By Allen Molnar, Karl Sleight (@KSleight_HB) and Christopher W. Hinckley (@Chinckley_HB)
If Past Is Prologue: What Casinos May Expect From FinCEN
“Drilling Down” to determine the real parties-in-interest, and their source of funds, has become a primary concern of the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) in its efforts to combat money laundering. Mandatory due diligence requirements for racing/gaming operations reportedly are being developed by the agency, but, based on final regulations recently issued for traditional financial institutions, the direction of FinCEN’s eventual casino rules even now can be reliably anticipated.
The authors here shall briefly review how FinCEN developed “third party” due diligence requirements for traditional banks, will note how differences between the operations of banks and casinos will require rules specifically tailored for the gaming industry, and shall consider how FinCEN’s prospective rules for casinos may affect their interaction with junket operators and junket patrons.
The Banking Precedent
Conducting due diligence on undisclosed principals or “beneficial owners” of legal entities (such as corporations and partnerships) seeking financial services was the single most problematic area for the banking industry to deal with when FinCEN announced proposed rulemaking on March 5, 2012. Questions left open by the agency’s announcement included (1) what amount of ownership would trigger, or be the threshold for, having to vet an individual owner; (2) how intrusive would the required due diligence questions be; and (3) would the results of such inquiry need to be memorialized in a file subject to regulatory review? Concerns also were raised about possibly having to identify all those having an interest in subaccounts maintained by a bank’s immediate institutional customer, such as a trust, and how would conflicts be resolved between any regulatory “need to know” and the privacy laws applicable to an undisclosed principal in her or his home jurisdiction.
Following two and half years of industry feedback and agency response, final anti-money laundering (AML) rules for banks were issued August 4, 2014 and became effective in October of that year. On the much – debated questions about performing due diligence on the undisclosed principals of legal entity customers, FinCEN concluded:
- Anyone and everyone seeking to open an account for a “legal entity” must complete a prescribed form of certification containing the following information:
- Does the legal entity have one or more participants owning at least a 25 percent share?
- If so, the full name, permanent address and Social Security number must be given for each US person; if the 25 percent owner is a foreign citizen then the name, permanent address, passport number and country of issuance or (other similar identification number) must be given.
- In addition, similar information must be given for one designated person having significant managerial responsibility for the legal entity customer (even if that person is not an owner, or owns less than 25 percent).
Banks provided with this information must take the additional step of independently verifying that all persons identified on these certifications actually exist under the names and addresses given (a task which may include reference to any popular database).
The completed certifications and all related verifying information independently collected by banks – including a description of what methods were used to perform the verification – must be retained for at least five years following closure of the customer’s account. All such data is subject to regulatory inspection.
A “Tailored” Approach For Casino Operations
The way banks operate makes it effortless for them to determine when further AML due diligence is needed on otherwise undisclosed parties-in-interest. Any individual wishing to open an account or secure financial services on behalf of a “legal entity” necessarily self-discloses; just asking to start a corporate checking account or engage partnership payroll services automatically alerts bank personnel that FinCEN’s certification inquiry procedures need to be pursued.
Not so for casinos. In the normal course, gaming establishments interact only with their immediate patrons, individuals who literally may walk off the street onto a gambling floor and begin participating with the presentation of cash. The basic dynamic does not allow for completion of a certification or other realistic “onboarding” procedures such as are unremarkable second-nature experiences at traditional financial institutions. It is possible that FinCEN may propose capturing information on real-parties-in-interest or sources of a patron’s funds at various “attachment points” when an individual needs to consult with “the house,” such as in arranging wire transfers or collecting winnings over a reportable amount. That aspect of FinCEN’s current initiative in drafting AML rules for casinos is beyond the topics to be addressed here. However, there indeed is an ongoing facet of casino operations which already has been identified as a higher risk category warranting further regulatory oversight appropriate for discussion, and that is how gaming establishments interact with junket operators and junket patrons.
Junkets: Who are We Dealing With and Whose Money are They Playing With?
FinCEN already has considered the implications of junket operations, as well as direct forms of “third party betting,” and increasingly has voiced concern over their money laundering vulnerabilities. See, for example, FIN-2012-G004, “Frequently Asked Questions/Casino Recordkeeping, Reporting, and Compliance Program Requirements” (August 13, 2012); FinCEN Letter to American Gaming Association Regarding Third-Party Betting (December 24, 2014). Should FinCEN employ a methodology for developing mandatory casino rules similar to what it followed for conventional banks then it is likely the agency will collect and codify its prior guidance in a unified set of regulations while at the same time “tweaking” or supplementing such prior guidance with new requirements.
In particular, it can be expected that FinCEN will start by taking various pieces of guidance issued to casinos over prior years, each touching upon some different aspect of patron due diligence, and shall assemble them in a single regulatory set covering all scenarios in which enhanced due diligence of patrons or their representatives (junket operators) is warranted. See, FIN-2009-G004 FAQs/Casino Recordkeeping, Reporting and Compliance Program Requirements (September 30, 2009)(Questions 20, 22); FIN-2010-G001 Guidance on Obtaining and Retaining Beneficial Ownership Information (March 5, 2010); FIN-2012-G004 (noted above); FinCEN Letter (also noted above).
The upshot of such effort likely will find casinos required to follow practices already part of most self-designed risked-based compliance programs, with new twists, as noted below:
- Patron identification data will need to be collected as a matter of course on:
- Junket operators
- Junket patrons
- That data shall include at a minimum for individuals: full name, permanent address, Social Security number (for US persons) or passport information (number and country of issuance)(for non US persons)(“Personal Data”).
- For junket operators which are formally organized business associations: the same items as required of “legal entity” customers at banks (that is, Personal Data of owners holding at least a 25 percent interest, and of a designated person having significant managerial responsibility).
- Identifying data for junket patrons will be required in all instances, even where there is no financially-linked triggering event such as establishment of a front money account, wire transfer authorizations, implication of amounts equaling US$10,000 or more, etc. This is especially so that “Politically Exposed Persons” may be identified even when amounts associated with their gaming activity remain below reportable thresholds. For a variety of reasons the identifying data for junket patrons may be collected in the first instance by junket operators, and then relayed to casinos with an appropriate certification. Placing the initial collection obligation on junket operators will help alleviate issues arising from the inability of casinos to employ popular search engines in attempting to independently verify the identity of persons from certain countries, such as China, where online facilities and their content may be heavily restricted or prohibited.
- The form of certification will mimic the prescribed document issued by FinCEN for banks in August 2014 (see the attached example), with internal references changed to make the item referable to junkets and their patrons rather than to “legal entity” customers.
FinCEN proved itself open to industry comment during the development of mandatory AML protocols for traditional financial institutions, and there is no reason to believe it will not do so given the unique operating environment of casinos. Gaming interests are well advised to assess how likely changes to the due diligence procedures for junket operators and patrons may affect their businesses, and to promptly advise the agency of concerns, either through direct contact or through industry associations.