Remarks of Deborah Connor, Principal Deputy Chief, Asset Forfeiture and Money Laundering Section
Thank you, for the kind introduction. I would also like to thank Casino Essentials for hosting this Title 31 conference and inviting me to speak today. I am honored to be here talking with you about the importance of compliance with anti-money laundering (AML) requirements under title 31 of the Bank Secrecy Act. You all—as industry leaders and compliance officers—play a significant role in the fight against illicit finance. Events like this serve a vital role in promoting constructive and open dialogue between industry, regulators, and law enforcement. That kind of dialogue truly benefits all of us.
As Principal Deputy Chief of the Department of Justice’s Asset Forfeiture and Money Laundering Section—known as “AFMLS”—I’d like to discuss how the Department approaches BSA enforcement generally, and how our enforcements efforts apply to the gaming industry in particular. The reporting requirements the BSA imposes on financial institutions—including casinos—provide an invaluable source of information for law enforcement in our efforts to deter, detect, and prosecute criminal actors. It is no secret that criminal actors seek to use the tools of our financial and banking systems to serve their illicit purposes: For an illegal enterprise to succeed, criminals must be able to hide, move, and get access to their criminal proceeds. And when they do, their actions serve as a dual threat: their criminal conduct itself, of course, can threaten the safety and security of law-abiding citizens; in addition their use of the financial and banking systems to hide their gains—or to fund additional criminal conduct—undermines the integrity of those systems. It is for these reasons—the need to detect and deter criminal conduct AND to preserve the integrity of the financial systems they seek to exploit—that there are serious consequences for financial institutions that fail to satisfy their BSA obligations. Thus both law enforcement and industry have a shared interest in ensuring effective BSA compliance.
With that in mind, I’m going to focus on what constitutes sound BSA compliance from the Department’s perspective, and how that starting point informs our investigative and prosecutorial decision-making. I will also discuss some specific measures that the gaming industry can take to ensure that casinos and card clubs do not become conduits for criminals seeking to launder their illicit funds.
First, some background on my section of the DOJ: AFMLS. AFMLS leads the DOJ’s anti-money laundering enforcement and asset forfeiture efforts. We do this, first and foremost, by prosecuting and coordinating complex, multi-district and even international money laundering and asset forfeiture investigations and cases. In addition, we provide legal and policy assistance regarding anti-money laundering and asset forfeiture to federal, state, and local prosecutors and law enforcement, and also to foreign governments.
It bears noting outset that in my experience—when it comes to BSA compliance—most financial institutions are committed to fulfilling their obligations under the BSA and to ensuring that they avoid doing business with criminal actors. As compliance officers, you no doubt recognize your duty to ensure compliance by your institutions and prevent regulatory violations. The vast majority of financial institutions—and compliance officers—that take these duties seriously are, as I have noted, vital to our efforts to detect, investigate, and prosecute the criminal actors who seek to exploit our financial system.
It is, nevertheless, also true in my experience that some institutions choose to willfully ignore the guidance of compliance officers like you, and in so doing to violate the legal obligations imposed by the BSA—choose, that is, to put short-term profits ahead of doing both what is right and what they legally are required to do. In cases where we find repeated willful violations of clear legal obligations, the Department of Justice and AFMLS will step in to criminally pursue these bad actors— both the individuals and, where appropriate, the financial institutions themselves.
Within AFMLS, violations by financial institutions of the BSA are investigated and prosecuted by our Bank Integrity Unit (BIU). In recent years, this unit has brought criminal charges against an array of businesses—ranging from some of the world’s largest banks to check cashers to a local perfume dealer—all for multiple willful violations of the BSA set forth in title 31 of the United States Code. The Bank Integrity Unit was established in 2011 to step up the Department’s enforcement efforts in this area, and it is staffed with seasoned prosecutors devoted to investigating complex national and international criminal cases, including violations by financial institutions and their employees.
Chances are, if there has been a prosecution of a business for a BSA violation, the Bank Integrity Unit has either led the case or worked it cooperatively with another federal prosecutor’s office. But, even in those instances where the Bank Integrity Unit is not actually part of the prosecution team, AFMLS and our Bank Integrity Unit play an important role. Justice Department regulations require AFMLS to approve any proposed criminal charge against a financial institution for a violation of the BSA. This requirement exists because the BSA consists of a number of complicated statutes and the Department’s responsibilities for criminal enforcement overlap with the civil and regulatory enforcement of those same statutes by various federal regulators. AFMLS thus works with our colleagues in the various U.S. Attorneys’ offices before any criminal BSA charges are brought to ensure consistent application of the law and effective coordination with regulators.
Importance of BSA and Compliance
As I noted at the outset, financial institutions, including casinos and card clubs, are vital to our law enforcement efforts. Indeed, they our nation’s first line of defense when it comes to detecting, investigating, and prosecuting the kinds of sophisticated criminal actors who engage in money laundering, and, by extension, fraud and even terrorist financing. It’s clear why this is the case: as you know, casinos and card clubs often provide numerous financial services to their customers, including check cashing, currency exchange, wire transfers, deposit accounts, and issuing monetary instruments. By effectively serving as “one stop shops” for a range of financial services, casinos and card clubs make attractive targets for criminals looking to launder illicit proceeds.
For this reason, compliance officers like many of you here today are critical to protecting the reputations of your institutions by preventing (where possible) or detecting and reporting criminal activity by customers seeking to exploit your services. It is not an exaggeration to say that compliance is fundamental to protecting the security of our financial institutions and is essential to the integrity of our entire financial system. Despite its importance, compliance often takes a back seat to other financial considerations. I know that I don’t have to tell this to anyone here, but compliance is seldom thought of as a “money-maker” for any business. That view can be especially true in the gaming industry where financial services—and their attendant compliance costs—may be considered secondary to (or even inconsistent with) the primary mission of customer entertainment. In stark contrast to the outward glamour of Las Vegas casinos, compliance can be tedious, painstaking, and thankless.
