AML Compliance Regulations for Casinos
The casino industry has grown significantly in recent decades as an increased number of jurisdictions have taken advantage of the revenue generated from legalized gambling. Accompanying this growth are certain challenges and obligations which stem from the fact that casinos possess a number of inherent vulnerabilities that make them particularly susceptible to money laundering. Consequently, casinos are subject to various reporting and record-keeping requirements and must ensure that adequate compliance measures are in place in order to prevent financial crime.
Heightened compliance requirements and increased regulatory scrutiny mean that it’s more critical than ever that gambling businesses adhere to applicable regulations in order to minimize money laundering risk and avoid fines and penalties.
Money Laundering Vulnerabilities of Casinos
The nature of the services and products offered by casinos make them attractive to criminals seeking to launder or disguise illicit funds. Risk factors relating to the casino industry include the cash-intensive nature of the business, a large volume of transactions, and a high risk customer base (e.g., geographically diverse, high net worth, and lack of an ongoing customer relationship).
Other substantial challenges include the presence of foreign exchange facilities, reduced transparency of certain customers, such as “high rollers” in VIP rooms, and the use of foreign holding accounts where funds in one jurisdiction are readily available for use in a casino located in a different jurisdiction. Red flag indicators can be helpful in detecting activities that are indicative of potential money laundering activity.
Casinos are Considered to be “Financial Institutions”
The BSA was enacted in 1970 to prevent criminals and terrorists from using U.S. banks as vehicles for illicit activities. Although the statute originally applied to banks, the scope of what constitutes a “financial institution” under the BSA has been expanded over time. In 1985, commercial casinos were included within the BSA definition due to the increased potential of criminal exploitation in the gambling sector. This led to the creation of industry-specific regulations. Accordingly, if a U.S.-based casino or card club has a gross annual gaming revenue of more than $1,000,000, it is required to comply with BSA requirements.
AML Compliance Program Requirements for Casinos
Because casinos are financial institutions, they are required to maintain written AML compliance programs that adequately address specific risks posed by their products, services, customers, and geographic location. According to guidance issued by FinCEN in 2010, an AML compliance program in the gaming industry must include the following minimum elements:
- A system of internal controls to assure ongoing compliance with the BSA;
- Internal or external independent testing for compliance with a scope and frequency commensurate with the risks of money laundering and terrorist financing posed by the products and services provided;
- Training of casino personnel, including training in the identification of unusual or suspicious transactions;
- An individual or individuals to assure day-to-day compliance with the BSA;
- Procedures for using all available information to determine and verify, when required, the name, address, social security or taxpayer identification number, and other identifying information for a person;
- Procedures for using all available information to determine the occurrence of any transactions or patterns of transactions required to be reported as suspicious;
- Procedures for using all available information to determine whether a record required under the BSA must be made and retained; and
- For casinos and card clubs with automated data processing systems, use of the programs to aid in assuring compliance.
AML Risk Assessment
An AML risk assessment is a comprehensive analysis undertaken by a business in order to evaluate its risk exposure to money laundering and other illicit financial activity. A risk assessment enables institutions to identify and prioritize specific risks so that they can implement more effective measures to mitigate, manage, and monitor those risks. Risk assessments should be tailored to each casino, and account for the unique nature and characteristics of its enterprise, location, products, services, and customers.
A risk assessment should be used as a starting point in customizing a comprehensive AML compliance program. This includes focusing on customer due diligence (CDD) as well as transaction and customer monitoring. Identifying customers and transactions that potentially pose the greatest risk of money laundering allows casinos to apply higher levels of scrutiny and evaluation to those situations, and in turn, to implement appropriate controls to reduce risk.
According to the latest 2019-2020 best practices guidance from the American Gaming Association (AGA), which contains expanded recommendations for casinos that are consistent with leading AML practices of the financial services industry, many factors may be relevant to the risk assessment for a particular casino. However, the risk assessment process should begin with asking five basic questions, which will enable a casino to assess potential money laundering-related risks throughout different parts of its business:
- First, what are the entry and exit points at the casino for patron funds that may come from illicit sources?
