United States: FinCEN Enforcement Stacks The Deck In AML Compliance For Casinos And Card Clubs

Last Updated: June 25 2015
Article by Fleming L. Ware, Travis P. Nelson, Michael J. Lowell and Kathleen A. Nandan

Most Read Contributor in United States, October 2017


Stephanie Booker, Associate Director for Enforcement, Financial Crimes Enforcement Network ("FinCEN"), recently gave a speech at the Nevada Bar Association's Bank Secrecy Act Conference in Las Vegas. Involved in the conference were the State Bar of Nevada's Gaming Law Section, the American Gaming Association, and the University of Nevada–Las Vegas' International Gaming Institute.

FinCEN is one of the Treasury Department's primary agencies to oversee and implement policies to prevent and detect money laundering, and the only federal agency to oversee anti-money laundering ("AML") compliance by casinos and card clubs. FinCEN polices for compliance with AML laws, including the Banking Secrecy Act ("BSA"), which requires certain reporting and recordkeeping by casinos and card clubs in an effort to prevent various financial and crimes. FinCEN works closely with the Internal Revenue Service ("IRS") Small Business/Self-Employed Division, which is FinCEN's delegated examiner for casinos and card clubs. The IRS refers significant violations of AML laws to FinCEN for enforcement action. FinCEN also receives referrals and coordinates its enforcement investigations with criminal law enforcement agencies, including the IRS-Criminal Investigations, the FBI, the Department of Justice's Asset Forfeiture and Money Laundering Section, and U.S. Attorney's Offices and state authorities, as well as other regulatory partners, including the Nevada Gaming Control Board.1

In her speech, Ms. Booker addressed BSA filing trends, the importance of BSA data, FinCEN's enforcement approach and recent enforcement developments, and the critical importance of a culture of compliance throughout the business and compliance functions at casinos and card clubs. Ms. Booker's speech made clear that casinos can no longer gamble on BSA compliance.

Impact of SARs

Suspicious activity reports ("SARs") form the cornerstone of the BSA reporting system, and are critical to FinCEN's ability to utilize financial information to combat money laundering and other criminal activity, including organized crime, drug trafficking, and terrorism. FinCEN regulations require the filing of a SAR in response to a transaction "if it is conducted or attempted by, at, or through a casino, and involves or aggregates at least $5,000 in funds or other assets, and the casino knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part)": (a) involves funds derived from illegal activity, or is intended to hide or disguise funds derived from illegal activity as part of a crime; (b) is designed to evade the BSA or its implementing regulations; (c) has no business or apparent lawful purpose or is not the type of transaction that the particular customer would normally be expected to engage in, and the casino knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction; or (d) involves the use of the casino to facilitate a crime.2

FinCEN regulations contain certain protections to encourage prompt and candid reporting. First, the regulations protect the confidentiality of SARs.3 Second, the regulation provides protection from civil liability for all reports of suspicious transactions regardless of whether such reports are filed pursuant to the SAR instruction. Specifically, the law provides: "A casino, and any director, officer, employee, or agent of any casino, that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this section or any other authority, including a disclosure made jointly with another institution, shall be protected from liability to any person for any such disclosure, or for failure to provide notice of such disclosure to any person identified in the disclosure, or both, to the full extent provided by 31 U.S.C. 5318(g)(3)."4

SARs provide some of the most important information available to U.S. law enforcement. The data is used to confront serious threats, including terrorist organizations, rogue nations, foreign grand corruption, cyber threats and transnational criminal organizations. The reporting aids in expanding the scope of ongoing investigations by revealing the identities of previously unknown subjects, exposing accounts and hidden financial relationships, or revealing other information, such as common addresses or phone numbers that connect seemingly unrelated participants in a criminal or terrorist organization.

The filing of SARs has improved dramatically in the past year, increasing 69 percent from 2013 to 2014, and the trend has continued in 2015. These increases have occurred industry-wide, in casinos, tribal casinos and card clubs. The highest reported categories of suspicious activity in casinos are minimal gaming and alternating transactions to avoid currency transaction report filing. However, SARs have also exposed patrons using casinos and card clubs to conceal narcotics transactions, moving money in support of international fraud schemes, laundering real estate fraud money, and transferring money for other illicit purposes.

Role of Sharing among Casinos

As another element of the casino compliance landscape, the USA PATRIOT Act provides financial institutions with the ability to share information with one another, under a safe harbor that offers protections from liability, in order to better identify and report potential money laundering or terrorist activities.5

In 2014, FinCEN saw an increase in information-sharing between casinos and card clubs through this program, which now includes 98 casinos and card clubs. Casinos and card clubs that participate in this program can communicate with other participants, even if those participants are not casinos or card clubs. Such information-sharing between institutions can play a critical role in achieving BSA and AML goals. Information-sharing is a powerful tool for providing casinos with a more comprehensive view of potential money laundering or terrorist financing that involves multiple institutions.

