Executives and staff who oversee a casino’s risk and fraud functions should be familiar with Title 31 of the federal Bank Secrecy Act (BSA), which requires casinos to put in place anti-money laundering (AML) practices. The price of Title 31 noncompliance can be substantial. Last October, for instance, Lake Elsinore Hotel and Casino in California was fined $900,000 for failing to implement an effective AML program and not filing BSA-required suspicious activity reports.
Though casinos should be aware of the risks their industry must manage, they may be less familiar with potentially costly risks associated with outside vendors. Effective vendor due diligence (VDD) is a critical component of a Title 31 compliance program – and a casino’s overall risk management strategy.
Jump to ↓
Implementing a vendor due diligence program
Best practices for vendor compliance
White paper
Adverse media screening: Harness the power of artificial intelligence to mitigate risks
Access full whitepaper ↗What is Title 31 for casinos?
Title 31 refers to the federal Bank Secrecy Act regulations, codified in the Code of Federal Regulations (31 CFR), that establish specific reporting requirements for casinos to implement anti-money laundering programs, including identifying and reporting suspicious transactions over $10,000 through currency transaction reports.
This assists the Financial Crimes Enforcement Network of the Internal Revenue Service in uncovering money laundering, wire transfers linked to criminal activities, and other financial crimes.
Casinos must maintain comprehensive compliance programs with employee training, designated compliance officers, and internal controls to prevent financial crimes and terrorist financing through gambling establishments.
Now, Title 31 doesn’t specifically address vendor relationships. But it does require casinos with a gross annual gaming revenue of $1 million and higher to implement BSA regulations to prevent money laundering and other financial crimes. In that sense, Title 31 treats casinos as financial institutions.
Vendor relationships create risks. Accordingly, the BSA requires financial institutions—and casinos—to meet risk-mitigating provisions regarding third parties, including vendors. These requirements involve:
- Conducting due diligence and risk assessment of a potential vendor
- Generating thorough documentation regarding why a vendor was chosen
- Monitoring and documenting vendor activities throughout the business relationship
- Filing BSA-mandated suspicious activity reports (SARs), especially for large jackpots that require the collection of a winner’s social security number and proper identification
All this is essential because vendors are potential perpetrators of risk and fraud. Without proper oversight, casinos may face overbilling, collusion between employees and vendors, and noncompliance with AML regulations, among other risks.
Vendors and FinCEN
The federal government established the FinCEN of the IRS in 1990 to combat money laundering, terrorist financing, and other financial crimes. FinCEN issues regulations, guidance, and enforcement actions to ensure compliance with the BSA (and, by extension, Title 31).
Vendors involved in financial transactions or that have access to sensitive business and consumer data need to comply with these regulations. If a casino vendor is out of compliance, the casino itself could be at risk of penalties. Vendors that handle cash-out processes or facilitate withdrawals for patrons require particularly thorough screening, as these transactions present heightened money laundering risks.
Implementing a vendor due diligence program
A risk-based approach to vendor due diligence involves assessing the level of risk associated with each vendor and transaction, then applying appropriate levels of due diligence. In this approach, casinos allocate resources of time and money where the possibilities of fraud are the highest.
To evaluate these risks, casinos can implement a system of risk scoring. This is a framework for categorizing vendors by risk level (high, medium, low) based on factors such as transaction volume, access to funds or data, geographic location, and service type. Risk scores can help casino decision-makers understand the likelihood and potential impact of various risks.
Vendors requiring particular scrutiny include gaming equipment providers, maintenance companies, IT firms, and food and beverage suppliers. Several factors make these outside parties higher risk:
- They are critical to the successful operation of the casino, and they’re often difficult to replace
- They often have access to sensitive operational data, which could put that information at risk of being stolen
- They are typically responsible for the casino’s highest non-labor costs, thus requiring closer monitoring of billing patterns
Evaluating vendor risks
A strong Title 31-focused vendor due diligence program begins with evaluating vendors before onboarding. It’s tempting for any business to focus on price. But from a risk management perspective, it’s potentially dangerous. They often have access to sensitive operational data and computer systems, which could put that information at risk of being stolen or compromised, potentially leading to issues with regulatory authorities.
To mitigate that danger, a casino can create standardized VDD procedures before onboarding vendors. These procedures typically include:
- Developing comprehensive vendor questionnaires that capture risk-relevant information
- Requiring vendors to certify compliance with AML regulations
- Establishing clear contractual clauses for audits and information requests
- Requiring higher-level approval for higher-risk vendors
For higher-risk vendors, casinos should consider conducting enhanced due diligence. This is a more thorough and painstaking level of background investigation of higher-risk business relationships and transactions.
Another key best practice is verifying vendor information through independent sources. Thorough VDD investigations should verify the vendor’s licensing, beneficial ownership, and performance history. It could also include screening for adverse media coverage and sanctions, which could reveal risks of working with a particular vendor.
Best practices for vendor compliance
Robust vendor due diligence is essential to protecting a casino’s reputation, financial stability, and operational integrity. This makes it crucial for casino risk and fraud officials to follow best practices for vendor compliance.
Once a casino has onboarded a vendor, it should monitor transactions as well as the quality of services or products the vendor provides. Monitoring protocols would include conducting regular review schedules and watching for multiple transactions that might be structured to avoid reporting thresholds. A rule of thumb for such reviews is quarterly for high-risk vendors, annually for lesser-risk vendors.
Strengthening recordkeeping requirements such as these helps reduce potential conflicts of interest or gaps in internal controls. Employees involved in vendor contracts should understand compliance requirements before negotiations begin.
After vendor onboarding, casino staff need to be alert to internal red flags such as questionable purchase patterns by a department or an employee. Another warning sign is an underperforming vendor that continues to receive payments for large invoices.
Casinos seeking to implement a robust monitoring program should consider these practices:
- Subscribing to automated adverse media and sanctions screening services
- Conducting periodic re-verification of ownership structures and beneficial owners
- Setting up alerts for unusual transaction patterns or changes in vendor behavior
- Documenting all monitoring activities involving regulatory compliance, including audit trails of vendor screening activities, reviews, and approvals
- Conducting scenario-based training for employees using real-world examples (such as the Lake Elsinore case)
Implementing best practices like these not only protects a casino’s operations. It can create a competitive advantage because it demonstrates to regulators, vendors, and even customers that the casino is rigorously committed to integrity and transparency.
Combining expertise with next-generation tools
With the right partners, casinos — more so than other entertainment venues — can leverage their current advantage of longtime data gathering and analysis about their clientele and combine that with next-generation risk management tools that can integrate with them.
To help ensure their compliance with Title 31 of the BSA, casinos need digital investigative tools that can help them perform thorough due diligence on potential vendors – and monitor third parties with which they currently do business. Such a tool should have access to current, reliable data. This allows casino risk and fraud teams to easily identify and analyze a vendor’s background and ownership.
Disclaimer
Thomson Reuters is not a consumer reporting agency, and none of its services or the data contained therein constitute a ‘consumer report’ as such term is defined in the Federal Fair Credit Reporting Act (FCRA), 15 U.S.C. sec. 1681 et seq. The data provided to you may not be used as a factor in consumer debt collection decisioning, establishing a consumer’s eligibility for credit, insurance, employment, government benefits, or housing, or for any other purpose authorized under the FCRA. By accessing one of our services, you agree not to use the service or data for any purpose authorized under the FCRA or in relation to taking an adverse action relating to a consumer application.
