Best Practices for

Anti-Money Laundering Compliance

2022
 Table of
Contents
INTRODUCTION 1

BACKGROUND 2

CASINOS’ CULTURE OF COMPLIANCE 6

RISK ASSESSMENT 8

STATE REGULATORY REQUIREMENTS 9

RESULTS OF INDEPENDENT AUDIT AND IRS EXAMINATION 9

GAMING VOLUME AND CHARACTER 9

RANGE OF FINANCIAL SERVICES 9

CHARACTERISTICS OF CERTAIN GAMES 10

COUNTRY RISK 10

MONEY BROKERS 10

POLITICALLY EXPOSED PERSONS (PEPs) 11

PATRON BEHAVIORS 11

PATRON CHARACTERISTICS 12

MARIJUANA (CANNABIS) 13

CRYPTOCURRENCY 13

THIRD PARTY PAYMENTS AND SHELL COMPANIES 13

CASHLESS WAGERING ACCOUNTS (DIGITAL WALLETS) 13

AMERICAN GAMING ASSOCIATION

ONLINE GAMING 14

BSA/AML COMPLIANCE OFFICER 15

EMPLOYEE TRAINING 16

PREVENTIVE STEPS 18

KNOW YOUR CUSTOMER (KYC) 21

PATRON IDENTIFICATION AND VERIFICATION 21

ONGOING AND ENHANCED DUE DILIGENCE 24

POTENTIAL SUSPICIOUS ACTIVITY 26

GAMING FLOOR ACTIVITY 27

RACE AND SPORTS BOOK ACTIVITY 27

INTERACTIVE GAMING ACTIVITY 28

CAGE-FOCUSED ACTIVITY 28

INFORMATION FROM BACK OF THE HOUSE 29

TRANSACTION MONITORING 31

BRICK AND MORTAR TRANSACTION MONITORING 31

ONLINE TRANSACTION MONITORING 32

SUSPICIOUS ACTIVITY REPORT REVIEW PROCEDURES 34

RESTRICTING / TERMINATING PATRON RELATIONSHIPS 38

AUDIT PROCEDURES 40

INDEPENDENT TESTING PROCEDURES FOR CTRS 41

INDEPENDENT TESTING PROCEDURES FOR SARS 42

Best Practices for Anti-Money Laundering Compliance

RECORD-KEEPING AND RETENTION 43

CONCLUSION 44

GLOSSARY 45

ABOUT AMERICAN GAMING ASSOCIATION 48

APPENDIX A: ANTI-MONEY LAUNDERING PROGRAM QUESTIONNAIRE 49

 INTRODUCTION
The U.S. gaming industry is one of the most “casino” to cover in-person and lawful interactive
heavily regulated and controlled business sectors and mobile gaming operations as well as sports
across the globe. In addition to comprehensive betting, because the BSA/AML compliance effort
and stringent state gaming regulations, most U.S. applies to all forms of casino-style gambling.
gaming operations are also subject to federal
This document is not intended to be a checklist of
anti-money laundering (AML) and combating the
actions required of every casino and should not be
financing of terrorism (CFT) requirements.1
applied arbitrarily to any individual situation, or on
The modern casino and gaming operation is a blanket basis.
typically an entertainment venue that offers its
AML programs are risk-based, and casinos
patrons highly regulated gaming, often combined
have different risk profiles, so individual
with hotels, multiple dining options and live
casinos will have good reasons for departing
entertainment. Frequently brick and mortar casino
from or modifying a procedure in this
operators also have digital operations, offering
document, or for developing supplemental
interactive games or mobile sports betting
or alternative procedures, including
offerings. To facilitate gaming activity, casinos,
appropriate approvals and documentation of
as well as online and mobile gaming operators,
decision-making.
ordinarily provide some financial services to their
patrons. They endeavor to ensure that these
Moreover, in some instances, industry practices
financial services are used for gaming related
may go beyond a legal requirement established by
purposes. Although the vast majority of patrons
statute or regulation, so this document should not
visit casinos or mobile gaming applications
be considered a guide to those legal requirements.
for entertainment, leisure and diversion, those
engaged in illegal activity may attempt to use a The goal of this document is to provide a resource
casino or gaming platform’s financial services to for the gaming industry as well as other financial
conceal or transfer illicit wealth. sectors subject to the BSA, the government and
law enforcement to help guide their efforts to
This document is an attempt to distill the practices
protect the gaming industry and the broader
that a wide range of gaming operators – including
financial system from money laundering, illicit
land-based casinos, sports books, and interactive
AMERICAN GAMING ASSOCIATION

financing and other illegal activity.

and mobile gaming sites - have adopted to meet
these challenges. This document uses the term

To safeguard the integrity of the casino industry and the U.S. financial system, casino companies
and gaming operators have developed effective risk-based programs to ensure compliance
with the legal requirements of the federal Bank Secrecy Act and associated AML statutes and
regulations. AML programs also protect the casino and its employees from even unwittingly
being involved in money laundering criminal conduct.
1
As used in this paper, money laundering and anti-money laundering compliance (AML) also encompasses the terms terror financing
and combatting the financing of terrorism (CFT).

1
BACKGROUND
Since 1985, state licensed casinos have been
defined as “financial institutions” under the More broadly, the BSA also requires casinos
Bank Secrecy Act (BSA). Accordingly, they are to design and implement risk-based
subject to BSA reporting, recordkeeping and AML AML programs that include an annual
program requirements. Casinos must file currency risk assessment and a formal know your
transaction reports (CTRs) when a patron conducts customer (KYC) program in addition to the
a cash-in or cash-out transaction in currency by following measures (at a minimum):
or on behalf of a patron of more than $10,000
• A system of internal controls, policies,
in currency during a casino’s defined 24-hour
and procedures to assure ongoing
gaming day.
compliance;
Casinos also must file suspicious activity reports
• Procedures for using all reasonably
(SARs) when a casino knows, suspects, or has
available information to determine:
reason to suspect that a transaction or attempted
transaction aggregating at least $5,000: Š When required by BSA regulations,
the name, permanent address,
• Involves funds derived from illegal activity; Social Security number, and other
information, and verification of the
• Is intended to disguise funds or assets derived
same, of a person;
from illegal activity;
Š Whether SARs need to be filed and
• Is designed to avoid BSA reporting or
which information to include in the
recordkeeping requirements;
SAR filing when available;

Best Practices for Anti-Money Laundering Compliance

• Uses the casino to facilitate criminal activity;
Š Whether any other record required
• Has no economic, business, or apparent lawful under the BSA must be made and
purpose; or retained;

• Is not the sort of transaction in which the • Internal and/or external independent
particular patron would be expected to testing for compliance;
engage, and the casino knows of no reasonable • Appropriate, ongoing training of casino
explanation for the transaction after examining personnel;
the available facts.
• An individual or individuals charged with
assuring day-to-day compliance (the
“AML officer”); and

• Lastly, to assure compliance by using

automated programs to aid in assuring
compliance.

2
 BACKGROUND

In the interest of maintaining the integrity Consequently, there is often little observable
of gaming and complying with the above basis for distinguishing between those patrons
requirements, each casino company should “laundering funds” in the casino and all other
implement a comprehensive, risk-based, robust casino patrons.
anti-money laundering compliance program that
In early 2021, the landscape of the U.S. federal
ensures that it submits appropriate CTRs and
AML laws and regulatory framework changed,
SARs as required.
following the enactment of the federal Anti-Money
A discussion of criteria for casino compliance Laundering Act (AMLA). Designed to usher in a
programs appears at the website of the Financial new era of AML effectiveness, the AMLA aims to
Crimes Enforcement Network of the U.S. modernize the AML/CFT laws of the United States
Department of the Treasury (FinCEN). pursuant to the following purposes of the Act:

Further, the industry’s AML compliance programs • To improve coordination and information sharing
are also influenced by guidance from the U.S. among the agencies tasked with administering
Treasury, including the National Strategy for anti-money laundering and combating the
Combatting Terrorist and Other Illicit Financing financing of terrorism requirements, the
(National Illicit Finance Strategy) and the National agencies that examine financial institutions for
Money Laundering Risk Assessment (NMLRA).2 compliance with those requirements, Federal
law enforcement agencies, national security
The 2022 NMLRA identified the following seven agencies, the intelligence community, and
principal threats related to money laundering in financial institutions;
the United States:
• To modernize anti-money laundering and
• Fraud combating the financing of terrorism laws and
• Drug trafficking regulations to adapt the government and private
sector response to new and emerging threats;
• Cybercrime
• To encourage technological innovation and
• Professional money laundering the adoption of new technology by financial
• Corruption institutions to more effectively counter money
laundering and the financing of terrorism;
• Human trafficking and human smuggling
• To reinforce that the anti-money laundering
• Wildlife trafficking
and combating the financing of terrorism
AMERICAN GAMING ASSOCIATION

policies, procedures, and controls of financial

Moreover, as stressed in previous NMLRAs, “most
institutions shall be risk-based;
often criminals who use casinos to launder illicit
proceeds do it through gambling and spending on • To establish uniform beneficial ownership
entertainment”3 – the exact same activities that information reporting requirements to (A)
the casino’s other patrons are pursuing. improve transparency for national security,
intelligence, and law enforcement agencies
and financial institutions concerning

2
On May 13, 2022, the U.S. Department of the Treasury announced its 2022 National Strategy for Combatting Terrorist and Other
Illicit Financing. The 2022 strategy outlined priorities for the AML/CFT framework, law enforcement and technological innovation.
See 2022 National Strategy for Combatting Terrorist and Other Illicit Financing (May 13, 2022). https://home.treasury.gov/news/
3 press-releases/jy0779.
3
U.S. Department of the Treasury, The National Money Laundering Risk Assessment 2015, https://home.treasury.gov/system/
files/246/National-Money-Laundering-Risk-Assessment-06-12-2015.pdf, page 75, (June 2015).
BACKGROUND

corporate structures and insight into the flow TAILORING AN EFFECTIVE RISK-BASED
of illicit funds through those structures; (B) AML COMPLIANCE PROGRAM FOR
discourage the use of shell corporations as CASINO OPERATIONS
a tool to disguise and move illicit funds; (C)
assist national security, intelligence, and law Casinos’ risk-based compliance effort
enforcement agencies with the pursuit of involves many complexities. For patrons,
crimes; and (D) protect the national security of casinos are generally not viewed as financial
the United States; and institutions, but rather are entertainment
venues they enter and leave as it suits
• To establish a secure, nonpublic database at
them. Many patrons are not, and never will
FinCEN for beneficial ownership information.
be, personally known to casino employees.
Unlike a traditional financial institution’s
The AMLA mandates a range of extensive
customers, casino patrons are not required
congressional reports, regulatory reviews and
to identify themselves unless they trigger
reforms as well as updates to the examination
certain regulatory requirements (e.g., filing
manuals and regulator and examiner training
a CTR), and there may be only a limited
programs. As part of its implementation, FinCEN
amount of publicly available information
was required to issue National AML/CFT Priorities.
about many gaming patrons.
In June of 2021 the priorities were stated as
follows4:
Even those patrons who become identified to
• Corruption the casino, because they are frequent visitors or
because they require assistance with financial
• Cybercrime, including relevant cybersecurity
transactions, ordinarily have no reason to disclose
and virtual currency considerations
to casino employees their business or professional
• Terrorist financing activities. Most are engaging in gaming activity as
a form of leisure or entertainment.

Best Practices for Anti-Money Laundering Compliance

• Fraud

• Transnational criminal organization activity Some, for legitimate personal or privacy reasons,
may not care to have their gambling activities
• Drug trafficking organization activity known. This is especially true for individuals
• Human trafficking and human smuggling in states that only recently legalized a form of
gaming or wagering. In addition, the relatively
• Proliferation financing small number of patrons who may attempt to
launder funds through casinos take considerable
FinCEN plans to issue regulations in the
pains to conceal that purpose from the casino.
near future about how the priorities should
be integrated into AML programs of financial To help address money laundering risks, casinos
institutions. have developed comprehensive risk-based
programs to identify patrons whose gaming activity
approaches the CTR reporting threshold. That

4
Financial Crimes Enforcement Network, Anti-Money Laundering and Countering the Financing of Terrorism National Priorities,
https://www.fincen.gov/sites/default/files/shared/AML_CFT%20Priorities%20(June%2030%2C%202021).pdf (June 30, 2021).