FinCEN Articulates Six Core Principals

FinCEN enumerated six core principles: transparency, giving credit when due, recidivism, individual accountability, remedial framework and accountability.

  • Transparency in Rationale: FinCEN desires its enforcement to be transparent, supported by plain facts rather than a "hide-the-ball" exercise. In support of this principle, FinCEN strives to ensure that its public enforcement assessments clearly explain the facts and violations underlying the enforcement action to ensure that the public will understand why FinCEN took action.
  • Credit Where Credit is Due: Another core principle is "giving credit where credit is due," meaning that FinCEN will take a casino's historical conduct into consideration in assessing whether to take an enforcement action or impose a penalty. While FinCEN will take historical conduct into consideration, FinCEN has made clear that an institution may not avoid penalty for remediating prior or existing violations, but that the respondent will generally be in a better position than one that had violations and never fixed the problem.
  • Recidivism: It is clear that institutions that have had repeat violations over multiple exams will receive heightened scrutiny from FinCEN. In addition, institutions obstructing the exam process, such as denying access to information or key personnel, and failing to address repeated violations, will be heavily weighted factors in considering whether to bring an enforcement action.
  • Individual Accountability: The BSA provides FinCEN with broad supervisory and enforcement authority, allowing FinCEN to impose civil penalties not only against casinos, but also against partners, directors, officers and employees of casinos who themselves participate in misconduct. FinCEN continuously evaluates whether to initiate an enforcement action against those individuals responsible for an institution's BSA/AML failures, including barring individuals from working in the industry.
  • Remedial Framework: Recent enforcement actions have begun to focus on correcting errors identified in investigations to prevent future issues from arising. FinCEN is now incorporating a remedial framework into settlements, including "undertakings," which aim to ensure that the institution rectifies identified problems. For example, FinCEN may insist on corporate monitor arrangements as part of enforcement settlements, or require a casino to have more stringent independent testing for a given period of time.
  • Accountability: Recently, FinCEN has expressed a willingness to consider departing from historical settlement practices to one that includes an admission to the facts and the violations of law. Previously, FinCEN regularly permitted financial institutions to "neither admit nor deny" allegations. FinCEN has implemented this practice in enforcement actions against all sizes and types of financial institutions and individuals, including casinos.

Reversing the historical practice of allowing casinos to "neither admit nor deny" raises some interesting issues and may result in unanticipated collateral effects. For example, financial institutions will be less likely to enter into settlements if they are required to publicly admit wrongdoing. This will result in more cases going to trial, putting further burden on an already strained prosecutorial system.

FinCEN is not the only regulator to have considered this approach. Daniel P. Stipano, Deputy Chief Counsel of the Office of the Comptroller of the Currency, testified on the issue of requiring admissions in settlements before the House Committee on Financial Services, and argued that "because consent orders are made available to the public, requiring an admission of wrongdoing would prolong settlement negotiations and increase the number of respondents who choose to litigate the merits of the action."6 In line with Mr. Stipano's statements, many defendants will likely be concerned that an admission will have non-mutual offensive collateral estoppel effects in subsequent private litigation, barring the defendant from taking a different position or re-litigating the issues surround the alleged wrongdoing. Defendants may also be concerned that an admission of wrongdoing could be admissible evidence in subsequent private litigation.

Recent Notable Enforcement Actions

FinCEN has taken enforcement actions against a wide range of financial institutions and individuals covered by the BSA, including casinos and casino employees.

For example, in March 2015, FinCEN imposed a $10 million penalty on Trump Taj Mahal in Atlantic City, N.J., for willful and repeated violations of the BSA.7 In addition to the civil penalty, the casino was required to conduct periodic external audits to examine its anti-money laundering BSA compliance program, and provide those reports to FinCEN and the casino's board of directors. In the investigation, Trump Taj Mahal admitted to several willful BSA violations, including failure to implement and maintain an effective AML program, failure to report suspicious transactions, failure to properly file currency transaction reports, and failure to keep appropriate records as required by the BSA. Notably, Trump Taj Mahal had ample notice of these deficiencies as many of these violations were discovered in previous examinations. Trump Taj Mahal has a history of BSA violations dating back to 1998, when FinCEN assessed a $477,700 civil money penalty against Trump Taj Mahal for currency reporting violations.

