Abstract
Introduction
This article discusses current Bank Secrecy Act (BSA) requirements as they apply to casino-specific recordkeeping requirements, areas of concern with casino recordkeeping practices, and author-proposed casino rulemaking amendments for enhanced customer identification. The last two topics emphasize the need to strengthen and refresh casino regulatory requirements, which were last amended 10 years ago. 1 The requirements should be reexamined considering the increasing number of Financial Crime Enforcement Network (FinCEN) casino and card club civil monetary penalties that have been issued during the last two years 2 (including the extensive violations identified). Finally, to further assist readers, this article provides 33 references/Web links to specific documents or Web sites so that readers can do further research if they wish.
Casino-Specific Recordkeeping Requirements 3
The regulations implementing the BSA require a casino or card club to maintain and to retain the following source records (either the originals or microfilm version, or other copies or reproductions of the documents) that relate to its operation:
• Records of each deposit of funds, account opened, or line of credit extended, including a customer's identification and the verification of that identification as well as similar information for other persons having a financial interest in the account, regardless of residency;
4
• Records of each receipt showing transactions for or through each customer's deposit or credit account, including a customer's identification and the verification of that identification, regardless of residency;
5
• Records of each bookkeeping entry comprising a debit or credit to a deposit or credit account;
6
• Statements, ledger cards, or other records of each deposit or credit account, showing each transaction in or with respect to the deposit or credit account;
7
• Records of each extension of credit in excess of $2,500, including a customer's identification and the verification of that identification, regardless of residency;
8
• Records of each advice, request, or instruction with respect to a transaction of any monetary value involving persons, accounts, or places outside the United States, including a customer's identification, regardless of residency;
9
• Records prepared or received in the ordinary course of business that would be needed to reconstruct a customer's deposit or credit account;
10
• Records required by other governmental agencies, e.g., federal, state, local, or tribal;
11
• Records prepared or used to monitor a customer's gaming activity, e.g., player rating records, multiple transaction logs;
12
• A list of transactions involving various types of instruments, cashed or disbursed, in face amounts of $3,000 or more, regardless of whether currency is involved, including customer's name and address;
13
and • A copy of the written compliance program required by 31 C.F.R. § 1021.210(b).
14
Also, card clubs are required to maintain and to retain the original or a microfilm copy of records of all currency transactions by customers, including without limitation, records in the form of currency transaction logs and multiple currency transaction logs. 15 Thus, the BSA regulations stipulate for card clubs a requirement to maintain multiple transaction logs.
A casino or card club that inputs, stores, or retains, in whole or in part, for any period of time, any record required to be maintained by 31 C.F.R. §§ 1010.410 or 1021.410(a) and (b) on computer disk, tape, or other machine-readable media shall retain the records in such media. Also, a casino or card club is required to maintain the indexes, books, file descriptions, and programs that would enable a person readily to access and review these computer records. 16 These computerized records, source documentation, and related programs must be retained for a period of five years. 17 However, FinCEN does not require that computerized records be stored in online memory and on a computer past their normal business use; either will suffice. 18 Nonetheless, records must in all events be filed or stored in such a way as to be accessible within a reasonable period of time. 19
Areas of Concern With Casino Recordkeeping Practices
Having cited 13 specific casino recordkeeping requirements earlier in this article, one would think there should not be any need for maintaining and retaining of additional casino records. However, customers can gamble anonymously at U.S. casinos and card clubs unless they: (1) open a deposit, credit, check cashing, player rating, or slot club account; (2) conduct currency transactions, involving either “cash in” or “cash out,” in excess of $10,000 in a gaming day, including multiple transactions; 20 or (3) fall under BSA customer identification requirements for deposit and credit accounts, checks with a face value of $3,000 or more, domestic money transfers in excess of $3,000, and international funds transfers at any value (emphasis added). 21
Also, there are certain longstanding casino recordkeeping practices that cause concerns in the areas of BSA examination, compliance, and enforcement, although they are fully acceptable for financial and tax accounting purposes. These concerns include:
• Lack of certain recordkeeping related to some types of common currency transactions, and • The fungibility of chips/tokens and currency in the casino cage, which when combined with the lack of certain business recordkeeping, creates a self-balancing effect on the cashier's imprest drawer which can cause a transaction to go unnoticed and be undetectable as to its nature.
22
This exists because casino chips/tokens and currency are exchangeable or interchangeable with each other.
Many casinos and card clubs do not prepare or maintain internal records, in the ordinary course of business, with reliable customer identification information associated with certain common currency transactions of significant value (except in excess of $10,000 in a gaming day) such as the following:
• Chip and token purchases: Customer purchases of gaming chips,
23
RFID chips,
24
and tokens using currency of an equal amount at cage windows.
25
• Chip, token, and TITO ticket redemptions: Customer exchanges of gaming chips, RFID chips, tokens, or slot machine tickets
26
for currency of an equal amount.
27
• Currency exchanges: Customer exchanges of currency of one denomination for currency of another denomination. • Foreign currency exchanges: Customer exchanges of currency of one country for currency of another country (usually foreign for U.S.).
28
• Wagering ticket purchases: Customer makes a wager evidenced by issuance of race book
29
and sports pool
30
wagering tickets using currency of an equal amount (also known as a “betting ticket”).
31
• Wagering ticket redemptions: Customer redeems race book and sports pool wagering tickets for currency of an equal amount.
32
Casinos do not require that customers provide identification for the redemption of chips, tickets, or tokens unless it triggers government reporting thresholds. For such a customer that has an established casino account number, 33 a casino, which is not required by governmental regulations to record such transactions at the cage, nonetheless would need a method for identifying large redemptions 34 at a reasonable threshold under $10,000 that were paid with currency 35 (including any large cash outs without gambling for large denomination bills), or a check.
When a customer launders currency at a casino or card club, he/she physically places illegally obtained money into the establishment's financial system. Then the customer layers the illegally obtained money through a series of financial transactions and subsequently redeems chips, tokens, TITO tickets, or betting tickets at the cage for large denomination bills, monetary instruments, or funds transfers which makes it difficult to trace the money back to its original source. For example, casinos and card clubs do not always distinguish between chip transactions and currency transactions at the cage because chips and currency transactions are interchangeable with each other; therefore, the character of currency transactions at the cage easily can be misidentified, whether by accident or intent, as non-reportable chip transactions. Thus, a critical money laundering vulnerability in a casino cage exists when an “unknown customer” 36 redeems gaming instruments for currency of $3,000 to $10,000, inclusive.
While BSA internal records are required to be created for casino monetary instruments of $3,000 or more or funds transfers in excess of $3,000, no specific BSA record is required to be created for chip, token, TITO ticket, or betting ticket redemptions 37 in currency between $3,000 and $10,000, inclusive. U.S. casinos and card clubs that maintain multiple transaction logs (MTLs) for currency transactions usually at $2,500–$3,000 (pursuant to state or tribal law or regulation, or in the ordinary course of business) will log these transactions on the MTL if they are greater than the threshold amount, but the customer-identifying information recorded on the log is limited. 38 For example, typical casinos record on the MTLs only a customer's name (if known) and do not request any other customer identification information (e.g., permanent address) before concluding a transaction. Although card clubs are required to maintain and retain records of all currency transactions by customers, including, without limitation, records in the form of currency transaction logs and multiple currency transaction logs, 39 customer identification is limited also for chip redemptions. This casino vulnerability is discussed as far as suspicious activity reporting in FinCEN's Frequently Asked Questions—Casino Recordkeeping, Reporting and Compliance Program Requirements (FIN-2007-G005, November 14, 2007), in Question and Answer 16.
