Nytt Casino Bank Id
About Swedish BankID
The debit cards in use at Jackpot City include Maestro and Visa Electron. Players who prefer to fund their accounts using bank transfers can use the services of Instant EFT, Instant Banking or Boleto Bancario among other bank transfer options. A player can use Visa and MasterCard credit card to withdraw and deposit funds at Jackpot City casino. Best Pay By Phone Bill Casinos 2020 - Learn how you can use your phone bill or credit to make a real money deposit at great online casinos. Learn more here! Swedish BankID is a personal and easy method of secure electronic identification and signing on the Internet. Individuals who have a Swedish personnummer (Swedish national identification number) can obtain Swedish BankID through their bank. A BankID has the same value and is used the same way, regardless of the bank that issued it.
Swedish BankID is a personal and easy method of secure electronic identification and signing on the Internet.
Individuals who have a Swedish personnummer (Swedish national identification number) can obtain Swedish BankID through their bank. A BankID has the same value and is used the same way, regardless of the bank that issued it. BankID may be issued to persons over 18 years, but several banks also give BankID to persons under 18 years.
Swedish BankID clients exist for desktop (Windows or macOS) and mobile devices (Mobile BankID on Android or iOS).
The banks issuing Swedish BankID
The banks issuing BankID to private individuals are Handelsbanken, SEB, Swedbank, SkandiaBanken, Länsförsäkringar Bank, Danske Bank, Sparbanken Finn, Sparbanken Gripen and Ikano Bank. Together, these banks have more than 5.6 million Internet customers who have the option of using their BankID in more than 300 different service applications.
Integrating with Swedish BankID through Signicat
Signicat has an integration with Swedish BankID and delivers this, as well as a vast amount of other integrated methods, through a single point of integration. For our customers, this means shorter time to production and time saved integrating and maintaining the integrations with one or several identity providers. Through the single point of integration, one will get access to Signicat’s wide portfolio of integrated ID methods; not only Swedish BankID, but also other services like identity paper verification and lookups.
Digital onboarding
Swedish BankID can be used for digital onboarding of a user, through user identification. The ID method can be used as a stand-alone method or in combination with other services provided by Signicat to verify an identity, such as identity paper verification and lookups.
Use case
In order to become a customer, you first have to register. During this digital onboarding process, you can choose to use Swedish BankID, among others, as an ID method to register as a user for the first time.
NOTE: If Swedish BankID is used for user onboarding, it is not allowed to issue alternative credentials (also known as ID switch). So if Swedish BankID is used for the initial user onboarding then Swedish BankID should also be used for all subsequent authentications.
Screenshots
Authentication
When the user has completed the digital onboarding process, Swedish BankID can be used for authentication by verifying an existing user’s identity. Getting started guides for authentication with the different Signicat Connect authentication protocols can be found here.
An authentication will result in a type of response that will depend on the type of authentication protocol used. See the Result section for an example.
Use case
As a registered customer with a bank, you will be able to apply for a loan. To be able to log in to your bank, you have to authenticate to prove your identity. Swedish BankID can be used for authentication, the same way it can be used for registering as a new customer.
Screenshots for desktop
Screenshots for mobile
The user provides their personnummer (Swedish national identification number) and security code using the BankID säkerhetsapp on their mobile phone or tablet.
Alternatively, Signicat offers the ability to use the Mobilt BankID app to scan a QR code that is displayed on a different device (such as a desktop PC). This replaces the need for providing a personnummer and enhances the security of the authentication process, as both the user and the web browser that the code is scanned from need to be in the same place.
Result
An example of an OpenID Connect response when Swedish BankID is used for authentication can be found here. The OIDC result will be the same regardless of whether it is Swedish BankID or Swedish Mobile BankID optimized for in-app that is used during authentication. See more about the in-app solution here.
Electronic signing
For electronic signing of documents, Swedish BankID can be used in two ways; Authentication-based signing or third-party signing.
The first alternative, authentication-based signing, is Signicat’s own signing solution and supports the use of any type of authentication method provided by Signicat. Swedish BankID as an authentication method is used for this alternative, where the authentication result is reused for signing. It will ensure a unified output format in accordance with EU specifications as well as a scalable, responsive signflow supporting all modern device standards and window sizes.
The second alternative, performing native signing with Swedish BankID as a third-party method, is Swedish BankID’s native signing support. It will not follow the same output formats and cannot be guaranteed to support responsive signflows nor necessarily support all of the same signing functionalities as the authentication-based alternative. Swedish BankID natively supports signing of text documents in the BankID säkerhetsprogram (BankID Security Application). The technical requirements are that your text document is UTF-8 encoded and doesn’t exceed 100 KB. Control characters such as TAB and CR LF are allowed. This file is a text document which is within the 100 KB limit: Example text document
The signing result will, regardless of the alternative chosen for signing, result in a PAdES (PDF Advanced Electronic Signature) consisting of one or more signed documents (XAdES, implemented as LTV-SDO). See the Result section for signing result examples.
For more information about getting started with electronic signing, the different signing methods and more, please see this page for the signing documentation.
Use case
With Signicat Signature you can use Swedish BankID to sign (as well as view or upload) one or more documents, such as loan applications or contracts. Signing with authentication-based signing will allow you to sign all documents at once, while third-party signing will require you to sign the documents one at a time.
Screenshots for desktop
The screenshot illustrates authentication-based signing and third-party signing when using Swedish BankID. In both flows, there are two documents for signing, ‘Letter of intent’ and ‘Contract details’, as well as one document for viewing only, ‘Information about Signicat’.
Authentication-based signing
Third-party signing
Screenshots for mobile
The screenshot below illustrates the signature process for Mobile BankID.
Signing with Swedish BankID also supports the scanning of a QR code in order to perform the signature process. Please contact support@signicat.com in order to have this functionality configured.
Result
The signing result will produce a PAdES (PDF Advanced Electronic Signature) consisting of one or more signed documents (XAdES as LTV-SDOs).
Authentication-based signing
An example of an LTV-SDO as a signing result, with authentication-based signing and Swedish BankID as the authentication method, can be found here.
An example of a PAdES as a signing result, with authentication-based signing and Swedish BankID as the authentication method, can be found here.
Third-party signing
An example of an LTV-SDO as a signing result, with third-party signing and Swedish BankID as the authentication method, can be found here.
An example of a PAdES as a signing result, with third-party signing and Swedish BankID as the authentication method, can be found here.
How to get started with Swedish BankID
In order for Signicat to set up a new solution with Swedish BankID, there are two pieces of information the customer must provide before Signicat can start the process:
- A preferred BankID bank. If the customer does not have a preferred BankID bank, Signicat will select an issuing bank.
- A display name for the BankID app.
The customer then signs an agreement with Signicat AS, which enables Signicat to have a Relying Party certificate (Förlitandepartcertifikat, or FP-certifikat) issued on behalf of the customer. Signicat is an official BankID broker, approved by Finansiell ID-Teknik in Sweden.
Signicat will then install the Relying Party certificate in the customer’s service. No further input is normally needed from the customer.
Certificate information
Relying Party Certificate
The Relying Party certificate (Förlitandepartcertifikat, or FP-certifikat) is used to identify a service provider offering BankID. It is intended to secure communication to and from said service provider. It does not store any personally identifiable information.
Please note that the Replying Party certificates created by Signicat cannot be used outside of Signicat’s solution, i.e. not in applications that do not use Signicat’s cloud service. If a certificate without this limitation is desired, please see our documentation on how to get started with Swedish BankID through an agreement with a BankID bank.
BankID e-identity for private persons
Personal BankID certificates are usually accessed via an app on the end-user’s phone. In a few cases, they are stored on a smartcard or on a file on the end-user’s computer.
Several Swedish banks are capable of issuing BankID e-identities for private persons. Such identities roam across banks.
Test information
Signicat offers 24/7/365 free access to the test environment at preprod.signicat.com.
Certificates for test users
If you already have a certificate for production BankID, you can log in to https://demo.bankid.com and issue test certificates as explained below. This is also possible using an existing valid test certificate.
