Is casino industry ready for new guidance on financial crime compliance? Don’t bet on it

The casino industry’s chief lobbying group in the US released its first-ever comprehensive guide on financial crime countermeasures for the gaming sector last week, an initiative expected to create broad challenges for gambling operations large and small, say analysts.

The guidance, released on December 4 by the Washington, DC-based American Gaming Association (AGA), lays out 17 pages of best practices for anti-money laundering (AML) compliance. It is likely to increase pressure on casinos to raise standards across the board at a time when they are receiving additional scrutiny from federal regulators, investigators and the banks holding their accounts.

The guidance addresses each of the four prongs of the AML program and related duties: creating more stringent written policies, releasing more extensive training to a larger universe of domestic and foreign employees, ensuring the compliance officer and staff have the requisite expertise for the risk of the operation and thoroughly testing human and automated processes.

The AGA guidance is a wakeup call to an industry that, for the most part over the years, “hasn’t felt like they should need AML programs, even though they recognize they have to have them,” said Michael McDonald, a former IRS Criminal Investigation special agent, now an AML consultant.

A potent challenge for casinos is doing extensive due diligence on wealthy customers and avid gamers because “they don’t want to report on these people or upset them, these people are their bread and butter,” he said.

Perhaps unsurprisingly, the AGA document goes into significant detail on customer due diligence and know-your-customer protocols.

The accuracy of that information, or unwillingness of a patron to provide it, are critical details to be folded into a risk assessment that will guide surveillance and automated monitoring systems and historical transaction reviews, according to the AGA.

The AGA wants institutions to not just take documents at face value, but look for “obvious indications of fraud.” If there are discrepancies, institutions are directed to make a “reasonable inquiry” through past records, open source databases or vendor systems to check if the individual should be rated at a higher risk, or is tied to a criminal enterprise or investigation.

In particular, the guidance is explicit in stating that many of the lower ranking employees, or their immediate supervisors, are responsible for learning and implementing more rigorous, risk-based training. This includes staff engaged in table games, poker, slots, keno, bingo and sports betting, according to the guidance.

Even if operations improve training, it could be difficult to implement at the floor level, due to employees not wanting to upset customers or bosses or simply because of turnover, McDonald said.

He noted that certain suspicious activity can be difficult to monitor, such as individuals working in small amounts at multiple tables and going to several cages at different times to cash out below reporting thresholds.

Unless the person is a longtime gambler and is extended credit, a large percentage of gamblers don’t have accounts.

Without accounts, their risk can’t easily be calibrated nor their transactions aggregated, leaving potentially suspect customers “lost in a sea of people,” as casino staff scour for more obvious fraud risks that could be costing the operation money, McDonald said.

Guidance comes amid tougher regulatory oversight in US

The guidance comes at a time when the gaming industry is facing increasing oversight from US authorities.

It is only recently that casinos, particularly large Vegas operations, got serious scrutiny from federal regulatory agencies. The result has been a growing number of enforcement actions and ongoing investigations.

In August 2013, Sands Corp. agreed to pay the US Justice Department $47.4 million to settle allegations that it had failed to identify nearly $60 million in suspicious transactions.

Two months later, Caesars Entertainment Corp., the parent company of Las Vegas-based Caesars Palace, disclosed in regulatory filings that it could be subject to a civil monetary penalty from the US Treasury’s Financial Crimes Enforcement Network (FinCEN), with reports that the bureau was also probing the financial crime defenses at the MGM Grand and Wynn Las Vegas.

In the August 2013 non-prosecution agreement, prosecutors said that compliance personnel at the Venetian-Palazzo failed to flag roughly $45 million in wire transfers and $13 million in cashier’s check deposits between February 2005 and March 2007 by Zhenli Ye Gon, a Chinese national accused of trafficking narcotics.

The casino engaged in the transactions despite the fact that Ye Gon used multiple third parties to move the funds, including foreign casas de cambio, and compliance officers could not link him to most of the businesses he said he owned.

In another rare case in 2008, a federal jury convicted two former Bank of China executives and their wives for defrauding the institution of more than $485 million and laundering the money through US casinos and banks.

The group deposited some of the funds at Caesars Palace, Paris Las Vegas and other casinos, according to court documents. The four deposited the money in increments close to reporting thresholds and at times in excess of  $10,000 and cashed out within days, prosecutors said.

New leadership at FinCEN brings a change in enforcement tactics

Chiefly, the overall change in tone about casinos and their possible intersections with money launderers and corrupt foreign officials is due to a shift in leadership and philosophy at FinCEN.

The former head of the US Justice Department’s money laundering and asset forfeiture unit, Jennifer Shasky Calvery, took over at FinCEN in September 2012, and through internal, and later external messages, stated that the bureau would be more swift and aggressive in doling out penalties for AML failures atbanks and non-bank financial institutions.

Casinos, in part, have gotten less federal regulatory scrutiny due to a segmented oversight dynamic where the IRS AML examiners – a group severely understaffed and overextended – are charged with examining gaming establishments, but don’t have penalty powers when they find significant and penalty-worthy deficiencies.

