Casino Managers and Tribal Gaming Commissioners Need to Be Proactive with Anti-Money Laundering Compliance Initiatives

For the second time in nine months, Financial Crimes Enforcement Network (FinCEN) Director Jennifer Shasky Calvery has publicly addressed FinCEN's increasing concerns regarding casino compliance with the Bank Secrecy Act (BSA), including tribal casinos. In her latest remarks on June 12, 2014, at a BSA Conference in Las Vegas, Dir. Shasky Calvery highlighted what FinCEN expects casinos to do and what points FinCEN and the Internal Revenue Service (IRS) will be looking for in conducting Title 31 casino audits.1

Tribal casino management and tribal gaming commissioners need to be aware of these issues and pay closer attention to the implementation, supervision and regulation of casino anti-money laundering (AML) compliance programs and the preparation for the casino's next IRS Title 31 compliance audit.

The primary concerns of FinCEN and the IRS are the following:

  • casinos must know the source of their customers' gambling funds
  • casinos should develop effective risk-based AML compliance programs based on solid written risk assessments
  • casinos should comply with mandatory information sharing and participate in voluntary information sharing
  • casinos should be aware of a new "red flag" called "chip walking"

FinCEN Expects Casinos to Know the Source of Their Customers' Funds

In her speech, Dir. Shasky Calvery sharply denied recent press reports that existing BSA rules do not require casinos to vet their customers' source of funds and denied that FinCEN rulemaking would be forthcoming on this subject. She said, "Casinos are required to be aware of a customer's source of funds under current AML requirements." As she explained, as far as FinCEN is concerned, casinos are already expectedto be aware of the source of their customers' gambling funds, and a casino's Know Your Customer (KYC) procedures need to specifically include this.

Dir. Shasky Calvery based this mandate on the existing requirement that casinos report suspicious activity. Meeting this obligation, she said, requires every casino to know its customers, and that includes an implicit understanding of the source of funds under a risk-based approach.

Although she declined to specify exactly how far casinos need to go in verifying sources of fund at the various levels of play, Dir. Shasky Calvery emphasized that "[a] casino's capability for knowing its customers' preferences and credit information – combined with [its] security technology – can and should be leveraged to piece together relevant information to understand [its] customers' source of funds." In short, if a casino is not already determining its customers' source of funds, waiting for forthcoming rulemaking or clarification will not be an excuse.

Importance of Risk-Based AML Compliance

In her address, Dir. Shasky Calvery stated that effective AML compliance programs must be "risk-based." In virtually all BSA audits, a primary starting point is the casino's written AML "risk assessment." If casinos do not have an up-to-date risk assessment, they will be instructed to prepare one. Further, if a casino doesn't have one or if the IRS decides that its risk assessment is outdated or inadequate, the IRS will develop its own risk assessment and use it as the starting point for that casino's audit.

Because AML is risk-based, there is no "one-size-fits-all" casino AML program, Dir. Shasky Calvery said. FinCEN cannot just "tell casinos what to do" or issue a definitive "yes-or-no/check-the-box" form because every casino – and its money laundering risk – is different. A casino's program must therefore be tailored to the risks it faces, which in turn are based on the types of financial services it offers, the profile of its patrons and the community in which it is located.

Dir. Shasky Calvery further stressed that casinos, like all financial institutions, need to cultivate a "culture of compliance." While this should not be difficult for tribal governments, there is sometimes a lack of connection between the compliance mandates of tribal gaming commissions and the financial incentives of tribal casino managers. Casino management, not just tribal gaming commissioners, must set the right "tone at the top" on compliance matters.

Information Sharing Mandates and Opportunities

Information sharing, which is another focus of Dir. Shasky Calvery, allows the exchange of information relating to money laundering and terrorist financing under a safe harbor that prevents the party giving information from being sued in court. The two types of information sharing are mandatory sharing under section 314(a) and voluntary sharing under section 314(b) of the USA PATRIOT Act.

Mandatory information sharing requires recipients to promptly respond to written FinCEN inquiries about accounts maintained by or transactions conducted with certain individuals or entities named in the inquiry. In the past, FinCEN has not issued 314(a) requests to casinos but has issued more than 43,000 requests to banks and other entities. Noting that 95 percent of these requests have contributed to arrests or indictments, Dir. Shasky Calvery implied that FinCEN will start sending 314(a) requests to casinos in the future.

Since mandatory information sharing is required by existing regulations, casinos should already have procedures in place for responding to these requests.2 However, many casinos do not because FinCEN has not issued 314(a) requests to casinos in the past. Based on Dir. Shasky Calvery's remarks, this is likely to change, and casinos will need to prepare written procedures designed to receive – and properly respond to – 314(a) requests from FinCEN.

Voluntary information sharing in Section 314(b) allows casinos to share information (including specific customer information) with other casinos as well as banks and other financial institutions for the purpose of identifying and reporting activities that the casino suspects may involve possible money laundering or terrorist information. The information received may be used only to report money laundering or terrorist activity, to determine whether to open or maintain an account, or to assist in complying with the BSA. If the regulation governing voluntary information sharing is fully complied with, no party exchanging information may be sued in any court.3

Furthermore, Dir. Shasky Calvery stressed that FinCEN strongly encourages casinos to engage in voluntary information sharing and pointed out that it is a valuable tool in identifying reportable suspicious activity and that FinCEN's website has details on how to take advantage of this program and the benefits of doing so. Casinos should seriously consider registering for voluntary information sharing as one means of using all available information to determine the occurrence of any transactions or patterns of transactions required to be reported as suspicious.

A New Red Flag: Chip Walking

Dir. Shasky Calvery closed her conference speech by warning casinos of a particular activity that has come to the attention of FinCEN and federal law enforcement as a potential "red flag" of suspicious activity, namely "chip walking." This is a process in which a customer leaves the casino with a large amount of chips or stores them on-site in a lock box for an extended period of time. Dir. Shasky Calvery said that law enforcement knows that there may be legitimate reasons for customers to do this, but it also could be a sign that the customer is trying to hide funds or structure reportable cash transactions, or use the chips as a form of currency for illegal transactions such as drug deals.

If it's for an illegitimate purpose, then "this is the kind of activity that [casinos] should report" as suspicious activity, Dir. Shasky Calvery said. When such a circumstance arises, a casino will be expected to identify it when it happens, investigate it, and report it on a Suspicious Activity Report (commonly known as a SAR) when appropriate. This means the "red flags" listed in AML procedures should include chip walking, and employees must be trained to identify and report this "red flag" as well as all others for review by compliance personnel.