Title 31: Establishing an anti-money laundering compliance program
TRIBAL NATIONS QUARTERLY |
Whether you manage Tribal, riverboat, racino or Nevada gaming operations, establishing a system of internal controls to assure ongoing compliance with the Bank Secrecy Act (or BSA; also known as Title 31) is critical to managing the regulatory risks of a property.
Failure to have an effective program in place can have both legal and business repercussions. In fact, due to one casino's lack of established procedures to identify and report the occurrence of unusual or suspicious transactions or patterns of transactions, recent actions taken by the Financial Crimes Enforcement Network (FinCEN) resulted in fines totaling $250,000 for one casino and federal indictments for racketeering, extortionate extension of credit and narcotics offenses by the Department of Justice for two casinos.
A casino's Anti-Money Laundering program (AML program or Title 31 compliance program) is the foundation upon which it can manage money laundering and terrorist financing risks. When combined with a Title 31 risk assessment, an AML program can help ensure regulatory compliance, avoid fines, and prevent criminal and civil penalties.
When FinCEN issued the summary of its findings for enforcement action, it provided some key insights on what they look for in a Title 31 compliance program:
- System of internal controls — To assure ongoing compliance, casino management needs to take a hard look at its program. A truly effective compliance program is not simply lifted from the regulations, but rather includes a property's specific methods for complying with the regulations.
Furthermore, procedures should address communications, record keeping, and coordination between departments. Customized, explicit procedures are needed for the identification, reporting and gathering of information on suspicious activity. For example, at what point is surveillance notified if suspicious activity is observed on the floor? How is it communicated to the compliance department for consideration of filing?
The lack of procedures in the Title 31 compliance programs is often cited in IRS audits and finding letters. According to the enforcement action report for one casino, fines were levied because the operation "lacked adequate policies, procedures, and controls to address player activity across table games, cage transactions, and surveillance in order to detect suspicious activity."
- Internal and/or external independent testing — In enforcement actions, FinCEN has indicated that internal audits have lacked the scope necessary to adequately ensure that a casino was operating in full compliance with Title 31; internal audits have been conducted with the participation of the casino's compliance officer — in other words, the person doing the activities — thereby compromising independence. IRS audit letters indicate similar findings.
The IRS and FinCEN are actively looking to ensure that the independent testing required by the regulation is performed by knowledgeable, experienced parties who understand the regulation and can test all the key aspects of the regulation. While the frequency of testing is not addressed in the regulation, it is generally expected within the industry that independent testing should be performed at least annually, and should be based upon the level of risk. Many casinos now look to outside external firms to perform periodic testing to ensure that the program is effectively evaluated.
- Training casino personnel — Rather than just providing education on regulation, training to identify suspicious activity needs to address procedures customized for the employee's duties. Simply put, employees need to know the requirements relevant to their jobs. Although there is no specific guidance with Title 31, training should take place at least once a year, or however often it is necessary in order for to demonstrate an understanding of the procedures for the job. Positions include cash-handling roles such as cage cashiers, slot attendants, and dealers, as well as anyone with access to and can see the gaming floor, including security personnel and shift supervisors.
- Assuring day-to-day compliance — A compliance officer who has the appropriate authority and is supported by executive management should be designated. This officer should be empowered to initiate change if floor personnel are not adequately complying with regulatory requirements. It is not enough for the compliance officer to simply issue an exception report with little to no change as a result. During its audit process, the IRS deliberately evaluates the authority and support of the compliance officer to ensure ongoing compliance with Title 31.
- Information gathering — Procedures should be implemented for using all available information to determine occurrence of unusual or suspicious transactions or patterns of transactions. This includes using automated systems to aggregate and identify suspicious activity.