FinCEN Doubles Down on Casinos with Heightened Regulatory Expectations - Casino Managers and Tribal Gaming Commissioners Need to Be Proactive with Anti-Money Laundering Compliance Initiatives

by Holland & Knight LLP

For the second time in nine months, Financial Crimes Enforcement Network (FinCEN) Director Jennifer Shasky Calvery has publicly addressed FinCEN's increasing concerns regarding casino compliance with the Bank Secrecy Act (BSA), including tribal casinos. In her latest remarks on June 12, 2014, at a BSA Conference in Las Vegas, Dir. Shasky Calvery highlighted what FinCEN expects casinos to do and what points FinCEN and the Internal Revenue Service (IRS) will be looking for in conducting Title 31 casino audits.1

Tribal casino management and tribal gaming commissioners need to be aware of these issues and pay closer attention to the implementation, supervision and regulation of casino anti-money laundering (AML) compliance programs and the preparation for the casino's next IRS Title 31 compliance audit.

The primary concerns of FinCEN and the IRS are the following:

  • casinos must know the source of their customers' gambling funds
  • casinos should develop effective risk-based AML compliance programs based on solid written risk assessments
  • casinos should comply with mandatory information sharing and participate in voluntary information sharing
  • casinos should be aware of a new "red flag" called "chip walking"

FinCEN Expects Casinos to Know the Source of Their Customers' Funds

In her speech, Dir. Shasky Calvery sharply denied recent press reports that existing BSA rules do not require casinos to vet their customers' source of funds and denied that FinCEN rulemaking would be forthcoming on this subject. She said, "Casinos are required to be aware of a customer's source of funds under current AML requirements." As she explained, as far as FinCEN is concerned, casinos are already expectedto be aware of the source of their customers' gambling funds, and a casino's Know Your Customer (KYC) procedures need to specifically include this.

Dir. Shasky Calvery based this mandate on the existing requirement that casinos report suspicious activity. Meeting this obligation, she said, requires every casino to know its customers, and that includes an implicit understanding of the source of funds under a risk-based approach.

Although she declined to specify exactly how far casinos need to go in verifying sources of fund at the various levels of play, Dir. Shasky Calvery emphasized that "[a] casino's capability for knowing its customers' preferences and credit information – combined with [its] security technology – can and should be leveraged to piece together relevant information to understand [its] customers' source of funds." In short, if a casino is not already determining its customers' source of funds, waiting for forthcoming rulemaking or clarification will not be an excuse.

Importance of Risk-Based AML Compliance

In her address, Dir. Shasky Calvery stated that effective AML compliance programs must be "risk-based." In virtually all BSA audits, a primary starting point is the casino's written AML "risk assessment." If casinos do not have an up-to-date risk assessment, they will be instructed to prepare one. Further, if a casino doesn't have one or if the IRS decides that its risk assessment is outdated or inadequate, the IRS will develop its own risk assessment and use it as the starting point for that casino's audit.

Because AML is risk-based, there is no "one-size-fits-all" casino AML program, Dir. Shasky Calvery said. FinCEN cannot just "tell casinos what to do" or issue a definitive "yes-or-no/check-the-box" form because every casino – and its money laundering risk – is different. A casino's program must therefore be tailored to the risks it faces, which in turn are based on the types of financial services it offers, the profile of its patrons and the community in which it is located.

Dir. Shasky Calvery further stressed that casinos, like all financial institutions, need to cultivate a "culture of compliance." While this should not be difficult for tribal governments, there is sometimes a lack of connection between the compliance mandates of tribal gaming commissions and the financial incentives of tribal casino managers. Casino management, not just tribal gaming commissioners, must set the right "tone at the top" on compliance matters.

Information Sharing Mandates and Opportunities

Information sharing, which is another focus of Dir. Shasky Calvery, allows the exchange of information relating to money laundering and terrorist financing under a safe harbor that prevents the party giving information from being sued in court. The two types of information sharing are mandatory sharing under section 314(a) and voluntary sharing under section 314(b) of the USA PATRIOT Act.

Mandatory information sharing requires recipients to promptly respond to written FinCEN inquiries about accounts maintained by or transactions conducted with certain individuals or entities named in the inquiry. In the past, FinCEN has not issued 314(a) requests to casinos but has issued more than 43,000 requests to banks and other entities. Noting that 95 percent of these requests have contributed to arrests or indictments, Dir. Shasky Calvery implied that FinCEN will start sending 314(a) requests to casinos in the future.

Since mandatory information sharing is required by existing regulations, casinos should already have procedures in place for responding to these requests.2 However, many casinos do not because FinCEN has not issued 314(a) requests to casinos in the past. Based on Dir. Shasky Calvery's remarks, this is likely to change, and casinos will need to prepare written procedures designed to receive – and properly respond to – 314(a) requests from FinCEN.

Voluntary information sharing in Section 314(b) allows casinos to share information (including specific customer information) with other casinos as well as banks and other financial institutions for the purpose of identifying and reporting activities that the casino suspects may involve possible money laundering or terrorist information. The information received may be used only to report money laundering or terrorist activity, to determine whether to open or maintain an account, or to assist in complying with the BSA. If the regulation governing voluntary information sharing is fully complied with, no party exchanging information may be sued in any court.3

Furthermore, Dir. Shasky Calvery stressed that FinCEN strongly encourages casinos to engage in voluntary information sharing and pointed out that it is a valuable tool in identifying reportable suspicious activity and that FinCEN's website has details on how to take advantage of this program and the benefits of doing so. Casinos should seriously consider registering for voluntary information sharing as one means of using all available information to determine the occurrence of any transactions or patterns of transactions required to be reported as suspicious.

A New Red Flag: Chip Walking

Dir. Shasky Calvery closed her conference speech by warning casinos of a particular activity that has come to the attention of FinCEN and federal law enforcement as a potential "red flag" of suspicious activity, namely "chip walking." This is a process in which a customer leaves the casino with a large amount of chips or stores them on-site in a lock box for an extended period of time. Dir. Shasky Calvery said that law enforcement knows that there may be legitimate reasons for customers to do this, but it also could be a sign that the customer is trying to hide funds or structure reportable cash transactions, or use the chips as a form of currency for illegal transactions such as drug deals.

If it's for an illegitimate purpose, then "this is the kind of activity that [casinos] should report" as suspicious activity, Dir. Shasky Calvery said. When such a circumstance arises, a casino will be expected to identify it when it happens, investigate it, and report it on a Suspicious Activity Report (commonly known as a SAR) when appropriate. This means the "red flags" listed in AML procedures should include chip walking, and employees must be trained to identify and report this "red flag" as well as all others for review by compliance personnel.


1 Dir. Shasky Calvery's speech can be read at

2 See31 C.F.R. 1010.520; 1021.520.

3 See31 C.F.R. 1010.540; 1021.540.

To ensure compliance with Treasury Regulations (31 CFR Part 10, §10.35), we inform you that any tax advice contained in this correspondence was not intended or written by us to be used, and cannot be used by you or anyone else, for the purpose of avoiding penalties imposed by the Internal Revenue Code.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Holland & Knight LLP | Attorney Advertising

Written by:

Holland & Knight LLP

Holland & Knight LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.


JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at:

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.