4
 BACKGROUND

requires the aggregation of currency transactions These conversations can be sensitive as they may
from several different parts of the casino: the involve personal matters or complex business
gaming tables, electronic gaming machines, TITO dealings. There may also be cultural differences
Redemption Units, and casino cage activity, and language barriers. Given these nuances,
including credit (or marker limit), credit card cash consideration should be given as to who is best
advances and front-money transactions. suited to obtain this information and maintain
the customer relationship or determine that the
To detect and report suspicious activity, casino
relationship should not be retained because it
employees and supervisors must make complex,
presents unacceptable risk - Front Line Associates,
nuanced judgments based on readily available
Casino Marketing, leadership from other
information about a patron’s activities. The process
departments (AML, Finance, Legal, Compliance) or
of investigating activity and deciding whether to
a coordination of efforts.
file a SAR necessarily requires these judgement
calls, and in some instances, reasonable minds Casinos should make a risk-based determination
may disagree over whether a SAR should be filed. about which employees—senior managers or
front-line employees—are in the best position to
In some situations, suspicions can be confirmed or
determine whether and how to undertake such
disproved only with information that is ordinarily
an inquiry. For instance, the matter may involve
unavailable to the casino, or by making inquiries
issues that the casino ordinarily would have no
of the patron—for example, concerning the source
business reason to investigate, and some patrons
of the patron’s funds. In some situations, patron
may have little or no incentive to review those
activity that requires further vetting may only be
issues with the casino. The involvement of senior
resolved through candid conversations or obtaining
managers may facilitate the interaction with the
sensitive documents (e.g., tax returns, divorce
patron, as well as signal the importance of the
decrees).
inquiry. The strict confidentiality requirements
for SAR filings and care around tipping off,
necessitates careful consideration of what
information will be disclosed before contact is
made.
AMERICAN GAMING ASSOCIATION

5
CASINOS’ CULTURE
OF COMPLIANCE
Risk-based AML compliance efforts and a strong culture of
compliance are essential to the casino industry.
Casinos are encouraged to participate in the
Casinos should consult with FIN-2014-A0075, valuable voluntary information-sharing program
which discusses “Promoting a Culture of with other entities defined as financial institutions
Compliance” including the following principles: under Section 314(b) of the USA PATRIOT Act
• Leadership should be engaged. and who are required to maintain AML programs
under the BSA regulations. This program, and
• Compliance should not be compromised by
other formal and informal information sharing
revenue interests.
mechanisms, are a FinCEN priority and are vital to
• Information should be shared throughout the ensuring casinos and other financial institutions
organization. can obtain necessary information about their
patrons and customers.7
• Leadership should provide adequate human
and technological resources. In its most recent 314(b) fact sheet8, FinCEN
highlights the following benefits of the information
• The program should be effective and tested by
sharing program:
an independent and competent party.
While information sharing pursuant to Section
• Leadership and staff should understand how
314(b) is voluntary, it can help financial
their BSA reports are used.
institutions enhance compliance with their anti-

Best Practices for Anti-Money Laundering Compliance

Forging effective working partnerships with law money laundering/counter terrorist financing (AML/
enforcement agencies is another important way CFT) requirements, most notably with respect to:
to nurture a culture of compliance, ensuring that
• Gathering additional information on customers
employees understand how BSA-required reports
or transactions potentially related to money
are used to achieve national policy goals that may
laundering or terrorist financing, including
override business concerns.6 Such partnerships
previously unknown accounts, activities, and/
can be formal (such as hosting roundtables or
or associated entities or individuals.
forums to share information) or informal (such
as maintaining a close relationship with the local
FBI field office and sharing suspicious activity or
information).

5
See also, Financial Crimes Enforcement Network, Advisory to U.S. Financial Institutions on Promoting a Culture of Compliance,
FIN-2014-A007 (Aug. 11, 2014), https://www.fincen.gov/resources/advisories/fincen-advisory-fin-2014-a007.
6
A 2016 study by Ernst & Young for the American Gaming Association surveyed officials from twenty-three law enforcement and
gaming regulatory agencies and found that the casino industry has made concerted efforts to enhance AML compliance and reporting.
Investing in America’s Financial Security: Casinos’ Commitment to Anti-Money Laundering Compliance, p. 27. https://www.american-
gaming.org/wp-content/uploads/2018/12/AGA-AML-Research-Report-Final-011916.pdf.
7
Prepared Remarks of FinCEN Director Kenneth A. Blanco, delivered at the 11th Annual Las Vegas Anti-Money Laundering Con-
ference and Expo (August 2018), https://www.fincen.gov/news/speeches/prepared-remarks-fincen-director-kenneth-blanco-deliv-
ered-11th-annual-las-vegas-1. 6
8
Financial Crimes Enforcement Network, Section 314(b) Fact Sheet (December 2020), https://www.fincen.gov/sites/default/files/
shared/314bfactsheet.pdf
 CASINO’S CULTURE OF COMPLIANCE

• Shedding more light upon overall financial • Facilitating efficient SAR reporting decisions
trails, especially if they are complex and - for example, when a financial institution
appear to be layered amongst numerous obtains a more complete picture of activity
financial institutions, entities, and through the voluntary information sharing
jurisdictions. process and determines that no SAR is
required for transactions that may have
• Building a more comprehensive and accurate
initially appeared suspicious.
picture of a customer’s activities that
may involve money laundering or terrorist There is no more effective way to foster a positive
financing is suspected, allowing for more culture than to have the casino’s senior leadership
precise decision-making in due diligence and and Board of Directors (whether directly or through
transaction monitoring. the Board’s Audit or Compliance Committee)
engaged in the AML compliance effort, receiving
• Alerting other participating financial
periodic updates on regulatory developments,
institutions to customers of whose suspicious
changes to the program, resources, and audit
activities they may not have been previously
findings by regulators and by other independent
aware.
compliance reviews. Senior leadership and the
• Facilitating the filing of more comprehensive Board should communicate the importance of
SARs than would otherwise be filed in the BSA/AML compliance within the organization,
absence of 314(b) information sharing. setting the compliance tone from the top.

• Identifying and aiding in the detection of

money laundering and terrorist financing
methods and schemes.
AMERICAN GAMING ASSOCIATION

7
RISK ASSESSMENT
The Bank Secrecy Act requires casinos to • Second, what casino departments or employees
implement risk-based internal controls. Every are best positioned to detect the entry and exit
financial institution is potentially at risk of being of such funds?
used for illegal purposes or accepting funds that
• Third, what are characteristics of transactions
were obtained illegally. Casinos should identify
that may involve illicit funds, or of patrons who
and assess their specific money laundering risks
are more likely to engage in suspicious activity?
and adopt effective measures designed to mitigate
those risks. The Risk Assessment and internal • Fourth, what measures (including automation)
controls should be clearly documented as a part of are in place to mitigate these risks?
the casino’s AML program.
• And finally, how effective are those measures?

The casino’s Risk Assessment should be the

In answering these questions, a casino will assess
first step in building a compliance program.
the BSA-related risks present at different parts of
its business.
Risk assessments should be reviewed and
approved by senior leadership. Casinos should also look at relevant enforcement
The risk assessment, conducted no less than actions, press reports, and legal cases to identify
annually, should be tailored to each specific typologies that may be used to exploit their
casino venue and the nature and characteristics properties and evaluate whether their present
of its location, enterprise, products, financial compliance structure is sufficient to mitigate risks
services, and customers. associated with those typologies.

Best Practices for Anti-Money Laundering Compliance

Many factors may be relevant to the risk On an annual basis and as part of its ongoing
assessment for a specific casino, but the risk risk assessment, the casino should review its
assessment process begins with asking basic filed SARs for the previous year to analyze
questions: patterns of suspicious activity. The trends then
may be reviewed by a casino’s AML Committee,
• First, what are the entry and exit points at the if applicable, to determine whether adjustments
casino for patron funds that may come from to the AML program or Risk Assessment are
illicit sources? warranted.

Regulators, independent auditors, and law enforcement officials

may also provide important guidance concerning risks that are
arising in the financial system generally, and in the gaming
industry specifically. The NMLRA is a good resource to identify
threats and vulnerabilities.
8
 RISK ASSESSMENT

Casino compliance professionals should also bring Because money launderers often deal with
to bear their judgment based on experience with substantial amounts of money, they may be drawn
casino transactions. to larger casinos with higher gaming activity,
where large-value transactions are more frequent
Upon completion of the annual risk assessment,
and less likely to draw attention.
the compliance function should develop formal
action items to be completed to reduce any For the same reasons, money laundering may
insufficiently mitigated risks. be more likely to involve patrons bringing large
amounts of money to a casino and playing games
STATE REGULATORY REQUIREMENTS at higher-dollar values. Accordingly, larger gaming
venues will likely need more AML/BSA compliance
States that grant casino licenses typically impose
procedures than smaller dollar volume casinos.
exacting regulation on casino operations, though
specific requirements vary from state to state. Nevertheless, smaller volume casinos must be
State regulatory specifications can include the alert to a patron’s departure from ordinary patterns
games that can be offered and the rules of of play and the suspicious use of the financial
each game; the financial services that can be services offered by the casino; similarly, the
offered and the procedures casinos must follow structuring of transactions to avoid reporting
in providing them. State regulation also extends requirements can occur at any casino, regardless
to the nature of the surveillance and security of business volume.
measures employed at the casino.

RANGE OF FINANCIAL SERVICES

RESULTS OF INDEPENDENT AUDIT The broader the array of financial services
AND IRS EXAMINATION available at the casino (e.g., front-money deposit
Information identified in independent assessments accounts, markers/credit extensions, wire transfer
of a casino’s AML program should be carefully services, check cashing, credit/debit card cash
analyzed and reviewed. Such assessments include advances, offering safe deposit boxes), the
evaluations of independent auditors and Internal greater the opportunity for a money launderer
Revenue Service examinations of the casino’s AML to exploit several different services for illicit
compliance program. The casino should undertake purposes. Casinos should strive to ensure that
corrective actions in response to issues that arise transactions have a gaming purpose and that other
during an examination or audit and revise its AML financial transactions conducted as a courtesy
program accordingly or make a determination that
AMERICAN GAMING ASSOCIATION

are prohibited or restricted to small amounts. In

no such action is necessary. addition to being highly limited, such transactions
should require approval by at least two individuals
GAMING VOLUME AND CHARACTER with an appropriate level of authority, such as
Different gaming venues may have differing risks the Compliance Officer, Cage Director or other
based on their unique product mix and customer senior level executive. The approval process
pool. Risks may evolve over time as a venue’s for exceptions to the policy should be clearly
business model and/or customer transaction documented in the casino’s compliance program.
volume changes.

9
RISK ASSESSMENT

CHARACTERISTICS OF CERTAIN GAMES defined by the United States as jurisdictions of

concern for narcotics trafficking, human trafficking,
The rules of certain games may make money
money laundering, terrorism, or other forms of
laundering more likely. For example, if a game
illicit finance, or if the foreign nation has been
allows patrons to bet either side (e.g., baccarat,
identified as high risk requiring a call to action
craps, or roulette), confederated patrons might bet
or as subject to increased monitoring because of
both sides in order to launder funds through the
deficiencies in its AML regime by the Financial
game.
Action Task Force (FATF), or if the foreign nation
Similar risks may arise in the case of sports has been identified by Transparency International
betting when a patron places a bet with a legally or a similar reputable organization as having a
operating sports book on behalf of an unidentified high level of public corruption.10
third party, concealing the origin and owner of
Online operators should ensure they have
the funds or betting on both sides of the line.9 In
implemented controls sufficient to prevent
addition, race and sportsbooks may be potential
individuals located in comprehensively sanctioned
targets for money launderers because confederates
locations from accessing their platform and should
can bet on both sides of a game or an event,
perform sanctions screening as part of onboarding.
thereby offsetting their exposure.

Because poker is not a house-banked game, MONEY BROKERS

transactions at the poker tables may occur
between customers, rather than with the casino. Capital flight restrictions (currency controls) in
Accordingly, the casino may be less likely to countries such as China and others impose limits
detect potential suspicious activity because on the amount of funds in local currency that an
poker—unlike table games, race and sports book individual may take out of the country during a
wagers, or electronic games—does not afford specified time period. This restriction presents a
the casino the ability to determine verified win/ money laundering risk to casinos. For example,

Best Practices for Anti-Money Laundering Compliance

loss. If a casino does not permit cash wagering in Chinese law prohibits citizens from converting
poker rooms, the risk of money laundering may more than the equivalent of $50,000 in Chinese
be correspondingly reduced. Nevertheless, there yuan into foreign currency per year. This may
could be information about a poker player’s source incentivize individuals operating within the United
of funds or criminal associations that could raise States to offer illicit cash brokerage service to
red flags and should be escalated to compliance. Chinese nationals traveling abroad. The broker
offers cash in the United States in exchange for a
domestic transfer in the customer’s home country.
COUNTRY RISK
Money remitters outside the United States may
Some patrons with casino accounts may be
offer foreign exchange services to avoid currency
deemed to present a higher risk if the casino
restrictions and could make payments to casinos
learns that they are non-resident aliens or foreign
by wire on behalf of casino customers.
nationals or residents of countries that have been

9
See FinCEN Correspondence with the American Gaming Association Regarding Sports Betting Conducted on Behalf of Third Parties,
https://www.fincen.gov/resources/statutes-regulations/guidance/fincen-correspondence-american-gaming-association-regarding. (Jan.
16, 2015).
10
For example, see the State Department’s annual International Narcotics Control Strategy Report (2022). https://www.state.
gov/2022-international-narcotics-control-strategy-report-2/#:~:text=The%202022%20International%20Narcotics%20Con-
10
trol,trade%20in%20Calendar%20Year%202021, and announcements by FinCEN on FATF actions with respect to specific jurisdic-
tions. (March 10, 2022). https://www.fincen.gov/news/news-releases/financial-action-task-force-identifies-jurisdictions-anti-mon-
ey-laundering-and-1.
 RISK ASSESSMENT

Casinos should be aware of this risk in relation • Unexpectedly use multiple sources or multiple
to patrons subject to these restrictions and direct destinations for funds.
casino staff to report any activity indicative of this
• Request multiple monetary instruments for a
behavior.
jackpot or wager win.