We at the Department of Justice understand this reality. And we appreciate that, despite these challenges, you and your colleagues are committed to helping protect the integrity of your institutions and assisting law enforcement. I want to assure you today that I am grateful for that assistance, because you can be our strongest partners in the fight against money laundering, fraud, and other financial crimes. You are in a unique position to understand that a strong compliance culture is not only good for a casino’s overall standing and reputation in the business community, it is also good for a casino’s bottom line.
Evaluating a Compliance Program
I’d like talk in a bit more detail about what prosecutors in AFMLS consider when they are evaluating allegations that an institution committed criminal violations of the BSA. The requirement for casinos and other financial institutions to have effective anti-money laundering programs has been on the statute books only since 2001, when Congress passed the Patriot Act, which included amendments that required casinos and other institutions to implement effective AML programs.
Under these provisions, an effective AML program consists of four critical components:
- Internal policies, procedures, and controls
- A designated compliance officer
- Ongoing AML training; and
- Independent auditing to test the effectives of the program
I want to emphasize something here. These four pillars of a compliance program set forth under section 5318(h) are simply the minimum requirements. They are necessary for the establishment and maintenance of an effective AML program, but they may not be sufficient given the specific risks confronting a particular institution. In other words, there is no “one size fits all” compliance program. Rather, effective AML and other compliance programs should be “risk-based”—that is to say, tailored to the unique needs, risk profile, and structure of each institution.
From the Department’s perspective, here are some hallmarks of effective compliance programs:
- An institution must ensure that its senior business managers provide strong, explicit, and visible support for its corporate compliance policies.
- The people who are responsible for compliance should have stature within the company. Compliance teams need adequate funding and access to necessary resources. [I’m betting that many of you here will not object to that last point!] While this requirement may seem logical, a gross violation of this requirement occurred just a few months ago in the $1 million enforcement action against Sparks Nugget by the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN). Among the hundreds of willful BSA violations listed in the enforcement action, Sparks Nugget disregarded its compliance manager by choosing not to file rightfully prepared Suspicious Activity Reports (SARs). Furthermore, Sparks instructed the compliance manager to not interact with the IRS BSA examiners and prevented her from reviewing a copy of the completed exam report. This is the type of behavior that is unacceptable under the BSA and this enforcement action should serve as a warning for other institutions.
- An institution’s compliance policies should be clear and in writing. They should be easily understood by rank-and-file employees beyond the compliance department. That means that the policies must be translated into languages spoken in the countries in which the companies operate. That sounds simple, but it is important and sometimes is not done. This is especially important in the gaming industry, where your rank-and-file employees are the ones on the frontline carrying out customer transactions. These transactions can range from buy-ins at a blackjack table with a dealer to cash-outs at the cage to the use of Ticket-in, Ticket out (TITO) machines. Each of these transactions could represent behavior that might be reportable under the BSA in the form of a Suspicious Activity Report, Currency Transaction Report (CTR), or recordkeeping requirement. It is imperative that a casino or card club’s employees have a firm understanding of your businesses’ policies and procedures.
- An institution should periodically review its policies and practices to keep them up to date with evolving risks and circumstances. This requirement was highlighted by FinCEN’s December 2014 letter to the American Gaming Association. In that letter, FinCEN alerted casinos to the need to apply the risk-based approach to third-party betting at sports books. Casinos must have policies and practices that can be adapted to address new trends in criminal activity.
At the same time, FinCEN alerts do not absolve casinos of the responsibility to monitor threats to their particular institutions on an ongoing basis. Within the gaming industry, threats may vary depending on an institution’s size, geographic reach, and services. Indeed, the 2014 FinCEN alert applied only to the small percentage of casinos that have a sports book. The risk-based approach depends on institutions understanding the threats unique to their institution and having the requisite policies and practices in place to address them.
- There must be mechanisms to enforce compliance policies. Those include encouraging compliance and disciplining violations. And any discipline must be evenhanded. The Department of Justice does not look favorably on situations in which low-level employees who may have engaged in misconduct are terminated, but the more senior people who either directed or deliberately turned a blind eye to the conduct suffer no consequences.
- A financial institution should inform third parties like vendors, agents, or consultants about the company’s compliance policies and of the expectation that its partners will also take compliance seriously. This means more than including boilerplate language in a contract. It means taking action—including termination of a business relationship—if a partner demonstrates a lack of respect for laws and policies. And that attitude toward partner compliance must exist regardless of geographic location.
These are just some of the elements of a strong compliance program. When AFMLS evaluates a company’s compliance policy during an investigation, we look not only at how the policy reads “on paper,” but how it works in practice. Put differently, we look at whether an institution meaningfully stressed compliance or, when faced with a conflict between compliance and profits, chose profits.
Effective Detection of Illicit Financial Activity
It is important to remember that anti-money laundering and BSA compliance is not an end itself but is a means to an end: preventing criminal actors from using the U.S. financial system to hide their illicit gains or, worse still, use them to fund serious criminal conduct. Too often, BSA compliance is regarded as a mere box-checking exercise, with more emphasis on process than results. But it is one thing to have the requisite tools in place; it is another to deploy those tools most effectively. With that in mind I would like to discuss what steps in particular the gaming industry should be taking to detect and deter illicit financial activity.