Although 31 C.F.R. §§ 1010.311, 1010.313(b), and 1021.311 do not state specifically that a casino or a card club must create a record of transactions that are less than $10,000, 40 a casino or card club would need an effective internal control for customers (known or unknown), 41 to be able to identify large chip redemptions at a reasonable threshold under $10,000 that were paid with currency that may have been structured 42 to avoid reporting requirements or otherwise to obscure large cash out transactions. For example, for a customer that has an established casino account number, 43 a casino, which: (1) is not required by state or tribal regulations to maintain multiple currency transaction logs at the casino cage, or (2) does not maintain such logs within the ordinary course of its business, nonetheless, would need a method to be able to identify large chip redemptions at a reasonable threshold under $10,000 that were paid with currency from the imprest drawer. If implementing this internal control requirement or any other casino policy or procedure creates a record, 44 this would constitute knowledge as well as a BSA record which would be maintained for a period of five years. A casino or card club must aggregate customer currency transactions that occur on the floor 45 or the cage, 46 when it has obtained knowledge of such transactions either from examining records or actual knowledge (including large chip redemptions for currency). 47 For similar reasons, a casino would need a method for identifying large redemptions at a reasonable threshold under $10,000 of a betting ticket, token, or TITO ticket that was paid with currency to a known customer. 48
Therefore, all casinos and card clubs should consider enhancing the existing cage MTL for two types of currency transactions, namely, (1) chip, TITO ticket, betting ticket (including Nevada race book and sports pools), or token redemptions for currency, and (2) exchanges of currency (domestic or foreign), to require a customer's name, address, date of birth, and a government identification number unless the customer has a check cashing, credit, or deposit account, or is “a known customer” whose identity (i.e., name, date of birth, address, and government identification number) has been previously verified on a filed FinCEN Form 112, Currency Transaction Report (CTR), or any federal income tax form filed. As a corollary, for known customers, the cage MTL for chip, TITO ticket, wagering ticket or token redemptions for currency, and exchanges of currency (domestic or foreign), should contain a data element field to record the customer's account number. This would assist a casino or a card club in identifying customers for purposes of aggregating these types of transactions for currency transaction reporting as well as detecting “unknown” customers who are engaged in minimal or no gaming activity for purposes of suspicious activity reporting.
Furthermore, for “unknown” customers, as a best practice all casinos and card clubs should consider enhancing the existing cage MTLs for chip and token purchases using currency of an equal amount to require a surveillance photograph of each such customer. Similarly, for “unknown” customers, casinos that offer race book and sports pools should consider enhancing the existing cage MTL for wagering ticket purchases using currency of an equal amount to require a surveillance photograph of each such customer. This would assist a casino or card club in identifying customers for purposes of aggregating these types of transactions for currency transaction reporting.
Also, it is much easier to compare black and white surveillance photographs of “unknown” customers than it is to review many cage MTLs that only contain physical descriptions of customers (e.g., age, gender [male or female], eye color, hair color, height, weight) and name (if known) to identify customers conducting more than one large purchase transaction at the cage in the same gaming day. Nonetheless, the physical description on the cage MTLs has some value because it contains a customer's eye color and hair color, which cannot be ascertained from a black and white surveillance photograph for purpose of suspicious transaction reporting for unknown customers.
Proposed Casino Rulemaking Amendments for Enhanced Customer Identification
Currently, in the United States, casinos and card clubs are not subject to any Customer Identification Program (CIP) rules 49 other than the three basic data elements required when a deposit or credit account is opened: name, permanent address, and social security number (see 31 C.F.R. § 1021.410(a)). Casinos are required to use and essentially leverage all information including customer information obtained from credit, fiduciary accounts (i.e., deposit), and marketing to aid in BSA compliance. Card clubs do offer deposit (i.e., so-called player's accounts), but typically do not extend credit. Thus, card clubs do not have an opportunity to identify as many of their customers as would happen if credit accounts were offered. Also, most card clubs are prohibited from offering marketing accounts to customers, thereby missing another opportunity to identify their customers. Without enhanced due diligence rules for customers applied equally to card clubs and casinos, these industries are vulnerable to being used to facilitate money laundering and other financial crimes.
MTLs are intended to assist casinos and card clubs in aggregating currency transactions for purposes of BSA reporting. As mentioned earlier, typically, casinos prepare MTLs to record large cash transactions, (e.g., generally in excess of $2,500 or $3,000). Casinos are not required under the BSA to create MTLs, but are required to retain them if they create them pursuant to state, tribal, or local laws or regulations (see 31 C.F.R. § 1021.410(b)(7)), prepared or used to monitor a customer's gaming activity (see 31 C.F.R. § 1021.410(b)(8)), or prepared in the ordinary course of business. Thus, the vast majority of casinos do maintain MTLs pursuant to state, tribal, or local laws, or as a common business record to assist them with aggregating currency transactions. While MTLs identify certain currency transactions, typically they do not identify the customer by name for the redemptions of chips, tokens, or tickets, as well as currency exchanges. Often only a vague physical description is recorded leaving no way to positively identify the transactor.
During the span of the author's 20-year tenure at FinCEN, many times Internal Revenue Sevice (IRS) examinations noted casino MTLs with 40 to 60 percent of customers listed as “unknown” for transactions involving the redemptions of chips, tokens, or tickets, as well as currency exchanges conducted below $10,000, thereby making the recording of these specific MTL entries almost useless. As an aside, also see the MTL violations cited in the Sparks Nugget's BSA Civil Money Penalty Consent Agreement discussed in the next section on FinCEN enforcement actions. Card clubs have a unique BSA requirement to maintain MTLs, but there is no specific requirement that a customer must be identified in these MTLs. Also, typically, IRS examinations noted card club MTLs with 90 percent of customers listed as “unknown” for transactions involving the redemptions of chips as well as currency exchanges conducted below $10,000 thereby making the these specific MTL entries almost useless. As a case in point, see suspicious activity report (SAR) and currency transaction report violations cited in the Hawaiian Gardens Casino's BSA Civil Money Penalty Consent Agreement also discussed in the next section on FinCEN enforcement actions.
As a corollary, chips, tokens, or tickets, and currency exchange transactions that only list “unknown” for customer identity purposes have affected casino suspicious activity reports filed. During 2005 through 2011, casino suspicious activity reports filed that lacked any customer identification information ranged from 7.3 percent to 9.7 percent. Typically, about 70 percent of these casino suspicious activity reports that lack any customer identification information involve redemption of casino chips or large currency exchanges. Moreover, typically 70 percent to 75 percent of these involved transactions recorded on MTLs of $3,000 to $10,000, inclusive. This means that casinos were detecting suspicious activities, but typically did not know the identity of many customers conducting these two specific transaction types. 50 Unfortunately, when a customer was “unknown,” typically, a casino did not use whatever other internal sources that were available to obtain a customer's identification (hotel registrations, show reservations, credit card numbers, river boat casino reservation records, etc.).
This article asserts that five distinct records would have a positive impact and would help to remedy this customer identification gap. Four of these five records involve the MTLs. First, a MTL requirement for both card clubs and casinos that has specific customer identification (ID) requirements for chip, ticket, and token redemptions for currency at cages of $3,000 to $10,000 for currency, inclusive. Second, a MTL requirement for both card clubs and casinos that has specific customer ID requirements for currency exchanges, domestic or foreign, at cages of $3,000 to $10,000, inclusive. Third, a MTL requirement for both card clubs and casinos that has specific ID requirements for non-banked card games, such as poker or any of its variations, for chip buy-ins with currency of $3,000 to $10,000, inclusive. Fourth, a MTL requirement for card clubs that has specific customer ID requirements for chip purchases or exchanges with currency at cages and floors of $3,000 to $10,000, inclusive. 51
While recommending that four existing MTL records should be enhanced, MTL records for three other types of transactions are not needed, namely, for deposit, credit, or negotiable instrument transactions because of other BSA casino recordkeeping requirements that already exist. 52 The net effect would be to limit MTLs to these four recommended transaction types, 53 while providing relief by eliminating creation of partially duplicative casino records for three other types of currency transactions just discussed. For those state or tribal gaming regulations that require MTLs, such regulations should be amended to remove MTL requirements for transactions that pertain to deposit, credit, or negotiable instruments since BSA casino recordkeeping requirements apply. When such MTLs are maintained by state-licensed casinos as ordinary business records, such casinos should revise their BSA compliance procedures to remove MTL requirements that pertain to deposit, credit, or negotiable instrument transactions.
Records pertaining to the four proposed MTL requirements should include the following information: the date and time of, and amount of currency (in U.S. dollar equivalent) involved in, the transaction; the customer's name and permanent address; the name of a verified internal record when such record was used to obtain the customer's name and address; casino or player account number (if any); the type of transaction(s); the cage window number or table number; and the name or license number of the employee who conducted the transaction. Also, the four proposed requirements need not include social security number, which would lessen the customer's concern about the potential for identity theft. While the purpose of this record is to combat money laundering, nonetheless, it provides useful business information for a casino, namely, a customer's name and address, which they would find useful for marketing purposes. Thus, governmental authorities and casino operators would both benefit from the creation of such records.