POLITICALLY EXPOSED • Wagers on both sides of a transaction in ways

PERSONS that are not explainable as “hedging”

Also known as Senior Foreign Political Figures, • Makes wagers and almost immediately cashes
Politically Exposed Persons (PEPs) are individuals out.
who have been entrusted with a current or past
• Demonstrate no concern for the tax
prominent public function, or individuals who
consequences of uncarded play, which may
are close relatives or known close associates of
generate large documented “income” that is
such persons. PEPs and their transactions may
warrant further inquiry and consideration by not offset by losses.
the casino, such as investigating their source
of wealth or funds. The concern is that their Casinos should also be attentive to the influence
source of funds for gaming could be from corrupt and impact of Third-Party Marketing Programs
activities. As appropriate, casinos should identify and relationships. To the extent such entities may
and assess the risks of both foreign and domestic bring a meaningful number of patrons to a casino
PEPs. A casino may need to conduct open source property, casinos should undertake review of the
research to identify PEPs. A casino operator may marketing entities’ practices and procedures and
opt to use a commercial service or third-party conduct appropriate due diligence on third party
provider to identify PEPs. Online operators should marketers or firms.
perform PEP screening as part of onboarding and To maximize incentives (comps, promotional chips,
periodically thereafter. airfare, discounts, and allowances) a player, or
group of players working in concert, may often
PATRON BEHAVIORS display a number of suspicious behaviors (e.g.,
Unusual patterns of patron behavior on the passing chips, offsetting wagers, masking their
gambling floor may suggest the risk of money activity, distorting their average wager, walking
laundering. For example, a patron may: with chips). For commercial reasons, casinos may
• Increase betting or financial transaction activity work aggressively to curtail these behaviors with
AMERICAN GAMING ASSOCIATION

significantly without explanation. the help of Surveillance, Operations and Casino

Marketing. Casinos should exercise caution in
• Appear to be coordinating their gaming with assuming these behaviors are simple advantage
another patron or patrons (e.g., passing chips play strategies that may not be illegal and remain
or cash back and forth) in an attempt to evade attentive to the risk that these same behaviors
notice. may be employed for money laundering purposes.
• Abruptly change the methods they use for In some cases, this behavior should be escalated
bringing money into or out of the casino. to Compliance as potential suspicious activity.

11
RISK ASSESSMENT

Some or all of these behaviors or practices may When such is identified about a patron, casinos may
be entirely legitimate, but casinos should be wish to review any previous transactions with the
attentive to the risk that they are not. Many of patron that may appear suspicious in light of the
these considerations are detailed further in later newer information and file additional SARs or amend
sections of this document. previously filed SARs as warranted if suspected
illegal activity was conducted through the casino of
In addition, the U.S. Department of the Treasury
the patron had an illegal source of funds for gaming.
noted in its 2015 National Money Laundering
Casinos may also determine to review such patron’s
Risk Assessment, that money laundering activity
future activity, if any, after a prescribed period of
at a casino most often involves exactly the same
time (e.g., 90 days).
activities – gambling and spending money – that
all casino patrons engage in.11 In addition, information about the patron’s financial
situation may be relevant (to the extent known by
Given that licit and illicit activity may look the
the casino), including (as examples) the presence
same to the casino’s compliance team, application
of IRS tax liens or personal bankruptcies in recent
of data analytics and technology should be
years. Casinos should also work to ensure they are
considered as these resources may help identify
consistently evaluating relevant subpoenas that are
certain specific types of illicit activity, such as
received, especially those associated with financial
“bill stuffing” in slot machines; minimal gaming;
crimes. While receipt of a criminal subpoena
chip walking; front money deposits in cash;
generally will be a trigger for a KYC or SAR review,
large cash buy-ins and/or redemptions to avoid
receipt of a subpoena alone does not require filing of
reporting; and revolving markers. The result of the
an SAR unless there is a suspicion that the person’s
monitoring will be investigated by Compliance to
source of funds for gaming was illegal activity or the
determine whether SARs should be filed.
casinos was used for an illegal purpose.

PATRON CHARACTERISTICS Because all of these criteria are necessarily

Best Practices for Anti-Money Laundering Compliance

In some instances, a casino may learn information general, individual casinos have adopted a range of
from any source about a specific patron which implementation measures and guidelines that aim
warrants further inquiry or examination of the to detect, block, and report efforts to present illicit
patron’s transactions. Examples of such information funds at casinos.
include formal actions against the patron by law
The following discussion of available compliance
enforcement agencies, public reports of negative
techniques should not be viewed as mandatory for
information concerning the patron’s integrity, source
every casino. Variations in patron mix, games offered,
of funds, or evidence that the patron is under
volume of gaming, location of casino operation
investigation by law enforcement. In addition to
and many other factors may render some steps
inquiries from law enforcement and regulators,
listed below less applicable to a specific casino or
314(b) requests from other financial institutions may
may warrant measures in that casino that are not
indicate that a casino should conduct additional due
identified in this document. A discussion of risk
diligence on a specific patron or group of patrons.
assessment factors for casinos (FIN-2010-G002)
The results of the review should be documented and
appears at the FinCEN website, www.fincen.gov,
maintained in the casino’s records.
along with responses to Frequently Asked Questions.

12
11
U.S. Department of the Treasury, National Money Laundering Risk Assessment, https://home.treasury.gov/system/files/246/Nation-
al-Money-Laundering-Risk-Assessment-06-12-2015.pdf, page 75, (June 2015).
 RISK ASSESSMENT

MARIJUANA (CANNABIS) may be shell companies or act as unlicensed

Despite being legal at the state-level in multiple money transmitters. Contrary to popular belief,
jurisdictions, the sale and distribution of marijuana these entities are not only incorporated in offshore
remains illegal at the federal level. It may come to jurisdictions with reputations for secrecy, but can
a casino’s attention, for instance in a KYC Customer also be organized under state law in the United
Due Diligence (CDD) review, that a customer has States. FinCEN has taken measures to address this
ties to a state licensed and regulated marijuana risk. In 2018, FinCEN’s Customer Due Diligence
(cannabis) business, e.g., is an owner or employee or CDD Rule became effective requiring banks and
of the business. Since the sale and distribution certain other financial institutions (not casinos) to
of marijuana is still prohibited federally, casino obtain beneficial ownership information on legal
compliance programs should include a policy entity customers. Under the AMLA, FinCEN is in the
regarding how to address customers with ties to process of developing a non-public database with
state-legal marijuana related businesses and whose beneficial ownership information on corporations and
source of funds for gaming may be from these LLCs organized under state law.
businesses.
Acceptance of payments for gaming or casino debt
from legal entities on behalf of customers or other
CRYPTOCURRENCY
third party payments poses a money laundering
Cryptocurrencies use blockchain technology
risk for casinos. Casinos may have policies that
as a means of decentralized record-keeping
allow payments from operating businesses that
for transactions. The regulatory climate for
are documented to be related to, or owned by,
cryptocurrency is still developing and the value
the customer or from relatives of the customer.
of cryptocurrencies is volatile. There have been a
Acceptance of payments from other persons, or third
number of cases where cryptocurrency has been
party legal entities, including from corporations,
involved in money laundering or other illegal activity
partnerships, LLCs, and other similar entities are
and its illegal use is a major government concern.
of a concern and should be generally prohibited. To
Suggested best practice is to require any virtual
the extent a casino allows third party payments, the
currency to be converted to US dollars prior to usage
casinos should understand and document the nature
for gaming at a slot machine, table game, sports
of the relationship between the customer and third
book, or other gaming area. By requiring virtual
party.
currency to be converted to US dollars prior to usage
for gaming, it will be subject to the same Currency
Transaction Reporting and Suspicious Activity
CASHLESS WAGERING ACCOUNTS
AMERICAN GAMING ASSOCIATION

(DIGITAL WALLETS)
reviews as all other cash transactions conducted
within the casino. Cashless Wagering Accounts, sometimes also
referred to as Digital Wallets allow for cashless
gaming on the Casino Gaming floor. Wagers can
THIRD PARTY PAYMENTS AND SHELL
be placed with a mobile device with access to the
COMPANIES
patron’s wagering account. A patron’s identity is
There has been a longstanding concern with the
confirmed and each transaction creates a digital
use anonymous legal entities to promote money
record.
laundering and other illegal activity. These entities

13
RISK ASSESSMENT
An important distinction is that Digital Wallets as to detect customers that frequently make deposits
noted here, are denominated in US dollars and the and withdrawals without associated gaming
best practices in this section are not in reference activity. Such instances should be considered for
to cryptocurrency which is covered in a separate SAR filing.
section. Cashless Wagering Accounts allow
customers to load cash into an account and use ONLINE GAMING
those funds for gaming at Slot Machines, Table
Online gaming has many of the same risks
Games and other locations as determined by the
associated with in-person casino gaming. Online
casino operator and the functionality of the Digital
operators may be held by FinCEN to the same
Wallet.
reporting requirements for reporting suspicious
Cashless Wagering Accounts may be associated activity under Title 31/BSA/AML laws depending on
to a customer’s Player loyalty account with the forthcoming FinCEN guidance.
casino. Best practice is to only allow accounts to
Accordingly, appropriate reviews should be put into
be associated to one user. The casino should take
place to detect similar types of Suspicious Activity.
reasonable precautions to assure accounts are
The types of Suspicious Activity for online gaming
not shared by multiple customers. The Customer
include but are not limited to minimal gaming with
Service Agreement should require customers to
large transactions, structuring, identification issues
agree that the account is for personal use only.
etc. Additionally, prior to signing up for an online
As transactions conducted are non-cash, Currency gaming account, new customers should be subject
Transaction reporting requirements do not apply to identity verification as well compared against the
to gaming transactions conducted using Cashless Office of Foreign Asset Control and SDN sanction
Wagering Accounts. As such, an operator should lists. If a customer appears on one of the sanction
implement adequate procedures to review lists, the online gaming provider should block the
transactions using this payment method for creation of the account.

Best Practices for Anti-Money Laundering Compliance

Suspicious Activity. Wagering Account deposits
Identity and credit card theft fraud rings may
and withdrawals in cash are still subject to CTR
target the online gaming environment to establish
requirements when they occur on casino premises.
fraudulent accounts with stolen identity information
Funding sources may include online transfers and to fund those accounts with fraudulent payment
from bank account, credit/debit card, deposit instruments. Such fraud rings attempt to establish
with a cashier within the casino and others. multiple online accounts and if successful, typically
Transforming deposits from one transaction type to make large deposits with minimal game play and
another within the Digital Wallet platform should then quickly try to withdraw those funds. Online
be strictly limited. Wherever possible, casinos casino and sports bet operators should establish
should require the withdrawal method to match tools to mitigate such fraud which may include
the deposit method, unless the funds have been the methods described under “Preventative Steps”
sufficiently placed at risk. Funds deposited to a section of this document.
Cashless Wagering Account should be confirmed
to be used for a gaming purpose. A reasonable,
risk-based review process should be put in place

14
 BSA/AML COMPLIANCE
OFFICER
As required by federal BSA regulations, at least by law enforcement agencies and act as a liaison
one employee at a casino must be designated as (partner) with those agencies. The compliance
responsible for compliance with BSA and AML officer should be the designated point of contact
requirements, policies, and training, and should for any AML/BSA related exams, audits, and law
be available to other employees to consult on enforcement inquiries.
related questions as they arise. This individual
In addition, to ensure that the BSA/
should be fully knowledgeable of the BSA and
AML compliance officer has the necessary
all related regulations and independent of casino
independence to execute their responsibilities,
operating departments. This individual may be
they should report to, for example, the General
known as the BSA/AML compliance officer or
Manager, Chief Legal Officer, Chief Risk Officer,
have another title/duties (for the purposes of
Chief Compliance Officer, or executive of
this document the employee with the BSA/AML
comparable stature. Property-level leadership with
responsibility on property shall be referred to as
oversight of BSA/AML programs should themselves
the BSA/AML compliance officer).
have a direct reporting line to the centralized
The BSA/AML compliance officer should be corporate compliance department, if applicable.
well-versed on the casino’s products, services, All compliance-related reporting lines within the
customer base, entities, and geographic locations, organization should be clearly delineated and
as well as the potential money laundering and identified to employees. The corporate board
terrorist financing risks associated with those of directors, or relevant committee, should also
factors. It is important that the compliance officer receive routine briefings on the BSA/AML program
understand how BSA-required reports are used and any material changes.