- Second, what casino departments or employees are best positioned to detect the entry and exit of such funds?
- Third, what are characteristics of transactions that may involve illicit funds, or of patrons who are more likely to engage in suspicious activity?
- Fourth, what measures (including automation) do we have in place to mitigate these risks?
- And finally, how effective are those measures?
Risk assessments should be shared with relevant stakeholders. And although there is no standard frequency at which risk assessments must be done, the AGA advises that they should be conducted at least annually, if not more frequently.
Know Your Customer
Know Your Customer (KYC) is an integral part of AML compliance and is meant to stem the flow of illicit funds being “washed” through casinos and other financial institutions. KYC processes are used to identify customers and verify that they are indeed who they claim they are. The required elements of a KYC program include customer identification and verification, including ongoing and enhanced due diligence (EDD).
There is no standardization in terms of the required information and documentation to identify and verify customers. However, basic customer information generally consists of the following:
- Full legal name;
- Residential or business street address; and
- Identification number:
- For a U.S. person, this includes a social security number (SSN) or individual taxpayer identification number (ITIN); or
- For a non-U.S. person, this includes one or more of the following:
- Individual taxpayer identification number;
- Passport number and country of issuance;
- Alien identification card number; or
- Number and country of issuance of any other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard.
Acceptable Identification Documents
Casinos may generally rely on official documentation as verification of a customer’s identity. Examples of acceptable government-issued photo identification include:
- Driver’s license
- Alien registration card
- State-issued identification card
Acceptable Proof of Address Documents
Proof of address documentation should also be collected. Address documentation should contain the customer’s street address, legal name, and a date (typically within the last 12 months) to show that the address is current. Examples of acceptable proof of address documents include:
- Bank or credit card statements
- Mortgage statement, home deed, or rental/lease agreement
- Utility bill
- Cell or landline telephone bill
- Motor vehicle registration
- 401k/Brokerage Statement
Acceptable Proof of Identification Number Documents
An official, valid, and current (non-expired or dated with last 12 months) document that confirms the customer’s government-issued identification number should also be collected. Examples of documents that serve as acceptable proof of identification number include:
- Social Security card
- Letter from IRS assigning SSN or ITIN
- 1099 Form
- Employer-issued W2
- Paystub with complete SSN
- Third party prepared tax documents (signed by 3rd party preparer)
- Any of the documents listed in the paragraph above titled, Acceptable Identification Documents
Ongoing Monitoring and Enhanced Due Diligence
As part of the expectation that financial institutions know their customers, casinos may need to obtain and verify additional customer information and perform an enhanced level of due diligence depending on the risk presented by a particular customer, product, or service. For example, this may be warranted in cases involving large transactions, high rollers with high cash gaming activity, and foreign nationals whose identity and source of funds may otherwise be difficult to verify. In such instances, casinos should ensure that they have adequate processes and controls in place to assist with obtaining information about things such as a customer’s occupation, source of income, source of funds, employment history, business affiliations, and bank account.
Furthermore, the AGA guidance states that high-volume customers, whose activity exceeds a level determined by the casino’s risk assessment as posing a higher money laundering risk, should be checked against public records and third-party databases. This is necessary in order to determine whether the individual has a criminal history that is relevant to AML risk, is a politically exposed person (PEP), or is the subject of negative reports concerning possible criminal activity or doubtful business practices.
As part of a casino’s ongoing monitoring and EDD processes, regulators increasingly expect casinos to not only detect and report on suspicious transactions but to keep client identification information up-to-date when circumstances indicate that there has been a change, and to continuously re-evaluate customer risk based on a customer’s activities and transactions.
