On June 28, 2024, the Financial Crimes Enforcement Network (FinCEN) announced a proposed rule to strengthen and modernize financial institution’s anti-money laundering (AML) and countering the financing of terrorism (CFT) programs. Per the addendum fact sheet, this proposed rule is a result of the AML Act's significant reforms and will lay the foundation of a multi-year implementation of the AML Act.  

Today, we’ll dive into the general provision changes and the new proposed program requirements for casinos.  

Giving BSA Purpose

As part of the proposed rule, § 1010.210 on Anti-Money Laundering Programs, a purpose statement has been added stating programs should be effective, risk-based, reasonably designed, and may include innovative approaches.  

“(a) The purpose of this section is to ensure that a financial institution implements an effective, risk-based, and reasonably designed AML/CFT program to identify, manage, and mitigate illicit finance activity risks that: complies with the Bank Secrecy Act and the requirements and prohibitions of this chapter; focuses attention and resources in a manner consistent with the risk profile of the financial institution; may include consideration and evaluation of innovative approaches to meet its AML/CFT compliance obligations; provides highly useful reports or records to relevant government authorities; protects the financial system of the United States from criminal abuse; and safeguards the national security of the United States, including by preventing the flow of illicit funds in the financial system.”

FinCEN further defines its encouragement of innovative approaches in section 27:

“(27.) The proposed rule encourages the consideration of innovative approaches to help financial institutions more effectively comply with the BSA and FinCEN’s implementing regulations, and provide highly useful information to relevant government authorities.  These approaches can include the adoption of emerging technologies, such as machine learning or artificial intelligence, that can allow for greater precision in assessing customer risk, improving efficiency of automated transaction monitoring systems by reducing false positives, or reducing overall costs and improving commercial viability with certain customer types and jurisdictions.”

The concept of a risk-based program and the FinCEN’s support of innovation are not new concepts. These concepts have been included in FinCEN guidance for years and considered best-practices for the AML industry. The inclusion of this language in codified regulation (CFR 31) elevates them as required expectations now. And the explicit encouragement of adopting machine learning, artificial intelligence, and other emerging technologies is also codified in CFR 31. All the following amendments flow from these new requirements to establish an effective, risk based, reasonably designed, and innovative AML/CFT program tailored to the risk profile of your organization.  

What’s New for Casinos?

AML Expanded: AML/CFT

First and foremost, FinCEN is explicitly clear: AML now includes counter-financing of terrorism (CFT) CFT. This expanded definition is used 582 times throughout the proposed rule document. The interesting aspect of CFT is that it’s the opposite money flow of AML and requires the opposite analysis of suspicious activity. Money laundering is primarily about obfuscating the source of the money while terrorist financing is about obfuscating the destination of the money. In terrorist financing the source, most of the time, is from a completely legitimate source, but the destination is to a terrorist network. The means your AML analysis should now include both AML and CFT analysis and monitoring.  

To make this emphasis on AML/CFT clear, FinCEN went as far as changing the title of the rule from “§ 1021.210 Anti-money laundering program requirements for casinos” to now be ““§ 1021.210 Anti-money laundering program requirements for casinos.”  Now it is “§ 1021.210 AML/CFT program requirements for casinos.”

The specific requirements around the new CFT focus is not yet clear.  Generally, the AML Act states throughout that its purpose is to modernize and make financial institutions more effective at countering money laundering and terrorism financing. CFT has always been a side part of this conversation but the new dual focused approach to compliance programs is finally being reflected in regulation. Time will tell what this means from ongoing guidance, regulatory examinations, and any new proposed rules.

Effective, Risk-Based & Reasonably Designed

“Effective”, “risk-based” and “reasonably designed” are terms in which everyone in the AML business should get comfortable. These terms are prioritized in the first sentence of the new AML/CFT purpose statement and referenced 59 other times throughout the proposed rule, including the in the casino section.  

“A casino must establish, implement, and maintain an effective, risk-based, and reasonably designed AML/CFT program.”

Formalizing the Risk Assessment

Casinos no longer have to rely on a 10+ year old advisory for how to formulate their risk assessment. The amended program requirements set out what should be standard as part of every risk assessment. The assessment must serve as the basis for the program and the process must identify, evaluate and document all illicit and terrorist financing risks. As was always considered best practice, the assessment should be updated on a periodic basis and whenever there are material changes – meaning  whenever there are updates to any of the casino’s products, services, distribution channels, customers, intermediaries, and geographic locations. Casinos are constantly innovating, adding cashless wallets, digital markers, new types of games and a myriad of other services to entice customers. BSA officers should be included at the onset of any of these proposed changes so that they can get ahead of the AML/CFT risks associated with them and ensure the casino is in compliance with their Title 31 obligations.  

Required Board Oversight

The other very notable and new requirement is that the approval and ongoing oversight of the AML/CFT program must be documented and approved by the board of directors or equivalent governing body. While this board approval has been best practice for many operations, it was never specifically required outside of culture of compliance guidance. If a casino’s BSA officer doesn’t have a direct reporting line to the governing body of the casino, it is best to start now. That line should involve regular reporting on the state of the AML/CFT program.  

What’s Different?

Let’s start this section with what is no longer present. “(vi) For casinos that have automated data processing systems, the use of automated programs to aid in assuring compliance.” This will be removed from the amended language. According to the document, there is no elimination of any requirement to comply with the BSA and frankly, if we are to use “all available information” which is still part of the regulation, it is a very tall task without automated systems.  

The rest of the language makes minor but impactful updates to some of the existing pillars.

Innovative Controls

The system of internal controls section has received a healthy face lift, noting that those controls must be reasonably manage and mitigate risks identified in the assessment. Another key term that is relevant throughout the AML Act, the proposed rule and in this section is “innovative”. Commensurate with a casino’s risks, a program should take innovative approaches to help meet compliance responsibilities. This idea of innovation removes any notion of a “check the box” approach to compliance. If new risks or new typologies emerge that aren’t adequately mitigated by existing controls, it is on the institution to find ways to still meet their BSA obligations.  

“Qualified” Testing

Assumed but never codified in regulation, gaming institutions don’t just need to receive independent testing periodically, but the testing must be from qualified parties (whether internal or external). This has always received some scrutiny in IRS BSA examinations but with this update, it’s expected that scrutiny will increase. If the Internal Audit department is conducting periodic reviews, institutions must be able to answer the following question effectively: What kind of training, experience and knowledge related to BSA obligations does the department have? The same question must also be asked of any external examiners. Not every CPA firm is qualified for an AML audit. Do the personnel conducting those audits have the training and necessary experience specific to both AML and, importantly, the gaming industry? And is that training and experience sufficient enough to be able to test the systems and controls that have been put into place?  

The gaming industry in general still needs a lot of attention from FinCEN and the U.S. Department of the Treasury, including updates and clarifications to address the many risks identified in the National Money Laundering Risk Assessment. This latest round of amendments is certainly an interesting start that will lay the groundwork for everything that the Treasury and FinCEN have planned.  

‍

ABOUT KINECTIFY

Kinectify is an intelligence and risk management technology company serving gaming operators in the US and Canada. Kinectify's modern AML and Responsible Gaming platform empowers clients to efficiently manage risk with real-time intelligence so they can focus on growing their businesses instead of being bogged down by compliance. In addition, Kinectify's advisory services enhance gaming operators' capacity with industry experts who can design and test programs, meet compliance deadlines, and even provide outsource services for the day-to-day administration of compliance programs.

To learn more about Kinectify and book a demo, click here.