First, of course, is “know your customer.” An institution must ensure that its AML, sanctions, and other compliance policies and practices are tailored to identify and mitigate the risks posed by its portfolio of customers, and that those customers are providing complete and accurate information. Of course, it may be difficult for a casino or card club to truly know all of its customers that pass through its gaming floors. However, under a risk-based approach to compliance, steps should be taken to identify those customers, by gaming activity or personal background, who pose the greatest risk to your business. This is why it is critical for the gaming industry to use all available information to identify its customers for BSA purposes. This may mean that a casino should be using its business side to assist the compliance side of the house. For example, do the compliance officers have the ability to access and use information contained in business resources like customer club account cards or markers to assist in identifying a customer?The importance of using all the information available to casinos and card clubs was underscored just a few weeks ago when FinCEN fined Hawaiian Gardens Casinos $2.8 million. Hawaiian Gardens routinely collected customer information through its player club card accounts. Despite having this significant trove of information regarding its customers, Hawaiian Gardens failed to utilize that information for suspicious activity reporting purposes. Because of this failure, 80% of all the SARs filed by Hawaiian Gardens within a twenty month period had “unknown” subjects. I cannot emphasize this point enough: sharing customer information with your AML compliance components is not only critical to being able to identify high-risk customers, it’s also required under the BSA.
Casinos and card clubs should also make an effort to identify the beneficial owners of funds when it is apparent that transactions are being conducted by or through a third party. For example, you should obtain the true identities of customers who are moving funds through junket operators or wiring funds using shell or front companies. These types of arrangements create an enticing method for criminals to move illicit funds to or through casinos or card clubs and their use should raise a red flag for compliance officers: You need to know the beneficial owners of those funds. Indeed, a failure to identify a third party conducting transactions on behalf of others may constitute a violation of the casino’s reporting and recordkeeping obligations.
Once a casino or card club has obtained the identity of a customer, there may be an additional need to look into the source of the customer’s funds. This may mean going beyond just checking whether a customer is on the Office of Foreign Asset Control, or OFAC, list or is a well-known drug dealer. A casino or card club may need to look at other factors, such as whether the customer is from a high-risk jurisdiction with poor AML controls, or is a politically exposed person from a country with significant public corruption. These are all indicators that will help a casino or card club in truly knowing its customers and ensuring proper BSA compliance.
You may notice that I have been discussing the “know your customer” requirement at great length and that is not a coincidence. The importance of this issue to the gaming industry was highlighted by FinCEN’s recent $8 million enforcement action against Caesars Palace for willful and repeated violations of the BSA. According to FinCEN, Caesars Palace turned a blind eye to its “private gaming salons” where its wealthiest clientele could anonymously gamble millions of dollars in a single visit. Despite the elevated risks present in these salons, Caesars failed to apply appropriate AML scrutiny, thus allowing some of the riskiest financial transactions to go unreported. Furthermore, Caesars marketed these salons through branch offices in the U.S. and abroad, but failed to adequately monitor transactions, such as large wire transfers, conducted through these offices for suspicious activity. Caesars made the effort to identify and entice these customers to travel across the world to come gamble at their institution, but, when it came time to compliance with its legal BSA requirements, Caesars looked in the other direction. Therefore, we urge you, as leaders of the gaming industry, to take prudent steps to know who you customers are, even (and perhaps especially) those who may be the beneficial owners of legal entities.
A second critical component to effectively detect and deter money laundering activity is to share information about potentially suspicious activity with other branches or offices, both domestically and internationally. For example, if one branch identifies potentially suspicious activity related to a customer, compliance personnel at other branches should be alerted to this activity. Along those same lines, U.S.-based casinos and card clubs should share customer information related to, and properly report or record, inter-casino transfers of funds between affiliate casinos. This is especially important for transfers between a U.S. and foreign affiliate. Simply because funds are moved between affiliated casino accounts does not excuse the U.S. casino from its AML compliance obligations under the BSA. This may sound straightforward in principle, but we have seen that it is all too often not implemented in practice.Let me pause here to emphasize this point. Even though the transfer comes from (or goes to) an affiliated casino overseas, the domestic gaming operation will still have BSA obligations vis-à-vis that transfer. Though the money may have come into the casino’s parent organization through an overseas affiliate not subject to the BSA, once the transfer hits a U.S. casino, all of the domestic casino’s BSA obligations kick in. A third critical component to effective AML compliance is for a financial institution to be candid and cooperative with regulators and law enforcement. By partnering with regulators and law enforcement, your institutions will be better positioned to detect and address illicit activity. This requires institutions to play a more proactive role that goes beyond simply filing SARs and cooperating with grand jury subpoenas.
Take advantage of the opportunity at this conference to get to know some of the law enforcement representatives who work on these issues. Then, if in your work you identify significant suspicious activity, you have a name and a phone number that you can call in law enforcement in addition to filing a SAR.
By consulting with law enforcement upon discovery of suspicious activity, an institution may be able to avoid taking actions that unintentionally harm a criminal investigation or benefit the criminal. For example, when an institution unilaterally terminates a relationship with a suspicious customer, that termination might prompt the criminal to move and hide his illicit funds elsewhere.
But, if you reach out to law enforcement proactively, there are a number of steps we might wish to take depending on the nature of what you have identified. Maybe we will ask you to leave the casino account open so we can monitor the activity. Maybe we will seek a restraining order or a seizure warrant from a judge to give us time to gather more evidence. Bottom line: we encourage financial institutions to speak with regulators and law enforcement about how to address suspicious activity before you actually see it, so that you’ll have in mind these options and when it makes sense to reach out proactively in addition to filing a SAR.
You may have noticed that, in explaining casinos’ AML expectations, I cited a number of recent enforcement actions FinCEN has brought against casinos. While FinCEN has been very active on this front in the last two years, make no mistake, the DOJ will pursue criminal charges and penalties against any financial institution—including casinos and card clubs—that willfully violates the BSA. We expect you, as members of the financial community, to take compliance risk at least as seriously as you take other business-related risks. Although it may not be a short-term profit center, investment in compliance will pay off – and it’s the right thing to do.
