Department of the Treasury
Financial Crimes Enforcement Network
This document describes factors that a casino or card club may need to consider in assessing the effectiveness of its Bank Secrecy Act (“BSA”) compliance program. The BSA requires casinos and card clubs to develop and implement compliance programs tailored to their business activities and risk profiles. A casino or card club may not need to address each of the factors described in this document. Also, a casino or card club should not construe the factors below as exhaustive and the only ones required to be addressed.
I. Elements of a BSA Compliance Program
A casino or card club is required to develop and implement a BSA compliance program that adequately addresses the risks posed by its products, services, customer base, and geographical location for the potential of money laundering and terrorist financing. At a minimum, each BSA compliance program1 must provide for:
- A system of internal controls to assure ongoing compliance with the BSA;
Internal or external independent testing for compliance with a scope and frequency commensurate with the risks of money laundering and terrorist financing posed by the products and services provided;
- Training of casino personnel, including training in the identification of unusual or suspicious transactions;
- An individual or individuals to assure day-to-day compliance with the BSA;
- Procedures for using all available information to determine and verify, when required, the name, address, social security or taxpayer identification number, and other identifying information for a person;
- Procedures for using all available information to determine the occurrence of any transactions or patterns of transactions required to be reported as suspicious;
- Procedures for using all available information to determine whether a record required under the BSA must be made and retained; and
- For casinos and card clubs with automated data processing systems, use of the programs to aid in assuring compliance.
II. Criteria for Assessing a BSA Compliance Program
A casino or card club may need to consider the following criteria, among others, when assessing its BSA compliance program:
- Management awareness and commitment to compliance;
- Comprehensiveness of policies, procedures, and internal controls and whether policies, procedures, and internal controls need updating;
- Level and frequency of training and whether training is appropriate for the business and compliance functions performed by personnel (e.g., front-line employees);
- Compliance officer’s authority, responsibilities, and extent of control and effectiveness, as well as the expertise of the compliance staff;
- Effectiveness of a compliance committee (if established);
Adequacy of internal or external audit reports in confirming whether the independent review:
Evaluated the comprehensiveness of the BSA compliance program and was conducted by an individual knowledgeable of the BSA’s requirements,
Provided a fair and unbiased appraisal of the BSA compliance program, including BSA-related policies, procedures, and internal controls, as well as other requirements such as reporting and record retention,
Determined whether the casino or card club is operating in compliance with the requirements of the BSA and the casino or card club’s own policies, procedures and internal controls, and
Included testing of internal controls and transactional systems and procedures to identify problems and weaknesses and, if necessary, recommend to management appropriate corrective actions;
- Any BSA compliance deficiencies identified by audit reports and effectiveness of any subsequent corrective actions taken;
- Extent of usage of appropriate automated systems and programs to support its compliance program;
- Adequacy of account opening and documentation policies, procedures and processes;
- Adequacy of policies, procedures and processes for the types of financial services offered or types of negotiable instruments accepted;
- Adequacy of procedures and processes for filing currency transaction reports;
- Adequacy of procedures and processes for detecting suspicious transactions or patterns of suspicious transactions and filing suspicious activity reports;
- Whether there are areas of the operation which require special compliance considerations (e.g., creation of specific types of records, availability of records, records retention); and
- Whether supervision of employees is adequate.
III. Basis for Revising a BSA Compliance Program
Based on its assessment, a casino or card club should consider the following in determining whether to revise its BSA compliance program:
- Results of independent testing, including internal or external reviews or audits;
- Results of examinations by the Internal Revenue Service or other governmental authorities;
- Significant changes in cage or floor operations;
- Significant changes in the types of financial services offered or types of negotiable instruments accepted;
- Implementation of automated systems and programs that affect compliance;
- Amendments to BSA regulations;
- Amendments to BSA reporting forms;
- New BSA guidance or advisories including, frequently asked questions;
- SAR Activity Reviews – Trends, Tips & Issues, with articles on casinos, card clubs or gambling as well as Suspicious Activity Report (SAR) bulletins;
The extent to which FinCEN Form 103, Currency Transaction Reports by Casinos (“CTRCs”) filed during specified time frames were:
- filed late,
- included P.O. Boxes for customers’ addressees;
- omitted critical information items;
The extent to which the casino or card club received correspondence indicating that CTRCs were filed that included errors or omissions that prevented processing, or indicating the existence of reporting errors or omissions, such as:
- no street address,
- incorrect social security numbers, and
- no date of birth; and
- The extent to which FinCEN Form 102, Suspicious Activity Report by Casinos and Card Clubs (“SARCs”), had:
- no subject information,
- no characterization of suspicious activity, or
- inadequate narratives.
Deficiencies could result in BSA civil money penalties or other enforcement actions. Also, a casino or card club may need to consider corrective action, as appropriate. Deficiencies that may warrant taking corrective action include, but are not limited to the following:
- Failure to implement a compliance program;
- A significant breakdown in internal controls or lack of adherence to policy, procedures and controls to assure compliance with the BSA;
- Inadequate testing, training, or other failures in an essential element of a BSA compliance program;
- Compliance program continues to be deficient or violations continue to occur after the institution becomes aware of problems;
Failure to file SARCs when warranted:
- Failure to investigate potential suspicious activity,
- Failure to document reason for deciding not to file a SARC for activity initially identified as potentially suspicious, and
- Failure to include all relevant information in a SARC;
- Failure to file CTRCs;
- Filing of CTRCs that lack key information (i.e., customer name; address; social security number (“SSN”) or other government identification number; identification credential with issuer and number; amount of currency; or date of transaction);
- Failure to create or retain required records or to provide all the information required by those records;
- Management participation in BSA violations; and
- Assisting customers in structuring transactions to evade the reporting or recordkeeping requirements.
In conclusion, an effective BSA compliance program should reflect a casino or card club’s products, services, customer base, and geographical location. It is a sound practice for a casino or card club to periodically re-assess its BSA compliance program to assure sufficiency and effectiveness.
For questions about this guidance, please contact FinCEN’s Regulatory Helpline at (800) 949-2732.
For additional guidance, see Casino or Card Club Risk-Based Compliance Indicators, FIN-2010-G002 (June 30, 2010) and Frequently Asked Questions – Casino Recordkeeping, Reporting and Compliance Program Requirements, FIN-2007-G005 (November 14, 2007) and FIN-2009-G004 (September 30, 2009), and Recognizing Suspicious Activity - Red Flags for Casinos and Card Clubs, FIN-2008-G007 (August 1, 2008). Other reference material includes Structuring by Casino Patrons and Personnel, FIN-2009-A003 (July 1, 2009). See also In the matter of the Tonkawa Tribe of Oklahoma and Edward E. Street - FinCEN No. 2006-1 (March 24, 2006).
1 See 31 C.F.R. § 103.64(a). Compliance with this requirement satisfies the obligation under Section 352 of the USA PATRIOT Act to implement an anti-money laundering (“AML”) program. See 31 C.F.R. § 103.120(d).