A fifth important record to help remedy this customer identification gap would be a source of funds requirement for both casinos and card clubs to check for the source of a customer's assets/occupation and/or income for either large deposits and/or repayments of credit transactions. A threshold somewhere in the $30,000 54 to $50,000 55 range during a gaming day, or $100,000 or more on a multi-day casino trip, would be helpful. Also, such a deposit and credit transaction record should encompass the following six types of instruments: advices, requests, or instructions for international funds transfers received; currency; intercompany transfers among affiliated casinos; and third-party checks. The preceding would be a due diligence check on a customer's occupation/source of funds for these six instruments when used to conduct large deposit and/or credit transactions. It is recommended that the due diligence check would use an independent and reliable source (e.g., main source of funds is derived from a well-known source such as salary, pension, governmental benefits, and/or occupation). The purpose of this due diligence check would be to determine whether the instruments used for deposit and credit transactions are commensurate with the funding source. It is suggested that in the event that a casino or card club is unable to secure an independent and reliable source to determine whether any of these types of transactions are commensurate with the funding sources for a customer, that a casino or card club should make an entry in a record that it has made a reasonable effort to secure the information, and back up this entry with maintaining a surveillance photograph of such a customer.
The source of funds record should include the following information: the time, date, amount, and type of the transaction; the name, permanent address, and date of birth of the customer; the type of instrument (if applicable); the name and address of the issuer of the record used for confirmation or substantiation of the main source of the funds; the date of the record; the name of the drawee or issuer of any instrument; all reference numbers (e.g., casino account number, check number, intercompany transfer number); the cage window number or branch office; and the name or casino license number of the casino employee who conducted the transaction.
Since such entries could very well be considered suspicious in nature, the author suggests that this record and surveillance photograph be made available to FinCEN or any federal, state, or local law enforcement agency, or any federal, state or tribal casino regulatory authority, upon request. Given the nature of the instruments, types of transactions, and large dollar amounts, it is suggested for this record that a subpoena or due process should not be required.
Additionally, based on 20 years of regulatory experience, three existing BSA casino recordkeeping requirements should be amended to enhance the recording of information for both CIP and BSA examination purposes as well as to eliminate two other existing coverage loopholes. These records are for opening credit and deposit accounts, conducting credit and deposit account transaction, and recording monetary instruments of $3,000 or more.
The first existing record is for opening credit and deposit accounts (see 31 C.F.R. § 1021.410 (a)), and FinCEN should require the recording of an individual's date of birth and country of issuance for an alien identification, as well as the date the account was opened. Also, clarify that a deposit account includes off-track betting, which is called a “wagering” account. In addition, delete the existing provision related to the opening deposit and credit accounts whereby a casino will not be in violation of failing to obtain an individual's social security number, pursuant to 31 C.F.R. § 1021.410(a), if it “… has made a reasonable effort to secure such number and it maintains a list containing the names and permanent addresses of those persons. … ” Given the significant customer account requirements for customer identification programs of: (1) depository institutions, (2) brokers or dealers in securities, (3) mutual funds, and (4) futures commission merchants and introducing brokers, a customer's taxpayer identification number should be required to be recorded by casinos for the opening credit and deposit accounts as well as the deletion of language permitting omission of a social security number, which is no longer appropriate for the opening of casino deposit and credit accounts.
The second existing record is for credit and deposit account transaction receipts (see § 1021.410 (b)(1)), and FinCEN should require the recording of a country of issuance for alien identification, as well as the account number, the type of transaction, and the amount of currency received or disbursed. 56
The third existing record is for recording monetary instruments of $3,000 or more on a list (see 31 C.F.R. § 1021.410(b)(9)), and the following data elements should be added to it: amount of currency disbursed of $500 or more, 57 and some additional identification for non-accountholders. 58 Also, to hinder structuring, expand coverage for the negotiable instrument list from a face value of $3,000 or more, to multiple negotiable instruments from a customer totaling $3,000 or more during a single visit. 59 This suggested change should include contemporaneous receipt of the same or different types of instruments totaling $3,000 or more, or issuance of multiple casino checks totaling $3,000 or more in a gaming day to combat structuring. These three existing casino recordkeeping gaps limit the types, and thus the number of transactions requiring customer identification, which are problematic since casinos and card clubs are not subject to CIP.
Fourth, existing casino currency aggregation requirements should be amended for customer due diligence purposes to require aggregation for multiple currency transactions that have occurred from searching any and all electronic records by customer account number(s), and name(s). Currently, the BSA casino requirement in 31 C.F.R. § 1021.313, for aggregation for multiple transactions, includes knowledge only from examining the books, records, logs, and computer files that contain information that the currency transactions have occurred. Thus, § 1021.313 does not require searching any and all casino electronic records by customer account number(s) and/or customer name for purposes of aggregating currency transactions for CTR filings. The current requirement limits casino CTR aggregation, as well as limits the number of reportable currency transactions that should be filed, which in turn hinders the effectiveness of customer due diligence. 60 Thus, the regulatory text needs to be expanded by adding the following phrase, “or searching any and all electronic records by customer name(s) or account number(s),” after the phrase “and similar documents and information.” Please note that name and number are pluralized to account for customers who maintain accounts under multiple names and numbers for the purposes of trying to evade 31 C.F.R. Chapter X requirements.
Additionally, since the casino and card club industries lack a federal government functional regulator, one clarification of casino compliance program requirements is needed, namely, streamlining and expanding the 31 C.F.R. § 1021.210(b)(2)(iii) regulatory text for training of personnel to specify the following:
Training and education of personnel involved in complying with the recordkeeping, currency transaction and suspicious transaction reporting, compliance program and other requirements of this Part, is ongoing during the year, including, without limitation, documentation substantiating the content of the training session, the dates training was provided, and which personnel received training.
The streamlining suggestion pertains to deleting the following text as unnecessary: “to the extent that the reporting of such transactions is required by this chapter, by other applicable law or regulation, or by the casino's own administrative and compliance policies.” As an aside, the lack of casino compliance program training is noted as a violation in four of the seven FinCEN enforcement actions discussed in the next section, namely, the Tinian Dynasty Hotel & Casino Civil Money Penalty Assessment, as well as the Caesars Palace, Oaks Card Club, and Cantor Gaming BSA Civil Money Penalty Consent Agreements.
Moreover, since the casino and card club industries lack a federal government functional regulator, the casino program requirements for 31 C.F.R. § 1021.210(b)(2)(v) should expand the regulatory text for “procedures for using all available information to determine:” by adding a new subsection to specify the following: “The occurrence of any or all customer currency transactions contained on machine-readable media required to be reported pursuant to §§ 1021.311 and 1021.313.” As an aside, the lack of using all machine-readable media is noted as violations in two of the seven FinCEN enforcement actions discussed in the next section, namely, the Trump Taj Mahal and Sparks Nugget BSA Civil Money Penalty Consent Agreements. This second compliance program expansion dovetails with the earlier suggestion that FinCEN should amend existing casino currency aggregation requirements for customer due diligence purposes to require aggregation for multiple currency transactions that have occurred from searching any and all electronic records by customer account number(s), and name(s).
Lastly, please be aware that BSA beneficial ownership rules would be difficult to apply to casinos and card clubs. Currently, a Geographic Targeting Order (GTO) is needed to require that a casino ask a customer if they are the owner of funds used, for example, in an off-track betting transaction. A way to correct this quickly, short of rulemaking, is to modify the CTR instructions to require a casino, when accepting an off-track betting or wagering transaction, to request whether a customer is conducting a transaction on behalf of another person when a CTR filing requirement is triggered. If customer indicates a yes, then record any identifying information provided by a customer in the appropriate data element field.
All the above proposed nine amendments to casino rules and the one modification to the CTR instructions would make a significant difference in designing a regulatory program with enhanced customer due diligence, which eliminates regulatory gaps, while avoiding a CIP rule which has several provisions that pertain to operational characteristics that do not exist in a casino or card club gambling operation and thus would have no relevance. As explained, these suggested regulatory changes to the BSA's casino requirements would have minimal regulatory burden on the casino and card club industries. 61 Additionally, to construct a limited CIP rule for casinos and card clubs would be a difficult challenge and would introduce confusion when compared with the comprehensive nature of the CIP rules applicable to: (1) brokers or dealers in securities, (2) mutual funds, (3) insurance companies that offer an individual annuity contracts and/or individual whole life insurance policies, (4) futures commission merchants and introducing brokers, and (5) banks, savings associations, credit unions, and certain non-federally regulated banks.