Prepare a name and personnummer (Swedish national identification number) for the test users you would like to create. The personnummer should be a valid combination of 12 digits. You can use www.personnummer.nu to create a valid personnummer for Sweden. Please see the next paragraph of how to obtain a Swedish personnummer . You will get a number in this format: YYMMDD-XXXX. You will have to change this to YYYYMMDDXXXX. If you do not have a Swedish BankID, you may order a code from https://demo.bankid.com/CreateCode.aspx and issue new test-users according to the ‘How to obtain the test user’ section.
If you do not have a personnummer, you may construct one for testing. This must be a properly formatted national ID including a control digit. For details, see www.personnummer.nu.
How to obtain a personnummer (Swedish national identification number)
To get a Swedish personnummer you can go to www.personnummer.nu to generate one.
For those who do not understand Swedish:
Födelsedatum = Date of birth (ÅÅ-MM-DD) = (YY-MM-DD) as in year-month-day.
Kön = Sex
Kvinna = Woman
Man = Man
Generera = Generate
The highlighted field is the generated personnummer . To use it for the purpose of authenticating/signing you need to remove the hyphen and add a prefix. The prefix should be the two first numbers of the year the person was born. So if the person was born between 1900-1999 the prefix is 19, and if the person was born between 2000-2099 the prefix is 20.
The generated personnummer 800618-4629 would appear as 198006184629 without the hyphen and with the prefix.
How to install the application
How to install the application (Android)
- To install the Swedish Mobile BankID application for testing you first have to download it from this page: http://www.bankid.com/rp/info/
- Under the header “Test av BankID” choose the “Testversion BankID säkerhetsapp för Android” link and save the .apk file you get
- Send the .apk file to your smartphone by e-mail
- You have to allow the phone to install from unknown sources
- Click the .apk file in your e-mail and install the app
- When you open the app you need a Swedish personnummer for testing purposes and an activation code
The installation file can be found here:
How to install the application (iOS)
- Install BankID säkerhetsapp from the App Store.
- Go into Settings -> BankID -> Utvecklare (Developer) -> Server. Change this to businternal.test.bankid.com.
This setting makes the security app communicate with the test environment instead of production, and it cannot be changed back. If you later need the production version, uninstall the app and install it again via the App Store.
How to install the application (Windows Phone 8)
- Install the BankID säkerhetsapp from the Windows Phone Store
- Start the BankID Security App, select Settings / Developer / Server and enter “businternal.test.bankid.com“
- Save, exit the BankID Security App and launch again
- The BankID Security App will now connect to the test server
How to install the application (Windows)
- Uninstall all previous versions of the BankID säkerhetsprogram. Reboot PC
- Download and install the latest version, available at https://install.bankid.com/
- Find the config folder at this location: %APPDATA%RoamingBankID
(Find appdata by writing %appdata% in the adressbar)
You will end up in the ‘Roaming’ folder. From there, continue to the BankID folder. Your adress path should look like the following now: C:UsersSteffen(Your username)AppDataRoamingBankID
Here, you will find a folder named ‘Config’.
Rename this to ‘Config.prod’ and create a new folder named ‘Config’.
Open the ‘Config’ folder you created. Create a new .txt file and name it CavaServerSelector.txt.
Open it in Notepad, write “kundtest” and save.
Restart PC.
How to obtain the test user
Go to https://demo.bankid.com/ and log in using your preferred option.
https://www.bankid.com/rp/info also contains links and information about Swedish BankID and how to obtain test users.
There are four options:
- “Logga in med test-BankID” = Log in with a test BankID.
You can either log in with a test user on the computer or with a test user using the mobile application you installed (that is, if you already have a test user in the app/ computer). - “Logga in med produktions-BankID” = Log in with a production BankID.
If you have a Swedish BankID you can log in with your production BankID on the computer or in the production app (if you have set up the app for your BankID). - “Logga in med personligkod” = Log in with a personal code.
If you do not have a personal code, you can choose to generate a new code. - “Logga in med BankID på fil eller kort – Plugin” = Log in with a BankID on file or card – Plugin
Here you would have been able to use the old solution with plug-ins in the browser that were phased out during 2014. This is the option you would have chosen if you had BankID Security 5.0.2 or older.
After logging in you will be presented with this page. Choose “Hämta BankID för test”:
On this page, you can choose to download Mobile BankID (left) or desktop BankID (right). Fill in the form with the personnummer as well as first and last name and click “Hämta”.
Mobile client
If you choose Mobile BankID, you will get an activation code such as the following (you must disable any popup blockers). This code is valid for 10 minutes.
Open the BankID app on your phone, enter the personnummer and activation code. In the next window, you create a PIN code with at least 6 digits.
Now activation is done and the client is ready to use:
Desktop client
If you choose BankID on file, you will be presented with a new window (you must disable any popup blockers). Press “Open BankID issuing” to get started.
Then you can download, install, and choose your password.
After you have downloaded and installed the app you will be asked to choose a password for your BankID. You have to remember this PIN code for use later when you test authentication/ signing. The app will not allow you to choose a simple code like 111111 or 123456, so it is recommended to use date of birth, e.g. 180680.
Your BankID is now ready.
If you have an ordinary or test BankID you may follow these steps:
- Access https://demo.bankid.com/nyademobanken.
- Log in with your BankID and select “Hämta BankID för test”.
- You will receive an activation code which you may use in the BankID säkerhetsapp.
- Select your security code for Mobile BankID, minimum 6 digits.
If you don’t have a Swedish BankID, you may follow this manual procedure:
- Send an email to teknikinfo@bankid.com (Financiell ID-Teknik) and describe where you work, the purpose of your development, and phone numbers
- They will contact you and initiate creation of a test BankID. During this process you have to specify some data into the BankID säkerhetsapp. They will verify that the newly issued BankID working.
- If you do not have a personnummer, you may construct one for test. This must be a properly formatted national ID including control digit. See: www.personnummer.nu.
Mobilt BankID
Mobilt BankID is a personal electronic identification for cell phones and tablets. It may be used from a mobile device in the same way as BankID on card or file can be used from a PC.
Mobilt BankID supports authentication and digital signature with Swedish BankID. It depends neither on a special SIM card, nor on a specific telecom company. It is even possible to have Mobilt BankID without a subscription in a Swedish telecom company, but it can only be ordered by persons with a personnummer. Mobilt BankID may be used from Android and iOS based phones and tablets (provided they have Internet access).
Today three Swedish banks are issuers of Mobilt BankID:
- Swedbank
- Skandiabanken
- Länsförsäkringar Bank
- Several other banks plan to follow these three banks
Getting started
For merchants
Existing customers of Signicat may contact support@signicat.com to find out what needs to be done to get up and running with Mobilt BankID.
For other customers the establishment process is identical with ordinary Swedish BankID. See a detailed description the Certificate information section.
- You will need a merchant agreement with your bank.
- The bank performs a “Köpargenomgång” of your company
After the agreements are signed and “Köpargenomgång” is performed, the bank will issue a merchant certificate for the test and production environment.
For end-users
End-users must install the BankID säkerhetsapp on their mobile device.
- For Android users, the BankID säkerhetsapp may be installed from Google Play.
- For iOS users, the BankID säkerhetsapp may be installed from AppStore.
How to integrate authentication with Swedish BankID from headless systems
In May 2014, Signicat released a version of Swedish Mobile BankID optimized for in-app usage. If you want to send headless authentication requests (typically from a backend or app to backend system) via Signicat, we recommend using our OpenID Connect (OIDC) API as a mediator. Please refer to our documentation on headless authentication for further details.
Description of the Android App
The Signicat Swedish Mobile BankID Android App (referred to as the app or android app for the rest of this document) is a native Android app that demonstrates using Swedish Mobile BankID for authentication from a native app. It uses Signicat services and demonstrates a simple authentication scenario where the user enters their personnummer, continues the process in the BankID app and finally returns to the app for completion.