The Department is keenly aware of the unique compliance challenges faced by casinos and card clubs. You represent an industry that is primarily focused on providing entertainment to its customer base, with financial services being a complementary element of your business model. Nevertheless, because you do offer those financial services to your customers, you have taken on a great responsibility in the fight against illicit finance. And that responsibility is growing: as traditional financial services such as banks continue to improve their compliance functions and become less accessible to criminals, non-traditional financial institutions like casinos will only become more attractive to money launderers.
As a result, I strongly encourage each of you to take the opportunity— both today and once you return to your respective offices—to reflect on whether your institutions have effective AML programs and other compliance policies and practices to prevent or mitigate financial crime. All of us here today share the goal of ensuring a financial system free from illicit proceeds and criminal abuse. I am grateful for the opportunity to speak with you today, and am confident that this forum will prompt meaningful discussion regarding these important issues. Thank you. That concludes my prepared remarks. I’d now like to open up the floor to questions from the audience.
Prepared Remarks of FinCEN Associate Director for Enforcement Thomas Ott, delivered at the National Title 31 Suspicious Activity & Risk Assessment Conference and Expo | FinCEN.gov
Good morning. I would like to thank Mindy for the very kind introduction, as well as Jim Dowling, who invited me to speak today. It is a pleasure to be here in Las Vegas to discuss FinCEN’s oversight of casinos and card clubs under the Bank Secrecy Act (BSA). I want to also thank every one of you who are on the front lines of BSA compliance. Casinos and card clubs play a critical role in keeping our financial system safe from potential money laundering and terrorist finance. The high level of attendance at this conference and the questions you have raised tells me that the casino industry continues to show a strong interest in developing a deeper understanding about these issues. And, I am very happy to be a part of the discussion.
Let me next provide a brief overview of FinCEN, for those of you who might not be as familiar with our role. As you are aware, FinCEN has had some recent changes in its senior management with the departure my predecessor, Stephanie Brooker, in April of this year, followed by our director, Jennifer Shasky Calvery, at the end of May. Our deputy director, Jamal El-Hindi, is currently the acting director of FinCEN. And, I can assure you that we are continuing our work while we await the announcement of a new director. I can also assure you, that for at least the Enforcement Division, we will continue to follow the same trajectory with respect to our priorities and practices. FinCEN is a bureau of the Treasury Department, and reports to the Undersecretary for Terrorism and Financial Intelligence. With approximately 340 employees, we are relatively small considering our broad responsibilities. Our mission is to safeguard the financial system from illicit use and combat money laundering and promote national security through the collection, analysis, and dissemination of financial intelligence and strategic use of financial authorities. Some of the threats we are focusing on at FinCEN include Mexican drug trafficking organizations, transnational criminal organizations, frauds against U.S. government programs or that are massive in scale, foreign corrupt officials and rogue regimes, terrorist organizations, and proliferators of weapons of mass destruction. These are serious threats to the United States, our people, our businesses, and our communities.
The BSA provides FinCEN with broad supervisory and enforcement authority, allowing FinCEN to impose civil penalties not only against domestic financial institutions, but also against partners, directors, officers, and employees of such entities who themselves participate in misconduct. We do consider potential individual liability. We also have the authority to obtain injunctions against institutions, as well as individuals, that we believe are involved in violations of the BSA.
FinCEN’s enforcement authority extends across the broad range of industries covered by the BSA. In our BSA oversight role, we, of course, focus on compliance in all our regulated industry sectors. But nowhere is FinCEN’s role more important than in those sectors of the financial industry where it is the only Federal regulator with anti-money laundering (AML) enforcement authorities – sectors such as casinos and card clubs.
Since joining FinCEN a little over two years ago, I have gained a deeper understanding of the relevant perspectives and equities that exist across diverse financial sectors. FinCEN is in a novel position as a regulator. It must vigorously enforce the rules that financial institutions (such as casinos and card clubs) are required to follow to guard against money laundering, terrorist finance, and other financial crime. However, FinCEN must also work in partnership with these same financial institutions. In fact, the BSA was created to protect the integrity of the U.S. financial system by leveraging the assistance of financial institutions—like casinos—to make it more transparent and resilient to crime and security threats, and by providing information useful to law enforcement and others to combat such threats.
Public-private partnerships are increasingly important for FinCEN to succeed in its mission, so I hope to impart the value of proactive engagement with the casino industry to combat illicit financial activity. As a former prosecutor and now someone who oversees the FinCEN division that enforces the BSA, I am aware of some of the challenges faced by many of you in fulfilling your obligations under the BSA. Due to their cash intensive nature, casinos and card clubs have historically been susceptible to abuse by certain criminal actors. That type of vulnerability requires significant resources from your institutions to combat threats posed by those who seek to exploit your businesses for illicit purposes.
Now, before I get too far into this presentation, I want to recognize the obvious: casinos and card clubs, like other financial institutions, are increasingly spending time and money to comply with the BSA. And, FinCEN is committed to working with you to maximize our ability to be effective partners. That’s why I would like to have a conversation with you today to discuss FinCEN’s regulatory approach, in general, as well as how it relates specifically to casinos and card clubs. And, while I suspect you may not have all of your questions answered by the end of my presentation, I hope to at least take a few steps towards enhancing your understanding.
My goal today is to 1) provide a brief overview of a few of our recent enforcement actions; 2) dispel certain myths or misconceptions about the filing of Suspicious Activity Reports (SARs); 3) help you to appreciate the immense value of your work to FinCEN and law enforcement; and 4) give you some insight into our regulatory enforcement process by outlining some of the factors we consider in determining the amount of our civil money penalties.