Recent Casino and Card Club BSA and Anti-Money Laundering Enforcement Actions
This section will discuss important FinCEN enforcement actions that occurred from 2015 through June 2016, against five casinos and two card clubs for violating BSA casino civil regulatory requirements and, in some instances, federal anti-money laundering laws. This discussion is a summary of those actions intended to provide gaming regulators, United States attorneys, special agents, and IRS civil examiners with an understanding of these BSA and anti-money laundering (AML) regulatory actions to alert them to the challenges and problems the casino and card club industries face, as well as the lack of compliance programs reasonably designed to combat money laundering and terrorist financing.
Trump Taj Mahal
On March 6, 2015, FinCEN reached a $10,000,000 civil penalty settlement with the Trump Taj Mahal Casino Resort (Trump Taj Mahal), for willful and repeated violations of the BSA during 2010 through 2012. 62 The consent agreement describes four major failures by Trump Taj Mahal 63 to comply with the following specific casino requirements: (1) a written compliance program; 64 (2) reporting of suspicious activity when a casino knows, suspects, or has reason to suspect that the transaction or pattern of transactions is both suspicious and involve $5,000 or more; 65 (3) reporting of each transaction in currency, involving either “cash in” or “cash out,” of more than $10,000 in a gaming day of which a casino has obtained knowledge; 66 and (4) detailed recordkeeping on casinos. 67 In addition to the civil money penalty, the Trump Taj Mahal Casino is required to conduct periodic external audits to examine its BSA/AML compliance program and provide those audit reports to FinCEN and the casino's board of directors.
FinCEN determined Trump Taj Mahal willfully violated the BSA/AML's compliance program, CTR and SAR reporting, and casino recordkeeping requirements from 2010 through 2012. Since 2003, the IRS Small Business/Self-Employed Division (IRS SB/SE) cited Trump Taj Mahal for many of these BSA/AML violations in previous compliance examinations.
… Trump Taj Mahal (a) failed to implement and maintain an effective anti-money laundering program; (b) failed to report suspicious activity related to several financial transactions at the casino; (c) failed to properly file Currency Transaction Reports; and (d) failed to keep appropriate records as required by the BSA and its implementing regulations. 68
After FinCEN's determinations, the consent agreement lays out the findings of the IRS's compliance examination of the Trump Taj Mahal Casino. First, as described in the consent agreement, Trump Taj Mahal failed to implement and maintain an effective AML program. It did this by failing to comply with three 69 of the eight components that comprise the BSA's compliance program requirement for casinos. Specifically, the FinCEN consent agreement states:
Trump Taj Mahal failed to implement an adequate system of internal controls to ensure ongoing compliance with the BSA. Trump Taj Mahal failed to timely, accurately, and completely file Currency Transaction Reports (CTRs). In addition, Trump Taj Mahal failed to implement policies, procedures, and internal controls to comply with recordkeeping obligations under the BSA. Trump Taj Mahal's AML program also lacked adequate policies, procedures and internal controls to monitor transactions for suspicious activity and file suspicious activity reports (SARs). 70
Second, as described in the consent agreement, Trump Taj Mahal violated the BSA/AML suspicious activity reporting requirements many times during each of the three-month scope periods of two IRS SB/SE compliance examinations. The combined SAR failure rate was 49 percent, which is very high. Specifically, the FinCEN consent agreement states:
Within the scope period of the 2010 and 2012 IRS SB/SE examinations, Trump failed to file approximately 100 SARs. During the three-month examination scope for the 2010 BSA exam, Trump Taj Mahal filed 32 SARs, but failed to file 41 others, which represents a 56% failure rate. Similarly, during the three-month exam scope for the 2012 BSA exam, Trump Taj Mahal filed 69 SARs, but failed to file 55 others, which represents a failure rate of 44%. The suspicious activity included patrons engaged in minimal gaming activity, avoiding the CTR filing requirement by structuring marker payments and chip redemptions to avoid reporting, and apparent laundering of funds through the issuance and redemption of slot ticket in/ticket-out tickets.
Furthermore, Trump Taj Mahal lacked policies and procedures to use all available data to aid in the monitoring of slot ticket issuance and redemption transactions, rated play at table games, and slot player transactions for patrons who may have engaged in minimal gaming or other suspicious activity. 71
The consent agreement continues to discuss Trump Taj Mahal Casino's failures to comply with the SAR reporting requirement and in doing so identifies the third BSA/AML compliance program element that was violated. Specifically, the FinCEN consent agreement states:
Trump Taj Mahal also did not have policies and procedures in place to monitor data from slot machines for reporting requirements. The failure to implement policies and procedures to use this data resulted in the Casino being cited for SAR reporting violations in 2010 and the subsequent 2012 examination. Specifically, the Casino did not monitor bills-in (cash) slot machine play to identify suspicious activity. Failure to incorporate these elements into the suspicious activity monitoring program led to multiple failures to identify suspicious activity and file SARs. Trump Taj Mahal was aware of its deficient suspicious activity monitoring and reporting as early as 2007; however, despite being on notice of these deficiencies, failed to take adequate action to comply with this requirement. 72
Fourth, Trump Taj Mahal violated the BSA/AML currency reporting requirements many times during each of the three-month scope periods of two IRS SB/SE compliance examinations. Specifically, the FinCEN consent agreement states:
Trump Taj Mahal repeatedly violated the requirement to properly file CTRs. During the three-month scope period of the 2010 BSA examination, Trump Taj Mahal had failures to verify, record, and report required information for 134 reportable transactions. Of the 134 violations, 89 violations related to transactions from nineteen different patrons that involved discrepancies between the customer's name and social security number. Even after Trump Taj Mahal was notified by the IRS of these discrepancies, it failed to verify the identifying information provided by casino patrons.
Trump Taj Mahal's CTR filing deficiencies continued in 2012. During a one-month period, Trump Taj Mahal failed to file 30 CTRs totaling $500,000, stemming from the Casino's failure to adequately monitor and report when a patron inserts more than $10,000 into a slot machine in a given day. The failure to adequately monitor cash inserted into slot machines also caused Trump Taj Mahal to incorrectly file 10 additional CTRs. Furthermore, the Casino failed to properly file 22 CTRs as a result of failing to record social security numbers for post-transaction aggregations of cash buy-ins by patrons at gaming tables. 73
Fifth, Trump Taj Mahal violated the BSA/AML recordkeeping requirements many times during each of the three-month scope periods of two IRS SB/SE compliance examinations pertaining the BSA negotiable instrument log. Specifically, the FinCEN consent agreement states:
The 2012 BSA examination revealed that over 100 marker deposits and checks received for marker payments of $3,000 were not maintained on the casino's negotiable instrument log, and the casino failed to log all markers which were deposited into its bank account during the entire period of the 2012 exam. Notably, this was also a repeat violation, as the 2010 examination revealed 26 violations of this same requirement, in addition to other recordkeeping requirement failures related to Trump Taj Mahal's negotiable instrument log. 74
Trump Taj Mahal agreed to undertake to two improvements to its BSA/AML Program, which are discussed below.
A. External independent reviewer
Trump Taj Mahal will engage and retain an independent, external, qualified, and experienced external auditor to examine its BSA/AML compliance program and to conduct risk-based independent testing of such program.
Three reviews will occur: the first will commence within six months of the entry of the order of the Bankruptcy Court approving the CONSENT; the second will occur in 2017; and the third will occur in 2019. The first review will have a review scope of September 9, 2014 through the commencement date of the first review, with no less than six months' worth of transactional analysis. The second and third reviews will each cover the previous two years, with no less than six months' worth of transactional analysis. 75
B. AML Program Report
Trump Taj Mahal will provide third-party reviewers' report of findings to casino's audit committee and board of directors and then transmit it to FinCEN and IRS SB/SE. The consent agreement states that: “[t]o the extent that the report demonstrates any material deficiencies in the Company's programs and procedures, the Company shall address and rectify the deficiencies as soon as is reasonably practical.” 76
From the author's viewpoint, FinCEN determinations in the enforcement case against Trump Taj Mahal were well grounded. Trump Taj Mahal egregiously and willfully violated AML program requirements, reporting obligations, and recordkeeping requirements. In addition, in 1978 FinCEN had assessed a $477,700 civil money penalty against Trump Taj Mahal for major currency transaction reporting violations. Normally, these would lead to a much higher civil money penalty. However, the FinCEN press release for the second enforcement action stated that: “Trump Taj Mahal petitioned for bankruptcy in September 2014. That bankruptcy remains pending. The Bankruptcy Court approved of Trump Taj Mahal's settlement on March 4, 2015.” 77 Since Trump Taj Mahal filed for Chapter 11 bankruptcy protection on September 10, 2014, almost six months before FinCEN's civil money penalty was issued, FinCEN would have factored this in as a mitigating factor reducing the severity of the civil money penalty. In addition, Trump Taj Mahal's estimated costs to perform the two extensive undertakings in the civil money penalty consent agreement would have been factored in by FinCEN in determining the corporation's civil money penalty.