How to integrate Consent Signature with Swedish BankID from a native app
If you are building your own browserless native app and want to utilize mobile text-only signing, or Consent Signature, via Signicat, you can do this using our OpenID Connect (OIDC) API as a mediator. Please refer to our documentation on Consent Signature for detailed information on how to integrate Consent Signature.
Detecting if the end-user has the BankID app installed
From a native app
If you are writing a native app where you utilize Signicat services for your authentication or signature needs, then you will be able to detect if the end-user has installed the BankID app necessary to complete the transaction.
Detecting on iOS
Please refer to Apple Developer Center for more information on canOpenUrl
.
Detecting on Android
Please refer to Android Developer Center for more information about the PackageManager
.
From a web page on a mobile device
It is not possible to detect if the end-user has the BankID app installed from a web page on a mobile device. Otherwise, it would be possible for any web page to scan users’ phones and tablets for which apps are installed, perhaps to target an attack against the user.
The good news is that you do not have to do anything about this because Signicat already does its best depending on the platform.
- For iOS, an attempt is made to launch the app from javascript. If nothing seems to happen, a message is displayed saying that it appears that the app could not be launched, along with a link to the app store.
- For Android, a message is immediately presented to the user saying that the app is required to complete the process (along with a link to the app store). Two buttons are presented, one to launch the app and one to cancel. If the user chooses to launch the app even though it is not installed, nothing happens. Presumably, the end-user realizes the mistake and either proceeds to download the app, or simply cancels.
Customizing the graphics and the flow for the end-user
iframe usage
If you intend to run the process in an iframe, you may choose to have graphical profile support disabled so you don’t have to worry about it at all.
Important note for iOS9+
Please note that iOS 9 and later prevents apps from being automatically launched from an iframe. If you choose to iframe the process, then the module must be configured to ask the end-user for their personnummer, after which the user must manually open the BankID app and then go back to Safari to complete the process. Full-frame processes can automatically launch the app on iOS 9.
Custom styling
You may choose to switch off the standard UI, which will produce the same content – unstyled. It will then be up to you to write your own CSS in order to make it look the way you want. Here’s how it will look without any CSS applied:
Behavior customization
The device question
By default, the module will ask the end-user if he/she would like to use a BankID on this device/computer or a (mobile) BankID on another device. You may choose to have this question turned off, which implies that the user will always use a BankID on the local device or computer.
The personnummer (Swedish national identification number)
If the end-user chooses to use a BankID on another device (see the previous section), then they must input their personnummer (12 digits). The module accepts “prefilling” of the personnummer information, so if you already know the personnummer of the person then you may append the login_hint=subject-YYYYMMDDXXXX parameter to the request (or add it to the DocumentService request when creating a signing order), in which case this dialog will be skipped.
Auto-launching the app
In theory, the BankID app can be automatically launched on some platforms. The auto-launch feature is implemented using an invisible iframe which tries to load a certain kind of URL which will trigger the BankID app to start. Not all browsers support it – Chrome, for example, will disallow it from happening. If it seems that nothing has happened within five seconds after trying to auto-launch, then the interface will display a “Start the BankID app” button.
The auto-launching feature may speed up the process for users on platforms that support it, but it can also be a bit confusing and it will actually slow down the process for users on unsupporting platforms. Auto-launch is disabled by default. You may choose to have it enabled, but there are no guarantees that it will succeed.
Client flow
Given the customization points mentioned, the general client flow up until the BankID app is launched is something like:
The UX on mobile devices
In a browser on a mobile device
The BankID app is available for Android, iOS and Windows Phone.
On Android, the module can be initiated from any browser, and it will simply launch the BankID app and then return to the previous application.
On iOS, the BankID app must be told which URL to open once it’s finished. The way iOS handles URL’s is that it associates a certain “URI scheme” with a certain application, so for example URI’s that start with “http(s)://” will be handled by Safari, “mailto://” by Mail, “bankid://” by the Swedish BankID app and so on.
There is no way to “close” an app programatically on iOS – you can only switch between applications by launching a URI. This goes for BankID too, so it must know which URI to launch once it’s complete (referred to as the “redirect URI”). Now, by default, the Signicat BankID integration will try to switch back to the previously opened tab in Safari. The operating system does not guarantee that this will happen; it may launch a new tab and if it’s running low on memory it may decide to reload the tab.
Signicat will handle try to handle this a graceful as possible, but there is one thing that can’t be controlled: If the user starts the process in a non-default browser (such as Chrome for iOS or from within another app), then BankID will switch to Safari when the process is complete. Signicat will verify the transaction and redirect the user with a response to the given target, but the end-user will most likely notice that the “app context” was switched. Functionally, however, it will still be the same.
On Windows Phone, the behavior is similar to iOS, with the distinction that Internet Explorer will always be launched and it will always reload the page when returning from the BankID app (as of Windows Phone 8.0).
None of the mobile platforms allow a webpage to detect if a certain app is installed, for obvious security reasons.
In a native app on a mobile device
If you are building your own native app and you want to integrate with Swedish BankID from that app, you may choose to have the module set up optimized for “in-app usage”. This will eliminate all UI, allowing you to communicate with Signicat with JSON request/responses and give you full control over the flow and user experience.
It’s also possible to do the integration with an integrated browser control in a native app. On iOS and Windows Phone, you may choose to force a certain redirect URI either by having support@signicat.com configure it for you, or you may pass the prefilled.redirect parameter with the (URL encoded) URI you want BankID to switch to. This can come in handy if you need the BankID app to switch back to your own app once it’s done. The User-Agent header needs to indicate iOS (iPhone iPad) or Windows Phone in order for this approach to succeed.
Browser support
Please refer to the Swedish BankID website for more information on supported platforms. Please refer to the Relying Party Guidelines if you’re looking for detailed technical information on Swedish BankID.
More information about graphical adjustments and customization can be found here.
Swedish BankID support
Support email | Website homepage |
teknikinfo@bankid.com | www.bankid.com |
Other sources
- General information about e-legitimation in Sweden: http://www.e-legitimation.se
- Information about Swedish BankID: http://www.bankid.com
- Support pages and guides for troubleshooting: http://demo.bankid.com
Purpose
This document provides guidance interpreting the requirements of the Bank Secrecy Act ('BSA') regulations1 as they apply to the casino and card club industries in the United States.
Section A: 31 C.F.R. § 103.11 Casino and Card Club Definitions2
Question 1: What gaming institutions are subject to the BSA casino regulatory requirements?
Answer 1: A casino or a card club that is duly licensed or authorized to do business as such, and has gross annual gaming revenue in excess of $1 million, is a 'financial institution' under the BSA. The definition applies to both land-based and riverboat operations licensed or authorized under the laws of a state, territory,3 or tribal jurisdiction, or under the Indian Gaming Regulatory Act.4 Tribal gaming establishments that offer slot machines, video lottery terminals, or table games,5 and that have gross annual gaming revenue in excess of $1 million are covered by the definitions. Card clubs generally are subject to the same rules as casinos, unless a different treatment for card clubs is explicitly stated in 31 C.F.R. Part 103.
Question 2: Is a tribal gaming establishment that offers only bingo and related games considered a casino for purposes of the BSA?
Answer 2: No. FinCEN has the authority under the BSA to define as 'casinos' tribal gaming establishments that offer only bingo and related games. Nevertheless, in addressing the treatment of tribal gaming under the BSA, we have indicated that 'activities such as bingo . . . are not generally offered in casino-like settings and may create different problems for law enforcement, tax compliance, and anti-money laundering programs than do full-scale casino operations.'6 FinCEN does not view tribal gaming establishments that offer only traditional bingo (i.e., not contained in electronic gaming devices) and related games in non-casino settings as satisfying the definition of 'casino' for purposes of the BSA.
However, a tribal gaming establishment that offers both bingo and slot machines or table games, for example, would satisfy the definition of 'casino,' if gross annual gaming revenue exceeds $1 million. All gaming activity must go into the calculation of gross annual gaming revenue, including activity that standing alone would not transform an establishment into a casino. This is the same treatment that FinCEN applies to a state-licensed casino that offers poker (which is a non-house banked game) since poker and a poker room are an integral part of a casino operation.7
Question 3: Is a 'racino' considered a gaming institution subject to the BSA?