Recent Enforcement Actions
With that said, I’d like to start by covering some of our most recent actions in the casino and card club space, as I believe these examples and their underlying facts will help frame my speech today. As my colleagues have stated in prior remarks, we hope that our enforcement actions will not only bring violators into compliance, but will also serve to educate financial institutions and the public. FinCEN takes great care to ensure transparency in our rationale and clearly articulate the facts underlying our actions in our assessments. If you look at our past enforcement actions, and review the facts, you will clearly see why FinCEN took actions in these cases.
In September 2015, FinCEN settled an investigation with a Las Vegas-based casino that agreed to an $8M civil money penalty. Several failures at the casino caused systemic and severe AML compliance deficiencies. In sum, the casino’s compliance program failed to incorporate policies and procedures for its “private gaming salons,” which are reserved for their wealthiest clientele who may gamble millions of dollars in a single visit, and which openly allowed patrons to gamble anonymously. The casino admitted that, despite the elevated money laundering risks present in these salons, they failed to appropriately review their customer’s activities, which allowed some of the most lucrative and riskiest financial transactions to go completely unreported. These salons were marketed through branch offices in the U.S. and abroad, particularly in Asia, but failed to adequately monitor transactions, such as large wire transfers, conducted through these offices for suspicious activity.
This was a significant action not just for the nature and scale of the violations, but also due to terms by which the case was resolved. FinCEN has been committed to ensuring that financial institutions violating the BSA rectify their deficiencies and improve their compliance. In this case, in addition to the civil money penalty, the casino agreed to a remedial framework that committed it to conduct periodic external audits, independent testing, adopt a rigorous training regime, engage in a “look-back” for suspicious transactions, and report to FinCEN on mandated improvements.
In many of FinCEN’s enforcement actions, you’ll see that the financial institution (e.g., casino, card club, bank, or MSB) failed to establish and implement policies and procedures that were appropriately risk-based and reasonably designed to assure and monitor compliance with the BSA—and that failure then snowballed and led to other BSA violations. This strikes at the heart of the theme of this conference, and one of the themes that FinCEN has been emphasizing for years: culture of compliance. The “tone at the top” regarding an institutions’s BSA compliance cascades downward and has a significant impression on staff at all levels of opertations.
Culture of compliance was also an important theme of an assessment that we issued in April 2016. Our investigation found that the casino’s willful and repeated violations stemmed, in part, from significant failures with their culture of compliance. Management repeatedly ignored their compliance officer, and failed to use all available information it collected on its customers to assist with completing its BSA filing obligations, which resulted in repeated failures to file currency transaction reports (CTRs) and SARs. Nor can compliance merely exist on paper; for instance, this institution had a SAR review committee, but it never met. And, in fact, some of its members didn’t even know that they were on the committee. Now, I recognize that there may be different views among compliance officers on whether or not to have a SAR review committee. But, if you choose to go that route, I strongly suggest ensuring members are at least notified that they are on the committee. They should not learn about it the first time from the IRS. These facts, among others, demonstrate that a culture of compliance was clearly lacking for this casino. Should you have questions about promoting a culture of compliance, I encourage you to review our public advisory on the subject that can be found on FinCEN’s website.
Another of the elements that is central to these enforcement actions is the emphasis on violations of a financial institution’s obligation to identify and report suspicious activity. Just last month, FinCEN announced a $2.8 million settlement with a California card club for willful violations of the BSA. This was only the second assessment against a card club in FinCEN’s history—but this action was notable for several other reasons. First, it highlighted the importance of KYC: knowing your customers. Of the SARs filed by this card club over a 20-month period, 80% had at least one unknown subject. Put simply, when you don’t know who is gaming at your casino or card club, complying with your regulatory obligations becomes increasingly difficult. It is imperative that policies and procedures are in place to assist with knowing your customer and meeting your reporting and recordkeeping requirements. The assessment against this card club also stressed the importance of how customers who engage in suspicious activity should be handled by a casino. It highlighted an unknown customer on whom there were 15 SARs filed, and who refused to provide identification on multiple occasions. Nevertheless, this customer was allowed to continue to gamble there without any additional due diligence or further action taken by the card club—despite an independent test that made this very recommendation. This card club put profits before compliance—but it ultimately cost them.
Further, this action also demonstrated the importance of filing quality SARs. The card club in this case would file numerous SARs on customers, but none of these SARs indicated or reflected the fact that the customers in question were prior subjects of SARs or identified patterns of suspicious activity. Including such contextual information is a statutory requirement as part of a casino or card club’s BSA program. This requirement plays a critical role in providing law enforcement with the information they need—which the BSA expressly states as one of the underlying purposes of the SAR provisions. Finally, the action we took in this case continued our practice of establishing a remedial framework to help rectify the deficiencies highlighted in our assessment
That describes three of our most recent casino or card club actions.
The Value of SARs and Common SAR Myths
The importance of SAR filings to law enforcement and regulators cannot be understated, and I think FinCEN’s actions help to emphasize this significance. BSA reports filed by our financial institutions, including casinos and card clubs, provide some of the most important information available to law enforcement and other agencies safeguarding the United States. While, as I have said, there are notable advancements in SAR filings by the gaming industry, there are still challenges we are working to overcome. To assist with this, I’d like to spend some time dispelling some of the common “myths” and misconceptions I have heard with respect to SAR filings.
Myth #1: No one reads the SARs we file.
I can understand the origin of this myth. Everyone wants to know and be sure that their SAR filings are serving their purpose; assisting law enforcement investigations and stopping illicit behavior. There are certainly important reasons for some of the silence on this: SAR confidentiality, law enforcement sensitivities, intelligence concerns, among other reasons all can make it difficult to give feedback on specific filings by financial institutions. However, it bears repeating what both our former Director and my immediate predecessor have stated at conferences in the past: these files don’t go into a “black hole,” but rather are used to confront serious threats. Not every SAR results in a criminal prosecution. But, as a former prosecutor, I routinely used the same BSA data that your casinos and card clubs report to FinCEN to build my cases. We exercised the “enterprise theory” of investigation and prosecution to target entire conspiracies and organizations at all levels—including leadership. Now, in my role at FinCEN, I see how important our partner regulators and stakeholders also view this data.