The IRS examiners have to forward their findings to FinCEN’s penalty area and state their case as to why a formal action should be taken.

Former Treasury officials and consultants have stated that many large casinos have willingly allowed high-risk gamblers to play, choosing to do minimal due diligence on big bettors and failing to report on suspicious activities or drop such profitable customers.

In addition, current and former examiners and Treasury officials have stated that there simply was not a lot of urgency to go after casinos at the federal level. In many cases, recommendations by IRS AML were disregarded, and in some instances FinCEN found fault with the evidence provided by exam staff.

That has changed under Shasky. The director has given more weight to AML examiner recommendations, and visited large casinos herself to get a feel for systems and staff knowledge in person.

In a speech in September 2013 at the Global Gaming Expo, Shasky Calvery signaled the bureau’s concern with the industry.

“When some casinos say that they feel that it is not their responsibility to protect their institutions, and our financial system as a whole, from being used by illicit actors, I fear there may be a culture within some pockets of the industry of reluctant compliance with the bare minimum, if not less,” she said, in the speech.

In past, scant FinCEN enforcement of casinos

That sentiment is a significant departure from much of the last decade.

Since the 2003 requirement of suspicious activity reporting duties for casinos, they have rarely been publicly chastised for AML compliance failures.

In that time, FinCEN has fined only three casinos a total of $1.6 million for compliance violations.

The penalties, which cited poor customer transaction report and suspicious activity report filing, were all taken against smaller operations, including two tribally-owned casinos. FinCEN has never formally penalized a Nevada casino for AML deficiencies.

In 2003, the MGM Mirage paid $5 million to the state gaming commission for failing to file thousands of customer transaction reports between 2001 and 2002. The case led to criminal charges against a casino manager responsible for filing the reports.

Training should be both broad and deep, guidance says

Not surprisingly, the AGA guidance puts much greater emphasis on training all of the individuals who will interact with patrons on the gambling floor and urges them to look for gaming activities that don’t make sense.

That could be difficult to do on the spot.   Though the guidance requests institutions to engage in transaction monitoring and check customers against negative news and other sanctions and politically-exposed person watchlists, that simply may not be feasible for smaller and medium-sized casinos, McDonald said.

“These casinos are likely doing the bare minimum when it comes to AML compliance,” he said. “Sure, they are making sure the CTRs are filed, but they are not trying to properly identify soft spots in their AML program and areas of higher risk. These operations are not even paying for their compliance officers to go to a conference in their own backyard.”

The training should entail looking for a wide array of red flags, according to the guidance. Some examples given include:

  • minimal gaming activity despite large transactions
  • structuring to stay below the $10,000 customer transaction reporting (CTR) threshold
  • patrons passing a large quantity of chips, cash or redemption tickets between them

Such training should extend beyond dealers and other front line staff, the guidance notes, recommending that marketing employees, domestic and international hosts, branch office employees, surveillance employees, auditors, fraud department employees and senior management also be included.

While the guidance prods casinos to attempt to enforce AML rules across borders, at foreign branches or with executives and junket operators working in multiple jurisdictions, that will be difficult to institute, police and enforce, said Joe Kelly, professor of business law at SUNY College at Buffalo, NY.

It’s one thing to know a customer locally, but in “places like Singapore in billion-dollar establishments, it can be hard to exert a great deal of pressure,” from an office in the US, he said. “There are huge amounts of money changing hands in places like Macau. So there is a question of how much you can enforce AML with operators doing their business overseas.”

The AGA’s document attempts to improve on cross-border cooperation and management of the risks of foreign customers, by laying out complex further steps for better identifying suspicious activity.

It suggests that casinos identify individuals, either independent agents or company officials, who have organized visits to the casino from foreign locales. Such patrons and their funds should be recognized so that the “available funds for each patron are accurately reflected in the patron management system and the play of each patron is recorded as warranted.”

The guidance also wants casinos to participate in information sharing under Patriot Act section 314(b), which allows banks and certain other financial institutions to request, and respond to requests, on customers that may be going by aliases or engaged in other suspicious activities.

Guidance leaves room for further compliance improvements

One area the AGA could have gone further is to require that any gambler entering a casino must get a membership card before playing in that establishment, Kelly said.

This would collect basic details on a customer so the institution can glean pieces to gauge the riskiness of the patron, similarly to what is done in the United Kingdom and several other European countries

In addition, for the obviously lower risk players simply choosing to play slots, the AGA could have requested that operations partition off a separate area so staff don’t have to waste precious compliance resources on those least likely to be tied to laundering groups, he said. This approach is also employed in many EU nations.

But in the United States, the quality of casino AML programs and the aggressiveness of monitoring and filing SARs or closing accounts for what can be very profitable customers can vary widely, Kelly said.

“Casinos are trying to do a better job,” he said. “The AGA position paper is something they will take very seriously. Remember, gambling is the most regulated industry on earth. These operations realize if they get extra scrutiny on their AML program at the federal level, it could bring more questions from state regulators as well. That is something they don’t want.”