Answer 3: The term 'racino' has not been separately defined nor included specifically in the definition of casino for purposes of the BSA. In general, the term refers to horse racetracks that may be authorized under state law to engage in or offer a variety of collateral gaming operations, including slot machines, video lottery terminals, video poker or card clubs. FinCEN relies on the state, territory or tribal characterization of 'racino' gaming in determining whether an entity or operation should be treated as a casino for purposes of the BSA. If state law defines or characterizes slot machine or video lottery operation at a racetrack as a 'casino, gambling casino, or gaming establishment,' and the gross annual gaming revenues of that operation exceed the $1 million threshold, then the operation would be deemed to be a 'casino' for purposes of the BSA and subject to all applicable requirements.8
Question 4: Would a race book or sports pool operator that has a 'nonrestricted' Nevada gaming license be considered a casino for purposes of the BSA?
Answer 4: Yes. Operators or owners of a Nevada race book or sports pool,9 that are duly issued a 'nonrestricted' Nevada gaming license,10 and that have gross annual gaming revenues in excess of $1 million are subject to the casino requirements under 31 C.F.R. Part 103, as well as all other applicable BSA requirements. This would include a Nevada race book or sports pool licensee that obtained a 'nonrestricted' gaming license to operate a race book or sports pool on the property of another casino, or that operates a number of satellite race books and sports pools that are affiliated with a central site book.
Question 5: Is an establishment that offers only off-track betting on horse races considered a casino for purposes of the BSA?
Answer 5: In addressing the treatment of tribal gaming under the BSA, we have indicated that 'pari-mutuel wagering' should receive the same treatment as bingo when determining whether an establishment satisfies the definition of 'casino.' 11 Furthermore, Class III gaming under the Indian Gaming Regulatory Act includes off-track betting on horse races.12 In addition, in Nevada, an establishment that offers only off-track betting on horse races would need to obtain a non-restricted gaming license. In many instances, off-track betting on horse races will involve pari-mutuel wagering. However, pari-mutuel wagering also applies to sporting events. For purposes of the BSA, FinCEN views casinos to include establishments in Nevada and in tribal jurisdictions that offer only off-track betting, provided the establishments permit account wagering and provided gross annual gaming revenue exceeds $1 million.13 In many instances, off-track betting will involve accounts through which customers may conduct a variety of transactions, including wagers, deposits, withdrawals, and transfers of funds. As we recognized when addressing the treatment of tribal gaming under our rules, FinCEN has sought to apply the BSA to 'gaming establishments that provide both gaming and an array of financial services for their patrons.'14
Question 6: Are 'greyhound racing clubs' that offer table games considered gaming institutions for purposes of the BSA?
Answer 6: If a 'greyhound racing club'15 generates gross annual gaming revenue in excess of $1 million from poker tables (which would be akin to offering card games in a card club or card room type operation), and if the gaming facility is duly licensed or authorized by a state or local government to do business as a card club, gaming club, card room, gaming room, or similar gaming establishment, it would be subject to the BSA.16 Therefore, once the $1 million in revenue threshold is exceeded for such poker tables, all gaming activity must go into the calculation of gross annual gaming revenue, including activity that standing alone would not deem an establishment a casino, such as greyhound racing at the track, simulcast for other greyhound racing tracks, simulcast for horse racing tracks, or simulcast for jai alai.
Question 7: Are horse racetracks that offer pari-mutuel or other forms of wagering only on races held at the track considered casinos for purposes of the BSA?
Nytt Casino Bank Idabel
Answer 7: FinCEN does not view a horse racetrack that offers pari-mutuel or other forms of wagering only on races held at the track as a casino for purposes of the BSA. We believe that, under these circumstances, wagering is integral to hosting the race itself. Horse racing as an industry poses 'different problems for law enforcement, tax compliance, and anti-money laundering programs than do full-scale casino operations.'17
Section B: 31 C.F.R. § 103.22 Currency Transaction Reporting Requirements18
Question 8: Is a casino required to provide identification information on customers who have conducted reportable multiple currency transactions that were summarized through 'after the fact aggregation?'
Answer 8: The process of checking internal casino computer information, rating cards, general ledgers, and other books and records after the end of the gaming day to find reportable currency transactions is sometimes referred to as 'after the fact aggregation.' After the fact aggregation of currency transactions does not relieve a casino of the requirement to file a FinCEN Form 103 Currency Transaction Report by Casinos ('CTRC') on reportable multiple transactions containing all information required when it has the ability to obtain customer identification information through reviewing internal records in paper or electronic form or through automated data processing systems. The anti-money laundering compliance program requirement obligates a casino or card club to use all available information to determine a customer's name, address, and Social Security number19 from any existing information system or other system of records for a reportable multiple transaction summarized through 'after the fact aggregation' when a customer is no longer available.20 Also, for casinos or card clubs with automated data processing systems, programs for compliance with the BSA must provide for the use of these systems to aid in assuring compliance.21
Therefore, when a casino or card club cannot obtain identification information on reportable multiple transactions because a customer is no longer available, it must check its internal records or systems, including federal forms and records, which contain verified customer information. These records may include credit, deposit, or check cashing account records, or a previously filed CTRC form, IRS Form W-2G (Certain Gambling Winnings), or any other tax or other form containing such customer information. If a casino files a CTRC form lacking some customer identification information in situations described above, it would be required to file an amended CTRC with new identification information on the initial transaction if the customer returns and conducts new transactions of which a casino obtains knowledge.22
Question 9: Is a casino required to use customer currency transaction information contained in the casino's slot monitoring system for purposes of BSA currency transaction reporting?
Answer 9: For purpose of the BSA, FinCEN does not view customer 'coin-in' and 'coin-out'23 transactions at a slot machine or video lottery terminal to be reportable as currency transactions because they can represent so-called 'recycled' coin transactions (i.e., casino customers typically engaging in transactions deriving from the same coins just won at electronic gaming devices). If a casino were to use 'coin-in' and 'coin-out' information in its slot monitoring system, it would distort and result in incorrect reporting of currency transactions. However, when a casino has knowledge of customer 'paper money' transactions for slot club accountholders identified through its slot monitoring system, it must aggregate these with other types of 'cash in' transactions of which the casino has knowledge and which are recorded on a casino's books and records to determine whether the currency transactions exceed $10,000 for a customer in a gaming day.24 When a casino has knowledge of multiple currency transactions conducted by or on behalf of the same customer on the same day, it is required to treat those multiple transactions as a single reportable transaction for purposes of determining whether currency transaction reporting requirements have been met. Therefore, the conclusions that apply to the aggregation of two or more transactions involving the insertion of bills into slot machines also would apply to the aggregation of such transactions with other categories of 'cash in' transactions.
It is not necessary to have personally observed the transactions; knowledge can also be acquired from a casino examining the books, records, logs, computer files, etc., that contain information that the currency transactions have occurred after the gaming day is over. Although FinCEN regulations impose no requirement to examine books or records merely for purposes of aggregating transactions in currency and determining whether to file a report on FinCEN Form 103, BSA requirements other than the requirement to report transactions in currency may obligate a casino to examine computerized records. A casino must report transactions that the casino 'knows, suspects, or has reason to suspect' are suspicious and implement procedures reasonably designed to assure the detection and proper reporting of suspicious transactions.25 For casinos with automated data processing systems, automated programs for compliance with the BSA must provide for the use of these systems to aid in assuring compliance,26 including identifying transactions that appear to be suspicious conducted by customers using their magnetic club account cards at slot machines or video lottery terminals.27
Also, casinos should note that activities such as: (i) 'turning off the dollar counter' to prevent obtaining knowledge of reportable transactions (i.e., not using the feature that is readily available in its software program that accumulates U.S. dollars that a customer inserts into a slot machine bill acceptor while using a magnetic slot club account card), or (ii) requesting that a vendor remove a software tool or interface capability from its next software upgrade could result in enforcement action under the BSA.28
Question 10: Is a cash wager/bet that is ultimately lost at a table game considered a transaction in currency for purposes of BSA currency transaction reporting?