The BSA/AML compliance officer, along with the AML

compliance function more broadly, should be vested with
appropriate authority and resources to implement the
AMERICAN GAMING ASSOCIATION

program and assist the casino in managing risk. This

means that the BSA/AML compliance officer should have
sufficient stature in the organization to be a member of,
or otherwise be able to regularly brief, senior leadership.
The BSA/AML compliance officer should be senior enough
to effectively promote the culture of compliance at all
levels of the organization.
15
EMPLOYEE TRAINING
Ongoing training on AML procedures and BSA
compliance requirements should be provided to
employees who deal with customers or conduct,
assist with or review patron transactions that may
be subject to the BSA. The extent and intensity
of the training should vary according to the
responsibilities of the employee but should address
CTR and SAR reporting, how those reports are used
by government agencies, and the casino’s AML
Program. Training should be department specific, so
that the trainee understands their role in the overall
Consequently, senior level officials/executives
AML program’s success and how the particular
should receive different AML training than frontline
transactions that they themselves conduct fit
supervisors and employees. On the job training is
in. Trainees should gain an understanding of the
also an important component and provides real life
types of transactions they will be responsible for,
context to supplement official training materials.
and how they can be exploited in an attempt to
launder money. Trainees should be well-equipped to The responsibilities of more senior personnel may
identify red flags, know the procedures, understand tend to involve more oversight and assessment of
confidentiality, and have the tools for reporting such risk so AML training should be tailored to these
behaviors. roles. For frontline supervisors and employees, a
testing component should be incorporated into the
Employees that may encounter a transaction
training to ensure comprehension and a signed
governed by the BSA should receive training

Best Practices for Anti-Money Laundering Compliance

acknowledgement form agreeing to comply with
before functioning in a capacity alone when newly
company BSA/AML policies.
hired or promoted, and an ongoing annual basis.
Training may take place more frequently if changes A casino should tailor its training program to
in the law or circumstances require it. Training employees who would be in a position to observe
should be appropriate for the level of seniority and potentially suspicious activity or directly handle
responsibilities of employees and management. patron transactions, consistent with the risks

Training materials should be updated regularly to ref lect

regulatory and enforcement developments under the
BSA. If such regulatory developments warrant a revision
in the casino’s compliance practices, relevant personnel
should receive information on a timely basis about those
developments and any revised casino practice.
16
 EMPLOYEE TRAINING

identified in the risk assessment. At a minimum, • Credit & collections employees;

training should extend to the following general
• Surveillance employees;
categories of employees as applicable:
• Property compliance and AML compliance
• Those engaged in the operation of casino games
employees;
(table games, poker, slots, keno and bingo,
and race & sports), at least beginning with • Audit employees, including Internal Audit and
supervisors and above. If a casino elects to not Fraud Department employees; and
train dealers, they should consider messaging
• Senior gaming management, Board of Directors,
for recognizing and reporting suspicious
Audit Committee or Compliance Committee.
activity;
Training on BSA/AML policies and Form 8300
• Casino marketing employees whose job requires
reporting for non-gaming employees (high-end
frequent direct contact with patrons, including
retail, night clubs, convention sales, hotel and
domestic and international hosts, branch office
food and beverage) may be incorporated into their
employees, and special events employees; respective job training, as necessary.
• Cage employees;

The casino’s AML compliance performance, as well as

the compliance actions of individual employees, should
be a factor in performance reviews of those employees
involved with BSA compliance. These factors should be
considered in calculating compensation and bonuses, and
in determining any negative personnel action, including
performance improvement plans through to termination
from employment.
AMERICAN GAMING ASSOCIATION

17
PREVENTIVE STEPS
Casinos should consider adopting policies and procedures
that have the purpose of preventing patrons from
attempting transactions that have a higher likelihood of
money laundering, BSA violations or other violations of
law. Such policies and procedures should be tailored to
the casino’s specific business profile and customer base;
geographic location; financial services offered; and product
offerings.

Some examples of such policies and procedures foreign currency exchanges for established
may include: patrons at reasonable levels). Such approvals
should be documented.
• Requiring that “ticket-in/ticket-out” (TITO)
redemptions at self-service kiosks be capped • Declining to accept cash to purchase a casino
at an amount below $3,000 determined by check or other monetary instrument or to
the risk assessment for such transactions at initiate a wire transfer. This would not restrict
that casino and monitoring to identify TITO the cage from issuing a check or funds transfer
redemptions of multiple tickets below $3,000 for documented casino winnings. Such

Best Practices for Anti-Money Laundering Compliance

at the same self-service kiosk. Increasing approvals should be documented.
surveillance at TITO machines to detect
• Concern would be heightened with respect to
stuffing multiple low denomination tickets
checks or wire transfers which originate from a
to avoid CTR reporting and placing TITO
labor union, charitable/non-profit organization
machines in areas that are easily observable
or foundation, law firm (including from a
by staff.
Interest on Lawyer’s Trust Account (“IOLTA”)),
• Barring cash for cash exchanges or only accounting firm, or any type of trust account.
allowing them at a very low threshold, as this A casino may determine to reject and/or
can be indicative of money laundering. Any reverse such checks and wire transfers and
cash exchanges should be consistent with consider filing SARs on the payment.
the casino’s risk assessment and in rare
• Issuing casino checks and wires to a patron
circumstances permit senior management to
only for the amount of his/her winnings (e.g.
approve such exchanges above that threshold
the remaining funds from a check or wire
for an appropriate business purpose (e.g.,
which already has been accepted).

18
 PREVENTIVE STEPS

• A check for winnings should be payable only to • Directing International Branch Offices of the
the patron, and a wire transfer should be made casino to adhere to the same recordkeeping
only to the patron’s account or, if applicable, and reporting requirements under the BSA
to the account from which the originating wire that are consistent with the laws of the
was received. Similarly, if there is a return of jurisdiction in which the International Branch
front money paid by wire transfer, it should be Office is located, as well as local law. To the
wired back the bank account from which the extent these offices are allowed to receive
funds originated. cash, casinos may want to consider voluntary
CTRs. The office should also be required to
• To the extent casino checks and/or wires are
identify and report internally any suspicious
made payable to a patron’s business, another
transactions in order that SARs can be
casino account, or to someone other than the
completed where required.
patron at the patron’s request, casinos must
develop appropriate procedures. Procedures • Additionally, all traveling marketing executives,
should require that such transactions include prior to travel outside the U.S. should be
cage or senior management approval. Such trained on the laws that relate to gaming and
transactions should only be allowed when the marketing for the specific jurisdiction(s) they
casino has been able to obtain an appropriate are visiting. If a traveling marketing executive
business purpose for the action which is is is authorized to conduct a financial transaction
documented, and an appropriate connection in an international location, the casino may
is documented between the patron and the also need to report the transaction under the
business. BSA.

• Suspending a patron’s loyalty club account • Eliminating cash play at poker tables and
and/or barring the patron if the patron’s documenting poker chip purchases at a certain
activity has generated the filing of an dollar threshold.
incomplete CTR and the patron has declined
Online operators should consider the following,
to produce the required information, until
among other things:
the missing information is provided. Filing a
SAR for the episode should be considered. In • Requiring that accounts from which patrons
such instances, the patron will be prohibited deposit and withdraw funds match the name
from further gaming and may be prohibited of the accountholder;
from the redemption of complimentaries.
• Where possible, return funds by the method
AMERICAN GAMING ASSOCIATION

Senior management should have discretion on

paid;
such matters if the patron is cooperative, the
complimentaries were already earned, and • Analyzing customer activity for evidence
the expectation is that acquisition of verifying of account sharing or attempts at evading/
identification will be facilitated by maintaining manipulating geolocation;
the patron relationship.
• Monitoring customer activity for evidence of
deposits and withdrawals without legitimate
wagering activity; and

19
PREVENTIVE STEPS
• Searching player databases for:

• Multiple players with using similar user

names and email addresses

• A large number of players geolocating at a

similar residential location

• Multiple players using a shared device

• Analyzing player accounts with multiple

payment methods and consecutive deposits.

Best Practices for Anti-Money Laundering Compliance

20
 KNOW YOUR
CUSTOMER (KYC)
In addition to comply with the BSA reporting For example, in some situations, the casino could
and recordkeeping requirements, as part of their consider obtaining additional information, such
AML programs, casinos are expected to maintain as occupation, employer, business affiliations,
risk-based KYC programs with procedures for and bank account information. In addition,
conducting KYC reviews of certain customers. The on a risk basis, casinos should perform an
reviews generally will consider the customer’s appropriate amount of due diligence to verify
gaming activity, history and consider whether information provided by patrons. Procedures
the person has a legitimate source of funds to should specify when occupation information will
be obtained. This requirement does not apply to
support the level of play and that there is no
the establishment or use of player loyalty club
negative information that supports a suspicion
accounts.
that person’s source of funds for gaming may be
the proceeds of illegal activity. As discussed below No transaction(s) known to be reportable under
KYC reviews may encompass a casino’s largest the BSA or AML procedures will be completed or
players and players that present elevated AML accounts opened unless the individual conducting
risk. KYC reviews may result in possible SAR filing the transaction(s) provides valid, current,
or, in extreme cases, possible consideration of government-issued photo identification, including
government-issued Real IDs or digital IDs, and a
termination of the customer from further business
permanent address.
with the casinos and its affiliates. Procedures
should include when KYC reviews will be If the patron asserts that his only permanent
conducted and what reviews will entail on a risk address is a post office box, the casino should
basis customer identification is one of the building confirm this assertion by examining available
blocks for KYC. databases and acquiring the patron’s attestation to
this fact.
PATRON IDENTIFICATION AND
VERIFICATION Examples of acceptable government-issued photo
identification are:
No front money or marker limit/credit account
or safety deposit box agreement will be opened, • Driver’s License12
nor will any transaction involving such services
AMERICAN GAMING ASSOCIATION

be conducted, unless the patron provides a full • Passport

name, a permanent address and (for U.S. citizens)
• Alien Registration Card
a Social Security number (as required by law or
regulation). On a risk basis, casinos should obtain • State Issued Identification Card
additional information depending on the risk (including Real IDs)13
presented by the patron and product or service.
• Tribal Identification Card

12
This does not include “driver authorization” cards or international driver’s licenses/permits, which are not an acceptable form of
identification.
13
All state issued IDs that are compliant with the Real ID Act are sufficient for BSA reporting purposes, even those that contain the
disclaimer, ‘Not for Federal Identification.’
21
KNOW YOUR CUSTOMER (KYC)

VERIFICATION If a patron declines to provide a Social Security

number when one is required, the casino must
DOCUMENTARY REVIEW
not complete any pending reportable transaction
Other than a Driver’s Authorization Card, for in-
with that patron or open an account for that
person transactions, a casino generally may rely
patron. If the patron has exceeded the reporting
on viewing government-issued identification as
threshold for a CTR without providing a Social
verification of a customer’s identity; however, if a
Security number, a casino employee will attempt
document shows obvious indications of fraud, the
to acquire that information from publicly available
casino must consider that factor in determining
information. Declining to provide a Social Security
whether it can form a reasonable belief that it
number may warrant completion of a SAR for
knows the customer’s true identity.
the incident, particularly if a pattern has been
In some instances, information in the casino’s observed.
records will suggest that certain information on
If the patron does not provide proper
the official identification document – most often,
identification and/or required information,
the patron’s permanent address – is no longer
the casino should not engage in transactions
accurate.
with that patron and the patron should be
In those situations, if the casino can verify by barred from further gaming activity until
reasonable inquiry the more recent information, it satisfactory identification and/or the required
may wish to report the more recent information information is provided. Documentation of
on any CTRs and SARs filed for that patron. The the incident should be added to the patron’s
reason for using an address other than one on account in the management information
the customer’s government-issued ID should be system.
maintained in the casino’s records.
NON-DOCUMENTARY REVIEW14
If the patron is a U.S. citizen, or a U.S. resident In many states casinos also offer online

Best Practices for Anti-Money Laundering Compliance

a Social Security number is required for certain gambling options including online sports betting
transactions including CTRs and taxable events. and online casinos.
Patrons may verbally provide a Social Security
number. In such cases it is recommended that Before any patron can make an online wager, they
the patron complete a W-9 to attest to the validity must first establish an online wagering account
of a verbally provided Social Security number. If with the casino or sports betting operator. For
the casino knows or has reason to believe that some operators, such accounts may be established
a previous Social Security number provided by in-person in which case the ID is verified by
the patron was incorrect, then the patron may documentary review as described above.
also be required to complete and sign a W-9
In most cases however, such accounts are
Form before any pending transaction can be
established remotely though the internet, so it is
completed. Casinos should consider filing a SAR
not possible to verify identity through the in-
if inconsistencies in identifying information are
person review of physical documentation. In such
suspicious.

14
Financial Crimes Intelligence Network, Exceptive Relief for Casinos from Certain Customer Identification Verification Requirements,
FIN-2021-R001 (Oct. 19,2021). This relief was granted by FinCEN in response to the casino industry’s request to allow verification
by non-documentary means which is not currently provided for in the BSA regulations.
22
 KNOW YOUR CUSTOMER (KYC)

cases, operators must rely on non-documentary If an individual cannot provide the identification
methods of ID verification. and/or required information, that individual will be
barred from further gaming activity, and the casino
Non-documentary methods require the patron
will consider filing a SAR.
to input or download personal information
about themselves which typically includes some For purposes of currency reporting, independent
combination of name, address, date of birth, agents that contract with the casino are agents for
government-issued ID number, phone number, the patron and not the casino if that designation
email, and all or part of social security number. has been established in the independent
Some operators may also require the submission agent agreement. Independent agents should
of a photo or scan of a government-issued ID and acknowledge, in writing, the responsibility of the
in some circumstances, may require the download casino under the BSA and the casino’s obligations
of selfie of the patron applying. This information is to report suspicious activity and agree to report
then independently verified through a comparison to the casino any suspicious activity they become
of information provided by the customer with aware of.
information obtained from a consumer reporting
SANCTIONS
agency, public database, or other 3rd party
electronic ID verification services. If the patron’s Although separate from BSA/AML requirements,
identity cannot be reliably verified, the operator casinos should check whether patrons and related
will deny the creation of an online wagering entities appear on the list of “Specially Designated
account until such time as sufficient additional Nationals” maintained by the Office of Foreign
documentation is provided that can be reliably Assets Control (OFAC) of the U.S. Department of
verified. the Treasury.15

CURRENCY REPORTING Since it is not practical to perform an OFAC review

of every retail casino patron, due diligence may be
The same patron identification requirements apply
conducted on a risk basis and should encompass
to any person(s) who, acting as an agent(s) for
procedures for checking against updates to
another person, performs transactions on behalf
the OFAC list. Examples of potential high risk
of that patron, and to any person who performs
customers would be significant players with a
transactions in conjunction with that other
residence in a country known to be hostile to the
patron, if the transactions trigger a CTR filing.
interests of the U.S. Government or sanctioned
Casinos should include all readily available patron
by the US. Additionally, significant players who
information on CTRs.
AMERICAN GAMING ASSOCIATION

are from a country with a high incidence of drug

In those circumstances, both the person(s) trafficking or terrorist activity should also be
conducting the reportable currency transactions screened. Casinos should also consider their SAR
as well as the person on whose behalf they are reporting obligations and how they intersect with
acting must provide the identification and required OFAC requirements.
information described above.

15
U.S. persons and entities (including casinos) are prohibited from doing business with persons or entities designated by OFAC, and
any assets of the designees generally must be “frozen” immediately.

