Don’t Roll the Dice: FinCEN Assesses Significant Penalties on Regulated Entity for Failing to Implement a Comprehensive AML Compliance ProgramThe U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) imposed a civil money penalty of $12 million against a Nevada based casino, CG Technology, L.P. (CGT) for alleged violations of the Bank Secrecy Act (BSA) on October 3, 2016. This action continues FinCEN’s recent trend of aggressive expansion and enforcement of anti-money laundering (AML) regulations and the BSA, and sends a clear message that regulated entities must implement comprehensive AML compliance programs in order to avoid running afoul of AML regulations.

What is an AML compliance program?

The BSA, among other things, requires certain regulated entities, including financial institutions, to develop and implement AML compliance programs reasonably designed to assure and monitor compliance with the BSA and its implementing regulations. At a minimum, a financial institution’s AML compliance program must include:

  • A system of internal controls to ensure ongoing compliance;
  • Independent testing of AML compliance;
  • Designation of an individual or individuals responsible for managing BSA compliance;
  • A comprehensive training program for appropriate personnel; and
  • A customer identification program.

How did CGT’s AML compliance program violate the BSA?

FinCEN determined that CGT, which operates a race and sports betting operation in Nevada and provides gaming technology to casino customers globally, willfully violated the BSA by failing to (1) implement and maintain an effective AML compliance program, (2) report suspicious activity, (3) report certain transactions involving currency in amounts greater than $10,000, and (4) keep appropriate records as required by the BSA and its implementing regulations.

Significantly, among other things, FinCEN also identified the following specific deficiencies in CGT’s AML compliance program:

  1. Failure to fully take into consideration the environment it was operating in and the potential AML risks associated with CGT’s business model;
  2. Failure to ensure that its AML program policies conformed to its actual business practice (g., accepting gaming account deposits via wire transfer);
  3. Failure to properly train its employees on BSA requirements; and
  4. Failure to implement proper audit, monitoring, and reporting procedures.

In sum, although CGT had an AML compliance program, it was not reasonably designed to detect and prevent illicit activities.

Lessons from the CGT enforcement action?

The latest FinCEN enforcement action makes it clear that what constitutes a proper AML program is different for each financial institution. Regulated entities must thoroughly consider—and re-evaluate—the environment around them to account for specific risks and develop a sound AML compliance program. It is not enough for regulated entities to simply have an AML program–the program must be tailored to an entity’s current business model. To that end, risk assessments must be structured to include a realistic assessment of products and services currently offered, customer demographics, and recent trends in suspicious activities. In addition, a comprehensive training program for appropriate employees must be developed and include periodic training and mechanisms to compel attendance of periodic training. Finally, AML program compliance auditing, whether performed internally or externally, must be performed in a thorough and independent manner.

In sum, FinCEN’s evaluation of CGT’s AML compliance program demonstrates that simply having an AML compliance program is not enough to avoid scrutiny. It is clear that regulators expect financial institutions to regularly take a hard, self-imposed look at their policies and procedures, and make appropriate adjustments in order to proactively ensure BSA compliance.