Answer 10: Casinos are required under BSA regulations to file currency transaction reports for 'cash in' transactions, which include 'bets of currency.' For purposes of the currency transaction reporting requirements, a cash bet (referred to as a 'money play')29 at a table game would become a 'bet of currency' once the customer can no longer retrieve the bet (e.g., once the dealer has dealt the cards). The cash wager would be a 'cash in' transaction for purposes of currency transaction reporting regardless of whether the customer subsequently wins or loses the wager.30
However, money plays are exempted as reportable cash in transactions to the extent the customer wagers the same physical currency that the customer wagered on a prior money play on the same table game, and the customer has not departed from the table.31 Also, money plays are exempted as reportable cash out transactions when the currency used to place the wager is the same physical currency received when the customer wins the bet.32
Question 11: Is a card club required to maintain and retain records of all currency transactions by customers pertaining to backline betting for purposes of currency transaction reporting?
Answer 11: Yes. The BSA requires card clubs to maintain and to retain the original or a microfilm copy of records of all currency transactions by customers, including without limitation, records in the form of currency transaction logs and multiple currency transaction logs.33 This requirement applies to card clubs34 that offer the practice of backline betting. Backline betting occurs when a customer, who is standing behind a seated player, places a bet or wager on the betting circle for a specific hand on which a seated player also is wagering. The extra players that stand behind each seat position are known as 'backline betters.' Although backline betting makes it difficult to track customer wagers at the gaming table, a card club must have a procedure in place to identify such transactions for purposes of filing a FinCEN Form 103 (CTRC).35
A card club must have procedures for using all available information to determine and verify, when required, the name, address, social security or taxpayer identification number, and other identifying information for a person.36 In addition, a card club employee or propositional player37 who obtains actual knowledge (i.e., direct and clear awareness of a fact or condition) of unknown customers exchanging currency and chips with each other during poker/card game play in excess of $10,000 in currency, through a single transaction or through a series of transactions in a gaming day, would be required to comply with suspicious activity reporting.
In addition, the BSA requires card clubs to prepare a record of any transaction required to be retained, if the record is not otherwise produced in the ordinary course of business.38 Therefore, when a card club employee or propositional player monitoring a non-house banked card game has obtained actual knowledge of a reportable currency transaction, he/she is required to produce a record of the transaction for purposes of currency transaction reporting and a card club must retain such record for a period of five years.
Question 12: Is a casino required to file FinCEN Form 103 (CTRC) on slot jackpot wins in excess of $10,000 in currency?
Answer 12: FinCEN no longer requires a casino to file a FinCEN Form 103 (CTRC), when it has knowledge of customer slot jackpot wins involving payment in currency in excess of $10,000 (e.g., through a single transaction or through aggregating transactions on multiple transaction logs, W-2G issued log). This BSA currency reporting requirement was amended by 31 C.F.R. § 103.22(b)(2)(iii)(D), which removed jackpots from slot machines or video lottery terminals from the definition of 'cash out' transactions.39
Question 13: In the instructions to FinCEN Form 103, what does the word 'periodically' mean when updating customer identification information for casino customers granted accounts for credit, deposit, or check cashing, or for whom a CTRC containing verified identity has been filed?
Answer 13: The General Instructions to FinCEN Form 103 (CTRC), under 'Identification requirements' state:
For casino customers granted accounts for credit, deposit, or check cashing, or on whom a CTRC containing verified identity has been filed, acceptable identification information obtained previously and maintained in the casino's internal records may be used as long as the following conditions are met. The customer's identity is reverified periodically, any out-of-date identifying information is updated in the internal records, and the date of each reverification is noted on the internal record. For example, if documents verifying an individual's identity were examined and recorded on a signature card when a deposit or credit account was opened, the casino may rely on that information as long as it is reverified periodically.
As part of the requirement to establish an effective system of internal controls,40 a casino or card club must determine how often it will reverify a customer's identity to update the identifying information in the internal record for purposes of currency transaction reporting. Given this requirement, it is a common business practice for casinos to maintain a 'known customer' file containing a customer's name, address and identification credential that it has previously verified.41 Accordingly, a casino or card club checks Item 27b on FinCEN Form 103 to indicate that it has examined an acceptable internal casino record (i.e., credit, deposit, or check cashing account record, or a CTRC worksheet) containing previously verified identification information on a 'known customer.' There is no fixed period that will apply to all casinos for all types of customers. The purpose of this requirement is to keep customer identification information reasonably current. Hence, a casino should develop its own policies based on its own experiences with how often relevant customer information, such as permanent address or last name, might change.
Section C: 31 C.F.R. § 103.21 Suspicious Transaction Reporting Requirements
Question 14: How comprehensive must a casino's procedures be for detecting suspicious activity?
Answer 14: A casino or card club is responsible for establishing and implementing risk-based internal controls (i.e., policies, procedures and processes) to comply with the BSA42 and to safeguard its operations from money laundering and terrorist financing, including for detecting, analyzing and reporting potentially suspicious activity. A casino or card club is required to file a suspicious activity report for a transaction when it knows, suspects or has reason to suspect that the transaction or pattern of transactions (conducted or attempted) is both suspicious, and involves $5,000 or more (in the single event or when aggregated) in funds or other assets. The extent and specific parameters under which a casino or card club must monitor customer accounts43 and transactions for suspicious activity must factor in the type of products and services it offers, the locations it serves, and the nature of its customers. In other words, suspicious activity monitoring and reporting systems cannot be 'one size fits all.'
As part of its internal controls, a casino or card club must establish procedures for using all available information, including its automated systems44 and its surveillance system and surveillance logs, to determine the occurrence of any transactions or patterns of transactions required to be reported as suspicious.45 Also, a casino or card club must perform appropriate due diligence in response to indicia of suspicious transactions, using all available information. Please note that a casino or card club must train personnel in the identification of unusual or suspicious transactions.46
Question 15: How can a casino complete suspicious activity reporting ('SAR') for 'unknown' subjects?
Answer 15: Since a casino or a card club is prohibited from disclosing to a customer involved in a suspicious activity that it filed a FinCEN Form 102, Suspicious Activity Report by Casinos and Card Clubs ('SARC'), FinCEN advises using internal records that contain verified customer identification information when filing this form. Such records may include credit, deposit, or check cashing account records or any filed FinCEN Form 103 (CTRC), FinCEN Form 103-N, Currency Transaction Report by Casinos - Nevada, IRS Form W-2G, Certain Gambling Winnings, or IRS Form W-9, Request for Taxpayer Identification Number and Certification.
If the above records or reports do not exist or if additional customer identification information is needed to complete the form, FinCEN advises casinos and card clubs to use any other records that may be on file which contain verified identification such as a driver's license, military or military dependent identification cards, passport, non-resident alien registration card, state issued identification card, foreign national identity card (e.g., cedular card), other government-issued document evidencing nationality or residence and bearing a photograph or similar safeguard, or a combination of other unexpired documents, which contain an individual's name and address and preferably a photograph. If casinos or card clubs do not have verified identification information on the customer, they should use whatever other sources of customer information are available within internal records, such as player rating records, slot club membership records, a filed IRS Form 1099-Misc, Miscellaneous Income (e.g., pertaining to prizes or awards), or a filed IRS Form 1042-S, Foreign Person's U.S. Source Income Subject to Withholding, etc.
If no suspect is identified on the date of detection, a casino or card club may delay filing a SARC form for an additional 30 calendar days to identify a suspect. However, a casino or card club must in all events report a suspicious transaction within 60 calendar days after the date of initial detection (regardless of whether a casino or card club is able to identify a suspect).
Question 16: Must a casino identify suspicious customer chip redemptions at a cage for reporting on FinCEN Form 102 (SARC)?
