Despite recent improvements in the gaming industry’s efforts to combat money laundering, enforcement actions by U.S. and foreign regulators have put casino operators on notice that their anti-money laundering (AML) programs and related internal controls are being subjected to greater scrutiny.
Consequences have escalated, and compliance officers face personal liability for AML violations on their watch, as a result of a court ruling that the Bank Secrecy Act (BSA) allows owners, officers, directors and employees to be held accountable, along with the organization.
Over the past two years, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) has levied seven fines, for a total of $110 million — more than double the volume, and almost ten times the dollar value, of all AML fines against casinos in the previous 11 years. Future penalties may also be on the rise. The Federal Civil Penalties Inflation Adjustment Improvements Act, effective last August, requires agencies, including FinCEN, to make “catch-up” adjustments to the fines, as well as annual inflation adjustments. Many civil penalties haven’t been adjusted in decades, which means that penalties could rise substantially. And FinCEN isn’t the only federal agency levying fines. The U.S. Treasury and the Department of Justice have also fined casinos.
Casinos have long been the focus of government scrutiny because of the large amounts of cash they handle, which make them particularly vulnerable to money laundering and terrorist financing risks. But not all news is bad. A research report from the American Gaming Association suggests that the gaming industry has taken significant steps to comply with AML and counter-terrorism financing (CTF) requirements. In its December 2016 Mutual Evaluation Report, the international Financial Action Task Force (FATF) commented favorably on the increased number of quality SAR filings by casinos — 50,941 in 2015, versus 21,308 in 2012.
Nevertheless, the increased emphasis on disclosure runs counter to an established industry practice of protecting the privacy of high rollers, and so casino operators and their compliance staff may feel uncertain about the best way to reconcile their disclosure obligations with business objectives.
Protiviti recommends that casino compliance officers take actions to mitigate the compliance risk, such as:
- Share risk assessments with the proper stakeholders – Effective AML programs should take a risk-based approach, which starts with conducting a risk assessment at the property level. Assessments should be reported to executive leadership, and used to customize compliance programs with a particular focus on customer due diligence (CDD) and transaction monitoring.
- Develop and share CDD standards with employees – CDD programs must evolve and take a risk-based approach to gaining a better understanding of patron relationships and identifying those that may pose a threat. Additional security should be assigned to those higher-risk customers to verify sources of wealth, known associates, game play, and screening against government sanctions lists. Enhanced due diligence policies should be in writing and align with heightened regulatory expectations and industry best practices.
- Request additional resources – Higher stakes and expanding regulatory requirements mean more people, dollars and systems will have to be dedicated to AML compliance. It is essential that compliance officers request sufficient funding support from executive leadership. Given the recent focus on individual liability, it’s in their best interests.
- Share information with other casinos – Threat information can be exchanged legally under the safe harbor provision of the U.S. PATRIOT Act, Section 314(b); however, casinos were generally not aware that they are covered under the provision. Casinos are also allowed to share SARs with other casinos under the same parent company located in the U.S. Both of these rules make compliance easier, and casinos should update their sharing policies and procedures to reflect that.
- Stay current in AML training – Management should revisit AML training modules for different job roles, both for casino operators and compliance personnel. Operators should be taught to recognize red flags, such as large transactions with minimal gaming activity and cash transactions that appear to be structured to stay under the $10,000 federal transaction reporting standards.
The recent Protiviti flash report, Higher Stakes for Casino AML Compliance, offers a wealth of additional information on the topic. You can download it here.