Is Money Being Laundered Through Your Financial Institution Using Daily Fantasy Sports Sites?

by K&L Gates LLP
Contact

This alert addresses the explosion in popularity of daily fantasy sports (“DFS”) sites and the money-laundering potential that DFS sites may offer to criminals around the world. It then explains potential legal liability under the Bank Secrecy Act (“BSA”) that financial institutions could face if adequate anti-money-laundering (“AML”) controls and reporting mechanisms are not in place to handle the growing risk. It concludes with specific points to consider when dealing with the AML risks posed by doing business with DFS sites or their users.

Few online businesses grew in the past few years like DFS sites such as FanDuel and DraftKings. DFS sites have raised millions in venture capital to expand their operations and blanket the airwaves with advertisements to grow their businesses.[1] However, those amounts pale in comparison to the amounts that are put in play and paid to winners through DFS sites. DraftKings advertises that it will pay out $1 billion in prizes during 2015 and $1 million in weekly grand prizes.[2] FanDuel boasted $560 million in prizes paid out in 2014, and its advertisements tout $2 billion in expected payouts for 2015.[3]

A. Government Interest in DFS Sites and Associated Financial Institutions
With potentially billions of dollars associated with DFS sites, federal attention is likely. In reference to DFS, FinCEN Director Jennifer Shasky Calvery stated: “Here is a business that purports to have large volumes of funds moving through it.  Like anything else, we will keep our eyes on it.”[4] Assistant Attorney General Leslie Caldwell, who heads the Department of Justice’s Criminal Division, also recently advised financial institutions that, in the money-laundering context, they “must ensure that [their] compliance policies and practices are tailored to identify and mitigate risks posed by [their] specific portfolio of customers” and they “should periodically review [their] compliance policies and practices to keep it up to date with evolving risks and circumstances.”[5] The perceived adequacy of a financial institution’s compliance program and its ability to address the evolving risk of money laundering through DFS sites will be a factor the Department of Justice considers in deciding whether or not to prosecute if violations are discovered at that financial institution.[6]

BSA/AML Compliance Officers at financial institutions should be concerned that, with millions of dollars passing through these websites on a weekly basis,[7] it may not be long before the federal government begins—if it has not already—investigating the users of DFS sites and transactions conducted by financial institutions handling DFS proceeds. Federal officials likely will want to know what financial institutions are doing to identify and combat potential money-laundering risks associated with the free-moving funds that are passed among millions of users,[8] as money launderers tend to seek quick, high-volume, and near-anonymous ways to move and legitimize money that DFS sites may provide.

Many DFS websites allow entry into multiple, high-dollar-value, single-day, head-to-head contests against only one other player, who can be specifically selected.  It would require little skill or imagination for one party to launder money to another party by “taking dives” in these one-on-one match-ups. Simply stated, criminals could pass their ill-gotten gains through a DFS site in rigged match-ups that would allow a person to present a bank with a check or wire from the site for “winnings” rather than a more suspect cash deposit.

B. Potential AML Liabilities for Financial Institutions Related to DFS Transactions
Under the BSA, “financial institutions” are required to file a Suspicious Activity Report (“SAR”) on “suspicious” activity.[9] For purposes of the BSA, “suspicious” activity is any activity appearing to (1) be designed to avoid BSA reporting requirements (i.e., structuring), (2) launder money, (3) facilitate criminal activity, (4) violate federal law, or (5) serve no lawful purpose.[10]

There are at least two potential theories the federal government could pursue to hold a financial institution liable for its failure to prevent criminals from laundering money under the guise of DFS winnings. First is the federal law that criminalizes the failure to file a SAR if (1) the SAR involved suspicious transactions aggregating more than $5,000 (for most financial institutions) and (2) the failure was done willfully.[11] Second, financial institutions must establish adequate AML programs appropriate for the risk level of their business lines. These programs must include, at a minimum, the “four pillars” of AML compliance:  (i) the development of internal AML policies, procedures, and controls; (ii) the designation of an AML compliance officer; (iii) an ongoing employee AML training program; and (iv) an independent audit function to test AML programs.[12] Failure to have an adequate AML compliance program may expose financial institutions to liability.[13]

If a customer routinely is depositing high-value checks or wires from a DFS site on a regular basis and a financial institution’s AML controls have not been set up to review such activity in the normal course of its AML compliance program, there could be costly federal repercussions if money-laundering issues later arise. In a similar way that winning thousands of dollars at a casino every week may raise a red flag that requires attention, financial institutions may be required to analyze the transactions of individuals purporting to consistently win thousands of dollars in these single-day games. 