Answer 16: A casino must implement procedures reasonably designed to assure the detection and proper reporting of suspicious transactions.47 Also, a casino shall file a report of each transaction in currency involving cash out of more than $10,000 in a gaming day in which it has obtained knowledge including the redemption of chips.48 A casino, which is not required by state or tribal regulations to maintain multiple currency transaction logs or currency transaction logs at the casino cage,49 nonetheless should develop an internal control50 based on a risk analysis to be able to identify chip redemptions that were paid with currency from the imprest drawer51 to a customer52 that involve potential suspicious transactions to assure ongoing BSA compliance. Such an internal control would aid such casinos in monitoring chip redemptions for 'unknown' customers who previously purchased chips and then engaged in minimal or no gaming activity for purposes of suspicious activity reporting.53 As a corollary, a casino should develop an internal control, based on a risk analysis, to be able to identify betting ticket,54 token,55 and TITO ticket56 redemptions that were paid with currency from an imprest drawer to a customer that involve potential suspicious transactions to assure ongoing BSA compliance.
Moreover, the BSA requires casinos to prepare and retain a record of any transaction that is not otherwise produced in the ordinary course of business to comply with these regulations.57 Also, records must in all events be filed or stored in such a way as to be accessible within a reasonable period of time.58 A casino must retain such record of the transaction for a period of five years.
Question 17: What type of information has law enforcement found to have particular value on FinCEN Form 102 (SARC)?
Answer 17: Casinos and card clubs should note the type of information contained on a FinCEN Form 102 (SARC) that law enforcement has advised is the most valuable to them, and which, if missing, limits the effectiveness for law enforcement use.
- Provide complete subject identifying information, such as name, permanent address, government-issued identification number, date of birth, and casino account number.
- Identify the characterization of suspicious activity by checking Item 26 on the form and refrain from checking the 'other' box unless the activity is not covered by the existing list of suspicious activities.
- Prepare a concise and clear narrative that provides a complete description of the suspicious activity. The following are several things to consider when a casino or card club reviews a SARC's narrative (i.e., Part VI) to ensure it is concise and clear:
- - Provides a detailed description of the suspicious activity.
- - Narrative should not state, 'see attached.'
- - Identifies 'who,' 'what,' 'when,' 'why,' 'where,' and 'how.'
- - Identifies whether the transaction was attempted or completed.
- - Is chronological and complete.
- - Identifies the dates of any previously filed Form 102 on the same subject.
- - Notes any actions (taken or planned) by the casino, including any internal investigative numbers used by the casino to maintain records of the suspicious activity.
- Include contact information for persons at the casino with additional information about the suspicious activity.
For additional guidance on providing a clear and complete description of the suspicious activity, see FinCEN's Suspicious Activity Reporting Guidance for Casinos.
Question 18: Should a casino or card club document the basis for its determination that a transaction is not suspicious?
Answer 18: If a casino determines that an activity is suspicious, it must file FinCEN Form 102 (SARC). However, based on the available facts and after an initial investigation, a casino may determine that certain unusual activity is not suspicious. Although 31 C.F.R. § 103.21 does not specifically state that a casino or a card club must document the reasons why it has not filed FinCEN Form 102 for a particular activity that was reviewed as potentially suspicious, it is an effective practice for a casino or card club to document the basis for its determination that the transaction is not, after all, suspicious.59
Thorough documentation provides a record of the decision-making process (including the final decisions not to file a SARC) which a casino or card club would find helpful to: (i) assist internal or external auditors and examiners in their assessment of the effectiveness of its suspicious activity reporting and monitoring and reporting system, (ii) assist its internal review committee60 in making future decisions on what should be reported as suspicious, (iii) train employees about what transactions are suspicious and which are not suspicious based on all the relevant facts and circumstances, (iv) respond to a potential law enforcement subpoena pertaining to a particular customer whose activity was reviewed by the committee, but considered not to be suspicious, and (v) if it has multiple casino properties in the same jurisdiction, ensure that reasonably consistent suspicious activity reporting risk-based analysis procedures are being followed.
Section D: 31 C.F.R. § 103.36 Casino Recordkeeping Requirements
Question 19: What specific recordkeeping requirements apply to a casino?
Answer 19: 31 C.F.R. § 103.36 requires a casino or card club to maintain and to retain the following source records (either the originals or microfilm version, or other copies or reproductions of the documents) that relate to its operation:
- Records of each deposit of funds, account opened or line of credit extended, including a customer's identification and the verification of that identification as well as similar information for other persons having a financial interest in the account, regardless of residency;
- Records of each receipt showing transactions for or through each customer's deposit or credit account, including a customer's identification and the verification of that identification, regardless of residency;
- Records of each bookkeeping entry comprising a debit or credit to a deposit account or credit account;
- Statements, ledger cards or other records of each deposit or credit account, showing each transaction in or with respect to the deposit or credit account;
- Records of each extension of credit in excess of $2,500, including a customer's identification and the verification of that identification, regardless of residency;
- Records of each advice, request or instruction with respect to a transaction of any monetary value involving persons, accounts or places outside the United States, including customer identification, regardless of residency;
- Records prepared or received in the ordinary course of business that would be needed to reconstruct a customer's deposit or credit account;
- Records required by other governmental agencies, e.g., federal, state, local or tribal;
- A list of transactions involving various types of instruments, cashed or disbursed, in face amounts of $3,000 or more, regardless of whether currency is involved, including customer's name and address; and
- A copy of the compliance program required by 31 C.F.R. § 103.64.
Also, card clubs are required to maintain and to retain records of all currency transactions by customers, including, without limitation, records in the form of currency transaction logs and multiple currency transaction logs.
Besides the above casino-specific requirements, there are other BSA recordkeeping requirements that apply to all financial institutions, including casinos and card clubs, such as:
- Records by persons having financial interests in foreign financial accounts;61
- Records of transmittals of funds in excess of $3,000 requiring the verification of identity, and the recording, retrievability and reporting of information to other financial institutions in the payment chain, regardless of the method of payment;62 and
- Nature of records, record access, and five-year retention period for records.63
Question 20: What computer records must a casino retain?
Answer 20: A casino or card club that inputs, stores, or retains, in whole or in part, for any period of time, any record required to be maintained by 31 C.F.R. §§ 103.33 or 103.36(a) and (b) on computer disk, tape, or other machine-readable media shall retain the records in such media. Also, a casino or card club is required to maintain the indexes, books, file descriptions and programs that would enable a person readily to access and review these computer records. These computerized records, source documentation and related programs must be retained for a period of five years. However, the BSA does not require that computerized records be stored in on-line memory in a computer past their normal business use.64 Nonetheless, records must in all events be filed or stored in such a way as to be accessible within a reasonable period of time,65 taking into consideration the nature of the records and the length of time since the record was made.
A casino may not delete or destroy specific computerized customer gaming activity information (prior to the end of the five-year retention period), such as player rating records,66 and instead only retain the more limited trip history records (which only summarize the total funds from a customer's multi-day trip and the most recent trips, usually between three and nine trips). Because a trip includes any number of continuous days of gaming activity in which there is not a break in play, the player trip history is only a limited summarized record that typically does not provide all of the information contained on the original rating card, such as the specific amounts of the customer's currency transactions conducted for each gaming day.
Further, the retention of computerized records does not relieve a casino from the obligation to retain any record required to be maintained by 31 C.F.R. §§ 103.33 or 103.36(a) and (b), which typically are the source documents (either the originals or microfilm version, or other copies or reproductions of the documents) of customers' transactions.
Section E: 31 C.F.R. § 103.64(a) Compliance Program Requirements67
Question 21: How comprehensive must an internal and/or external testing program be to assure and monitor compliance with the BSA?
Answer 21: A casino or card club must conduct internal and/or external testing for compliance with a scope and frequency commensurate with the risks of money laundering and terrorist financing it faces, as well as the products and services it provides, to determine if a casino's procedures are comprehensive enough to detect suspicious activity.68
The primary objectives of the independent testing of the BSA compliance program are to determine whether: (i) the program is properly designed and operating effectively to comply with suspicious and currency transaction reporting, identification, recordkeeping, and record retention requirements; (ii) there are material weaknesses (e.g., inadequate training) and internal control deficiencies; (iii) testing of the program is based on risk assessment criteria designed to focus on money laundering and terrorist financing as well as the products and services provided; and (iv) there is adherence to BSA policy, procedures, and systems.