More recently, in June 2015, FinCEN assessed a $75 million penalty against Hong Kong Entertainment Investments, Ltd., d/b/a Tinian Dynasty Hotel & Casino, in the Northern Mariana Islands for willful and egregious violations of the BSA.8 Specifically, Tinian Dynasty failed to develop and implement an AML program, and no member of Tinian Dynasty staff was delegated responsibility for day-to-day compliance with the BSA. The casino failed to develop and implement policies and procedures designed to ensure AML compliance, or to detect suspicious transactions; it also never conducted an independent test of its systems to ensure compliance. Further, casino personnel were not trained in BSA recordkeeping or in identifying, monitoring and reporting suspicious activity. The casino operated for years without AML programs in place, and accommodated patrons who desired to conduct financial transactions with large amounts of cash, without the casino reporting the transaction. In some instances, casino employees provided detailed instructions on how patrons could conduct transactions without being reported or without attracting law enforcement scrutiny.

Fostering a Culture of Compliance

In her closing remarks, Ms. Booker focused on FinCEN's expectation that institutions, including casinos and card clubs, develop a "culture of compliance." For decades, other types of financial institutions, particularly banks, have heard their regulators consistently focus on this idea that compliance must be engrained in an institution's culture. FinCEN's comments at this conference reflect FinCEN's expectation that casinos and card clubs will be held to the same high compliance standards as their much more pervasively regulated bank counterparts. Fundamental to the creation and development of a strong culture of compliance, regulated entities must develop a risk management framework that is engrained into the day-to-day culture of the entity. The entity's board and management must exercise oversight of the risk management plan to ensure the establishment of effective communication channels, culture change, discipline, and accountability. A telltale sign of effective risk management is that minor deficiencies are identified before they become major compliance problems; the deficiencies are corrected; and the entity incorporates corrective measures going-forward to ensure that the same deficiency is unlikely to reemerge in the future. In other words, the entity learns from its mistakes. Repeated instances of the same deficiencies is a sign of a failed compliance culture.

In order to design and implement a culture of compliance, it is crucial that casinos and card clubs seek legal counsel that is familiar with the nuisances of the legal, compliance, and reputational risks that are implicated by AML laws and regulations. Focusing on these risks as part of designing a comprehensive compliance program will help regulated entities, such as casinos and card clubs, to avoid potentially damaging enforcement actions in the future.


1. http://www.fincen.gov/about_fincen/wwd/faqs.html#org

2. 31 U.S.C. § 1021.320(a).

3. 31 U.S.C. § 1021.320 (e).

4. 31 U.S.C. § 1021.320 (f).

5. USA PATRIOT Act § 314(b).

6. Testimony of Daniel P. Stipano, Deputy Chief Counsel, Office of the Comptroller of the Currency, Before the Committee on Financial Services of the U.S. House of Representatives, May 17, 2012.

7. "FinCEN Fines Trump Taj Mahal Casino Resort $10 Million of Significant and Long Standing Anti-Money Laundering Violations," (March 6, 2015), available at: http://www.fincen.gov/news_room/nr/html/20150306.html (last visited June 23, 2015).

8. "FinCEN Fines Tinian Dynasty Hotel & Casino $75 Million for Egregious Anti-Money Laundering Violations," (June 3, 2015), available at: http://www.fincen.gov/news_room/nr/html/20150603.html (last visited June 23, 2015).

This article is presented for informational purposes only and is not intended to constitute legal advice.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

In association with
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).
Email Address
Company Name
Confirm Password
Mondaq Topics -- Select your Interests
 Law Performance
 Law Practice
 Media & IT
 Real Estate
 Wealth Mgt
Asia Pacific
European Union
Latin America
Middle East
United States
Worldwide Updates
Check to state you have read and
agree to our Terms and Conditions

Terms & Conditions and Privacy Statement

Mondaq.com (the Website) is owned and managed by Mondaq Ltd and as a user you are granted a non-exclusive, revocable license to access the Website under its terms and conditions of use. Your use of the Website constitutes your agreement to the following terms and conditions of use. Mondaq Ltd may terminate your use of the Website if you are in breach of these terms and conditions or if Mondaq Ltd decides to terminate your license of use for whatever reason.

Use of www.mondaq.com

You may use the Website but are required to register as a user if you wish to read the full text of the content and articles available (the Content). You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these terms & conditions or with the prior written consent of Mondaq Ltd. You may not use electronic or other means to extract details or information about Mondaq.com’s content, users or contributors in order to offer them any services or products which compete directly or indirectly with Mondaq Ltd’s services and products.


Mondaq Ltd and/or its respective suppliers make no representations about the suitability of the information contained in the documents and related graphics published on this server for any purpose. All such documents and related graphics are provided "as is" without warranty of any kind. Mondaq Ltd and/or its respective suppliers hereby disclaim all warranties and conditions with regard to this information, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Mondaq Ltd and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use or performance of information available from this server.

The documents and related graphics published on this server could include technical inaccuracies or typographical errors. Changes are periodically added to the information herein. Mondaq Ltd and/or its respective suppliers may make improvements and/or changes in the product(s) and/or the program(s) described herein at any time.