Taken together, BSA data includes nearly 190 million records and there are around 55,000 added each day. The reporting contributes critical information that is routinely analyzed, resulting in the identification of suspected criminal and terrorist finance activity and the initiation of investigations. Domestically, FinCEN grants more than 10,000 agents, analysts, and investigative personnel from over 350 unique federal, state, and local agencies across the United States with direct access to the reporting. There are approximately 30,000 searches of the BSA data taking place each day.
In addition, more than 100 SAR review teams and financial crimes task forces across the country bring together prosecutors and investigators from different agencies to review BSA reporting related to their geographic area of responsibility and insatiate investigations. Based on prior analysis, it has been determined that, collectively, these teams reviewed approximately 60% of all SARs filed.
Every day, we see the BSA data being used by our law enforcement partners. The FBI reports that in 2015, BSA filings were associated with about 38.1% of its pending drug cases, 31.2% of its pending transnational organized crime cases, 27.3% of its complex financial crime cases, and 14.3% of its international terrorism cases.
For specific examples of the significant role casino SARs play in law enforcement investigations, I would invite you to look at our recent Law Enforcement Awards Ceremony. This ceremony took place in May at the Treasury Department headquarters next to the White House, and a representative of the American Gaming Association participated. One of the award winning cases involved IRS-Criminal Investigation Division using SARs and CTRs to uncover a scheme where a family’s financial advisor corruptly depleted all of the financial resources of an impaired adult for his personal gain. BSA reports from multiple financial institution—including casinos—identified the perpetrator of the scheme, and noted an increase in cash transactions in his personal accounts. Other BSA reports identified unusual cash withdrawals from the victim’s accounts. Investigators used the information provided by the reporting financial institutions to uncover the full magnitude of the scheme and to successfully prosecute the perpetrator. Ultimately, the perpetrator pled guilty to federal charges of money laundering, and wire and mail fraud, and was sentenced to several years of imprisonment and ordered to pay hundreds of thousands of dollars in restitution.
Other examples of where BSA filings contributed to a successful U.S. law enforcement case can be found on our website.
Internationally, FinCEN also facilitates the sharing of information for criminal and terrorism investigations on both a bilateral and multilateral basis through the Egmont Group of Financial Intelligence Units. The Egmont Group, currently comprised of over 150 member jurisdictions, provides an unparalleled, preexisting platform for the secure exchange of financial intelligence. Egmont members exchange information pursuant to guidelines meant to encourage the widest range of international cooperation and dissemination of financial intelligence while at the same time protecting each jurisdiction’s equities in security, confidentiality, and sovereignty. In response to some recent world events, FinCEN has been called upon to provide any relevant BSA data it has received from financial institutions.
Next, I want to take a moment to tackle a closely related myth that helps further demonstrate the value your SAR and CTR filings play.
Myth #2: Low-dollar SARs are meaningless to law enforcement.
This is a common myth across all financial sectors. And, I think this myth may stem from not fully appreciating or understanding how valuable a complete and accurately filed SAR can be in an investigation. It’s easy to think that filing a SAR on suspicious activity that has a low dollar amount, or even on an attempted transaction, may not look like it has the same appeal as one filed on a transaction for millions of dollars, but that is only part of the picture.
What does this mean for your SAR filed on a low-dollar amount transaction? Well, regardless of the amount, the reporting aids in expanding the scope of ongoing investigations by pointing to the identities of previously unknown subjects, exposing accounts and hidden financial relationships, or revealing other information such as common addresses or phone numbers that connect seemingly unrelated participants in a criminal or terrorist organization and, in some cases, even confirming the location of suspects. The reporting—even of transactions involving low dollar amounts—has served to unmask relationships between illicit actors and their financing networks, enabling law enforcement to target the underlying conduct of concern, and to disrupt their ability to operate. Your filing may just be the source of a missing piece of information that is needed in an investigation.
Law enforcement also uses the reporting to identify significant relationships, patterns, and trends. Your filings contribute to a more comprehensive picture that informs our understanding and analysis of criminal typologies. FinCEN includes an Intelligence Division that uses SARs and other reports to conduct strategic analysis to identify new trends and emerging threats in illicit finance. It assesses AML compliance across industries, identifying new illicit finance trends and developing typologies for illicit activity. The Intelligence Division then compiles much of this analysis into finished¬¬ intelligence products that are disseminated across FinCEN, the law enforcement community, and the federal government.
Myth #3: Casinos and Card Clubs are not expected to know a customer’s source of funds.
We hear this one a lot. I touched on it earlier when discussing some of FinCEN’s recent enforcement actions. And, in fact, I believe that FinCEN has been clear about the expectations in this area. In a 2014 speech to casinos and card clubs right here in Las Vegas, our former Director, Jennifer Shasky Calvery, explicitly stated that “casinos are required to be aware of a customer’s source of funds under current AML requirements.”
But this requirement goes beyond a speech given by FinCEN—the regulations themselves support this statement. Casinos and card clubs are required to develop and maintain a robust risk-based AML program. And, more specifically, the regulations impose an additional requirement that explicitly states that casinos must implement reasonably-designed procedures for “using all available information to determine… the occurrence of any transactions or patterns of transactions required to be reported as suspicious.”
However, please note that this requirement extends beyond your BSA program to your SAR filings as well. Regulations explicitly require casinos and card clubs to file SARs on “funds derived from illegal activity” and funds or assets derived from illegal activity including “ownership, nature, source, location, or control of such funds or assets.” In short, identifying and understanding a customer’s source of funds is not simply a “best practice,” it’s a regulatory expectation that casinos take all reasonable steps to do so.
