When a patron enters your casino or gaming establishment and exchanges cash for chips or visits the cashier to cash out at the end of the night, they likely have no idea how much reporting and surveillance is happening behind the scenes to discover and prevent illicit financial activity.
$100 spent on slot machines isn’t likely to raise any eyebrows, but as dollar amounts climb and potential red flags start appearing, it’s your casino’s responsibility to root out and report on any suspicious activity. Failing to uphold that duty can result in heavy financial penalties.
In the article below, we discuss a recent $140 million civil money penalty assessed by the Financial Crimes Enforcement Network (FinCEN) and the Office of the Comptroller of the Currency (OCC) against USAA Federal Savings Bank (USAA FSB) for “for willful violations of the Bank Secrecy Act (BSA) and its implementing regulations.”
Keep reading to find out what the bank did wrong, why it matters to casino and gaming leaders, and how to keep your establishment from facing a similar fine.
When initially signed into law in 1970, the Bank Secrecy Act (BSA) was focused on anti-money laundering (AML) efforts at traditional financial institutions, like banks and credit unions. However, following a hearing in front of the United States Congress, the reach of the BSA was expanded to include casinos and other gaming institutions. More recently, the Anti-Money Laundering Act of 2020 (AMLA) introduced sweeping reforms to anti-money laundering regulations, impacting many organizations within the gaming industry.
Today, casinos and gaming organization have just as much responsibility as banks or other traditional financial institutions to combat money laundering, the funding of terrorist activity, and other financial crimes. Put simply, the mistakes made by USAA FSB could be made just as easily by a casino and the financial penalty could be just as steep.
Between January 1, 2016 and April 30, 2021, USAA Federal Savings Bank underwent “tremendous growth” as a financial institution, according to the FinCEN consent order imposing the civil money penalty. However, the bank did not effectively grow its AML compliance program to match.
According to the consent order, the OCC informed USAA FSB that there were “significant problems” with its AML program since at least 2017. In response, USAA FSB committed to overhauling its AML program by March 31, 2020. However, the bank failed to make adequate progress by that deadline, and a subsequent amended deadline of June 30, 2021.
This lack of compliance resulted in a $60 million civil money penalty against the bank by the OCC and an additional $80 million from FinCEN.
This list should look familiar to casino and gaming organization leaders. Under Title 31, casinos are beholden to the same AML program requirements as banks and other financial institutions.
Of the five program requirements stated above, USAA FSB did not meet four to a satisfactory level of compliance: internal controls, independent testing, training, and customer due diligence.
According to the consent order, USAA FSB’s internal policies, procedures, and controls in 2017 were “rudimentary” and weren't robust enough to address the AML risks it faced. While there was some improvement over time, the bank still did not develop internal policies, procedures, and controls that would meet the minimum requirements of the BSA. The BSA/AML compliance department was also understaffed and the bank relied on third-party contractors to complete AML-related work. However, USAA FSB did not ensure these third-party contractors were properly trained or possessed the qualifications or experience to do the work to BSA standards.
Despite needing an estimated 178 permanent, full-time positions to fully staff its AML compliance department, the bank failed to hire enough personnel. As stated in the consent order, the bank had 62 vacant positions, including the head of the bank’s financial intelligence unit (FIU) as of early 2021.
With regards to independent testing, the USAA FSB relied on an internal audit team to conduct enterprise-wide independent testing of its AML program during the aforementioned time period. While a 2016 report found the bank’s BSA compliance was satisfactory, later reviews found this report to be deficient and had failed to recognize “numerous weaknesses” identified during that same time period.
Ongoing AML training was also an issue. As previously mentioned, USAA FSB failed to properly ensure third-party contractors had the training required to do AML-related work to BSA standards. This failure also extended to its ongoing training program, which was not tailored to the bank’s risk profile and suspicious activity typologies, while also lacking information on what constituted potential suspicious activity.
When it comes to customer due diligence, according to the consent order, USAA FBS’s policies were deficient in this area as well. Information obtained from customers when they opened accounts was insufficient to “assess a customer’s risk and support effective suspicious activity monitoring,” resulting in a flawed customer risk score model. This missing data also resulted in arbitrary assignment of risk sub-scores for risk factors where member data was missing. All in all, the lack of data and incorrect customer-risk scores hindered the bank’s ability to perform investigations into alerted activity and form informed conclusions regarding potentially suspicious actions.
According to the consent order, at least 3,873 suspicious activity reports were never filed as a result of the bank’s AML failures.
The $140 million civil money penalty leveled against USAA FSB came as the result of several years of negligent compliance policies and a notable lack of AML program improvement over that time period. When given the chance to overhaul and revamp their policies to become compliant, the bank did not.
If you have fears or anxiety about your own organization's AML compliance, now is the time to act. Ensuring your organization’s training program meets the requirements of the BSA and the more recent AMLA, and that your employees have the training they need to successfully spot and combat money laundering and other financial crimes, is the first step to full AML compliance.
To support AML compliance and training at your gaming organization, Vector Solutions offers online casino training, gaming compliance and safety solutions, as well as a gaming-specific course catalog of nearly 150 online training courses. Beyond AML compliance, our courses also include customer service, sexual harassment awareness and prevention, responsible gaming awareness, as well as safety, cybersecurity, HR and leadership courses, all hosted in our powerful Learning Management System, Vector LMS for Casinos.
Vector Solutions for Casinos has been in the industry for over 10 years, as the leading Saas provider for online Title 31 and Anti-Money laundering training, helping clients meet federal mandates for reporting certain currency transactions to uncover money laundering and other financial crimes. Over the years we have built a comprehensive gaming-specific course catalog containing nearly 150 online training courses from Customer Loyalty, to Safety, Leadership Training and more, all hosted in our powerful Learning Management system, Vector LMS (formerly CELEXA, a Casino Essentials brand).
We proudly serve over 350 casinos nationwide. Vector LMS for Casinos is trusted by Boyd Gaming, Jack Entertainment, Bally’s Corporation, Four Winds Casinos, Wind Creek Hospitality, Desert Diamond Casinos, Muscogee Creek Nation Casinos, Delaware North Casinos, & Foxwoods Resort Casino and more! Our learning management system, Vector LMS for Casinos, is the most user-friendly platform on the market.