23
KNOW YOUR CUSTOMER (KYC)

Online operators should screen customers for ONGOING AND ENHANCED DUE
sanctions purposes at the time of onboarding as DILIGENCE
well as at regular intervals thereafter. Furthermore,
online operators should leverage advanced The casino’s compliance policies should be
geolocation at account opening, deposit and calibrated to increase scrutiny of customer
withdrawal and for transaction monitoring to play, transactional activity, and background
ensure that patrons are not residing in OFAC in situations that pose greater risk of money
sanctioned countries or high risk jurisdictions. laundering and the use of funds that may
This will further decrease the risk of proxy betting derive from criminal activity.
as well as heighten AML and CFT compliance.
For high-volume patrons, whose activity (in terms
A risk based approach to the use of “fuzzy”
of bills-in, marker play, or total play) exceeds a
matching logic should be used to limit the
level determined by the risk assessment for that
occurrence of false positives.
casino or who are otherwise identified as posing a
Some OFAC sanctions programs prohibit high BSA/AML risk, the casino should review the
transactions with certain foreign jurisdictions or patron’s identity against public records and third-
regions and individuals ordinarily resident in those party database(s) to determine whether that person
jurisdictions. Casinos should not open accounts (or related entity):
for, or conduct transactions with, customers who
• Is a Politically Exposed Person (“PEP”);
provide addresses in Iran, Syria, Cuba, North
Korea, or the Crimea, Luhansk or Donetsk regions • Is the subject of negative reports concerning
of Ukraine. As with persons on an OFAC list, any possible criminal activity or doubtful business
funds on account for them or winnings due should practices; or
not be paid.
• Has a prior criminal history, relevant to AML
In addition, casinos should ensure that sanctions risk.

Best Practices for Anti-Money Laundering Compliance

issues are woven into the fabric of compliance,
including as to: For high-volume patrons, high-loss patrons,
or transactions identified as possibly
• Management commitment; posing a high BSA/AML risk, the casino
also may need to assess the source of the
• Risk assessment;
funds being used by the patron for gaming
• Internal controls; and whether they may derive from illegal
activity or from legitimate sources adequate
• Testing and audit; and
to support the level of play.
• Training16 - appropriate employees will be
trained on OFAC compliance responsibilities. This may require the casino to obtain information
concerning the patron’s gaming history and
financial and business circumstances. In addition

16
For more information on OFAC compliance, consult the OFAC publication, “A Framework for OFAC Compliance Commitments” (May
2, 2019). https://home.treasury.gov/system/files/126/framework_ofac_cc.pdf.

24
 KNOW YOUR CUSTOMER (KYC)

to querying available databases, leveraging when conducting KYC due diligence or SAR
information-sharing arrangements with other investigations and whether those funds may have
financial institutions, or asking the patron, the been fraudulently obtained and used for gaming. If
government’s program under Section 314(b) of the detected, such instances should be reviewed for
USA PATRIOT Act is a critical tool to obtain more potential SAR filing.
information and reach judgments on whether the
patron: Further due diligence may be warranted if
the casino has information indicating that
• Has sources of legal wealth or income
the patron:
commensurate with his or her gaming activity;
and • Has financial fiduciary obligations
(e.g., trustee, accountant, attorney,
• Has provided the casino with identification nonprofit/charity executive) that may
information and business-related information create a risk of misappropriation or
that can be readily confirmed. other illicit financial activity;
Databases that may be relevant to consult in • Is associated with individuals or
such situations include records of court activity entities known to be connected
such as PACER, the antifraud website maintained with the illicit generation of funds,
by the Federal Trade Commission, the listing of including unlawful gaming;
“Specially Designated Nationals” of the Office of
Foreign Assets Control (OFAC), and commercial • Claims connections with businesses
screening products offered by third-party vendors, that have no actual operations;
though such resources are considerably more • Proposes transactions with entities of
limited for persons and activity located in non-U.S. unknown ownership or control;
jurisdictions. Casinos may also wish to consult
social media (such as LinkedIn or Facebook) or • Is the subject of substantial tax liens,
other public source information. or has gone through a recent personal
bankruptcy proceeding;
The COVID-19 Global Pandemic introduced new
elements for consideration when assessing the • Patron may have ties or be affiliated
effectiveness of the casino’s AML Compliance with a state licensed and regulated
Program and Risk Assessment. Fraud related to marijuana related business;
Paycheck Protection Program (PPP) Loans as • Otherwise may present an
AMERICAN GAMING ASSOCIATION

well as Unemployment Insurance contributed to unacceptable risk of money laundering

an overall increase in Suspicious Activity during or violating the casino’s AML policies;
the pandemic. It is reasonable to expect that or
similar increases in fraud will follow any additional
government release of stimulus or support • Is a Politically Exposed Person (PEP).
payments. Casinos should consider whether a
customer previously received government funds

25
POTENTIAL
SUSPICIOUS ACTIVITY
The BSA requires casinos to file a suspicious activity involving casinos and their patrons. The
activity report (SAR) if the casino knows, suspects, list should be updated as needed and included in
or has reason to suspect that a transaction or training Casinos should also routinely engage with
attempted transaction aggregating at least $5,000: law enforcement to obtain a clear understanding of
evolving criminal trends and typologies / relevant
• Involves funds derived from illegal activity;
risks.
• Is intended to disguise funds or assets derived
from illegal activity; Casinos must ensure they have a holistic
• Is designed to avoid BSA reporting or view of patron behavior across business
recordkeeping requirements; lines, including interactive gaming, and all
• Involves the use of the casino to facilitate gaming verticals. Casinos should consider
criminal activity; the extent to which it may be appropriate
• Has no economic, business or apparent lawful to leverage information across the entire
purpose; or enterprise in investigating and reporting
• Is not the sort in which the particular patron suspicious activity including attempted
would normally be expected to engage, and suspicious transactions.

the casino knows of no reasonable explanation It is important to maintain a consistent approach

for the transaction after examining the to the decision-making around SAR investigations
available facts. and filing, and to ensure such decisions are
aligned with the casino’s risk profile. In addition,
Given that the SAR rule encompasses attempted
it is vital to memorialize investigations of
transactions, casinos must ensure that they
suspicious activity, and decisions around filing

Best Practices for Anti-Money Laundering Compliance

monitor both attempted and completed
SARs (including in cases in which the casino
transactions for potential SAR filings.
decided not to file a SAR). Policies/procedures
Casinos should also actively use the 314(b)
should include variety of potential suspicious
program to obtain information about patrons which
activity examples for team member awareness and
may be used to evaluate potential suspicious
included in department specific ongoing training.
activity.
Compliance should be monitoring industry news
Casinos also should consult with the FinCEN for awareness in order to implement risk mitigation
guidance in FIN-2008-G00717, which discusses measures as needed to minimize exposure.
“red flags” for suspicious activity at casinos.
The following categories are examples of
Casinos also should develop their own lists of red
potentially suspicious situations, that occur once
flags based on information from law enforcement,
the casino’s own experience, recent enforcement or constitute a pattern of behavior, that often will
actions and criminal cases involving money prompt consideration of whether a SAR should be
laundering and BSA violations and other criminal filed under the casino’s risk assessment criteria.

17
See, Financial Crimes Enforcement Network, Recognizing Suspicious Activity – Red Flags for Casinos and Card Clubs, FIN-
2008-G007 (July 31, 2008), https://www.fincen.gov/resources/advisories/fincen-guidance-fin-2008-g007.

26
 POTENTIAL SUSPICIOUS ACTIVITY

GAMING FLOOR ACTIVITY • A patron with a safe-deposit box connected to

the poker room accesses that safe-deposit box
• Minimal gaming despite large financial
with a frequency that is disproportionately high
transactions with the casino;
when compared to the time and frequency of
• Structuring of transactions to stay at or slightly his or her poker play.
below the $10,000.00 reporting threshold for
• A patron identified as loan shark is observed
CTRs;
approaching patron(s).
• Placing currency in a slot machine, then
• Patron is observed requesting large amounts of
cashing out after minimal or no play and
cash from ATM but has no gaming activity; or
redeeming the ticket in ticket out (TITO) ticket
at a kiosk on the gaming floor (“bill stuffing”); • Patrons who visit the casino with a group
(that may arranged by an independent agent
• A transaction that has no apparent economic,
registered with state regulatory agencies) need
business or lawful purpose (e.g., confederated
to be identified so that available funds for each
gamblers placing offsetting bets on red and
patron are accurately reflected in the patron
black on a roulette wheel);
management system and the play of each
• Patrons pass a large quantity of chips, cash, patron is recorded as warranted.
or TITO tickets between themselves, in an
apparent effort to conceal the ownership of the RACE AND SPORTS BOOK ACTIVITY
chips, cash, or TITO tickets although if patrons • Inquiring with race and sports book staff about
are closely related, such activity may not be reporting and identification thresholds either
suspicious; before or after a wager and possibly adjusting
wagering activity to fall below the applicable
• A patron’s gaming activity dramatically
thresholds;
increases with no known substantiation for the
source of those funds; • At a racing venue, inserting cash into a tote
machine, cashing out for vouchers and then
• A patron uses another patron’s player card
cashing vouchers at a teller’s station with little
to disguise identity and/or evade reporting
or no wagering;
AMERICAN GAMING ASSOCIATION

requirements;
• Structuring wagers across multiple tickets/
• A patron leaves the casino floor with a
locations so the payout of each ticket is under
significant amount of chips in his possession
the reportable identification thresholds, but in
without offsetting chip redemptions or chip
aggregate, would have exceeded the thresholds
buy-ins at another table, and there is no
on one ticket;
known disposition or whereabouts of the chips,
although this may not be deemed suspicious • Behavior that may be indicative of coordinated
if there is a reasonable, experience-based betting (or betting on both sides of a game or
expectation that the patron will return to the an event) among related parties for purposes of
casino in the near future; laundering the funds;

27
POTENTIAL SUSPICIOUS ACTIVITY

• Indications of insufficient wealth or income to CAGE-FOCUSED ACTIVITY

support betting patterns; • Presenting a third-party check or wire transfer
– whether apparently deriving from a business
• Significant changes in wagering patterns or
or an individual – for payment of markers or for
unusual spike in play that is unexpected or
use in gambling-related activity in an amount
unreasonable;
at or above a threshold determined by the risk
• A patron misrepresenting themselves by assessment for that casino;
presenting false or multiple identities or
Š In such situations, the casino should
providing inconsistent SSNs on completed
ascertain whether the beneficiary (patron)
W-9s;
has a documented connection to the sender
• Presenting a large amount of money but in (e.g., spouse or immediate family member
small denominations ($1, $5, $10, and $20); or business), either in the casino’s records
or by means of a database search or other
• Placing a bet on both sides of the line;
reasonable inquiry;
• Information indicating that a patron may be
Š If no appropriate connection can be
betting on behalf of an unknown third party;
established between the source of the funds
• Ticket redemption by an individual that is not and the patron, those employees responsible
known to have placed the initial bet. for deciding whether to file a SAR also may
consider whether or not to proceed with the
INTERACTIVE GAMING ACTIVITY transaction;
• Multiple gaming accounts being set up from the
• A negotiable instrument or wire transfer is

Best Practices for Anti-Money Laundering Compliance

same device, IP address or physical address, if
presented for the benefit of multiple patrons,
fraud or identity theft is discovered;
or multiple patrons engage in play on a single
• Unusual wagering activity that appears to lack patron account;
any legitimate economic purpose;
• A negotiable instrument or wire transfer is
• Significant changes in wagering patterns or presented for the benefit of an individual and
unusual spike in play that cannot be readily originates from a law firm account, or is from a
explained; charitable/non-profit organization or foundation,
another type of trust or labor union account;
• Deposits and withdrawals into an online
account without sufficient play to account for • A patron refuses to provide required information
such activity; for the completion of a CTR or identifying
information;
• Unusual patron behaviors based on geo-location
data, such as traveling between jurisdictions • A patron deposits funds into a front money
in a relatively short period of time or multiple account or receives a wire transfer, does not
attempts to anonymize the geolocation; and/or play a substantial amount of the funds, then
requests a withdrawal or wire out;
• Deposit(s) to a gaming account are determined
to be from stolen credit, debit, or pre-paid 28
access cards.
 POTENTIAL SUSPICIOUS ACTIVITY
• A patron deposits large sums of cash into a • A patron provides a wire transfer, cashier’s
front money account but the known occupation check or other form of payment and such
is not a cash intensive business; instrument reflects that the transaction is
being made for a purpose other than related to
• A patron requests information about how to
gaming; or
avoid BSA reporting requirements;
• A patron presents chips for cashing and there
• A patron requests establishment of an “AKA”
is little or no gaming activity recorded for the
account in a name other than the one by which
patron in the casino’s system to establish the
the casino knows the patron;
source of the chips.
• A patron attempts to deposit front money or to
make payments using complex means, such as INFORMATION FROM BACK OF THE
multiple sources of funds or multiple methods HOUSE
of transmission, which could mask the true • Law enforcement or regulatory agencies deliver
source of the funds transmitted; to the casino a formal request for records
concerning the patron;
• A patron presents funds which the casino has
a basis for suspecting to be the proceeds of • News articles or other media reports allege
illegal activity; acts of financial wrongdoing or other illegal
conduct by the patron;
• A patron requests cash advance from credit
card that has been identified as possibly • Patron is the owner of a business, the nature
fraudulent; of which has been profiled by the Federal
Trade Commission as high risk for fraud
• Patron uses multiple credit cards to request
schemes;
cash advances.
• Patron is an owner, employee or is otherwise
• Patron is observed requesting large amounts of
associated with a marijuana related business;
cash from ATM but has no gaming activity;
• A patron raises his or her financial transactions
• A patron presents funds in any form that derive
to levels well above the ordinary levels for that
from a foreign jurisdiction declared by the
patron with no reasonable explanation; or
United States government to be a jurisdiction
of concern for narcotics trafficking, human • An external actor attempts to compromise
trafficking, money laundering, terrorism, or or gain unauthorized electronic access to
other illicit activity, or if the foreign jurisdiction the casino’s electronic systems, services,
AMERICAN GAMING ASSOCIATION

has been identified as high risk or subject to resources, or information, in pursuit of illegal
increased monitoring by the Financial Action activities.19
Task Force, or by Transparency International or
This list is by no means exhaustive; other patron
similar reputable organization as a country with
activities may trigger BSA/AML concerns due
a high degree of public corruption;18
to the circumstances in which they arise. Each
casino should develop its own scenarios tailored to
its business.