If a customer does not provide proper identification and/or the required information, or if the casino cannot verify a customer’s information, or if there are clear indications of fraud, the casino should document the incident, consider filing a suspicious activity report (SAR), decide whether to report the incident to authorities, and determine whether it should discontinue providing further services or engaging in additional transactions with the customer.
Although sanctions checks are separate from AML requirements, casinos should screen customers and related entities against the list of “Specially Designated Nationals” maintained by the Office of Foreign Assets Control (OFAC). Sanctions screening processes, including checks against updates to the OFAC list, should be included within a casino’s written due diligence procedures.
FinCEN’s CDD Rule
While FinCEN’s Customer Due Diligence Rule (CDD Rule), which requires the identification of beneficial owners of legal entity customers, does not apply to non-bank financial institutions, such as casinos, there may be circumstances where a casino would be well advised to identify and perform CDD on beneficial owners.
For example, criminals may use a casino in an attempt to conceal their identities through front money accounts for purposes of laundering money. Additionally, compliance trends indicate that casino operators are seeking to address gaps in risk management obligations, indicating that regulatory attention is likely in this area, even without a formal beneficial ownership requirement.
As a result, casinos should make a risk-based determination regarding the level of due diligence to be conducted on payments from third parties such as corporations, partnerships, LLCs, and other business entities, particularly ones that are foreign-based.
Requirement to File SARs and CTRs
In addition to implementing comprehensive and robust AML compliance programs, casinos are required to file suspicious activity reports (SARs) and currency transaction reports (CTRs). Casinos must comply with these BSA recordkeeping requirements for up to five years.
More specifically, FinCEN requires that casinos file SARs when a casino knows, suspects, or has reason to suspect that a transaction aggregating at least $5,000:
- Involves funds derived from illegal activity;
- Is intended to disguise funds or assets derived from illegal activity;
- Is designed to avoid BSA reporting or recordkeeping requirements;
- Uses the casino to facilitate criminal activity;
- Has no economic, business or apparent lawful purpose; or
- Is not the sort of transaction in which the particular patron would be expected to engage, and the casino knows of no reasonable explanation for the transaction after examining the available facts.
Furthermore, FinCEN requires that casinos must file CTRs for cash ins or cash outs exceeding $10,000 within a 24-hour period. This requires the aggregation of currency transactions from several different parts of the casino, including the gaming tables, electronic gaming machines, and casino cage activity, including credit (or marker limit) and front-money transactions. This requirement also includes a casino’s receipt of funds for each customer, bookkeeping entries for debits or credits into a customer’s casino account, and credit extensions exceeding $10,000.
Top Suspicious Activities Cited by Casinos in SAR Filings
A review of the top reasons cited by casinos for filing SARs lends valuable insight into scenarios that casinos need to watch for. In this regard, FinCEN provides a list of the type of activity frequently reported in SAR filings, by industry, on its website. According to FinCEN’s latest figures and its March 2012 report, Suspicious Activity in the Gaming Industry, the top ten most frequently reported activities by the gaming industry, including those activities listed as “Other,” very often involve some type of structuring of transactions and attempts to avoid CTR and other BSA filing requirements, including conducting transactions below the CTR threshold and cancelation of transactions. Also high on the list are:
- Activities that include minimal gaming with large transactions (e.g., cashing out chips when the casino had no record of the individual having bought or played with chips);
- Refused or avoided requests for identification documentation, including the provision of false or invalid identification;
- Two or more individuals working together;
- Suspicion concerning the source of funds; and
- Transactions with no apparent economic, business, or lawful purpose.
