Battling AML Risk in the Casino and Card Club Industry

The Bank Secrecy Act and Enhanced Compliance Programs

Increased regulatory scrutiny, historically high fines and now-legalized sports betting are leading casinos to focus on improving their Bank Secrecy Act/anti-money laundering (AML) compliance programs. Deloitte’s Matt Lappas and Jeb Breese discuss four key areas casino compliance officers should focus on in the short term to support long-term success.

with co-author Jeb Breese

Since 2014, the Financial Crimes Enforcement Network (FinCEN) has issued almost $200 million in fines to casino and card clubs (casinos) for violations of the Bank Secrecy Act (BSA) — an exponential increase from the $3.2 million in total fines issued between 2000 and 2014.

Following the U.S. Supreme Court decision on May 14, 2018, permitting each individual U.S. state to offer sports betting in accordance with its own state statutes and laws — unless otherwise prohibited by Congress — compliance risks are likely to grow as casinos expand their core service offerings. Sports wagering is expected to bring in a wave of new customers and revenue from various streams over the coming months.

Increasing regulatory attention and new customer engagement are leading casinos to focus on improving their BSA/anti-money laundering (AML) compliance programs, particularly with regard to reporting and filing Suspicious Activity Reports (SARs).

Casino compliance officers would be wise to consider focusing early on four areas: collecting patron information, implementing effective transaction monitoring controls, improving data quality and instilling a culture of compliance with casino employees.

4 Ways to Improve Compliance

1. Improve data collection to influence meaningful transaction monitoring.

Casinos are currently reviewing patron identification for confirming legal age to participate in gaming activities. For the purposes of meeting customer identification program (CIP) and customer due diligence (CDD) requirements, casinos should also be collecting and documenting patron information.

Recent reports by FinCEN detail instances of casino employees not upholding these due diligence requirements or adequately monitoring international wire transfers from its clients for suspicious activity.

Therefore, it is imperative that assessments are performed regularly to ensure that data collection and storage procedures are being executed consistently. Without effective data quality and data governance programs, it is difficult to analyze transaction activity patterns and find important relationships.

2. Centralize data to effectively assess patron risk.

Casinos generally employ multiple technology platforms to manage several aspects of the business, including but not limited to player reward accounts, gaming transaction tracking, cash activity aggregation and regulatory reporting.

Summarizing patron activity across the casino, including historical transactions, requires a patchwork of information that can be difficult to collect and more difficult to analyze.

The creation of a single source of patron information, including know your customer (KYC) and CDD, plus the insight delivered by ongoing pattern matching using advanced technology, is a powerful framework for continually assessing patron risk.

3. Tune the transaction monitoring solution for better reporting.

Casinos have taken steps toward expanding their current compliance programs by implementing transaction monitoring systems.

However, some solutions rely on monitoring rules that focus on a single data source, which may limit a casino from seeing a patron’s activity holistically. Furthermore, many transaction monitoring systems today are designed for banking customers. Developers will attempt to tailor the rules and thresholds to align with the casino business model. This effort is typically expensive and may result in either too few generated alerts or too many false positives.

In spite of these shortcomings, the implementation of these systems has been instrumental in identifying suspicious activity trends that would be more difficult to identify through a manual process, such as minimal gaming or structuring chip cash-out to avoid reporting requirements.

These transaction monitoring improvements have led to an increased number of SARs filed by casinos annually. For example, in 2012, only 2,119 SARs were filed by casinos with FinCEN as compared to over 59,000 SARs in 2017.

Casinos should remain diligent by performing periodic reviews of their transaction monitoring solutions to determine effectiveness, and they should proactively tune the alert generation process to address changes in products and services, shifts in client profile and business model changes that may impact gaming volume.

4. Instill a culture of compliance.

Changing the culture within an institution remains one of the most underestimated aspects of improving a compliance program.

Implementing technology and procedural improvements can yield significant benefits through both cost savings and delivering strong financial crime fighting processes. However, if casino employees do not understand the importance of, and comply with, these updates, then the compliance program will not be effective.

Therefore, FinCEN has called on casino executives and board members to lead the charge by regularly reviewing core business practices and guest offerings to determine whether they present heightened AML risks.

Regularly scheduled trainings will keep casino employees informed of key issues facing casinos, such as the avoidance of reporting by guests. Effectively training staff to identify, mitigate and document suspicious activity can help mitigate potential risk on the casino floor.

In addition to training, casino leadership should encourage employees to acquire AML professional credentials, such as the Certified Anti-Money Laundering Specialist (CAMS) designation or certifications offered by the Institute for Certified Gaming Professionals (ICGIP).

Conclusion

The Casino industry continues to learn and improve upon compliance obligations. And while casino executives should assess how current solutions can be improved upon, it is equally important to equip casino employees with the knowledge and tools to be an effective first line of defense. Together, these functions can provide a robust regulatory, compliance and risk management foundation to support long-term success.

Jeb Breese is a Deloitte Risk and Financial Advisory senior manager in the anti-money laundering and economic sanctions practice, Deloitte Transactions and Business Analytics LLP. He has almost 15 years of experience in the application of data analytics technologies to business disputes, securities litigation, forensic investigations, anti-money laundering and contract compliance issues. Breese assists clients with the technical aspects of developing and maintaining effective anti-money laundering and counter terrorist financing programs with specific focus on transaction monitoring, Office of Foreign Assets Control (OFAC) / sanctions screening, customer due diligence and enhanced due diligence, know your customer, and enterprise case management. Based in McLean, VA, Breese can be reached at jbreese@deloitte.com.