18
For example, see the State Department’s annual International Narcotics Control Strategy Report (2022) https://www.state.
gov/2022-international-narcotics-control-strategy-report-2/#:~:text=The%202022%20International%20Narcotics%20Con-
trol,trade%20in%20Calendar%20Year%202021. and announcements by FinCEN on FATF actions with respect to specific juris-
dictions (March 10, 2022), https://www.fincen.gov/news/news-releases/financial-action-task-force-identifies-jurisdictions-anti-mon-
29
ey-laundering-and-1.
19
Please see, Financial Crimes enforcement Network, Advisory to Financial Institutions on Cyber – Events and Cyber – Enabled Crime
, FIN-2016-A005, (October 25, 2016), https://www.fincen.gov/sites/default/files/advisory/2016-10-25/Cyber%20Threats%20Adviso-
ry%20-%20FINAL%20508_2.pdf.
POTENTIAL SUSPICIOUS ACTIVITY
Further, the SAR requirement
encompasses suspicious activity conducted
by employees/insiders. Therefore, casinos
should have adequate communication
lines between the group(s) responsible
for employee-related investigations and
disciplinary issues, and the team(s)
responsible for filing SARs to ensure
detection of potential collusion between
an employee and customer to circumvent
internal policies or ordinary practices, or
an employee’s violation of casino policies
and procedures.

Best Practices for Anti-Money Laundering Compliance

30
 TRANSACTION
MONITORING
Transaction monitoring provides comprehensive BRICK AND MORTAR TRANSACTION
and consistent risk-based monitoring of customer MONITORING
transactions, activity, and behavior, enabling
• Patrons with large cash-in transactions with no
the casino to better detect and report suspected
cash-out transactions and/or little or no gaming,
money laundering activity. Transaction monitoring
which cannot be reasonably explained through
scenarios can be developed based on the company
transaction review;
risk profile, with specific thresholds related to
gaming activity that will generate suspicious activity • Patrons with large cash-out transactions with
alerts when those thresholds are triggered. On a limited cash-in transactions, which cannot be
regular basis, a dedicated compliance team will reasonably explained through transaction review;
complete a review of those transactions alerted
• Patrons that deposit money into their account
at or above thresholds, reviewing all customer
and immediately request a withdraw (of the
information available. In doing so, the compliance
same or similar amount);
team may request additional customer data held
by relevant casino departments and functions • Patrons with large cash-out transactions (in the
to facilitate a proper investigation. The sharing aggregate) with little or no CTR “out” filings;
of information between these departments and • Patron with large chip-outs with limited
functions is integral to performing accurate redemptions or table buy-ins with chips;
investigative analysis on potential suspicious
activity • Patrons with large check cashing transactions
and/or credit card advances with limited play;
As warranted by the nature of the investigation,
the compliance team may utilize third-party • Patrons with cash transactions, such as
databases (e.g. Lexis Nexis, WorldCheck, etc.) to deposits or withdrawals, including aggregated
gather and review additional information, such as transactions, that are just below the CTR
the patron’s professional/work experience, source reporting threshold;
of funds, business connections, criminal history, • Patron using a wagering kiosk for multiple small
etc. This information will assist in performing wagers on the same event;
the investigation and understanding the patron’s
• Un-carded or unrated patrons with large
AMERICAN GAMING ASSOCIATION

behavior/transactions. It will also assist in

determining an appropriate course of action (i.e. redemptions and jackpot winnings;
disposition), such as requesting the source of funds, • Un-carded or unrated patrons with large,
filing a SAR, and/or terminating the relationship, aggregated slot buy-ins with redemptions
among other dispositions. equaling the buy-ins;
Transaction monitoring scenarios and circumstances • Several redeemed gaming vouchers (TITO), in a
warranting such review may include the following: short period of time, at the same (or adjacent)
redemption kiosk not associated to a player’s
card account;

31
TRANSACTION MONITORING

• Checks or wire transfers received for the benefit ONLINE TRANSACTION MONITORING
of the patron (or multiple patrons) from third
As the gaming industry expands from traditional
parties whose connection to the patron is
brick and mortar casinos into the online space
suspect or unclear (or if the maker of the check
with interactive slots, table games, peer-to-peer
or initiator of the wire transfer is high risk, such
games and sports wagering, mitigating the risk
as the holder of an IOLTA account or a PEP);
of money laundering is also expanding. To keep
• Multiple apparently structured transactions over pace with these activities, compliance personnel
a period of time with the apparent purpose of have broadened their research capabilities to
avoiding BSA reporting requirements, such as focus on where transactions originate from, how
transactions under reporting thresholds, with or the transaction is sent and the true identity of the
without using an agent, or around the business people involved.
date;
Circumstances warranting review in the online
• A single payment received by the casino (e.g., gaming space (including the use of digital
negotiable instrument or wire transfer) for the wallets):
benefit of multiple patrons if the casino cannot • Online cash or digital wallet deposits with
determine a relationship or business association minimal or no play followed by a withdrawal
between the source of the payment and the request(s);
beneficiaries;
• Cash deposits and withdrawals from the patron’s
• Patron accounts with large account balances online account or digital wallet at a casino
that remain dormant or inactive for extended cage that appear to be circumventing CTR
period of times; or recordkeeping requirements;
• Patrons that pass winning tickets to others to • Excessive deposits (based on risk) made from
cash out. different bank accounts, payment processors or

Best Practices for Anti-Money Laundering Compliance

prepaid access cards;
Compliance personnel can take additional
measures to identify potential suspicious activity, • Deposits originating from one payment method
such as reviewing relevant daily audit summaries, but withdrawing to a different payment method
logs and reports, such as marker summaries, that is not registered to the igaming account
front-money/safekeeping summaries, multiple (does not apply to credit card deposits);
transaction logs (MTLs), negotiable instrument • Numerous deposits and/or declined deposits
logs (NILs), check logs and wire reports to from multiple payment processors or prepaid
identify potential suspicious activity. Third-party access cards in a short amount of time;
transaction summaries should be requested and
reviewed when working in partnership with a • Withdrawal requests to multiple bank accounts
financial service offered by third parties, such or payment processors;
as credit card cash access companies or check • Account holder using multiple devices (UUID) or
guaranty services. When reviewing transactions IP addresses;
that cannot be explained through summaries and
reports, a secondary review using surveillance data • Multiple user accounts using the same device
should also be considered, if available. (UUID) or IP address, if fraud or identity theft is
suspected;
32
 TRANSACTION MONITORING

• Geolocation reports identifying individuals who

have violated multiple anti-fraud checks like
running fake GPS apps along with having mock
location settings enabled or other spoofing
methods;

• Repeated deposit and withdrawal requests

attempted from outside the authorized state (as
detected through geolocation in states where
this is prohibited);

• Player account access and wagering attempts

from outside the authorized state (as detected
through geolocation);

• Attempts to make cash deposits and withdrawals

from a player account at a casino cage with
conflicting or counterfeit identification.
AMERICAN GAMING ASSOCIATION

33
SUSPICIOUS ACTIVITY REPORT
REVIEW PROCEDURES
A suspicious activity report (SAR) review or investigation
—consists of examining all available information to
determine whether a SAR should be filed for the reported
incident(s) or not. The reviews may be prompted by
direct observations by employees, system alerts, by
af ter-the-fact data analysis performed through back-of-
house procedures, or by other means (e.g., incoming law
enforcement inquiry, 314(b) requests, or public negative
news).
On an annual basis and as part of its ongoing activity with any supporting documentation)
risk a suspicious activity report (SAR) review or without alerting the patron that their activity
investigation – consists of examining all available has been reported as potentially suspicious.
information to determine whether a SAR should Communication with other departments, such
be filed for the reported incident(s) or not. The as surveillance, is crucial in ensuring all
reviews may be prompted by direct observations information is captured surrounding the activity
by employees, system alerts, by after-the-fact of the activity.

Best Practices for Anti-Money Laundering Compliance

data analysis performed through back-of-house Š Each department involved should be
procedures, or by other means (e.g., incoming law providing their account of the suspicious
enforcement inquiry, 314(b) requests, or public activity to allow the individual responsible
negative news). for further investigation to have a complete
In examining the casino’s SAR procedures, the picture.
casino’s review should consider the following Š Casinos should refrain from naming these
components for a complete SAR compliance internal notifications as SARs to avoid
effort: unintentional disclosure by employees.
• Internal Notification: Casinos should incorporate A “SAR” is the final document filed with
a clear, easy to understand, and prompt internal FinCEN and only those making the final
notification process. This should include the determination will know of the actual filing,
reporting individual providing all available whereas these internal notifications are
information about the transaction(s) or action(s) simply the first step in the investigation
(e.g., patron name, Social Security number, process.
player’s card number, observed suspicious

34
 SUSPICIOUS ACTIVITY REPORT
REVIEW PROCEDURES
• Investigation: The BSA/AML Officer and/or • Decision to File or Not File: Based on the
staff should begin their investigation promptly investigation findings, the BSA Officer/
upon receipt of the internal notification. designee or SAR Committee will determine
Casinos should have a documented procedure if the information warrants a SAR being filed
for how potential suspicious activity is or not. It may be determined that there is a
investigated. Investigations should include reasonable, non-suspicious explanation for
reviewing the following resources where the transaction(s)/action(s) and that no SAR
applicable: should be filed. In the event a determination
to ‘not file’ is made, the reasoning for not
Š Player Records (retail and interactive)
filing must be documented and retained. In
Š Player Credit History either event, the designated individual will
Š Prior CTR/SAR Filings make a record of the determination and the
date the determination was made to file or not
Š Incident Report History (surveillance/security) file.
Š Internet Searches • Timeline for Filing a SAR: The regulations
require that a SAR be electronically filed
Š Employee Statements/Interactions
through the BSA E-Filing System no later than
Š Hotel records (where applicable) 30 days from the date of the initial detection
of facts that constitute a basis for filing a
Š Technical Information i.e. geolocation, IP
SAR. If no suspect is identified on the date
information, etc.
of such initial detection, a casino may delay
Š If the casino participates in voluntary filing a SAR for an additional 30 calendar
information sharing under Section 314(b) days to identify a suspect, but in no case shall
of the USA PATRIOT Act, it may contact reporting be delayed more than 60 calendar
officials at other participating casinos or days after the date of such initial detection.
banks or other financial institutions for
• The phrase “initial detection” should not
additional information concerning a patron’s
be interpreted as meaning the moment a
business connections and other relevant
transaction is highlighted for review. There
matters.
are a variety of legitimate transactions that
• The purpose of the investigation is to gather could raise a red flag simply because they are
a complete profile of the individual(s) to inconsistent with a patrons account activity.
AMERICAN GAMING ASSOCIATION

understand any possible logical purpose of the The casino’s automated account monitoring
transaction(s)/action(s); potential patterns; system or initial discovery of activity, such
or that there is in fact suspicious activity as system-generated reports, may flag the
occurring. transaction for review; however, this should
Š Regardless of final determination of filing not be considered initial detection of potential
a SAR or not, all investigation materials suspicious activity. Casinos should establish
should be retained for a period of at least 5 what they consider to be the trigger for
years. Even if records are housed in other starting the clock and apply this consistently.
systems within the casino; those utilized
for the investigation should be saved in a
35 separate location pursuant to the individual
investigation.
SUSPICIOUS ACTIVITY REPORT
REVIEW PROCEDURES
• Completing/Filing a SAR: The individual » Day 30: Deadline for initial SAR filing
responsible for completing the SAR form
» Day 120: End of 90-day review
should ensure that the form is completed
correctly and thoroughly utilizing all available » Day 150: Deadline for continuing activity
information. The narrative should clearly and SAR with subject information (this is 120
concisely identify the essential elements of the days from the date of the initial filing on
suspicious activity answering the who, what, Day 30)
where, when and why of the situation being
If the activity continues, this timeframe will result
reported.
in three SARS filed over a year.
Š Filers should ensure that all information in
the narrative aligns with the other sections When multiple SARs are filed for a patron’s
of the form such as dates, amounts involved, activities, casino management should consider
and the reported suspicious activity. whether the casino wishes to continue its
relationship with that patron and document
Š Refrain from using the SAR subject’s name those decisions. If there is an indication that the
within the filing title of the report to avoid customer has an illegal source of funds for gaming
potential disclosure of the individuals identity. or is using the casino for an illegal purpose, the
Š A secondary review of the drafted SAR is 90 day review process generally would not apply
recommended for completeness prior to filing and the matter should be escalated for a decision
whether to restrict or terminate the customer.
• Continuing Activity Reporting: Once a SAR
In appropriate cases, as in the case of ongoing
is filed, the individual(s) and the reported
suspected illegal activity that requires immediate
activity enter a 90-day review period where
attention, the casino should reach out to the
casinos should be monitoring the individual(s)
appropriate law enforcement agency in addition to
for continued activity of the same suspicious
filing the SAR.