Tinian Dynasty Hotel & Casino
On June 3, 2015, FinCEN assessed a $75 million civil money penalty against Hong Kong Entertainment (Overseas) Investments, Ltd., d/b/a Tinian Dynasty Hotel & Casino, in the Northern Mariana Islands for willful and egregious violations of the BSA. 78 A FinCEN assessment occurs when it and the entity in question fail to agree to settle an enforcement action with a civil money penalty consent agreement. When such an assessment occurs, a casino is assessed for the full money penalty value associated with its violations of the BSA/AML requirements. Also, when such assessments occur they are forwarded to the Department of Justice Civil Division for collection of the penalty. The Civil Division has two years to try to collect the civil monetary penalty or file a suit in federal district to obtain a judgment authorizing the collection of the debt. This two-year period ended on June 3, 2017. Since Hong Kong Entertainment (Overseas) Investments did not pay its $75 million penalty, it will remain as an unpaid debt owed to the federal government and any future federal funds owed the business or its owners (e,g., federal income tax refund) will be used instead as a payment applied to this debt.
The Assessment describes three major failures, and implies a fourth failure that is recordkeeping, by the Dynasty Casino to comply with the following specific casino requirements: (1) reporting of suspicious activity when a casino, suspects, or has reason to suspect that the transaction or pattern of transactions is both suspicious and involve $5,000 or more; (2) reporting of each transaction in currency, involving either “cash in” or “cash out,” of more than $10,000 in a gaming day of which a casino has obtained knowledge; (3) detailed recordkeeping on casinos; and (4) a written compliance program.
First, as described in the Assessment, Tinian Dynasty failed to develop and implement an effective anti-money laundering program. It did this by failing to comply with five of the eight components that comprise the BSA's compliance program requirement for casinos. Specifically, the Assessment states:
No member of Tinian Dynasty staff was delegated responsibility for day-to-day compliance with the BSA, and the Casino failed to develop and implement policies, procedures, and internal controls designed to ensure compliance with the BSA. Tinian Dynasty never conducted any independent testing of the Casino's systems to ensure compliance and did not have sufficient procedures in place to detect or report suspicious transactions. Further, casino personnel were not trained in BSA recordkeeping requirements or in identifying, monitoring, and reporting suspicious activity. 79
Further, Tinian Dynasty Casino's violation of the requirement to establish and implement an effective AML program contributed to willful failure to file: (1) CTRs at the request of undercover IRS Criminal Investigation agents posing as Russian businessmen, and (2) more than 2,000 CTRs on other transactions over a three-and-a-half-year period, which were discovered during a search of the casino by federal law enforcement agents.
Second, for ten months during 2012 and 2013, Tinian Dynasty engaged in a pattern of accommodating gamblers who did not want large currency transactions reported by the Casino. The Assessment stated that “… the VIP Manager, who was responsible for implementing casino marketing programs and servicing the Casino's most valued customers, assured an undercover agent posing as the New York-based representative of a Russian businessman that his client could bring large amounts of currency and that the Casino would not file reports related to the client's activity at the Casino.” 80 Two undercover agents posing as gamblers arrived at the Casino, and with the assistance of the VIP Manager and other Casino employees (who provided detailed advice on how to avoid reporting requirements), conducted ten currency transactions in amounts varying between $15,000 and $148,150 (with a mean average of $53,000 per transaction) with these gamblers and did not file required CTRs.
Third, Tinian Dynasty Casino violated the requirement to report suspicious transactions and activities in two ways, namely, (1) before the federal indictment, it never filed a single SAR and (2) undercover agents posing as gamblers asked casino managers to allow them to make deposits without filing any reports to the government. In this regard, the Assessment states that:
The BSA explicitly defines attempts to avoid reporting requirements as suspicious activity that requires a Suspicious Activity Report to be filed. 31 C.F.R. Section 1021.320(a)(2)(ii). Notwithstanding this requirement, Tinian Dynasty not only assisted the undercover agents in evading the BSA reporting requirements, but it failed to report the activity as suspicious. 81
The essence of the enforcement action is summarized in the press release when FinCEN Director Jennifer Shasky Calvery noted that:
The casino operated for years without an AML program in place. It failed to file thousands of CTRs and its management willfully facilitated suspicious transactions and even provided helpful hints for skirting and avoiding the laws in the U.S. and overseas. Tinian Dynasty's actions presented a real threat to the financial integrity of the region and the U.S. financial system.
In a separate but related enforcement action some fifty days later, on July 23, 2015, United States attorney for the Districts of Guam and the Northern Mariana Islands, entered into a non-prosecution agreement with Hong Kong Entertainment (Overseas) Investments, Ltd., dba Tinian Dynasty Hotel & Casino (TDHC), which required TDHC to forfeit $3,036,969.12. 82 This agreement obligates TDHC to fully cooperate with the United States in ongoing criminal investigations and to comply with federal reporting and other regulatory requirements. Additionally, the United States has the sole discretion to rescind the agreement and initiate criminal proceedings should the government determine that TDHC has failed to comply with any provision of this agreement. Lastly, beginning on July 23, 2015, the non-prosecution agreement requires three years of self-reporting. 83 In an interesting aside, this agreement cites an estimate of CTRs not filed by the Tinian Dynasty Casino that is 82 percent higher than the number used in the FinCEN Assessment document. To be specific, the Department of Justice press release states that: “According to filings with the court … [f]rom October 1, 2009 through April 25, 2013, TDHC failed to document over $138 million in reportable cash transactions. It is estimated that TDHC failed to report 3,640 separate cash transactions during this same time.” 84
Caesars Palace
On September 8, 2015, FinCEN reached an $8,000,000 civil penalty settlement with Caesars Palace for inadequate anti-money laundering controls on high rollers. 85 In addition, on September 17, 2015, the Nevada Gaming Control Board executed a $1,500,000 settlement with Caesars for 15 violations of Nevada Gaming Commission Regulations 5.010 and 5.011 for an unsuitable method of operation pertaining to compliance with federal anti-money laundering requirements. On October 19, 2015, the United States Bankruptcy Court for the Northern District of Illinois approved FinCEN's $8,000,000 settlement with Desert Palace, Inc. d/b/a Caesars Palace. FinCEN had previously announced the settlement in September 2015, noting that it was subject to bankruptcy court approval. 86 The consent agreement describes two major failures by Caesars Palace to comply with the following specific casino requirements: (1) a written compliance program; and (2) reporting of suspicious activity when a casino knows, suspects, or has reason to suspect that the transaction or pattern of transactions is both suspicious and involve $5,000 or more.
Caesars Palace maintained private gaming salons, which are exclusive gaming rooms authorized under Nevada law that are reserved only for its wealthiest clientele. As a general finding, FinCEN determined that Caesars salons, which are not in the public gambling areas of its casino, had internal controls that were severely deficient. As part of this finding, FinCEN stated that:
Despite the obvious elevated risks presented in these salons, which openly allowed wealthy patrons to gamble anonymously, Caesars failed to impose appropriate anti-money laundering scrutiny on [them]. … Caesars also marketed these private gaming salons through branch offices located in the United States and abroad (particularly Asia), but failed to adequately monitor transactions conducted through these marketing offices for suspicious activity. These … deficiencies caused Caesars to fail to detect and report a number of instances of suspicious activity.
