This week the Financial Crimes Enforcement Network (FinCEN) announced a Consent Agreement that imposed an $8 million civil penalty against Desert Palace, Inc. d/b/a Caesars Palace. Caesars first disclosed the investigation in SEC filings in late 2013. The investigation grew out of a 2012 audit performed by FinCEN’s examiner, the Internal Revenue Service Small Business/Self-Employed Division (IRS SB/SE).

In addition to the penalty, the Agreement made factual determinations and imposed “undertakings” – remedial measures – intended to bring Caesars into compliance with the requirements of the Bank Secrecy Act (BSA) and its implementing regulations under Title 31. The emphasis on the undertakings is consistent with FinCEN’s remedial enforcement approach, and it is conceivable that the cost of the undertakings will exceed the fine. In addition, FinCEN identified many compliance concerns. Accordingly, the Agreement contains plenty of issues for compliance professionals to consider in assessing their own anti-money laundering (AML) programs.

Factual Determinations

FinCEN found that Caesars willfully violated the BSA’s requirements (1) to develop and implement a reasonably designed AML program, and (2) to report suspicious activity.

Violations of the Requirement to Develop and Implement an Effective AML Program

While identifying a number of violations, FinCEN focused on “severely deficient internal controls” for private gaming salons and the failure to monitor branch offices for suspicious transactions in marketing the private salons. FinCEN noted that both “catered to the casino’s wealthiest – and riskiest – clientele.” These deficiencies caused a “blind spot” in the compliance program. Following is a summary of the factual determinations found in the Agreement.

Internal Controls

  • Private Gaming Salons. Caesars “creat[ed] the opportunity for unknown patrons” to gamble significant sums anonymously by permitting “team play” or a shared/common bankroll in the salons. By permitting guests to play from the primary player’s front money or credit line, Caesars did not identify the other gaming patron(s), thereby potentially “frustrating recordkeeping and reporting requirements.”
  • Branch Offices. “Caesars did not consistently monitor [its] branch offices for suspicious activity.” As examples, FinCEN cited to Caesars’ Hong Kong office accepting $50,000 in cash without staff or BSA compliance personnel “deeming the transaction suspicious or conducting any inquiry regarding the source of funds.” In addition, Caesars “routinely” accepted third-party checks at its Hong Kong branch office without verifying the relationship between the patron and the third party.
  • Detecting and Reporting Other Suspicious Activities. FinCEN identified a “broad range of suspicious activity” that went unreported or was not flagged internally (listed below).
  • Independent Testing. FinCEN identified that Caesars did not implement its own AML procedures for detecting suspicious activity, and its tests assessed only whether the casino implemented its own AML policies, not whether it was in compliance with the BSA.
  • Training. Caesars failed to provide adequate BSA training for employees, some of whom believed that (1) suspicious activity reports (SARs) applied only to cash transactions, and (2) the filing of a currency transaction report (CTR) relieved a casino of its obligation to file a SAR.
  • Procedures for Using All Available Information. Caesars failed to use data collected for marketing purposes to satisfy BSA obligations. Of note, Caesars did not draw upon this information to verify relationships between patrons and third parties who made payments.

Violations of SAR Reporting Requirements

The Agreement identified a number of scenarios in which Caesars failed to file a SAR, citing more than 100 instances during the period covered by the IRS SB/SE 2012 exam. These included the following:

  1. permitting “team play” (common/shared bankroll)
  2. suspicious transactions at branch offices
  3. third-party payments from unrelated individuals/businesses
  4. structuring
  5. minimal gaming/bill stuffing
  6. chip walking
  7. observing suspicious behavior of individual patrons

The Agreement highlighted a few examples where FinCEN believes a SAR should have been filed:

  • A patron received over $300,000 in wires from two unaffiliated individuals and four different businesses located in two different countries.
  • A patron took out $35,000 in cage markers, but risked only 1 percent of the funds.
  • A patron took out a slot marker, engaged in minimal play, and then wired in external funds to satisfy the marker.
  • Patrons, in 22 instances, structured transactions between $9,000 and $10,000.
  • In four instances, patrons “walked from the pit with chips worth over $10,000.”

Undertakings

Under the Agreement, Caesars is required to implement several improvements to its BSA/AML program, including “those with respect to fostering a culture of compliance, complying with all applicable BSA programs, recordkeeping, and reporting requirements, including implementing risk-based ‘Know Your Customer’ (KYC) measures and preventing and detecting money laundering.” These include:

  • An External Independent Reviewer. Caesars is required to retain a third-party reviewer to perform four annual reviews, each of which will cover at least three months of transactional analysis. The testing “will include program governance, compliance structure and staffing; risk assessments; compliance with all BSA recordkeeping and reporting requirements, including CTR, SAR, and KYC policies, procedures and controls; transaction monitoring; and training and communications.”
  • AML Program Report. Caesars must provide four annual reports to FinCEN on the status of its BSA/AML program implementation.
  • Training Plan. As with the reviews and reports, Caesars must, for four years, provide FinCEN with a copy of its training program, attendance records and the results of any testing conducted.
  • SAR Look-Back. Caesars (or a third party) must review all transactions conducted through its Asia and Monterey Park, California, branch offices for the three-year period ending December 31, 2014. Caesars must file or update SARs as necessary.

Lessons for Operators

As chronicled here, this enforcement action is just the latest demonstration of FinCEN’s commitment to bringing casino compliance programs closer in line with those of “traditional” financial institutions. In light of the penalties – in particular, the burdensome and protracted remedial measures – U.S. casinos must make compliance a priority. Otherwise, FinCEN’s message appears to be that if a casino does not establish an effective BSA/AML program, there is a significant risk that FinCEN will play an intimate role in designing one. Designing, implementing and testing an effective BSA/AML program seems a far more attractive alternative, particularly since FinCEN has stated that credit is available for making documented improvements.

The following are some additional reminders from this enforcement action:

Recidivism

A failure to take corrective measures after a gap has been identified during an IRS examination is certain to draw FinCEN’s ire. Here, the Agreement noted that procedures to detect and report “bill stuffing” were not implemented until late 2012, even though this need was identified in the 2008 examination.

Know Your Customer (KYC) Practices

Though not explicit in the Regulations, FinCEN’s director has stated affirmatively, “Casinos are required to be aware of a customer’s source of funds under current AML requirements.” FinCEN emphasized this point in the Agreement, requiring that Caesars comply with “all BSA recordkeeping and reporting requirements, including CTR, SAR, and KYC policies, procedures and controls.” Casinos should be mindful that, under the Regulations, a “customer” refers to anyone party to a reportable or recordable transaction, not just the wagerer. Obviously, this implicates third-party transactions, which were emphasized in this Agreement.

The Importance of SARs

With FinCEN’s focus on reporting suspicious activity in this Agreement and in general, casinos should reexamine the training provided to their personnel in identifying and reporting suspicious activity. As stated in its August 11, 2014 Advisory (FIN-2014-A007), FinCEN is using SAR and CTR reporting to “serve as tips to initiate investigations” and “expand existing investigations.” FinCEN may identify the failure to file SARs through an examination of the casino or an independent investigation. For example, if a patron who is the subject of an unrelated investigation has spent substantial sums at a casino without that casino reporting such activity or performing due diligence on that patron, FinCEN may scrutinize the casino’s KYC procedures and recordkeeping practices. The lesson here seems to be that a casino must assiduously comply with its obligations to identify and report suspicious activity.