Mondaq Ltd requires you to register and provide information that personally identifies you, including what sort of information you are interested in, for three primary purposes:

  • To allow you to personalize the Mondaq websites you are visiting.
  • To enable features such as password reminder, newsletter alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our information providers who provide information free for your use.

Mondaq (and its affiliate sites) do not sell or provide your details to third parties other than information providers. The reason we provide our information providers with this information is so that they can measure the response their articles are receiving and provide you with information about their products and services.

If you do not want us to provide your name and email address you may opt out by clicking here .

If you do not wish to receive any future announcements of products and services offered by Mondaq by clicking here .

Information Collection and Use

We require site users to register with Mondaq (and its affiliate sites) to view the free information on the site. We also collect information from our users at several different points on the websites: this is so that we can customise the sites according to individual usage, provide 'session-aware' functionality, and ensure that content is acquired and developed appropriately. This gives us an overall picture of our user profiles, which in turn shows to our Editorial Contributors the type of person they are reaching by posting articles on Mondaq (and its affiliate sites) – meaning more free content for registered users.

We are only able to provide the material on the Mondaq (and its affiliate sites) site free to site visitors because we can pass on information about the pages that users are viewing and the personal information users provide to us (e.g. email addresses) to reputable contributing firms such as law firms who author those pages. We do not sell or rent information to anyone else other than the authors of those pages, who may change from time to time. Should you wish us not to disclose your details to any of these parties, please tick the box above or tick the box marked "Opt out of Registration Information Disclosure" on the Your Profile page. We and our author organisations may only contact you via email or other means if you allow us to do so. Users can opt out of contact when they register on the site, or send an email to unsubscribe@mondaq.com with “no disclosure” in the subject heading

Mondaq News Alerts

In order to receive Mondaq News Alerts, users have to complete a separate registration form. This is a personalised service where users choose regions and topics of interest and we send it only to those users who have requested it. Users can stop receiving these Alerts by going to the Mondaq News Alerts page and deselecting all interest areas. In the same way users can amend their personal preferences to add or remove subject areas.


A cookie is a small text file written to a user’s hard drive that contains an identifying user number. The cookies do not contain any personal information about users. We use the cookie so users do not have to log in every time they use the service and the cookie will automatically expire if you do not visit the Mondaq website (or its affiliate sites) for 12 months. We also use the cookie to personalise a user's experience of the site (for example to show information specific to a user's region). As the Mondaq sites are fully personalised and cookies are essential to its core technology the site will function unpredictably with browsers that do not support cookies - or where cookies are disabled (in these circumstances we advise you to attempt to locate the information you require elsewhere on the web). However if you are concerned about the presence of a Mondaq cookie on your machine you can also choose to expire the cookie immediately (remove it) by selecting the 'Log Off' menu option as the last thing you do when you use the site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies and we are not aware of any at present that do so.

Log Files

We use IP addresses to analyse trends, administer the site, track movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.


This web site contains links to other sites. Please be aware that Mondaq (or its affiliate sites) are not responsible for the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of these third party sites. This privacy statement applies solely to information collected by this Web site.

Surveys & Contests

From time-to-time our site requests information from users via surveys or contests. Participation in these surveys or contests is completely voluntary and the user therefore has a choice whether or not to disclose any information requested. Information requested may include contact information (such as name and delivery address), and demographic information (such as postcode, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the functionality of the site.


If a user elects to use our referral service for informing a friend about our site, we ask them for the friend’s name and email address. Mondaq stores this information and may contact the friend to invite them to register with Mondaq, but they will not be contacted more than once. The friend may contact Mondaq to request the removal of this information from our database.


From time to time Mondaq may send you emails promoting Mondaq services including new services. You may opt out of receiving such emails by clicking below.

*** If you do not wish to receive any future announcements of services offered by Mondaq you may opt out by clicking here .


This website takes every reasonable precaution to protect our users’ information. When users submit sensitive information via the website, your information is protected using firewalls and other security technology. If you have any questions about the security at our website, you can send an email to webmaster@mondaq.com.

Correcting/Updating Personal Information

If a user’s personally identifiable information changes (such as postcode), or if a user no longer desires our service, we will endeavour to provide a way to correct, update or remove that user’s personal data provided to us. This can usually be done at the “Your Profile” page or by sending an email to EditorialAdvisor@mondaq.com.

Notification of Changes

If we decide to change our Terms & Conditions or Privacy Policy, we will post those changes on our site so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether or not we use their information in this different manner. We will use information in accordance with the privacy policy under which the information was collected.

How to contact Mondaq

You can contact us with comments or queries at enquiries@mondaq.com.

If for some reason you believe Mondaq Ltd. has not adhered to these principles, please notify us by e-mail at problems@mondaq.com and we will use commercially reasonable efforts to determine and correct the problem promptly.