Several failures at Caesars caused these compliance deficiencies, which were both systemic and severe. The casino did not supply sufficient resources to its BSA compliance department [that] … allowed a blind spot to exist … private gaming salons—enabling some of the most lucrative, and riskiest, financial transactions to avoid the scrutiny of Caesars' compliance program. 87
First, as described in the consent agreement, Caesars Palace failed to develop and implement an effective AML program. It did this by failing to comply with five of the eight components that comprise the BSA's compliance program requirement for casinos. The five compliance program deficiencies are discussed below. The first deficiency on internal controls applied to three distinct areas, showing how pervasive it was.
a. Internal controls: Private gaming salon—Caesars Palace did not develop and implement effective AML internal control standards for gambling salons. Specifically, FinCEN determined that:
Caesars permitted the guests of private gaming salon patrons to play using the primary patron's credit or front money instead of their own (i.e., “team play”). This potentially enabled guests to conceal their identity and transactions, thereby frustrating recordkeeping and reporting requirements. … By failing to identify these guests, Caesars allowed some of the guests to gamble significant sums anonymously. 88
b. Internal controls: Branch offices—Caesars Palace did not develop and implement effective AML internal control standards for branch offices. Specifically, FinCEN determined that:
Caesars … failed to implement effective internal controls to detect and report suspicious activity occurring at its branch office locations … including in Hong Kong, Singapore, Tokyo, and Monterey Park, CA. … the marketing executives at these branch offices rarely, if ever, referred suspicious activity to Caesars' BSA compliance department. They also lacked a basic understanding of the types of activity that should be considered suspicious. … [Additionally, no analysis or] any inquiry regarding the source of funds. Caesars … routinely accepted third-party checks at its Hong Kong branch office for marker payments without … verify[ing] the relationship between the third-party and the patron receiving the marker. 89
c. Internal controls: Detecting and reporting other suspicious activities—Caesars Palace did not develop and implement effective AML internal control standards for suspicious activity reporting. Specifically, FinCEN determined that:
Caesars' [AML] program … highlighted wire transfers over $10,000 for a patron from an unaffiliated business as a red flag potentially requiring a SAR. Despite this explicit warning, Caesars failed to file SARs—or even flag the activity for review—on dozens of these types of transactions. Caesars also failed to maintain effective procedures to detect and report “bill stuffing”—a form of minimal gaming … until September 2012. … IRS SB/SE identified this compliance failure four years earlier during a 2008 Caesars exam. 90
Second, Caesars Palace had inadequate independent testing procedures of its AML compliance program. Specifically, FinCEN determined that:
Caesars also failed to conduct adequate independent testing of its anti-money laundering compliance program. Rather than determining whether its procedures were actually effective in achieving compliance with the BSA, Caesars' independent tests merely assessed whether the casino was implementing its already established anti-money laundering procedures. For example, Caesars conducted an internal audit during the IRS SB/SE exam period, but … overlooked the fact that Caesars was not implementing its own anti-money laundering procedures for detecting suspicious activity. 91
Third, Caesars Palace had an inadequate BSA training program for its employees. Specifically, FinCEN determined that:
This deficient training resulted in fundamental misunderstandings of the types of transactions that should be considered suspicious. … [S]ome of these Caesars employees mistakenly believed that the requirement to report suspicious activity related to cash transactions only. Even more egregious was their erroneous belief that filing a CTR (which … identifies the existence of a particular transaction above a certain monetary threshold) relieves a casino from filing a SAR (which notifies FinCEN and law enforcement about suspicious financial transactions). The marketing executives at Caesars' branch offices … lacked a basic understanding about the types of activities that should be considered suspicious. 92
Fourth, Caesars Palace failed to implement procedures for using all available information to comply with the BSA. This failure involved three BSA casino compliance requirements pertaining to using all available information. Specifically, FinCEN determined that:
Caesars failed to implement procedures for using all available information to determine: (a) identifying information when required under the BSA; (b) the occurrence of any transactions or patterns of transactions required to be reported on a SAR; and (c) whether certain records are required to be maintained. 31 C.F.R. § 1021.210(b)(2)(v). Caesars' marketing department would typically obtain information about the casino's wealthy patrons for marketing purposes, but Caesars did not use this information to identify and evaluate potentially suspicious activity or … incorporate it into the casino's anti-money laundering controls. … [M]any of the SAR violations … involved suspicious third-party payments occurring at Caesars' foreign branch offices. … [Also,] Caesars issues computer generated tickets for high-end slot machine players. … many of these … tickets were issued and then redeemed without any evidence that a patron … used the ticket to play a slot machine. This activity potentially indicated suspicious minimal gaming, but Caesars was unable to evaluate the activity because the casino did not record whether a patron actually purchased the computer-generated ticket or whether Caesars pre-printed the computer-generated ticket and then redeemed it after no patron purchased it. … [Thus,] Caesars … did not keep sufficient [information about] … these tickets. 93
Fifth, Caesars Palace failed to file over 100 SARs during examination period. Specifically, FinCEN determined that:
During the period covered by the IRS SB/SE 2012 exam, Caesars failed to file over 100 SARs to report a variety of suspicious activities, including: (a) “team play” among unidentified guests in Caesars' private gaming salons; (b) suspicious transactions at Caesars' branch offices; (c) third-party payments from unrelated individuals and businesses; (d) structuring; (e) minimal gaming and bill stuffing; (f) chip walking; and (g) observed suspicious behavior of individual patrons. Moreover, Caesars did not detect these transactions as potentially suspicious at the time they occurred and conducted no diligence on them in order to evaluate their legitimacy.
For instance, Caesars failed to file approximately 30 SARs to report transactions in which the casino received wire transfers for patrons from unaffiliated third-parties, including unrelated businesses. … In none of these cases did Caesars attempt at the time of the transactions to ascertain the nature of the relationship between the individuals and businesses sending the funds and the patrons receiving them. 94
Caesars Palace agreed to several improvements to its BSA/AML Program, including those with respect to fostering a culture of compliance, complying with all applicable BSA compliance program, recordkeeping, and CTR and SAR reporting requirements, including implementing risk-based “know your customer” (KYC) measures and preventing and detecting money laundering. As part of the agreement, Caesars Palace agrees to the following four undertakings.
A. External independent reviewer
Caesars will engage and retain an independent, external, qualified, and experienced external auditor to examine Caesars' BSA/AML compliance program and to conduct risk-based independent testing of such program. Four reviews will occur: the first will begin within sixty days of the consent agreement, and the remaining will commence annually thereafter for the next three years. Each review will cover the prior year, with three months' worth of transactional analysis. After the 2018 review, FinCEN has sole discretion to determine whether to extend this requirement into additional years.
B. AML Program Report
Within 180 days of consent agreement, and annually thereafter for the next three years, Caesars will provide a report to FinCEN of the implementation of its BSA/AML Program which will include all initiatives to improve BSA/AML compliance and any material breakdowns or deficiencies in internal controls, and management's responses and action plan to address any issues raised in the external reviewer's report.
C. Training Plan
Within 90 days of consent agreement, and annually thereafter for the next three years, Caesars will provide to FinCEN and IRS SB/SE a copy of its training program provided to employees; attendance records of all employees and officers who attended the program; and the results of any testing to ensure knowledge of BSA/AML compliance program, recordkeeping, and CTR and SAR reporting requirements.
D. SAR look-back
Within 180 days of the date of the consent agreement, Caesars will conduct, or engage a third party to conduct, a review of all SAR transactions conducted through Caesars branch offices in Asia and in Monterey Park, California, for the period of January 1, 2012, through December 31, 2014, consistent with the SAR regulations for casinos. Based on the results of this review, Caesars will file SARs or amend previously filed SARs, as appropriate, consistent with the SAR regulations.
From the author's viewpoint, FinCEN determinations in the enforcement case against Caesars Palace were well grounded. Caesars Palace egregiously and willfully violated AML program requirements, reporting obligations, and recordkeeping requirements. Normally, this would lead to a much higher civil money penalty. Nonetheless, it is a well-known fact that in July 2014, Caesars Entertainment Corporation cooperated with an FBI-led raid that shut down a multimillion-dollar illegal sports betting operation at Caesars Palace that authorities stated was run by Chinese and Malaysian nationals who were taking wagers on the World Cup soccer tournament. 95 Also, on January 15, 2015, Caesars Entertainment Corporation filed for Chapter 11 bankruptcy protection, which was almost nine months before FinCEN's civil money penalty was issued. FinCEN would have factored these in as mitigating factors reducing the severity of the civil money penalty. In addition, Caesars Palace's estimated costs to perform the four extensive undertakings in the civil money penalty consent agreement would have factored in by FinCEN in determining the corporation's money penalty.
The Oaks Card Club
On December 17, 2015, FinCEN reached a $650,000 civil penalty settlement with The Oaks Card Club for inadequate anti-money laundering controls during 2009 to 2012. 96 The settlement consent agreement describes two major failures by the Oaks Card Club to comply with the following specific casino requirements: (1) a written compliance program, and (2) reporting of suspicious activity when a casino knows, suspects, or has reason to suspect that the transaction or pattern of transactions is both suspicious and involve $5,000 or more. 97
First, as described in the consent agreement, the Oaks failed to develop and implement an effective AML program. It did this by failing to comply with four of the eight components that comprise the BSA's compliance program requirement for casinos. The compliance program deficiencies are discussed below.