FinCEN also encourages information sharing with other casinos and financial institutions pursuant to Section 314(b) of the USA PATRIOT ACT in suspected money laundering and terrorist financing cases. It is a voluntary program that can assist in helping casinos and card clubs obtain missing information to meet their regulatory obligations. Section 314(b) provides a safe harbor that offers protections from liability. When a financial institution notifies FinCEN of its intention to participate in this information sharing program, FinCEN first validates the registration. Once approved, the financial institution is provided access to the most current list of 314(b) participants, which is used by the financial institution to validate that they are sharing with a legitimate participant. Additional information about the 314(b) program can be found on the FinCEN web site.
Myth #4: SARs are subjective; based on the AML program size and risk-appetite of my institution.
This myth suggests that filing SARs are a matter of opinion, or that it’s relative to the make-up of the institution. But if that were true, then there is no way a financial institution can ever violate the statute—the defense would just be: “in my subjective opinion, that’s not SAR-worthy.” We would be left just to agree to disagree. Obviously, an effective AML system cannot work like that. Similarly, some financial institutions hold on to the myth that their AML program should be based on their risk appetite or risk tolerance. This view may be compounded by the misperception that SAR filings can be proportionally based on the size of an AML program.
These related myths are also contradicted by the rule [31 CFR 1021.320(a)(2)], that says “knows, suspects, or has a reason to suspect” illicit activity. So if you have a reason to suspect it, then you are required to file. It is that simple. Filing SARs does not depend on an AML program’s perceived risk appetite and it cannot be curtailed because of perceived AML program resource deficiencies.
This observation is not meant to spur specious or “defensive” filings; to the contrary, suspicious activity monitoring and SAR filing do require some judgment. Decisions are not always clear-cut. There are going to be times when someone says, “yeah, I think you probably should have filed a SAR, but it was not unreasonable to think otherwise.” If you act reasonably, and do your investigation, and—and this is important—think through and document your reasons for not filing a SAR, then we are not going to second-guess those reasonable decisions, even if FinCEN or an examiner may have made a different decision. However, I must emphasize financial institutions like yours and those of your clients must have appropriate risk-based AML programs in place.
That concludes my attempt to dispel four common myths about SAR filing. I can step off my soap-box for a moment. Because—the good news is that the casino and card club industry has improved their filing of SARs over the past several years. I want to thank the BSA compliance officers here today for being part of this positive change.
Generally, I do not like to throw out a lot statistics. But, I believe FinCEN’s records show dramatic increases in SAR filings for casinos and card clubs since 2013. This trend continued into 2015—increasing by 16%. SAR filings in the first reportable months of 2016 also appear to continue this upward trend. Notably, these increases have occurred industry-wide. We have observed increases in state-licensed casinos, tribal casinos, and card clubs.
Based on data you provided us, the highest reported categories of suspicious activity by your industry in 2015 are—again, as they were in 2014—minimal gaming and altering transactions to avoid CTR filing, whether by structuring or other means. We have also noticed “emerging trends” involving suspicious activity in the areas of “Recorded Play with no Recorded Redemption” and “Unknown Chip Source.” Over the same years, SARs filed by casinos mentioning “Chip Walking” increased significantly as did SARs filed by casinos mentioning “Rated Play Which Does Not Support the Amount of Chips Redeemed.” You should also know that this data is all available on our website’s “SAR Stats” feature, which allows you to see filing trends and run reports specific to an industry or region.
Civil Monetary Penalties
In the final portion of my presentation, I want to now provide additional clarity about how FinCEN assesses the amount of civil monetary penalties (CMPs). I hope to provide some greater insight to our CMP process to better inform you and your colleagues.
FinCEN does not maintain a strict matrix for assessing penalties. Rather, FinCEN weighs a number of factors and considerations when determining CMPs. I believe that overall, this model promotes greater fairness and proportionality in our enforcement actions. At its broadest level, this approach allows FinCEN the flexibility to move beyond a “one-size fits all” approach to tailor penalties to appropriately reflect the nature of the violation. And, it works to provide parity with CMPs imposed in similar cases. As I mentioned earlier, we devote a tremendous amount of time to ensuring that our public enforcement assessments clearly explain the nature of the violations underlying our enforcement action. The rationale should, in most instances, be evident.
I would like to spend some time discussing these factors to give you a better sense of how FinCEN arrives at a CMP.
1) The Nature and Seriousness of Violations
This is fairly obvious. FinCEN will consider the nature and seriousness of the violations in assessing an appropriate penalty or other relief. This factor involves both a qualitative and a quantitative analysis. For example, what elements of a BSA program are deficient or missing? A financial institution that has significant deficiencies in multiple program pillars over an extended period of time may be in a different position than an institution that has failed to comply with a single program area for a short period of time. Importantly, FinCEN’s consideration of the nature and seriousness of violations may play a critical role in determining what, if any, corrective actions—or undertakings—may need to occur to remedy existing errors.
2) Knowledge and Intent
Of course, willfulness is an element in all BSA cases. Financial institutions or individuals that cause AML deficiencies by recklessly failing to comply with their obligations under the BSA, or turn a blind eye to compliance deficiencies will be considered to have acted willfully for the resulting violations.
In some instances, we have seen cases where an employee or officer of the institution has been complicit in illicit transactions, or the institution has had direct notice of ongoing money laundering or BSA violations but allowed it to continue. For example, prior exam findings, or receipt of a grand jury subpoena. Cases in which the IRS examiners have found repeat violations over multiple exams receive heightened scrutiny from FinCEN and tend to be subject to greater penalties. However, this does not mean that a clean exam, or one with few findings, will never result in a CMP. Your IRS examiner is an important source of information on whether your casino’s AML program is on the right track. We are also aware of disturbing instances in which our IRS examiners were denied access to critical information and key personnel during the exam process. Obviously, obstructing the examination process and failing to address repeated violations are heavily weighted factors that we consider in enforcement actions and penalty determinations. In such a case—or where the deficiencies or illegal activities are only discovered through examination or law enforcement investigation—it is likely a higher CMP will be imposed.