Additionally, doing business directly with DFS sites may also pose AML risks. Operating a DFS site may violate federal anti-wagering statutes and the anti-wagering statutes of relevant states if the site accepts players who are located there. Under the Unlawful Internet Gambling Enforcement Act of 2006 (“UIGEA”), banks may not accept payments in connection with people’s participation in DFS sites that do not fit within the narrow exception[14] that the statute creates for fantasy sports. Lesser-known sites may not have been designed to fit within that exception, thereby exposing a financial institution accepting payments in connection with people’s participation in such a site to another potential avenue of liability. In such cases, any funds from these sites could be suspicious as violative of federal or state law. 

Financial institutions also must take special care when accepting, analyzing, and reporting on deposits from unknown entities purporting to be DFS sites, which could be illegal sportsbooking operations masquerading as DFS sites. Indeed, other Internet gaming operators previously have gone to great lengths to masquerade as legitimate businesses to evade AML controls—even offering money to financial institutions to obtain favorable treatment.[15]

C. The Role DFS Sites Play in Vetting Customers
BSA/AML Compliance Officers should note that many DFS sites likely are not “financial institutions”[16] under the BSA and, therefore, are themselves not subject to the rules and regulations of the BSA designed to identify and prevent money laundering through compliance programs and reporting. Even if some DFS sites fit the BSA definition of a “financial institution” by virtue of being a “casino,” a currency exchanger, or another entity subject to the larger “financial institution” definition, the applicable BSA/AML requirements may be less than those requirements applicable to traditional financial institutions or unknown to the DFS sites. BSA/AML regulations have certain common core components but other regulations only apply to traditional banks, while still other regulations are only applicable to casinos, money-services businesses, or other nontraditional financial institutions. Additionally, DFS sites may suggest that AML compliance is the responsibility of its banks, payment processors, and other entities that enable customers to make payments that “load” DFS accounts.[17]

It is unclear how stringently DFS operators work to prevent money laundering through their sites.  Some DFS sites (for instance, Star Fantasy Leagues) publicly assert that they follow “know your customer” guidelines and cross-check customer lists with the Office of Foreign Assets Control to ensure customers are not on a sanctions list.[18] However, other DFS sites may require as little as a name, username, credit card (potentially anonymously prepaid), and e-mail address.[19] In cases where money laundering is discovered, DFS sites that operate outside the BSA may not be the target of federal officials; instead, “the bank is probably ultimately the one holding the bag from a regulatory perspective.”[20]

D. Potential Steps to Mitigate AML Risks from DFS Sites and Users
In light of the increasing attention being paid to DFS sites[21] and the uncertainty surrounding their AML controls, prudent BSA/AML Compliance Officers at financial institutions should review and update (if necessary) controls to ensure adequate detection and reporting of suspicious activity related to their customers and DFS sites. Controls should be designed or updated to address the unique set of risks DFS sites pose:

  • High-value transactions
  • Ability to quickly receive payments from many users
  • Potential use of fake names and creation of unverified accounts
  • Quick intake and payment (for instance, FanDuel advertises same-day payment)[22]
  • Option to set up head-to-head match-ups and easily rig the outcome
  • Ability to easily and repeatedly use the laundering mechanism/scheme
  • Worldwide reach afforded by the Internet

In responding to the above risks, financial institutions should consider incorporating specific steps related to handling proceeds from DFS sites to mitigate the risk of money laundering and BSA violations. For instance, depending on the circumstances and the portfolio of customers served, financial institutions could:

  • Assess whether they are engaging in transactions in connection with DFS sites that are or may be operated unlawfully and update controls to block transactions associated with those sites.
  • Elevate the risk level associated with past and future deposits from DFS sites to trigger alerts regarding transactions aggregating over time or on a consistent and potentially structured basis.
  • Investigate patterns of consistent, routine winning (particularly in equal amounts that do not coincide with a key sports cycle).
  • Develop practices to “know their customers.”
  • Liaise with the DFS sites regarding their own internal AML and “know your customer” controls.
  • Understand proceeds for the accounts for DFS sites themselves versus employment-related payments to their employees versus winnings paid to DFS customers and the typologies and risk factors for each.
  • Run background checks on customers using sanctions lists, public records, or available federal databases.

E. Conclusion
Fantasy sports has evolved from season-long office leagues with little to no payout into a billion-dollar industry with million-dollar payouts after single-day contests. The financial institutions that service DFS sites and their customers are likely to come under scrutiny regarding their BSA/AML controls. To stay ahead of the curve (and potentially the storm), financial institutions should take this opportunity to review and update their own AML controls and determine if the threat of money laundering through DFS sites is adequately addressed.

