be placed on those higher risk customers, including junket representatives, in the following areas:
- Verifying source of wealth and funds
- Screening against sanctions lists and searching for politically exposed persons (PEPs)
- Researching known associates
- Conducting negative news searches
- Reviewing casino host notes
- Analyzing customer play/activity.
CDD and EDD (enhanced due diligence) policies and procedures need to be aligned with heightened regulatory expectations, recent trends and industry best practices. Casinos should have documented procedures in place to terminate customer relationships that exceed acceptable risk tolerances set by the organization. For example, a customer with a predetermined number of SARs filed is automatically added to the banned player list.
Evaluate Resource Needs: Higher stakes and evolving and expanding regulatory requirements mean higher spending for most casino BSA/AML programs. In general, more resources—dollars, employees, and systems—are being dedicated to AML compliance, and more training is required for those focused on AML compliance as well as other casino employees involved in supporting those efforts indirectly. It is essential for AML compliance officers to request adequate funding support from executive leadership. A precedent has already been set for holding casino AML compliance officers personally accountable for BSA violations.
Information Sharing with Regulators and Law Enforcement: While information sharing with regulatory agencies and law enforcement officials is mandatory under section 314(a) of the USA PATRIOT Act, and casinos should have existing procedures in place for responding to any related inquiries, some casinos may find they have gaps in these procedures, as FinCEN has not historically issued these requests to casinos. In a 2014 BSA Conference speech to casino industry leaders, then FinCEN Director Jennifer Shasky Calvery stressed the importance of the 314(a) information sharing program and its likely forthcoming usage within the casino industry. She noted that 95% of the more than 43,000 314(a) requests to banks and other entities have led to arrests or filed charges. Separately, FBI Criminal Investigation Division Deputy Assistant Director Chris Warrener, in May of this year, emphasized the potential for both the casino industry and regulators to benefit by increasing collaboration and discussions on issues currently being experienced in the industry.
Information Sharing with Other Casinos: In the same 2014 speech given by then FinCEN Director Jennifer Shasky Calvery, she highlighted the importance of the 314(b) voluntary information sharing program. Information sharing could occur with other casinos or even other financial
institutions under the safe harbor of this program.
Shasky Calvery discussed the option of sharing information through a thirdparty that could register with FinCEN, which may alleviate casinos’ concerns about sharing information directly with competitors. This approach has been utilized
by other types of financial institutions. FATF commented in its December 2016 Mutual Evaluation Report that “casinos and FinCEN both indicated that they are not yet operational participants in the s.314(a) arrangements, and casinos themselves did not appear to understand that they are covered by s.314(b). Use of the procedures provided for by these provisions could increase the effectiveness of preventive measures in casinos.”
In January 2017, FinCEN issued new guidance that allows casinos to share SARs or information related to SARs with other offices, casinos, or affiliated gaming entities that are under the same parent company and located within the United States. Casinos should take action on this and also revisit their existing policies and procedures on confidentiality related to SARs.
Revisit Training Programs on an Annual Basis: Management should revisit BSA/AML training materials on a regular basis, customizing training modules for different job roles, both for casino operators and compliance personnel. Operators can contribute more effectively to compliance efforts by developing an understanding of red flags. Examples of red flags include:
- Gaming transactions that do not correspond with the customer’s profile (e.g., stated business, income/salary)
- Large transactions with minimal gaming activity
- Structuring of cash transactions in an attempt to evade CTR requirements (e.g., US$9,900)
- Customer betting with unusual characteristics (e.g., betting both sides of an even bet)
- Customer transfers chips to other individuals to cash out
- Customer redeems chips for casino checks that amount to significantly more than the amount of funds deposited with no apparent winnings to account for the additional amount
- Customer departs casino without cashing out chips, an activity referred to as “chip walking.”
Quality of BSA Filings: The filing rate for SARs and CTRs has increased dramatically in recent years. Law enforcement officials have also alluded to an improvement in the quality of content in these filings. Casino AML compliance personnel should focus on continuing to improve the quality of narratives. Casinos that have been cited previously for SAR deficiencies or that find themselves under additional scrutiny by regulators for another infraction should avoid “defensive filing”—i.e., needlessly filing SARs for activity that typically wouldn’t warrant a SAR—which has been identified by FinCEN as an issue for banks.
Monitor, Measure and Report Risks and Performance Metrics: Management should establish acceptable levels of risk (risk appetite) and develop key risk/ performance indicators (KRI/KPI) in the following areas: customer risk management, information sharing, technology and data, transaction monitoring, staffing and governance. Example metrics include:
- Training statistics by status (e.g., passed, failed, outstanding)
- Aging of open corrective action items (as identified via independent audits—e.g., internal audit, third party, regulator)
- Number of SAR filing errors
- Number of SARs/CTRs filed
- Average time to file SARs/CTRs
- Number of active patrons with 3+ SARs filed
- Number of terminated patron relationships for BSA/AML reasons
How We Can Help
Protiviti has a dedicated Anti-Money Laundering (AML) team within its Regulatory Risk Consulting practice. The core members of our AML practices are former financial institution regulators, financial institution compliance officers, fraud and forensic specialists, technology experts, and individuals with hands-on experience working in financial institutions of all types. Protiviti’s AML team members have considerable experience advising institutions of all types, including casinos, on the design and implementation of their AML/CFT compliance programs, conducting independent tests of AML/CFT compliance program effectiveness and conducting money laundering investigations. For AML/CFT compliance updates and news, please visit www.protiviti.com/AML.
Our team helps companies with the following solutions:
- Design and Implementation of AML/CFT Risk Assessments
- Program Development, Implementation and Review
- AML/CFT System Vendor Selection and Utilization
- Model Assessments and Data Validation for AML/ CFT Systems
- OFAC Sanctions Compliance Program Design and Reviews
- Money Laundering Investigations
- Independent Testing of AML Programs
- Program Remediation
- Focused Training