In contrast, a violator’s decision to self-disclose the wrongdoing in a timely manner may indicate a willingness to accept responsibility; it may also suggest a stronger likelihood of future compliance. FinCEN may consider the degree to which a financial institution or individual has cooperated with FinCEN, examiners, or law enforcement. A strong level of cooperation may be a mitigating factor in determining a penalty. Such cooperation includes, but is not limited to, the subject’s compliance with document requests, professionalism towards and cooperation with examiners, and being fully truthful and forthcoming during interviews.
3) Remedial Measures
FinCEN’s enforcement actions have begun to focus more specifically on how financial institutions can work to correct the errors identified in our investigations. Some of our enforcement actions have included “undertakings” that aim to ensure that the financial institution rectifies identified problems. For example, we may insist on corporate monitor arrangements as part of our enforcement settlements. Our enforcement undertakings may require a casino to have more stringent independent testing for a given period of time, demonstrated training improvements, or updates to their written policies and procedures. Additionally, if specific concerns arise over transactions, FinCEN may require a SAR look-back as part of the consent order as well. These undertakings serve as a way to remedy any potential violations and ensure that future issues do not arise. Accordingly, FinCEN may consider a lower penalty relating to situations in which the institution takes effective, immediate remedial action after a violation is revealed. However, remedial measures alone may not warrant a reduced penalty. For example, if it is determined that an entity had disregarded its compliance program, caused significant violations, and then seeks to offset its penalty payments with compliance expenditures it should have made at the outset.
4) Financial Condition of the Financial Institution or Individual
FinCEN may consider a financial institution’s size and financial condition, including its assets, income, and projected revenue when determining an appropriate penalty that will be sufficient to ensure future compliance without jeopardizing the solvency of the financial institution. Similarly, in cases against individuals, FinCEN may consider the person’s assets and income when considering the penalty amount. This is a factor that would not be reflected in our public assessments, as we keep such information confidential.
5) Payments and Penalties Related to Other Enforcement Actions
Other civil, regulatory, or criminal agencies (state or federal) may sometimes impose a fine, penalty, or other financial assessment against a subject for other violations stemming from conduct that is similar or related to the conduct that gave rise to the BSA violations. Penalties imposed by other agencies should always be considered in analyzing a proposed civil money penalty by FinCEN. Significantly, however, such penalties may—but will not necessarily—affect the size of the penalty that FinCEN decides to impose. And, generally, FinCEN will not agree to have its CMP be completely concurrent with that of another federal or state agency.
6) Other Factors
The factors and considerations are non-exhaustive, which is why I believe FinCEN’s approach to determine a CMP works better than a matrix. There may be other circumstances not described above, which might call for a larger or smaller penalty. Also, it would be unusual for all factors to apply in any given case. Similarly, several factors may overlap, or there may be instances where one factor is more significant than others and should receive greater weight. Regardless of the situation, I can assure you this: there is a process in place to provide your institution an opportunity to be heard. When you receive notice of a FinCEN enforcement action, you and your institution will be invited to present the Enforcement Division with any information you feel is relevant to the determination of a CMP. We will fully consider and evaluate the information, and be prepared to discuss our positions. Open dialogue is mutually beneficial. We want our Assessments to be factually accurate based on the evidence, and the CMP to be fair and appropriate. However, when we propose a certain CMP amount, it is usually pretty firm—all factors have been fully considered and vetted. It is not like buying a used car—we do not start high in anticipation that you will come in low with a counteroffer. There is no “walk to the middle.”
Now that I have gone through the factors that inform a CMP, I want to emphasize the importance of building and sustaining a culture of compliance in your respective institutions. From an enforcement perspective, most of the CMP factors lead back to one single point of failure—a failed compliance culture. How this failure reveals itself in an investigation may differ from institution to institution, but the core breakdown is the same. This suggests to me that each institution should engage in some honest self-examination and ask itself whether its culture of compliance is merely lip service or whether it is real. We are seeing some meaningful improvements, but more work still needs to be done. I believe that it can be done but it will take real, sustained commitment.
So I recognize that I have covered a lot of issues today about FinCEN’s engagement with the casino industry, the industry’s obligations under the BSA, some common misperceptions about our work, as well as FinCEN’s enforcement posture. I hope this information will be useful to you and your colleagues in the casino industry to better understand and fulfill your obligations under the BSA to implement appropriate compliance programs at your respective institutions.
FinCEN is a critical partner in the fight against money laundering and terrorist financing. Our talented and dedicated team is committed to that mission. We have an incredible opportunity to serve the American public and to contribute to the safety of this country. FinCEN will meet the challenges ahead working together with you, law enforcement, and our regulatory and foreign partners. We see casinos and card clubs as important partners in our efforts and I hope that you see us that way as well.
I look forward to answering your questions about FinCEN and the work of our Enforcement Division. But, first, I would like to remind everyone that our website, fincen.gov, has a wealth of information and resources that can help you learn more about FinCEN, with links to enforcement actions, guidance, answers to frequently asked questions and more. Similarly, I encourage you to reach out to the FinCEN Resource Center at 1-800-767-2825 or [email protected] if you ever have questions about your regulatory requirements. I would like to conclude my presentation where I began by thanking each and every one of you for doing your part to protect the financial system from abuse by illicit actors. We cannot do our work without the help from industry, so we value your sustained commitment. Thank you.