Other threats to watch for include:
- Alters transaction to avoid BSA record keeping requirement
- Alters transaction to avoid CTR requirement
- Patron cancels transaction to avoid BSA reporting and record keeping requirements
- Multiple transactions below BSA record keeping threshold
- Multiple transactions below CTR threshold
- Suspicious inquiry by patron regarding BSA reporting ore record keeping requirements
- Frequent deposits of cash, checks, bank checks, wire transfers into casino account
- Funds withdrawn from account shortly after being deposited
- Minimal gaming with large transactions
- Suspicious intra-casino funds transfers
- Suspicious use of counter checks or markers
- Frequent cash out transactions without corresponding buy in transactions
- Use of casino account as a savings account
- Contact between patrons and casino staff outside of the casino
- Inquiry about end of business day
- Exchange small bills for large bills or vice versa
- Account activity with little or no gambling activity
- Associations with multiple accounts under multiple names
- Suspicion concerning the source of funds
- Suspicion concerning the physical condition of funds
- Suspicious designation of beneficiaries, assignees or joint owners
- Funds transferred from casino account to a charity fund
- Suspicious exchange of currencies
- Suspicious receipt of government payments/benefits
- Suspicious use of noncash monetary instruments
- Suspicious use of third-parties (straw-man)
- Transaction out of pattern for patron
Promoting and Fostering a Culture of Compliance
According to a Treasury Notes Blog titled, Culture of Compliance and Casinos, by the former Acting Director of FinCEN, Jamal El-Hindi, “A good compliance culture is one where doing the right thing is rewarded, and where ‘looking the other way’ has consequences.” El-Hindi further notes that “FinCEN will continue to work with the casino sector on its compliance efforts, in order to ensure each casino is taking the appropriate actions to protect the gaming industry – and the greater U.S. financial system – from abuse.”
Additionally, the new AGA guidance clearly indicates that a casino’s senior management and board members are expected to actively participate in and receive ongoing communications about AML compliance efforts. Based on this, casinos need to prioritize AML compliance and should expect continued regulatory scrutiny.
FATF Recommendations and EU Directives
The Financial Action Task Force (FATF) as well as EU directives and regulations, recognize a risk-based approach similar to that of the BSA. They further make clear that casinos and other gambling organizations are required to comply with AML regulations, and that non-compliance will result in severe penalties.
More specifically, the EU’s 4th AML Directive (AMLD4), which came into force in June 2015 and forms of the basis of the current legislative framework, expanded CDD requirements to casinos and the entire gambling sector. It requires “identifying the customer and verifying the customer’s identity on the basis of documents, data or information obtained from a reliable and independent source.” It further requires CDD on customers placing a stake or collecting winnings of €2,000 or more.
Subsequent AML directives, including AMLD5 and AMLD6, build upon these measures, clarify certain regulatory details, and toughen criminal penalties for non-compliance. For example, AMLD5 requires that licensed operators ensure that a casino’s customers are correctly identified as a part of their risk-based AML assessments.
With large sums of money moving through casinos on a daily basis, gambling institutions are prime targets for money laundering and other types of financial crime. As a result, casinos face a level of regulatory scrutiny similar to banks and other financial institutions.
In fact, FinCEN and other regulatory authorities have shown an increased focus on AML compliance in the gambling industry. Therefore, it’s crucial that casinos and other gaming establishments maintain up-to-date processes and procedures to effectively detect and prevent money laundering and other financial crimes.
Furthermore, high quality data is required for essential tasks such as transaction monitoring, sanctions screening, and PEP checks. Consequently, it can be challenging for casinos to ensure compliance with various AML compliance measures.
How Alessa helps casinos
Tier1 Financial Solutions’ Alessa can help casinos with their AML program. Alessa is an integrated AML compliance solution for due diligence, sanctions screening, transaction monitoring, regulatory reporting and more. The solution integrates with existing core systems and includes:
- Identity verification and customer due diligence for KYC/KYB
- Real-time transaction monitoring and screening
- Sanctions, PEPs, watch list, crypto and other forms of screening
- Configurable risk scoring
- Automated regulatory reporting
- Rules and advanced analytics, like anomaly detection and machine learning
- Dashboards, workflows and case management
Contact us to learn how Alessa can help your gaming or gambling institution.