Best Practices for Anti-Money Laundering Compliance

activity. If the activity is continued, a
Continuing Activity Report should be filed,
following the same procedures for the initial SAR CONFIDENTIALITY
reporting.
Casinos must establish controls for
Š The determination of filing a new SAR or a maintaining the confidentiality of SARs
Continuing SAR lies in the activity of the and any information that reveals that
individual(s). If the same suspicious activity a SAR was filed or not filed, or even
is repeated within the 90-day review, it considered to be filed. Care must be taken
would be filed as a Continuing SAR. If the to ensure that no person involved in the
individual(s) are involved in a different type transaction is tipped off that a SAR has
of suspicious activity, it would be considered been filed or may be filed.
a new filing (with reference to the other SAR
within the narrative). SARs and information whether or not a SAR was
filed only can be shared with federal, state or local
Š For filings where a subject has been
law enforcement and generally with a casino’s
identified, the timeline is as follows:
gaming regulators. Best practice is to require that
» Day 0: Identification of suspicious activity all SAR requests to be in writing.
and subject 36
 SUSPICIOUS ACTIVITY REPORT
REVIEW PROCEDURES
Any casino, and any director, officer, employee, In order to assist law enforcement and safeguard
or agent of any casino that is subpoenaed or the confidential and sensitive information
otherwise requested to disclose a SAR or any contained in and that support SARs, the casino
information that would reveal the existence of a should establish a protocol for receiving and
SAR, shall decline to produce the SAR or such responding to authorized requests for SAR
information, citing 31 C.F.R. § 1021.320(e)(1)(i) supporting documentation without a subpoena.
and 31 U.S.C. §5318(g)(2)(A)(i), and must notify The protocol should address how the casino will
FinCEN of any such request and the response respond to subpoenas requesting SARs, and
thereto. requests for SARs by individuals and agencies not
authorized to receive SARs by the BSA.
Under 31 C.F.R § 1021.320(e)(1)(ii)(A)
(1), a casino may share a SAR with a state or
tribal authority only if that agency or authority
examines the casino or requires the casino to
comply with the BSA. Conversely however, a
casino is not permitted to share a SAR with other
government agencies or authorities that may have
general oversight, but that do not have express
BSA oversight authority. Casinos should have
procedures in place to verify that a requestor
of information of this nature, in fact has the
authority to receive it. If there is any doubt, the
gaming regulator should be asked to request the
information from FinCEN.

SHARING SUSPICIOUS ACTIVITY

REPORTS
According to FinCEN Guidance20, under the
BSA and its implementing regulations, a casino
that has filed a SAR may share the SAR, or any
information that would reveal the existence of the
SAR, with each office or other place of business
AMERICAN GAMING ASSOCIATION

located within the United States of either the

casino itself or a parent or U.S. affiliate of the
casino. SAR information on whether SARs were
or were not filed cannot be shared with non-U.S.
affiliates of casinos.

20
See Financial Crimes Enforcement Network, Sharing Suspicious Activity Reports with U.S. Parents and Affiliates of Casinos, FIN-
2017-G001 (Jan. 4, 2017), https://www.fincen.gov/sites/default/files/2017-01/FinCEN%20Guidance%20Jan%204_508%20FINAL.
pdf.

37
RESTRICTING / TERMINATING
PATRON RELATIONSHIPS
Based on the result of KYC due diligence reviews of high-
volume patrons or of certain events identified by the
risk assessment for that casino (e.g., the filing of one
or multiple SARs for a patron, negative news, or the
receipt of a law enforcement request for information
concerning a patron), information received pursuant to a
314(b) request, or the filing of multiple SARs on the same
individual, the casino may consider whether to terminate
or restrict its relationship with a patron.

Law enforcement may utilize a specific request Casinos are still required to comply with all
to “keep open” accounts and/or request casinos to applicable BSA requirements even when casino
maintain customer relations as part of their efforts agrees to “keep open” the account/customer
to identify and combat money laundering, terrorist relationship as requested from law enforcement,
financing, and other illicit financial activities. including requirements for risk based monitoring
and SAR filings as well as confidentiality.
Law enforcement21 “keep open” requests to the

Best Practices for Anti-Money Laundering Compliance

casino should be in writing and detail that the • While multiple SAR filings on the same patron
law enforcement agency is requesting the casino is one factor as to whether a relationship should
to maintain the account as well as include the be terminated or not, other factors such as the
purpose and duration of the request. severity of the conduct must also be considered.
Consequently, one SAR filing may be sufficient
While casinos generally will endeavor to
to terminate the relationship with a patron
accommodate keep open requests, casinos are
if the patron has an illegal source of funds
not obligated to agree to do so. The decision
or is using the casino for an illegal purpose.
to maintain customer relationships, keep open
The assessment should consider whether the
accounts, and/or terminate either, is ultimately
activity prompting the SAR is merely suspicious
up to the casino. Record retention policies should
or known criminal conduct, but decisions on
address how long the casino will maintain the
restrictions or terminations may be made where
request, including after the request duration
the activity is suspected and not confirmed
period has expired.
depending on the facts and circumstance. The

21
See Board of Governors of the Federal Reserve System, Federal Deposit Insurance Corporation,Financial Crimes Enforcement
Network, National Credit Union Administration, Office of the Comptroller of the Currency, Answers to Frequently Asked Questions
Regarding Suspicious Activity Reporting and Other Anti Money Laundering Considerations, (Jan, 19, 2021), https://www.fincen.gov/
sites/default/files/2021-01/Joint%20SAR%20FAQs%20Final%20508.pdf. 38
 RESTRICTING / TERMINATING
PATRON RELATIONSHIPS
greater the likelihood of known criminal activity, Committee process should be documented in
the greater the risk to the casino if relationship policy/procedures to address the following:
is not terminated. The assessment process
• Composition of the committee;
should be documented in policy/procedures
for performance consistency along with list of • How decisions are determined;
factors that would require the assessment to
• Any process by which the decision can be
occur.
reviewed or overruled;
To the extent a casino has a BSA/AML exclusion
• Maintaining the committee review, decision and
policy, the casino may consider accounting for the
all supporting documentation per organizational
following topics:
record retention program.
• Multiple SAR filings on the same patron;
The termination of a patron relationship
• Severity of alleged criminal activity (e.g., will be warranted if the patron’s activities
terrorist financing); present an actual or unacceptable risk of
violation of federal or state law or regulation
• Suspicious versus known criminal activity;
or the casino’s compliance policies.
• Use of “all available information”; Examples:

• Risk to casino if patron is not excluded; and • Significant concerns that a patron’s
source of funds used for gaming stems
• Clearly identifies authority to exclude (i.e., BSA
from illegal activity
Officer and/or Committee).
• Patron(s) using the casino to facilitate
If a committee is used to make exclusion
illegal activity.
determinations, it should not include anyone
with a direct conflict (e.g., Player Development
management).
AMERICAN GAMING ASSOCIATION

39
AUDIT PROCEDURES
The BSA regulations require periodic independent
testing of the casino’s overall program, as well as specific
functions, by qualified independent auditors. Internal
auditors who perform the testing should not have any
operational responsibilities. Surveillance is typically
an integral component of the casino’s AML program
so their performance of the required audit could be
viewed as a potential conf lict of interest. Additionally, a
regulatory examination of the casino’s AML program by
governmental authorities does not qualify as independent
testing under the BSA.
of the compliance program test. Safeguarding the
The independent testing must cover all integrity and independence of the compliance
elements of the casino’s AML program, program testing enables an institution to locate
including but not limited to: and take appropriate corrective actions to address

Best Practices for Anti-Money Laundering Compliance

BSA/AML deficiencies.22
• Customer due diligence;
• Transaction monitoring; The scope and frequency of the testing should be
• Required reporting and recordkeeping; commensurate with the money laundering and
• Training; and terrorist financing risks posed by the products
• The AML Officer function. and services provided by the casino.23 The casino
may conduct independent testing over periodic
intervals (for example, every 12-18 months) and/
Independent auditors of BSA/AML compliance or when there are significant changes in the
may be either external or internal to the casino, casino’s risk profile, systems, compliance staff, or
depending on the casino’s corporate structure processes. More frequent independent testing may
and practices. A financial institution’s leadership be appropriate when errors or deficiencies in some
should ensure that the party testing the program aspect of the AML program have been identified
(whether internal or external) is independent, or to verify or validate mitigating or remedial
qualified, unbiased and does not have conflicting actions.24
business interests that may influence the outcome

22
Financial Crimes Enforcement Network, FIN-2014-A007 Advisory to U.S. Financial Institutions on Promoting a Culture of Compli-
ance, FIN-2014-A007, (Aug. 11, 2014), p. 4. 40
23
31 C.F.R. § 1021.210(b)(2)(ii)
24
FFIEC BSA/AML Examination Manual
 AUDIT PROCEDURES

If the casino utilizes an internal audit function,

A detailed audit program should be
that function must be independent from AML
maintained to document all audit
compliance, in order to ensure the independence
procedures performed by independent
of the internal audit function. Casinos also may
auditors.
consider a reporting process to communicate
to the Board of Directors the results of AML An initial audit should ensure:
independent testing.
• That a CTR has been prepared for all

The independent auditors should report their reportable transactions – either single or
findings directly to senior management officials aggregated – that exceed $10,000;
who have the authority to remediate the audit
• That the information recorded on the
findings and ensure corrective action is taken.
CTR is complete and accurate; and

Examinations by the Internal Revenue Service or • CTRs were electronically filed within 15
other governmental authorities will analyze the days of the transaction date.
casino’s AML program to ensure that it provides for If the initial findings indicate possible
testing and evaluation for effectiveness by persons weaknesses in the AML program, the audit
independent of the compliance officer.25 may need to be expanded to confirm or
disprove those indications.
For each audit finding that raises concerns about
the casino’s AML program, as well as findings by The Monetary / Negotiable Instrument Log (MIL/
independent auditors, Internal Revenue Service NIL) will also be reviewed by independent auditors
examiners, or other governmental authorities, the for proper completion and for retention for at least
casino should undertake corrective action or make five years.
a specific documented determination that no such
action is necessary.26 A system query should identify those patrons, if
any, that completed transaction(s) in currency
involving either cash in or cash out more than
INDEPENDENT TESTING a threshold determined by the casino’s risk
PROCEDURES FOR CTRS assessment. For patrons who have reached the
Separate from the independent testing of the log threshold for the gaming day, the total of the
program, on a scheduled basis, the casino’s currency paid or received shall be entered onto
AMERICAN GAMING ASSOCIATION

independent auditor, or audit team for CTR the multiple transaction log for reporting when
filings, will review currency transactions by using required by law.
all relevant records, including but not limited to
Multiple Transaction Logs (MTLs), player-rating All currency transactions above an amount
records, and patron deposit and withdrawal established by the risk assessment for that casino
records, that were prepared during the gaming day will be logged, with the exception of slot jackpots,
reporting period, as well as all system reports for which are not reportable on CTRs.
the period.

25
IRS Bank Secrecy Act Examiner Responsibilities 4.26.6.5.1.2 Evaluation of AML Program (3)(d)
26
Financial Crimes Enforcement Network, Casino or Card Club Compliance Program Assessment, FIN-2010-G003 (June 30, 2010),
41
https://www.fincen.gov/resources/statutes-regulations/guidance/casino-or-card-club-compliance-program-assessment.
AUDIT PROCEDURES

Exception notices will be prepared for all instances This review should also test the casino’s
of noncompliance noted during the daily audit, monitoring systems and how the system(s) fits
including but not limited to logging errors, MIL/ into the casino’s overall suspicious activity
NIL completion errors, inaccurate identification, monitoring and reporting process and test the
missing information and other requirements not monitoring systems programming methodology
met. and algorithms to ensure the scenarios are
detecting potentially suspicious activity.
The exception notices should be sent to applicable
casino supervisory personnel at the conclusion
The independent auditors will test information
of the independent audit and secondary review.
flow across the casino, including but not limited
Exception notices should be returned within a
to the fraud/security and host functions, as well
reasonable time indicating corrective action taken,
as test whether information regarding employee
and the results of these periodic audits should be
misconduct is appropriately communicated to the
part of the firm’s overall independent testing.
group responsible for SAR decisions.

When evaluating the effectiveness of the

INDEPENDENT TESTING
PROCEDURES FOR SARS casino’s monitoring systems, independent
auditors should consider the casino’s overall
The independent test function will establish
risk profile based on its products, services,
testing parameters for both SAR and no-
customers, entities, geographic locations
SAR decisions. This review will consider the
volume of transactions, and adequacy of
completeness of investigation processes and
staffing.
documentation, timeliness of the review, record
retention and safeguards from disclosure.27
In instances where SARs were filed, the
independent auditors will test the completeness

Best Practices for Anti-Money Laundering Compliance

of SAR fields and narrative and timeliness of the
filing.

