ACAMS Today: Under the Bank Secrecy Act, Casinos Must Know Their Players

In December 2015, the American Gaming Association (AGA), in consultation with the Financial Crimes Enforcement Network (FinCEN), released newly updated AML best practices for casinos.1 Among other valuable information, the best practices describe the role that risk-based assessments should play in a casino’s compliance program under the Bank Secrecy Act (BSA), and provide guidance for customer due diligence (CDD) practices.This updated guidance marked the gaming industry’s response to a year of heightened regulatory scrutiny, with FinCEN targeting three of its 11 enforcement actions in 2015 against casinos. Those actions underscored that casinos, as complex financial institutions conducting millions of dollars in transactions every day, must perform risk-based CDD. When certain risk factors are present, this can mean taking steps to learn a customer’s source of wealth or funds, particularly when an overseas affiliate or junket is referring patrons and money to the casino.Of course, all casinos must comply with the BSA’s bedrock reporting and recordkeeping requirements.2 At its most basic level, this entails reporting any currency transaction that exceeds $10,000 in a day (31 C.F.R. §§ 1021.311, 1021.313); reporting any transaction or attempted transaction that appears without lawful purpose, is suspected to involve illicit funds, or is designed to evade BSA reporting requirements (31 C.F.R. § 1021.320); and, with respect to each deposit of funds or extension of credit, maintaining a record of the name, permanent address, and (as appropriate) Social Security number of all casino patrons with a financial interest in the funds (31 C.F.R. § 1021.410).But a casino can satisfy these core BSA obligations only when it knows its players, especially those at highest risk for money laundering. When casinos fail to gather sufficient information to make an informed assessment of their patrons’ conduct, and are thus incapable of detecting and reporting potentially suspicious transactions pertaining to the company’s wealthiest (and riskiest) clientele, they will be vulnerable to would-be money launderers—such as those seeking to clean tainted money through games of chance, or foreign nationals trying to move wealth undetected out of their home jurisdiction.Importantly, due diligence on all players is not required. Under the BSA, casinos must design and implement risk-based AML programs to separate higher risk patrons (for whom due diligence is reasonably expected) from lower risk patrons, such as the casual gambler who wagers sums far less than the reporting threshold. Such higher risk patrons may include those who:Bring large amounts of money to casinos and play high-stakes games, such as in private gaming salons;Participate in games more susceptible to money laundering, including games (baccarat and roulette come to mind) that could allow confederate patrons to bet both sides;Appear to be associated with individuals or entities known to be connected with the illicit generation of funds; Claim connections with businesses that have no actual operations; Are patrons referred from an overseas affiliate or junket; The casino comes to learn are citizens or residents of countries at higher risk for illicit activity, from narcotics trafficking to money laundering and terrorism; Are known to be entrusted with an important public position and their associates (otherwise known as politically exposed persons), thereby posing a corruption risk; or Request that funds be wired to a third party, or offer to pay a line of credit with funds from a third party.Although the BSA does not set forth bright-line rules in this area, if one or more of these risk factors exists, a casino may need to conduct due diligence on the player. And, like a traditional financial institution, the casino is expected to gather more than just a name and address. Beyond verifying identity, steps should be taken to learn the player’s livelihood and source of wealth or funds, with the purpose of evaluating whether a player’s transactions reasonably evoke suspicion and thus trigger the BSA’s suspicious activity reporting requirements. For instance, only through adequate CDD can a casino detect that a particular player’s gambling activity is at odds with his or her livelihood, such as a career public servant patronizing the high-stakes baccarat table in a $300,000 minimum private gaming salon. This due diligence process need not be burdensome. It may entail as little as asking a few additional questions when a patron takes out a credit line.With this focus, the updated AGA best practices list a number of resources and search methods—beyond inquiring of a patron—to obtain relevant CDD:Public records and negative media; Online records of court activity; The Federal Trade Commission’s antifraud website;The Office of Foreign Assets Control’s listing of sanctioned individuals; Information-sharing arrangements with other financial institutions; andCommercial screening products from third-party vendors, which identify and aggregate information from the above sources and more.The AGA offers many other sound methods by which a casino can limit its likelihood of violating the BSA, such as bolstering policies and procedures related to patron identification and verification, and measures preventing patrons from undertaking transactions that, by their very nature, pose a higher risk of suspicion (such as cash-to-casino check exchanges). All told, the gaming industry appears to be adapting to the greater degree of regulatory scrutiny aimed at gambling institutions. As part of this process, casinos must continue to strengthen their CDD practices, lest they face fines and reputational damage going forward.This article was originally published in ACAMS Today in March 2016.