Among its failures, the Oaks relied on an inaccurate and misleading AML policy and procedures to train its front-line staff. The AML policy and procedures failed to provide appropriate instructions, or provided wrong instructions, concerning the card club's BSA/AML obligations and filing of BSA CTR and SAR reports. For example, it encouraged employees to provide notice to patrons if they were about to conduct a currency transaction that would put them over the $10,000 threshold for the filing of a CTR, thereby possibly encouraging transactions to be structured. Also, the policy and procedures lacked instructions on when an employee should file a SAR.
The Oaks filed no SARs during 2009 and 2010. A couple of examples of its violation of requirement to report suspicious transactions are: (1) failed to file SARs when employees and customers were indicted, and (2) failed to file SAR when a customer conducted a transaction for $9,900 at 9:52 a.m. followed by a second transaction of $9,900 at 9:53 a.m. by the same customer and the same cashier.
FinCEN made a point of citing the Oaks Card Club past legal proceedings. For example, on February 24, 2011, a federal grand jury indicted some employees and customers with loan sharking. On July 5, 2012, a superseding indictment was filed for facilitating racketeering activities within the Oaks Card Club. Two Oaks employees pled guilty to two counts in the indictment relating to illegal loans; one pled guilty to Racketeer Influenced and Corrupt Organizations (RICO) Act conspiracy, 98 and the other pled guilty to conspiracy to make an extortionate extension of credit. 99 Very likely, these legal proceedings were used as aggravating factors in assessing its civil money penalty.
Sparks Nugget
On April 5, 2016, FinCEN reached a $1,000,000 civil penalty settlement with Sparks Nugget, Inc., dba John Ascuaga's Nugget Sparks, Nevada for inadequate anti-money laundering controls during 2010 to 2013. 100 Sparks Nugget admitted that it willfully violated BSA/AML provisions, including compliance program requirements, CTR and SAR reporting obligations, and casino recordkeeping requirements. 101 The consent agreement describes three major failures by Sparks Nugget to comply with the following specific casino requirements: (1) a written compliance program; (2) reporting of suspicious activity when a casino knows, suspects, or has reason to suspect that the transaction or pattern of transactions is both suspicious and involve $5,000 or more; (3) reporting of each transaction in currency, involving either “cash in” or “cash out,” of more than $10,000 in a gaming day of which a casino has obtained knowledge; and (4) detailed recordkeeping on casinos. 102
Since the Sparks Nugget lacked a culture of compliance, FinCEN made three determinations at the beginning of the consent agreement that were based on the findings of IRS's compliance examination. These determinations preceded the discussion of the specific BSA violations. These determinations follow.
[First, t]he employee responsible for managing the Casino's compliance with the BSA was routinely disregarded by her managers, … even after an IRS examiner told Sparks Nugget management that BSA compliance was too much for one person to handle. Sparks Nugget's former BSA compliance officer complained that the Casino frequently failed to file SARs for activity that she believed was required to be reported. Many of the prepared SARs the BSA compliance officer submitted to her direct manager for approval to file were ignored and went unfiled. The BSA compliance officer also voiced concerns about Casino employees' failure to gather required information that was necessary to comply with the BSA, including player names, addresses, and information related to financial transactions that occurred at the Casino. During an IRS exam in 2010, the BSA compliance officer's direct managers instructed her to stop speaking with the examiners.
[Second, t]here was a blatant disregard for AML compliance that permeated all levels of Sparks Nugget. During the 2010 IRS examination, Sparks Nugget employees told the IRS that they did not need to monitor for suspicious activity because nothing suspicious ever happened at the Casino. … [However,] a few years before the examination, a county official was … convicted of embezzling at least $2.2 million, and gambling half of that at the Casino. Sparks Nugget did not file a SAR on any of those transactions, even after the arrest became public. In 2006. … the Casino's former general counsel was arrested for (and later pled guilty to) embezzling about $3 million from Sparks; the Casino had dismissed the attorney, but did not file a SAR.
[Third, w]hen an employee did spot potentially suspicious activity and reported this information to the SAR Committee … the employee was met with silence. The SAR Committee, in fact, never held a single meeting. Moreover, some of the members were not even aware that they were on the Committee. … As recently as 2013, the Casino had failed to make changes to its operations to address many of the AML program and reporting failures identified by the IRS to the Casino in the examination report related to the 2010 exam. 103
As detailed below, Sparks Nugget committed sustained and consistent violations of six of the eight BSA/AML compliance program requirements.
a. Internal controls—Sparks Nugget failed to file SARS regarding transactions that plainly warranted such reports. In this regard, the consent agreement states that:
In part, these failures were due to the fact that Sparks Nugget lacked sufficient internal controls to effectively monitor for and report suspicious activity or to document the review process for decisions not to file SARs. … Sparks Nugget's management steadfastly maintained—going so far as to make that claim during the closing interview with examiners—that nothing suspicious ever happened at the Casino.
Sparks Nugget also lacked internal controls sufficient to ensure accurate completion of Currency Transaction Reports or even to ensure that they were being filed when required. Similarly, Sparks Nugget lacked internal controls to ensure that all required recordkeeping requirements were met, including the Multiple Transactions Log and [$3,000 or more] Negotiable Instruments Log, and it also lacked protocols to appropriately aggregate cash in and cash out in a single gaming day. 104
b. Independent testing—As of the date of completion of the IRS's 2010 BSA compliance examination, Sparks Nugget had never conducted any independent testing.
c.–e. Use of all available information—A casino's AML program is required to provide for procedures for using all available information to determine: (1) required customer identifying information, (2) recordkeeping to be made or retained, and (3) the occurrence of any transactions or patterns of transactions required to be reported as suspicious. The consent agreement makes clear in several statements that the Sparks Nugget had no procedures in place to detect occurrence of any transactions or patterns of transactions required to be reported as suspicious. Additionally, the consent agreement stated that: “Sparks Nugget acknowledged in response to the IRS examination findings that it lacked procedures in place to determine whether any records must be made or retained, and that it failed to have procedures to ensure that all required information was obtained for account opening.” 105
f. Using automated systems and programs to aid in assuring compliance—Although Sparks Nugget had automated data processing systems, it failed to use its automated programs to aid in assuring BSA/AML compliance. Sparks Nugget admitted that, although it had automated data processing systems, it did not have procedures in place to use these systems to aid in assuring compliance with the BSA and the Casino's AML program. Instead, the Casino focused its data processing and information gathering functions on obtaining information about its customers' personal preferences and any business risk those customers presented to the Casino. 106
Sparks Nugget repeatedly violated the requirement to report suspicious transactions. For example, during an eight-year period covering March 2003–April 2011, Sparks Nugget filed only five SARS.
… Sparks Nugget's internal controls for the detection, review, documentation, and reporting of suspicious activity were deficient on several fronts: it had a SAR Review Committee that never met, and many of whose members were unaware of their membership. Sparks Nugget lacked any mechanism to document or otherwise account for decisions not to file SARs, and its management simply maintained its position that no suspicious activity ever transpired in the millions of dollars of transactions that occurred at the Casino. 107
Sparks Nugget violated the requirement to report large currency transactions.
Sparks Nugget filed a number of CTRs late, as recently as August 2013, as well as some others that were filed inaccurately or incompletely. In addition, the Casino failed to file CTRs for a number of transactions worth between approximately half a million dollars to over five million dollars during the exam scope period alone. More troubling, however, is that Sparks Nugget's poor recordkeeping prevented examiners from ascertaining the exact number of CTRs that it failed to file. 108
Sparks Nugget violated the provision to keep required casino records.
During its 2010 examination, the IRS found that, in the six months between January 1 and June 30, 2010, alone, Sparks Nugget committed at least 245 distinct recordkeeping errors. Among those were 141 negotiable instruments of at least $3,000 that were omitted from the Negotiable Instrument Log. These 141 monetary instruments amounted to more than $1.3 million. Further, of the sixty records that were entered into the Negotiable Instruments Log during that same period, all sixty were missing critical required fields.