27
See Financial Crimes Enforcement Network, SAR Confidentiality Reminder for Internal and External Counsel of Financial Institu-
tions, FIN-2012-A002 (Mar. 2, 2012). Additional risk-based measures to enhance the confidentiality of SARs could include, among
other appropriate security measures, limiting access on a “need-to-know” basis, restricting areas for reviewing SARs, logging of
access to SARs, using cover sheets for SARs or information that reveals the existence of a SAR, or providing electronic notices that
highlight confidentiality concerns before a person may access or disseminate the information. See also IRS Examination Techniques
42
for Bank Secrecy Act Industries 4.26.9.3.7 Review of Records (7)(c).
 RECORD-KEEPING
AND RETENTION
Casinos must have procedures to maintain and • Patron KYC due diligence records, including:
retain the specific transactional and customer Š A record of those specific procedures
records required under the BSA and must retain
performed to analyze a patron’s gaming
records about the execution of all aspects of its
patterns and financial transactions;
BSA program.
Š Any due diligence report created;
The casino shall adopt a recordkeeping system to
preserve, among other BSA-related records, the Š Any risk determination; and
following records for at least five years:
Š Any action taken as a result, including
• MTLs; termination or monitoring of the patron,
• MILs/NILs; reports to law enforcement agencies, or
changes in casino services available to the
• CTRs; patron.
• SARs, and SAR supporting documentation, • Records of independent testing programs,
including surveillance records, records of SAR reports of testing and actions taken in response.
investigations and the SAR decision making;
Patron due diligence records should be maintained
• Training and testing materials and records of
for at least five years after the relationship is
who was trained and when;
terminated or the patron is no longer active.
AMERICAN GAMING ASSOCIATION

43
CONCLUSION
These practices reflect the continuing efforts of AGA
member casino operators to mitigate the risks of potential
money laundering and illegal activity connected with their
businesses. The guidelines in this document must be
adapted to match the specific risks and environments of
individual casinos and companies.

Casinos should evaluate their AML/BSA compliance risks

and mitigation strategies on a routine basis to ensure they
account for new risks and emerging patterns of illegal
activity. When dealing with businesses as complex as
modern casinos, and with judgments as subjective as
those required by the BSA, no compliance effort can be

Best Practices for Anti-Money Laundering Compliance

perfect or immune from retrospective re-evaluation.

Though perfection cannot be expected of a process that

involves so many variables and periodic shifts in financial
practices and regulations, effective AML/BSA compliance
programs should ensure that the gaming industry
continues to effectively combat money laundering or illicit
financing threats.

44
 GLOSSARY
Bank Secrecy Act (“BSA”): Adopted in 1970 Digital Identification: Some States may issue
and amended several times since, the statute a digital form of identification (e.g., Driver’s
authorizes the U.S. Secretary of the Treasury License, State ID card) instead of or in lieu of a
to impose on U.S. financial institutions the physical government issued picture ID card. This
requirement to keep such records and submit such development may assist in online, Internet or
reports that have a high degree of usefulness in mobile gaming applications as part of the KYC
criminal, tax, and regulatory matters and in the process as new technology continues to expand
conduct of intelligence activities to protect against and be acceptable for certain digital wagering
international terrorism. 31 U.S.C. §§ 5311, et seq. account applications. Absent specific FinCEN
guidance forbidding the use of digital IDs for AML
Cage: A secured area adjacent to the gambling floor
purposes, casinos should include in their written
of a casino where casino cashiers conduct marker/
AML program whether or not they will accept digital
credit, front-money and other gambling-related
IDs.
transactions, and where currency and chips are
often kept. Safe-deposit boxes are often available Digital Wallet: A software-based system that
at the cage. A large casino may have more than one securely stores users’ payment information and
cage location. passwords for payments and withdrawals.

Casino: A casino is a land-based or interactive Front money: Cash, wired funds, or negotiable
entertainment venue that offers its patrons highly instruments that are deposited with the casino by
regulated gaming activities, such as traditional a patron who will draw down on those funds for
casino-style games, house-backed games, and gambling. Front money accounts are sometimes
sports betting. described as safekeeping accounts.

Chip Walk: When a patron leaves the casino Geolocation: The identification of the geographic
floor with a significant amount of chips in their location of a user or computing device via a variety
possession without offsetting chip redemptions or of data collection mechanisms, typically using
chip buy-ins at another table, and there is no known network routing addresses or internal GPS devices
disposition or whereabouts of the chips. A chip to determine this location.
walk may not be deemed suspicious if there is a
AMERICAN GAMING ASSOCIATION

Interactive Gaming: Interactive gaming comprises

reasonable, experience-based expectation that the
traditional internet gaming (e.g. casino games,
patron will return to the casino in the near future.
poker); mobile wagering (e.g. casino games) ; and
Credit: Under the regulations of many state account wagering (i.e., funding an account whether
licensing authorities, casinos are authorized to at a brick and mortar location or via the internet or
issue gaming chips or other representatives of value smart phone that can be used in digital channels).
to patrons for gambling purposes up to the amount
Interest On Lawyer’s Trust Account: A financial
of a “marker” (see below), which is a negotiable
account set up by a law firm, in which the funds are
instrument signed by the patron and made out to
held in trust for the benefit of the firm’s clients and
the benefit of the casino by the patron. Although
are by state law or supreme court rule to be held
state regulations refer to such arrangements as
separate and apart from the funds belonging to the
45 credit transactions, the markers may be negotiated
law firm.
immediately at the discretion of the casino.
GLOSSARY

IP (Internet Protocol) Address: A unique address Ticket In/Ticket Out (“TITO”): A system for slot
that identifies a device on the internet or a local machine play through the use of a barcoded paper
network. ticket. The ticket may be purchased in advance of
slot machine play, or issued from the slot machine
Marker: A negotiable instrument (sometimes called
if there are credits remaining at the conclusion of
a “counter-check”) executed by a casino patron
the patron’s gaming session. When the patron has
and made payable to the casino that authorizes the
completed his play, balances on the ticket can be
casino to recover the amount of the marker from
redeemed for cash at a kiosk or the casino cage, or
the patron’s bank account. The casino will advance
used for further play at the casino that issued the
funds to the patron up to the amount of the marker.
ticket.
Under state casino regulations, casinos are not
required to conduct full credit investigations before Sports Wagering: With the repeal of PASPA in
issuing a marker, but will confirm that the patron’s May 2018, sports wagering is permissible in most
bank account contains sufficient funds to cover the U.S. states. A casino may offer sports wagering
requested marker. over the counter, via a sportsbook kiosk, via an
internet browser and/or a mobile app. If offered
Monetary/Negotiable Instrument Log: Required by
via a mobile app, the patron will have a separate
the BSA, it must reflect transactions of monetary
wagering account apart from any casino wagering
instruments (e.g., money orders, cashier’s checks,
account for slots, table games, keno, etc., as the
traveler’s checks and bank drafts) between the
sports wagering system is its own self-contained
casino and the patron with a value above $3,000.
proprietary system.
Multiple Transaction Log: This is a record of
Universally Unique Identifier (UUID): an
cash-in and cash-out transactions at or above pre-
identification number that will uniquely identify an
determined amount which also records identifying
electronic device.
information about the patron in order to determine

Best Practices for Anti-Money Laundering Compliance

when a person is approaching or has exceeded a
reportable threshold.

Risk Assessment: The formal process of examining

a casino’s mix of gambling activity, patrons,
and overall economic environment in order to
identify those activities and levels of play or other
transaction that pose a risk of money laundering
to be addressed by the casino’s AML compliance
procedures.

Safekeeping: Guest Non-claimed gaming funds,

overages from deposits, and other funds not falling
under Front Money are placed in Safekeeping.
These funds are not redeemed or tied to casino
markers.

46
ABOUT THE AGA
The American Gaming Association is the premier national
trade group representing the $261 billion U.S. casino
industry, which supports 1.8 million jobs nationwide. AGA
members include commercial and tribal casino operators,
suppliers and other entities affiliated with the gaming
industry. It is the mission of the AGA to achieve sound
policies and regulations consistent with casino gaming’s
modern appeal and vast economic contributions.

Best Practices for Anti-Money Laundering Compliance

48
 APPENDIX A: Anti-Money Laundering
Program Questionnaire
A compliance program may be satisfactory even if 9. Do you have record retention procedures that
some of the answers to these questions are not in comply with applicable law?
the affirmative, as long as the company can explain 10. Are your AML policies and practices being
why its policies provide adequate AML vigilance. applied to all associated entities both in the
United States and in foreign locations?
A. General Policies, Practices and Procedures:
1. Is the AML compliance program approved by B. Risk Assessment
the company’s senior management or board of 11. Do you have a risk-based assessment of your
directors? customer base and their transactions?
2. Does the company’s legal and regulatory 12. Do your risk-based assessments consider:
compliance program include a designated
a. The volume and character of overall gaming
officer who is responsible for coordinating and
activity at a gaming venue?
overseeing the AML compliance framework as
well as sufficient staff to provide support to the b. The characteristics of the games and
designated officer? financial services offered at a gaming
venue?
3. Do you have written policies documenting the
processes in place to prevent, detect and report c. A customer’s country of origin?
suspicious transactions across all games and d. The gambling patterns or financial
financial services offered? transactions favored by a customer?
4. Do you perform periodic training on AML e. Third-party information about a customer,
policies and practices for those employees including negative information regarding
covered by your compliance program? the patron’s integrity?
5. In addition to inspections by government f. Whether a customer has sources of wealth
regulators, does an internal audit function or income commensurate with his or her
or other independent third party periodically gaming activity?
assess AML policies and practices?
g. Whether a customer has provided verifiable
6. If a patron proposes a transaction with a bank identification information?
AMERICAN GAMING ASSOCIATION

or corporation on his or her behalf, do you have

h. Whether a customer has financial fiduciary
a policy for inquiring into the identity of the
obligations (e.g., trustee, accountant,
beneficial owners of the bank or corporation
attorney, nonprofit/charity executive)?
involved?
i. Whether a customer is associated with
7. Do you have policies to reasonably ensure that
individuals or entities known to be
you will not conduct transactions with shell
connected with the illicit generation
banks or corporations?
of funds or legalized marijuana-related
8. Do you have policies for identifying Politically activity?
Exposed Persons (PEP’s), their family and close
j. Whether a customer claims connections
associates, and for controlling transactions with
with businesses that have no apparent
49 such individuals?
operations?
APPENDIX A: ANTI-MONEY LAUNDERING
PROGRAM QUESTIONNAIRE

k. Whether a customer is the subject of E. Transaction Monitoring

substantial tax liens or has gone through a 21. Do you have a monitoring program for unusual
recent personal bankruptcy proceeding? and potentially suspicious activity that
13. Does your compliance program identify and covers funds transfers, engaging in financial
explain the proper responses by employees transactions without significant gaming activity,
to customers and transactions that you have coordinating activity with other customers, and
reason to believe pose a heightened risk of the like?
illicit activities at or through your casino? 22. In order to identify AML concerns, do you
review daily audit summaries, logs and reports
C. Know Your Customer and Due Diligence such as Marker Summaries, Front-Money/
14. Have you implemented processes for securing Safekeeping Summaries, multiple transaction
identification for those customers whose logs, Monetary Instrument logs, check, logs,
transactions fall within the AML program? and wire reports?

15. Do you have a requirement to collect

information regarding a customer’s business F. Preventive Measures
activities and connections? 23. Do you cap “ticket-in/ticket-out” (TITO)
a. If so, under what circumstances does that redemptions at slot machine kiosks?
requirement apply, and 24. Do you cap the level of cash-for-cash
b. What steps should be taken in that effort? exchanges?

16. Do you have a process to review and update 25. Do you accept currency to purchase a casino
customer information relating to high risk check, other monetary instrument, or wire

Best Practices for Anti-Money Laundering Compliance

relationships and activities? transfer?

17. Do you complete a risk-based assessment 26. Will you issue casino checks or wires to a
to understand the normal and expected patron for an amount greater than his or her
transactions of customers? winnings? Under what circumstances?
27. Do you issue checks for winnings only in the
name of the customer?
D. Reportable Transactions
28. Do you require supervisor review of checks or
18. Do you have policies or practices for the
wires made payable to a customer’s business or
identification and reporting of transactions that
other account, or another individual?
must be reported?
29. If a patron declines to provide identifying
19. For currency reporting purposes, do you have
information when required (e.g., for CTRs), do
procedures to identify multiple transactions
you suspend the patron’s loyalty club account
that have been structured to avoid such
or bar the customer?
reporting?
30. Do you allow cash play at poker tables?
20. Do you screen customers and transactions
31. Do you accept virtual currency?
against lists of persons, entities or countries
issued by the Office of Foreign Asset Control or 50
other government authorities?
 APPENDIX A: ANTI-MONEY LAUNDERING
PROGRAM QUESTIONNAIRE

32. Do you protect customer information to prevent vi. Audit employees, including Internal Audit
social engineering, software vulnerability and/or Fraud Department employees?
exploits, and network attacks? vii. Senior gaming management, members of
the Board of Directors, Audit Committee, or
G. Employee Training Compliance Committee?
33. Is your compliance officer at each gaming 35. Do you retain records of training sessions
venue educated on the requirements of the including attendance records and the training
AML program, including suspicious activity materials used?
reporting and currency transaction reporting, 36. Do you update relevant employees on changes
and the requirements of state and federal in AML law, policies or practices?
regulators for AML compliance?
37. Do you provide training on the red flags of
34. Do you provide AML training to other relevant human trafficking, as well as financial red flags
employees? If so, does that training include: associated with human smuggling?
a. Identification and reporting of transactions
that warrant a suspicious activity report or
a currency transaction report?
b. Examples of different forms of suspicious
or illegal activity involving the casino’s
business and services?
c. Correct methods for completing currency
transaction and suspicious activity reports?
d. Internal policies to prevent money
laundering?
e. Do any of the following employees receive
AML training:
i. Those engaged in the operation of casino
games, beginning at least at the supervisor
AMERICAN GAMING ASSOCIATION

level?
ii. Casino marketing employees?
iii. Cage employees?
iv. Surveillance employees?
v. Property compliance and AML compliance
employees?

51
 AMERICAN GAMING ASSOCIATION

53