Something we said? Don’t leave just yet!

For more information about latest events, news and insights, leave us your email address below.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form

American Gaming Association updates its AML best practice guide

We’ve summarised the American Gaming Association’s 2022 guide to ‘Best Practices for Anti-Money Laundering Compliance.’

Shana Leyva
October 20, 2022

Operating in one of the most heavily regulated and controlled business sectors in the world, state-licensed casinos in the United States are defined as financial institutions under the Bank Secrecy Act (BSA).

As a result, the American Gaming Association (AGA), has become a leader in establishing best practice in anti-money laundering (AML) and combating the financing of terrorism (CFT) compliance systems both for the US gaming industry* and globally.

*not to be confused with online gaming, mention of the ‘gaming industry’ here references betting and casinos.

Anti-money laundering: best practices for the gaming sector

In July 2022, AGA published ‘Best Practices for Anti-Money Laundering Compliance’, as a guide to outline the post-pandemic expansion in compliance obligations for the sector. The guide also includes descriptions of red flag indicators, updated definitions and more, to provide a clearer path to instigating and monitoring best practice compliance systems.

The report’s recommendations reflect the huge changes in the gaming landscape since 2019, from a 16-fold increase in iGaming, to the growth in crypto and digital assets and changes to AML legislation in the US.

“As the methods and sophistication of financial crimes evolve, the gaming industry continues to spearhead efforts to combat money laundering,” said AGA’s vice president of government relations, Alex Costello, launching the guide.

In the 2019 update, key focus areas were Customer Due Diligence (CDD) and Know Your Customer (KYC) processes. As of the 2022 update, preventing and combatting human trafficking has become a priority area for the AGA, with the creation of their Anti-Human Trafficking Task Force.

According to the AGA, a strong culture of compliance relies on six key principles:
  1. Leadership should be engaged
  2. Compliance should not be compromised by revenue interests
  3. Information should be shared throughout an organisation
  4. Leadership should provide adequate human and technological resources
  5. The compliance program should be effective and tested by an independent and competent party
  6. Both leadership and staff should understand how their reports are used

In a post-pandemic landscape, the report examines in detail how US gaming establishments should approach managing risk and compliance in an increasingly complex regulatory environment.

Takeaways include recommendations for several areas in which gaming establishments should look carefully at their current practices to ensure that their compliance function is as effective as possible:

Risk Assessments

Risk assessments should be conducted annually, tailored to the specific characteristics of each establishment and reviewed and approved by senior leadership. Assessments should consider the nature of risk, the staff best positioned to identify and quantify risk, the key characteristics of suspicious transactions, what measures (including automation) are in place to mitigate risk, and the effectiveness of such measures.

Upon completion of the annual risk assessment, the compliance function should put into place an action plan to reduce any insufficiently mitigated risks, which may include the application of data analytics and technology. These measures can help the compliance team to pick up the tell-tale signs that differentiate licit from illicit activity.

The role of the compliance officer

In order to effectively manage risk, the BSA/AML compliance officer, along with the AML compliance function more broadly, should be vested with the appropriate authority and resources to implement the compliance programme.

This requires the compliance officer to have sufficient status in the organisation to be a member of, or be able to regularly brief, the senior leadership team, and effectively promote a culture of compliance at all levels of the organisation.

Employee training

Training materials should be updated regularly to reflect regulatory and enforcement developments. The casino’s AML overall compliance performance, as well as the compliance actions of individual employees, should be factored into the performance reviews of those employees involved with compliance.

Financial crime prevention

Casinos should consider adopting policies and procedures that are designed to deter patrons from attempting the types of transactions that have a higher likelihood of money laundering, BSA violations or other legal violations.

Such policies and procedures should be tailored to the casino’s specific business profile and customer base, geographic location, financial services offered, and product offerings.

Know your customer (KYC) processes

Procedures should detail the frequency and nature of KYC reviews. The casino’s compliance policies should be calibrated to increase scrutiny of customer play, transactional activity, and background in situations that pose greater risk of money laundering and the use of funds that may derive from criminal activity.

Transaction monitoring and regulatory reporting

The BSA requires casinos to file a suspicious activity report (SAR) if the casino knows, suspects, or has reason to suspect that a transaction or attempted transaction aggregating at least $5,000:

  • Involves funds derived from illegal activity
  • Is intended to disguise funds or assets derived from illegal activity
  • Is designed to avoid BSA reporting or record keeping requirements
  • Involves the use of the casino to facilitate criminal activity
  • Has no economic, business or apparent lawful purpose
  • Is not the sort in which the patron would normally be expected to engage, and the casino knows of no reasonable explanation for the transaction after examining the available facts

Casinos must therefore ensure they have a holistic view of patron behaviour across all business lines, including interactive gaming, and all gaming verticals. It is vital to

document investigations of suspicious activity, and decisions around filing, or choosing not to file a SAR.

Policies and procedures should include examples of a variety of potential suspicious activity to amplify team member awareness and bring to life department-specific ongoing training.

Compliance teams should also be monitoring industry news to identify relevant current examples in order to implement risk mitigation measures.

Suspicious activity report review procedures

In addition to comprehensive recommendations about reporting suspicious patron behaviour, SAR requirements encompass the reporting of suspicious activity conducted by insiders. Casinos should therefore have adequate communication lines between those responsible for employee-related investigations and disciplinary issues and the team responsible for filing SARs.

Information flow between the two will help to ensure detection of potential collusion between an employee and customer working to circumvent internal policies or practices, or an employee’s violation of casino procedures.

Audit procedures

The guide recommends periodic independent testing of the casino’s overall compliance programme as well as specific functions by qualified independent auditors.

If an establishment uses internal auditors to perform the testing, they should not have any operational responsibilities to ensure that their performance of the required audit is not seen as a potential conflict of interest. Such surveillance is typically an integral component of the casino’s AML programme.

Audits should also test the monitoring systems and how they fit into the casino’s overall suspicious activity monitoring and reporting process, and their programming methodology and algorithms to ensure the scenarios outlined are effective in detecting potentially suspicious activity.

Record keeping and retention

Records should include all reports, actions taken, staff training and testing, KYC due diligence, any action taken and any independent testing programmes, and should be retained for five years.

The full report can be found at

Discover how Napier complements AML compliance processes for regulated industries

Get in touch to see how our intelligent compliance solution can help your organisation transform your compliance while optimising customer experience; or request a demo to see it in action.

Photo by Hello I'm Nik on Unsplash

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.