FinCEN is aware that some casinos conduct internal testing for BSA compliance on a regular basis as part of their annual internal audit plan. The testing provides an assessment of the level of BSA compliance. The internal audit report typically includes the scope, objectives, and findings of the audit as well as a response to any audit finding indicating the corrective action to be taken, the target date for completion, and the department head responsible for the corrective action. Other casinos and card clubs may hire independent certified public accountants for similar purposes.
A casino or card club needs to take corrective actions once becoming aware of weakness and deficiencies in its anti-money laundering compliance program, or any element thereof, that could or did result in failures to comply with BSA identification, reporting, recordkeeping, record retention as well as compliance program requirements. Violations of these regulatory requirements may result in both criminal and civil penalties.
Question 22: What type of compliance training program should be developed and what types of documentation should be maintained by a casino or card club to ensure that it has an adequate, accurate, and complete program?
Answer 22: One of the more important elements of the anti-money laundering compliance program is the obligation to institute an effective and ongoing training program for all appropriate casino or card club personnel. Such a compliance training program should be commensurate with the risks posed by the products and financial services provided. Training should be provided to all personnel before conducting financial transactions on behalf of a casino at the cage (including casino credit and slot booth), on the floor (including table games, keno, poker, other floor games, and slot machines/video lottery terminals), as well as those responsible for complying with BSA currency transaction and suspicious transaction reporting, identification, recordkeeping, and other compliance program requirements. Also, a casino or card club is required to maintain, and to retain, a copy of the compliance program documentation. This documentation should include all casino records, documents, and manuals substantiating the training program as well as the training of appropriate personnel.69 The requirement is flexible and allows each compliance training program to depend on the characteristics of an individual casino. For example, a large casino having many table games, slot machines/video lottery terminals, and cage windows might need a more comprehensive training program than a small casino with no table games. A compliance procedures manual for employees should cover all applicable divisions or departments (e.g., table games, slot operations, keno, poker), other operational departments (e.g., cage operations, casino credit, slot booth), as well as other departmental functions (e.g., accounting, finance, information technology, marketing, surveillance).
Also, recordkeeping procedures should reflect the types of financial services provided. In addition, the training program should ensure that casino front-line employees, such as cage personnel (e.g., shift managers), cage cashiers, front window cashiers (i.e., general cashiers), pit personnel (e.g., pit bosses), floor persons (i.e., raters), dealers, and slot personnel (e.g., slot supervisors, slot attendants, slot cashiers, change persons) have appropriate training to detect the occurrence of unusual or suspicious casino transactions.
Question 23: What does the requirement mean that casinos that have automated data processing systems must use their automated programs to aid in assuring compliance?
Answer 23: Casinos are required to 'develop and implement' written programs that are reasonably designed to assure BSA compliance with all applicable requirements.70 Effective casino anti-money laundering compliance procedures should include identifying and using appropriate automated systems and programs71 for all applicable gambling operating divisions or departments (e.g., table games, slots, keno, poker), other operational departments (e.g., cage, slot booth), as well as other departmental functions (e.g., accounting, surveillance) to comply with suspicious activity and currency transaction reporting, as well as to maintain relevant records72 for casino accountholders.73
Questions or comments regarding the contents of this Guidance should be addressed to the FinCEN Regulatory Helpline at 800-949-2732.
1See 31 C.F.R. Part 103.
2See 31 U.S.C. § 5312(a)(2)(X) and 31 C.F.R. § 103.11(n)(5)(i) and (n)(6)(i).
3This includes casinos located in Commonwealth of Puerto Rico, St. Croix (U.S. Virgin Islands), and Tinian (Northern Mariana Islands). See 31 C.F.R. § 103.11(tt).
4The Indian Gaming Regulatory Act is codified at 25 U.S.C. § 2701 et seq.
5Slot machines, video lottery terminals, and house-banked table games would qualify as Class III gaming under the Indian Gaming Regulatory Act. Bingo and related games, including pull tabs, lotto, punch boards, tip jars, instant bingo and some card games, would qualify as Class II gaming under the Indian Gaming Regulatory Act.
6See 61 F.R. 7054 - 7056 (February 23, 1996).
7Id.
8A similar conclusion would apply to 'racinos' operating in tribal jurisdictions. Slot machines, table games, and similar forms of gaming would qualify as either Class II or Class III gaming under the Indian Gaming Regulatory Act.
9The Nevada Gaming Commission issues 'nonrestricted' gaming licenses to operators or owners of Nevada race book or sports pools. See Nevada Gaming Commission Regulation 22.020. A Nevada race book 'means the business of accepting wagers upon the outcome of any event held at a track which uses the pari-mutuel system of wagering.' See Nevada Revised Statute § 463.01855. A Nevada race book is a business that accepts wagers at fixed odds (or track odds) based on the outcome of the race that may be televised and displayed in Nevada casinos (i.e., 'simulcasting'). A Nevada sports pool 'means the business of accepting wagers on sporting events by any system or method of wagering.' See Nevada Revised Statute § 463.0193. A Nevada sports pool is a business that accepts wagers at fixed odds based on the outcome of certain professional and amateur athletic sporting events that may be televised and displayed in Nevada casinos.
10A Nevada 'nonrestricted license' includes, among other things, '. . . A license for, or operation of, any number of slot machines together with any other game, gaming device, race book or sports pool at one gaming establishment.' See Nevada Revised Statute § 463.0177(2). In addition, Nevada Revised Statute § 463.245(3) provides an exception to the prohibition against having more than one licensee issued to each casino. Also, see Nevada Gaming Commission Regulation 22.010(4).
11See 61 F.R. 7054 - 7056 (February 23, 1996).
12We have already addressed a situation in which an establishment operating in a tribal jurisdiction offers off-track betting on horse races and other Class III gaming. See In the Matter of the Tonkawa Tribe of Oklahoma and Edward E. Street - FinCEN No. 2006-1 (March 24, 2006).
13This discussion addresses off-track betting in Nevada and tribal jurisdictions only. Off-track betting may not require a gaming license in other jurisdictions. The definition of 'casino' includes only those establishments licensed or authorized to conduct business as casinos.
14See 61 F.R. 7054 - 7056 (February 23, 1996).
15A greyhound racing club is a gaming establishment that offers the sport of racing greyhounds. Specially trained dogs chase a lure (which is an artificial hare or rabbit) around an oval track until they arrive at the finish line. The dog that arrives first in each event is the winner of the bet.
16See 31 U.S.C. § 5312(a)(2)(X) and 31 C.F.R. § 103.11(n)(6)(i). The class of gaming establishments known as 'card clubs' became subject to the BSA as of August 1, 1998. See 63 F.R. 1919 - 1924 (Jan. 13, 1998).
17See 61 F.R. 7054 --7056 (February 23, 1996).
18See 31 C.F.R. § 103.22(b)(2) and (c)(3).
19See 31 C.F.R. § 103.64(a)(2)(v)(A).
20However, FinCEN does recognize that for certain aggregate currency transactions, a casino may not be able to obtain the required customer identification information because either the customer has left the casino and is no longer available or a casino does not have internal records which provide all of the required customer identification information.
21See 31 C.F.R. § 103.64(a)(2)(vi).
22See 31 C.F.R. §§ 103.22(b)(2) and (c)(3), 103.27(a) and (d), and 103.28. Also, see FinCEN Form 103, Specific Instructions, Item 1, for filing an amended report.
23Coin-in is a metered count of coins, credits and other amounts bet by customers at an electronic gaming device. Coin-out is a metered count of coins, credits and other amounts paid out to customers on winnings at an electronic gaming device. Therefore, coin-in does not include paper currency inserted into a bill acceptor (on slot machine or video lottery terminal) to accumulate credits.
24See 31 C.F.R. §§ 103.22(b)(2)(i)(I), (b)(2)(iii)(C), and (c)(3), and 103.64(b)(3) and (4).
25See 31 C.F.R. §§ 103.21 and 103.64(a)(2)(v)(B).
