On the day after his appointment in August 2016, the Associate Director for Enforcement for the Financial Crimes Enforcement Network (FinCEN), Thomas Ott, addressed the National Title 31 Suspicious Activity & Risk Assessment Conference in Las Vegas, Nevada. In his remarks, he (1) covered recent enforcement actions, (2) sought to dispel myths or misconceptions about suspicious activity reports (SARs), (3) provided context for the value to law enforcement of the Title 31 reporting information, and (4) outlined factors considered when FinCEN sets civil money penalties. Ott is part of the new leadership of FinCEN, which lost its hard-driving Director, Jennifer Shasky Calvery, to the private sector at the beginning of the summer. For those working in gaming compliance, Ott’s remarks were notable for several reasons, including their consistency with FinCEN’s recent messages and enforcement actions.
In addressing recent FinCEN enforcement actions, Ott emphasized the importance of creating and maintaining a culture of compliance within a financial institution. These comments echoed FinCEN’s August 2014 guidance (FIN-2014-A007) that highlighted the importance of a strong culture of BSA/AML compliance for “senior management, leadership and owners of all financial institutions.” According to Ott, at a minimum, a culture of compliance means the adoption and implementation of policies and procedures that are risk-based and reasonably designed to assure compliance with the BSA. In describing the enforcement actions, Ott noted that FinCEN’s enforcement actions are intended both to remediate compliance deficiencies – particularly in financial institutions that have failed to correct identified shortcomings – and to educate regulated entities.
In explaining the value of SAR information to law enforcement, Ott set out statistics intended to demonstrate law enforcement’s reliance on reported information, even in the case of “low-dollar SARs.” He also attempted to dispel certain myths and misconceptions about SARs. He repeated the message of the former FinCEN Director that under the regulations “casinos are required to be aware of a customer’s source of funds under current AML requirements.” He observed that under the BSA, casinos must have reasonably-designed procedures that use all available information to identify and report suspicious transactions, which include funds derived from illegal activity and funds or assets derived from illegal activity. Ott stated that the SAR obligations “explicitly” require casinos to file SARs on funds “derived from illegal activity including ‘ownership, nature, source, location, or control of such funds or assets.’”
We note, however, that while the regulation he apparently cited, 31 CFR § 1021.320(a)(2)(i), does refer to the “source” of funds, that provision arguably refers to a transaction a casino knows, suspects, or has reason to suspect “is intended or conducted in order to hide or disguise funds or assets derived from illegal activity.” A reasonable interpretation of that provision could be that unless a casino has a reason to suspect the transaction is being conducted or attempted in order to hide or disguise funds (or the source or control of those funds), the regulations do not “explicitly” require a casino to investigate a patron’s source of funds. Of course a casino must use all available information to assess financial transactions. And there are countless ways in which suspicion may arise that warrants discussion by casino management whether a SAR should be filed. But FinCEN has yet to identify the affirmative regulatory obligation for a casino to investigate and determine each patron’s source of funds.
Ott also stressed that a casino cannot avoid its SAR filing obligation by claiming it has a larger appetite for risk or broader experience with unusual behavior and therefore a higher subjective standard for what constitutes suspicious activity. Risk appetite should not drive the decision to file a SAR. One casino may be more willing than another to permit a patron to continue gaming, but as Ott said: “if you have a reason to suspect [illicit activity], then you are required to file.”
Shifting to liability, Ott noted that it may attach to entities and individuals, and it may not be limited to civil money penalties. He closed by summarizing the factors and considerations FinCEN evaluates when determining the amount of a civil monetary penalty. These include: (1) the nature and seriousness of violations; (2) knowledge and intent; (3) remedial measures; (4) financial condition of the financial institution or individual; (5) payments and penalties related to other enforcement actions; and (6) other factors.
The Associate Director’s remarks indicated a continuation of the overarching policies that FinCEN has followed in the past few years. The Bank Secrecy Act and the Title 31 regulations impose compliance responsibilities upon financial institutions, which Ott recognized as requiring “significant resources.” In recognition of these efforts, FinCEN has the stated goal of partnership. However, a failure to comply – particularly in cases where IRS examinations have previously uncovered deficiencies – will quickly turn the partnership into a supervisory relationship, one with severe penalties and possibly more onerous obligations imposed in the form of “undertakings” than exist in the regulations. Stated succinctly, financial institutions – including casinos and card clubs – should ensure they have appropriate resources invested in their compliance programs and periodically review the state of their program.