To help prevent money laundering and terrorist activity, Title 31 of the Bank Secrecy Act (BSA) requires casinos that generate more than $1 million in annual gaming revenue to establish and implement a comprehensive risk-based anti-money laundering (AML) program.
Criminal organizations can target tribal casinos to launder money. Because money laundering continues to proliferate, and criminal strategies evolve quickly, the Financial Crimes Enforcement Network (FinCEN) bureau of the US Department of the Treasury supports other agencies to enforce the BSA.
FinCEN works with various federal agencies including the IRS to examine financial institutions, including casinos, to assess their AML program for compliance with the BSA.
Casinos must maintain a robust AML program, a complex process requiring considerable internal resources.
What Does Title 31 Require?
To comply with Title 31, casinos are required to establish and implement a written, risk-based AML program that provides for the following:
- A system of internal controls to assure compliance with the BSA
- Designation of a dedicated compliance officer
- Training for appropriate personnel
- Independent testing for compliance
- Procedures that indicate the requirements to verify a person’s identity, suspicious activity reporting, and record retention
- Compliance with Section 1021.210 of Title 31 of the Code of Federal Regulations (CFR) if using automated programs.
Casinos must also complete and file a FinCEN Form 112 currency transaction report (CTR) for each currency transaction of more than $10,000 in aggregate in a single gaming day. CTRs must be filed within 15 calendar days following the day the transaction occurs.
Currency transactions can include:
- Front money deposits
- Payments on markers or any form of credit
- Redemptions of chips or other gaming instruments
- Cashing of checks or other negotiable items
- Currency exchanges
Identifying and Reporting Suspicious Behavior
Casinos are also required to complete and file a FinCEN Form 111 suspicious activity report (SAR) for any suspicious activity or behavior identified. SARs must be filed within 30 calendar days after the date of the initial detection of suspicious activity. Examples of suspicious behavior include:
- Structuring transactions in amounts of $10,000 or less to circumvent reporting requirements
- Furnishing falsified identification documents
- Suspicion concerning the source of funds
Casino Violations that Prevent AML Compliance
Independent testing and review of examination reports and enforcement actions have revealed that when a tribal gaming facility fails to gain AML compliance it is most likely for one or more of the following reasons
Lack of Independent Testing or Audits
Casinos are expected to perform independent testing on a periodic basis. Although there are no regulatory requirements that establish a set frequency, independent testing should be commensurate with the casino’s risk profile. Casinos should perform the audit every 12–18 months to ensure compliance with BSA obligations and expectations.
Insufficient Internal Controls
A system of internal controls must be in place to assure ongoing compliance with the BSA. Failure to develop and implement adequate policies and procedures may lead to breakdown in internal controls that could result in regulatory criticism.
Policies and procedures should be reviewed annually to ensure compliance with regulatory requirements and that internal controls are consistent with the current operating environment.
Inadequate Employee Training
Employee training is a key control within a casino’s AML program. Adequate training provides casino personnel the knowledge to assist in identifying and reporting unusual behavior and activity. The most common employee training concerns relate to casino personnel’s lack of knowledge of regulatory reporting requirements, such as CTRs and SARs, and information required to be recorded on the Multiple Transaction Log and Monetary Instruments Log.
Training should be commensurate with the casinos risk profile and tailored to the employee’s role.
Risk Assessment Not Well-developed
A risk assessment assists the casino in identifying risks in its gaming operations and potential gaps in internal controls. An inadequate risk assessment increases the risk that internal control gaps could be exposed or compromised. The risk assessment process should contemplate all risks related to the casino—products, services, patrons, and geographic locations—and the risk assessment should be updated periodically.
Violation of Recordkeeping Requirements
Casinos are required to retain certain records for at least five years. These records include:
- CTR and SAR filings
- Records created from the AML program requirements
- Record of the name, permanent address, and social security number of each person who deposits funds, opens an account, or establishes a line of credit
Violation of the BSA and its implementing regulations could subject casinos to heavy fines, including potential imprisonment.
We’re Here to Help
If you have questions about compliance with the BSA or AML for state, local, or Tribal gaming organizations, please contact your Moss Adams professional.