Sparks Nugget's Multiple Transaction Log, which enables the Casino to properly aggregate transactions and to detect patterns of suspicious activity, had similar deficiencies. On multiple occasions, Sparks Nugget erroneously designated “cash in” transactions as “cash out,” and vice versa, and failed to log slot tickets cashed at the slot booths on the Multiple Transaction Log. As a result, Sparks Nugget potentially failed to report 38,008 tickets totaling $4,674,866 that may have required aggregation. These recordkeeping failures led to the Casino's inability to comply with its reporting obligations under the BSA. 109
As detailed above, Sparks Nugget committed sustained, consistent, and serious violations of six of the eight BSA/AML compliance program requirements. Given this and the relative size of this casino with 900 slot machines, 32 table and poker games, a 100-seat bingo hall, a keno section, and sports-book betting, one would have thought a larger civil money penalty would have been assessed. The only mitigating factor that comes to mind is the casino is now under new ownership.
Hawaiian Gardens Casino
On July 15, 2016, FinCEN reached a $2,800,000 civil penalty settlement with Hawaiian Gardens Casino for inadequate anti-money laundering controls from September 2013 to the date of the consent agreement. 110 The Hawaiian Gardens is a Los Angeles, California, card club. The consent agreement pointed out that in 2011 and 2014, IRS examined Hawaiian Gardens and identified significant BSA violations. Many violations uncovered in 2011 were left unaddressed in 2014, despite the IRS findings in 2011 and even though Hawaiian Gardens' independent consultant identified many of these problems in 2013. From September 1, 2009 through July 15, 2016, Hawaiian Gardens failed to: (a) implement and maintain an effective AML program, (b) report currency transactions greater than $10,000, (c) file many suspicious activity reports, and (d) keep certain required casino records. Also, IRS examiners identified employees complicit in assisting customers with structuring. One employee was disciplined for assisting a customer's structuring in 2009 and was later identified by the IRS engaging in the same type of behavior during 2013.
In 2009, The Gardens' surveillance video observed a customer structuring transactions with the assistance of employees. The customer attempted to cash out a $14,833 transaction, then ripped up the required IRS identification form in the presence of the cage cashier when asked to complete it. The customer then went to the Asian VIP section of The Gardens and enlisted the employee listed above, and another employee, to cash out the transaction into $10,000 and $4,000 amounts without providing identification information. Despite the employee's complicity in this illegal conduct, the employee remained at The Gardens, which acknowledged the complicity (and reported it in a SAR) but continued to allow the employee to facilitate transactions, including this transaction in 2013 (which did not list the employee as a subject in the SAR). 111
Moreover, the Hawaiian Garden's consent agreement identified a serious problem with unknown customers and suspicious transaction reporting.
The Gardens failed in its responsibilities to use all available information to identify and verify customer information, and to determine occurrences of transactions or patterns that warrant the filing of a SAR. In addition to its casino surveillance, open source information, and other methods, The Gardens had customer information collected through its player club cards which are scanned and monitored by employees on an hourly basis. Because it did not use such information and tools, 80% of The Gardens' SARs filed between January 1, 2013 and September 18, 2014 included at least one unknown subject. This allowed anonymous transactions and frustrated recordkeeping essential to identifying suspicious transactions and money laundering. 112
Hawaiian Gardens continued to conduct business with customers it had identified as suspicious even after these customers repeatedly refused to provide identification information. One such customer, who remained unidentified, continued to gamble at Hawaiian Gardens through 2014 despite being the subject of 15 prior SARs and five CTRs while refusing to provide identification information on at least three separate occasions during 2013. This same customer used agents, also unidentified, for structuring or attempting to structure transactions. 113 Equally as egregious, according to the 2013 independent test, the Hawaiian Gardens had no policies or procedures in place to address patrons who refused to provide information.
The Hawaiian Gardens agreed to the following Undertakings:
a. Risk assessment—The Gardens will complete a new risk assessment within 90 days and provide the risk assessment to FinCEN and IRS. b. External independent reviewer—Examine the Gardens' BSA compliance program and to conduct risk-based independent testing of the Gardens' BSA/AML Program. The independent testing will take remedial steps to address all criticisms in the consent.
Three reviews will take place: the first within 90 days, the second within 12 months after completion of first examination, and the third within 24 months after completion of second examination. Each review will cover the prior year and contain three months of transactional analysis to include a review of SAR filings. Based on review results, Hawaiian Gardens will file SARs or amend previously filed SARs, as appropriate. A third-party reviewer will prepare a typed report of findings, and will transmit report and all draft reports to FinCEN and IRS SB/SE at same time being transmitted to Hawaiian Gardens. If the report identifies any material deficiencies in Hawaiian Garden' programs and procedures, it will address and rectify those deficiencies as soon as reasonably practicable and will advise FinCEN and IRS SB/SE of remedial steps taken.
Cantor Gaming
On October 3, 2016, FinCEN reached a $12,000,000 civil penalty settlement against CG Technology, L.P., doing business as Cantor Gaming, for egregious and systemic violations of the BSA from March 1, 2009 through September 28, 2015. 114 Cantor Gaming willfully violated the BSA and its implementing regulations including its casino compliance program, currency and suspicious reporting, and recordkeeping requirements. Cantor Gaming willfully: (a) failed to implement and maintain an effective anti-money laundering program; (b) failed to report certain suspicious activity; (c) failed to report certain transactions involving currency in amounts greater than $10,000; and (d) failed to keep appropriate records as required by the BSA and its implementing regulations. These violations are described in a separate FinCEN Statement of Fact, and are truly massive in scope and depth. 115 The extent of these violations was demonstrated by Cantor Gaming facilitating high risk and high dollar wagering by customers on sporting events, which represented over 30% of all sports wagers in the state of Nevada during 2010–2013.
According to the FinCEN press release, Cantor Gaming:
… failed to have an appropriate AML program in place. [Moreover,] Cantor Gaming failed to have sufficient internal controls and mandatory independent audits; it failed to have sufficient AML training for its officers and employees; and it failed to use all available information to detect and report suspicious transactions. … [Additionally,] Cantor Gaming failed to properly and timely report currency transactions. Cantor Gaming also failed to file required suspicious activity reports (SARs) on several transactions, including transactions by customers who were involved in blatantly suspicious activity, those who were involved in criminal activity, and those who had no legitimate source of funds. And finally, Cantor Gaming committed thousands of recordkeeping violations, including by failing to keep required records on its highest-volume patron who placed more than $300 million in wagers between 2010 and 2013. 116
FinCEN's analysis of Cantor Gaming CTR and SAR reports filed, and information obtained from a 2010 IRS SB/SE civil compliance examination as well as a 2014 FinCEN follow-up audit, supported these findings. Additional supporting documentation concerning illegal gambling and money laundering came from a criminal investigation and indictment of 25 individuals, known as the “Jersey Boys,” conducted by the U.S. Attorney's Office for the Eastern District of New York. A summary of the Eastern District's action is found in its October 3, 2016 press release. 117 Additionally, the District of Nevada joined the Eastern District of New York in a non-prosecution agreement with Cantor Gaming. 118 Pursuant to that agreement, Cantor Gaming resolved possible criminal charges by agreeing to a forfeiture of $6 million and a criminal fine of $10.5 million. $6 million of the criminal fine and forfeiture were credited to partially satisfy FinCEN's $12 million civil money penalty.
Both FinCEN's Assessment of Civil Money Penalty and the U.S. Attorney's Offices' Non-Prosecution Agreement were accompanied by Cantor Gaming's commitment to perform a series of required “remedial measures” to ensure that going forward it had an effective BSA casino compliance program in place. These remedial measures included the hiring of an “external independent reviewer.” Additionally, Cantor Gaming will conduct a look-back review of all transactions and attempted transactions conducted between 2010 and 2013 to ensure that any transactions that were suspicious in nature were properly reported. 119
Conclusion
In conclusion, the author wrote this article to spur thinking and discussion among the casino and card club industries as well as FinCEN on how better to work together to combat money laundering and terrorist financing in these two gambling sectors. Time will tell how they separately and collectively deal with the regulatory gaps and operational challenges identified. In the near term, the author hopes that subjects covered in the section on areas of concern should assist U.S. casino operators to mitigate some of the risks of money laundering and illegal activity connected with their gambling businesses. Additionally, it is hoped that the proposed improvements in the federal BSA casino requirements will be considered in FinCEN's future rulemaking proceedings during 2018–2019.
Footnotes
Author Disclosure Statement
The opinions in this article are those of the author alone, and do not necessarily reflect the opinion or policies of any governmental agency or business organization. The author has made every reasonable effort to ensure that the data and information contained in this article reflect the most accurate and timely information publicly available at the time of publication.