 

Notes:
[1] http://www.forbes.com/sites#/sites/darrenheitner/2015/07/14/fanduel-raises-another-275-million-is-an-ipo-next.

[2] http://www.nytimes.com/2015/10/07/upshot/the-big-winners-in-fantasy-football-and-the-rest-of-us.html.

[3] Id.; https://www.fanduel.com.

[4] http://www.americanbanker.com/news/law-regulation/are-fantasy-sports-sites-a-money-laundering-haven-1077178-1.html.

[5] http://www.justice.gov/opa/speech/assistant-attorney-general-leslie-r-caldwell-delivers-remarks-compliance-week-conference.

[6] Id.

[7] FanDuel currently advertises that $75 million is “up for grabs” in a “normal” week. https://www.fanduel.com.

[8] http://www.bloomberg.com/news/articles/2015-01-15/the-growing-world-of-moneymaking-fantasy-sports (noting that FanDuel, alone, has more than one million paying users).

[9] http://www.fincen.gov/forms/files/FinCEN%20SAR%20ElectronicFilingInstructions-%20Stand%20Alone%20doc.pdf; 31 U.S.C. §§ 5312(a)(2), 5318(g) and its implementing regulation, 31 C.F.R. Ch. X; 12 C.F.R. §§ 21.11, 163.180, 208.62, 353.3, 748.1.

[10] http://www.fincen.gov/forms/files/FinCEN%20SAR%20ElectronicFilingInstructions-%20Stand%20Alone%20doc.pdf.

[11] See 31 C.F.R. Ch. X for the various requirements imposed on the various entities that fall under the definition of “financial institutions.”

[12] 31 U.S.C. § 5318(h).

[13] See 31 U.S.C. § 5318(a), (h).

[14] See 31 U.S.C. § 5362(1)(E)(ix) for the statutory language carving out the UIGEA fantasy sports exception.

[15] See July 31, 2012 S.D.N.Y. U.S.A.O. Press Release Announcing $731 Million Settlement of Money Laundering and Forfeiture Complaint with PokerStars and Full Tilt Poker (“For example, the poker companies arranged for the money received from U.S. gamblers to be disguised as payments to hundreds of non-existent online merchants purporting to sell merchandise such as jewelry and golf balls. Of the billions of dollars in payment transactions that the poker companies deceived U.S. banks into processing, approximately one-third or more of the funds went directly to the poker companies as revenue through the ‘rake’ charged to players on almost every poker hand played online.”), available at https://www.fbi.gov/newyork/press-releases/2012/manhattan-u.s.-attorney-announces-731-million-settlement-of-money-laundering-and-forfeiture-complaint-with-pokerstars-and-full-tilt-poker. Even after these frauds were detected, the poker companies “developed a new processing strategy that would not involve lying to banks.” Id. “PokerStars, FullTilt Poker, and their payment processors persuaded the principals of a few small, local banks facing financial difficulties to engage in such processing in return for multi-million-dollar investments in the banks.” Id. Payment processors approached “SunFirst Bank, a small, private bank based in Saint George, Utah, about processing Internet poker transactions[,]” ultimately leading to the indictment [and guilty plea] of a part-owner and director of that bank. Id.

[16] 31 U.S.C. § 5312(a)(2).

[17] http://www.americanbanker.com/news/law-regulation/are-fantasy-sports-sites-a-money-laundering-haven-1077178-1.html (paraphrasing a gaming lawyer as saying “fantasy sports firms could reasonably rely on credit card processors… to address money laundering risk”).

[18] http://www.americanbanker.com/news/law-regulation/are-fantasy-sports-sites-a-money-laundering-haven-1077178-1.html. See FanDuel’s terms of use at https://www.fanduel.com/terms (noting that FanDuel may require users to complete affidavits attesting that they are not on “any U.S. Government list of prohibited or restricted parties”).

[19] Id.

[20] Id. (citation omitted).

[21] http://www.nytimes.com/2015/10/06/sports/fanduel-draftkings-fantasy-employees-bet-rivals.html; http://www.cbsnews.com/news/daily-fantasy-sports-sites-ordered-to-shut-down-in-nevada.

[22] https://www.fanduel.com (“Playing a game in one day and getting paid the same day is awesome.”).

U.S. Government Enforcement questions related to this article may be directed to any of the attorneys listed below.

Written by:

K&L Gates LLP
Contact
more
less

K&L Gates LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.