26See 31 C.F.R. § 103.64(a)(2)(vi).
27Furthermore, as discussed in FinCEN Ruling 2005-1, measures that a casino could implement in response to a risk-based suspicious activity analysis could include enhancements to the operating system for slot machines. The enhancements could consist of new software tools/interfaces and reprogramming. A casino could develop the enhancements or have a vendor develop the enhancements.
28See 31 U.S.C. § 5321(a)(1) and 31 C.F.R. § 103.57(f).
29See 31 C.F.R. § 103.22(b)(2)(i)(E).
30See FinCEN Administrative Ruling FIN-2006-R002, A Cash Wager on Table Game Play Represents a 'Bet of Currency' (March 24, 2006).
31Nonetheless, when a customer increases a subsequent cash bet (i.e., money play) at the same table without departing, the increase in the amount of the currency bet would represent a new bet of currency and a transaction in currency being monitored by a casino.
32See 31 C.F.R. § 103.22(b)(2)(iii)(B) and 72 F.R. 35008 (June 26, 2007).
33See 31 C.F.R. § 103.36(b)(11).
34The card clubs operate or run the games and earn their revenue by receiving a fee from, rather than 'banking,' the games as casinos do. See 63 F.R. 1919 - 1924 (January 13, 1998). 31 C.F.R. § 103.116(n)(6)(i) defines a card club as a card club, gaming club, card room, gaming room, or similar gaming establishment.
35See 31 C.F.R. §§ 103.22(b)(2) and (c)(3), 103.28, and 103.64(a)(2)(i) and (b)(3) - (4).
36See 31 C.F.R. § 103.64(a)(2)(v)(A).
37A propositional player is a natural person employed by a casino or card club to play a permissible game with his or her personal funds. A propositional player is paid a fixed sum by a casino or card club for playing in a poker/card game and retains any winnings and absorbs any losses. Also, a propositional player's function is to start and gamble at a poker/card game, to keep a sufficient number of players in a game, or to keep the action going in a game. Some card rooms have entered into contractual agreements with so-called 'third party provider[s] of propositional player services' to exclusively bank poker/card games as independent contractors, which introduces issues with assuring day-to-day BSA compliance with maintaining currency and cash equivalent records. An individual employed by such a service is called a 'third party propositional player' who gambles with funds provided by such a service.
38See 31 C.F.R. § 103.38(b).
39See 72 F.R. 35008 (June 26, 2007).
40See 31 C.F.R. § 103.64(a)(2)(i).
41Typically, these records contain the original method of identification (including type, number and expiration date, of the customer's identification credential originally examined) and the date of such examination as well as a photocopy or other reproduction (e.g., a computerized representation) of the identification credential. Some casinos maintain hard copy internal records and others digitized records containing identification information on a known customer.
42See 31 C.F.R. §§ 103.64(a) and 103.120(d).
43Types of casino accounts that would be subject to suspicious activity reporting include deposit (i.e., safekeeping, front money or wagering), credit, check cashing, player rating or tracking, and slot club accounts.
44See 31 C.F.R. § 103.64(a)(2)(vi).
45See 31 C.F.R. § 103.64(a)(2)(v)(B).
46See 31 C.F.R. § 103.64(a)(2)(iii).
47See 31 C.F.R. § 103.64(a)(2)(v)(B).
48See 31 C.F.R. §§ 103.22(b)(2)(ii)(A) and (c)(3), and 103.64(b)(4).
49Almost all casinos maintain multiple transaction logs ('MTLs') pursuant to state, tribal or local laws, or as unique business records. Casinos or card clubs record on these logs only currency transactions above a given threshold, usually $2,500 - $3,000. Also, some casinos have enhanced the existing MTL compliance procedure to require a surveillance photograph of each 'unknown' customer to assist in identifying customers for purposes of aggregating transactions for currency transaction reporting as well as potential suspicious transaction reporting.
50See 31 C.F.R. § 103.64(a)(2)(i).
51Casinos and card clubs maintain cages where cashiers conduct financial transactions using a drawer that operates on an imprest basis or inventory. An imprest basis is a method of accounting for funds inventories whereby any replenishment or removal of funds is accounted for by an exchange of an exact amount of other funds in the inventory. The imprest drawer opens with a stated amount of currency and/or chips. Any subsequent additions or removal of funds in the drawer are accounted for by either a document or an exchange of an equal amount of funds of another form. Since chips and currency are fungible items no imprest records of these transactions are prepared or maintained.
52For example, a known customer with a casino deposit (i.e., safekeeping, front money or wagering), credit, check cashing, player rating/player tracking, or slot club account.
53See 31 C.F.R. §§ 103.21 and 103.64(a)(2)(v)(B).
54A betting ticket is a written record of a wager for a race or sporting event. It is printed with a unique ticket number and is used to record the event for which the wager was placed. It includes the name of the gambling establishment, race or sport event (e.g., race track, race number, horse identification), the amount of the wager, line or spread, and date and time. The gambling establishment provides a copy of the betting ticket to a customer and maintains a record of it.
55A token is a gaming instrument or coin issued by a casino at certain stated denominations as a substitute for currency and used to play certain slot machines or video lottery terminals. Tokens are most often used for denominations of $1.00 or greater. Tokens represent a monetary value only within the casino and are intended for the purposes of gambling.
56Slot machines or video lottery terminals that print tickets are commonly known as 'ticket in/ticket out' or 'TITO' machines. A TITO ticket is a gaming instrument issued by a slot machine or video lottery terminal to a customer as a record of the wagering transaction and/or substitute for currency. Tickets are voucher slips printed with the name and the address of the gaming establishment, the stated monetary value of the ticket, date and time, machine number (i.e., asset or location), an 18-digit validation number, and a unique bar code. Tickets are a casino bearer 'IOU' instrument. A customer can use a ticket at a machine or terminal that accepts tickets, or cash a ticket at a cage, slot booth, a redemption kiosk, or a pari-mutuel window at the gaming establishment.
Nytt Casino Bank Idaho Falls
5731 C.F.R. § 103.38(b) states that 'records required by this subpart to be retained by financial institutions may be those made in the ordinary course of business by a financial institution. If no record is made in the ordinary course of business of any transaction with respect to which records are required to be retained by this subpart, then such a record shall be prepared in writing by the financial institution.'
58See 31 C.F.R. § 103.38(d).
59See FinCEN's Suspicious Activity Reporting Guidance for Casinos, December 2003, page 4.
60 Many casinos have an internal SARC review committee.
61See 31 C.F.R. § 103.32.
62See 31 C.F.R. § 103.33(f) and (g).
63See 31 C.F.R. § 103.38.
64For example, for casinos that maintain computerized records, such as daily player rating records, markers issued records, and cage voucher records for each customer deposit, deposit withdrawal and marker redemption, they may store such information on-line in computer memory or in off-line storage media, such as magnetic tape, magnetic disk, magnetic diskette, CD-ROM disk, etc.
65See 31 C.F.R. § 103.38(d).
66See 31 C.F.R. §§ 103.36(b)(8) and 103.36(c), and F.R. 1165 - 1167 (January 12, 1989).
67See 31 C.F.R. §§ 103.64 and 103.120(d).
68See 31 C.F.R. § 103.21.
69Such training program documentation would include any course outlines, the dates that training was provided, names of personnel who received training, any test that was administered, and the test results to allow internal and/or external examiners to evaluate the effectiveness of each training session.
Nytt Casino Bank Idaho
70See 31 C.F.R. § 103.64(a)(1).
71This would include gaming computer systems or other computer systems that interface with systems that track, control, or monitor customer gaming activity (e.g., a casino management system, a casino marketing system, a customer master file system, a credit management system).
72See e.g., 31 C.F.R. §§ 103.21, 103.22(b)(2) and (c)(3), 103.33(f) and (g), and 103.36.
73Many companies have developed casino management system software capable of identifying and aggregating customer transactions that are associated with casino accounts such as deposit (i.e., safekeeping, front money, or wagering), credit, check cashing, player rating or tracking, or slot club.