Blank Rome – Licensed gaming and other entities required to comply with the Bank Secrecy Act should be aware of this recent FinCEN enforcement action, and they must ensure that their compliance programs address the lessons outlined in this Alert.
On October 3, 2016, the Financial Crimes Enforcement Network (“FinCEN”) assessed a civil monetary penalty of $12 million against Cantor Technology, L.P. d/b/a Cantor Gaming (“Cantor”), pursuant to the Bank Secrecy Act (“BSA”) and its regulations, with which casinos are required to comply.
In addition to the fine, Cantor is required to undertake remedial compliance measures and pay $16.5 million to the Department of Justice to settle a parallel investigation (a portion of the FinCEN fine was offset by this payment).
Cantor operates race and sports books in Nevada, offers mobile gaming within Nevada, and provides gaming technology to casino customers globally. It is licensed to operate at prominent Nevada establishments, such as the Hard Rock, Tropicana, Venetian, and Palms. Its books are associated with high dollar value wagering and are popular with professional gamblers.
FinCEN determined that from the day Cantor opened for business in 2009 through 2015, it willfully violated BSA requirements by failing to: (a) implement and maintain an effective anti-money laundering (“AML”) program; (b) report certain suspicious activity; (c) report certain transactions involving currency in amounts greater than $10,000; and (d) keep appropriate records as required by the BSA and its implementing regulations.
- FinCEN Finds Cantor’s AML Program Ineffective
Although Cantor had a written AML program when it opened for business, the program was flawed in several respects. First, Cantor’s AML program did not fully take into consideration the environment it was operating in and its anticipated clientele in evaluating money laundering and terrorist financing risks. Over time, the deficiencies in Cantor’s AML program were exacerbated by its inadequacy to handle the types and volume of business Cantor was transacting—by 2014, Cantor was conducting over 30 percent of all sports wagers and processed more than 50 percent of the technology-based wagers in Nevada.
- While Cantor regularly re-evaluated its AML program, it failed to ensure that its policies conformed to its actual business practices—for example, it lacked compliance policies for accepting gaming account deposits via wire. In some instances, Cantor eliminated existing protective measures without incorporating new methods of ensuring compliance, like the deletion of a 2012 provision describing various activities or conduct that might be deemed suspicious, including when a customer transfers funds between his own wagering account and another customer’s account.
Making matters worse, Cantor was also found to have failed to properly train its employees in BSA requirements
Another aspect of Cantor’s AML compliance program that FinCEN found deficient was its handling of compliance audits. Originally, Cantor engaged an independent accounting firm to perform its BSA compliance audits. Later, Cantor moved the audit function in-house, a strategy that FinCEN concluded was ineffective because when failures were presented to management, the audits were not expanded to cover additional time periods, nor did they examine whether adequate procedures were in place to detect ongoing patterns of suspicious conduct.
Making matters worse, Cantor was also found to have failed to properly train its employees in BSA requirements and in identifying, monitoring, and reporting suspicious activity. For instance, although Cantor began operations in March 2009, it did not adopt an AML training program until 2010. Even after the training program began, it was often ignored: senior members of the compliance department, as well as its president and CEO, either received no BSA training or attended only one session from 2010 to 2013.
- Failure to File SARs
Cantor also failed to file Suspicious Activity Reports (“SARs”) on certain suspicious transactions. Some such suspicious transactions were conducted with duffel bags full of cash; others sent from out-of-state business accounts into the accounts of a professional gambler; and others were clear attempts to structure transactions to fall under reporting thresholds. Despite these red flags, Cantor did not conduct further inquiry or diligence, and it did not file SARs.
- Failure to Comply with CTR Requirements
Cantor did not comply with Currency Transaction Report (“CTR”) requirements by failing to file CTRs, or filing them late or incorrectly. In 2010, for instance, 79 incorrectly filed CTRs were found by examiners. Then, between the end of 2010 and beginning of 2011, Cantor filed at least 605 CTRs late. Finally, between 2012 and 2015, Cantor filed another 565 CTRs late, with almost 100 involving more than $100,000.
- Lack of Compliance with Record-Keeping Requirements
Cantor was also found to have violated BSA record-keeping requirements. For example, it failed to obtain or verify critical information in at least 97.5 percent of all deposit accounts opened from 2009 through 2010. Cantor’s record-keeping problems persisted over time: for instance, in response to a 2013 Nevada Gaming Control Board request for 100 account wagering applications, Cantor submitted 168 applications for approximately 94 account holders, and many of the submissions lacked requisite information. Then, in what FinCEN called “perhaps the most egregious record-keeping violation,” Cantor failed to keep proper records on its highest-volume patron, as evidenced by the patron’s completion of a wagering account application six days after a request from the Nevada Gaming Control Board, despite having been a client for over three years.
This latest gaming industry FinCEN assessment shows that AML compliance is not an abstract exercise. Here, even though Cantor had a written AML policy in place at all times, performed regular evaluations, and implemented training and auditing programs, the mere existence of such compliance measures was not enough. FinCEN’s assessment of Cantor shows that an AML policy, and related enforcement measures, must be tailored to, and revised in a way that reflects the types and volume of business being undertaken.
Procedures must conform to those business activities a gaming licensee is actually engaged with, and superfluous or obsolete measures should be disregarded. Similarly, when risk assessments are made, they should reflect the actual products and services currently being offered, and should not be unduly influenced by expectations concerning planned future developments.
Employee training must be mandated, and mechanisms should be in place to compel attendance at training programs. Finally, if BSA compliance auditing is going to be performed internally, it must be performed with the same rigor and independence as would be expected from an outside consultant, so there is sufficient follow through to rectify any failures that may be discovered.
FinCEN’s assessment of Cantor makes clear that BSA compliance programs must be more sophisticated and grounded in fact, and that simply having a policy in place is just not enough.