There have always been criminals. Sadly, there will always be crime, but the scenario has changed beyond the conventional felon’s cheating, robbing or physical attacks. Today’s law enforcement professionals find themselves racing against time to thwart savvy, anonymous criminals of all ages, backgrounds and geography. These cyberspace crooks often do their worst damage solely with computer key strokes.
Some examples include money laundering, which takes illegally-obtained funds from one source and disguises it as coming from another. If detected, the money may be seized. Embezzlers move money illegally, typically for personal use, from one source.
Former Acting Deputy Director of CIA Operations outside the U.S. Jack Devine has decades of experience fighting sophisticated criminals. From 1967-1999, he worked for 11 CIA directors and six presidents, from Richard Nixon through Bill Clinton.
Devine and prominent New York attorney Stanley Arkin launched The Arkin Group in 2000. The international risk consulting and intelligence firm provides strategic intelligence and analysis, which minimize risks and maximizes payoffs, to clients making critical decisions.
Devine praises advanced technology’s ability to collect and integrate data while also acknowledging its downside. “These are incredible tools, but the problem is that criminals have them too. Big money makes the casino industry a diverse source of illegal activity, spanning organized crime, lone criminals and hacking groups.
Illegal activity has progressed beyond law enforcement‘s earlier focus on security and card counters. Today, criminals’ expanded capabilities make us think defensively. Cyber criminals see game hacking as a profitable income stream. It impacts those bundling valuable ‘gaming assets’ like games, playing cards and similar goods into their online user accounts. After studying their ‘targets of opportunity,‘ criminals attempt direct contact to humanize and personalize the experience. Personal information makes these victims ripe for hacking,“ Devine states.
Money laundering and theft
Pervasive money laundering encompasses everything from mortgages to health care fraud to casino operations, but advanced anti-crime measures are showing some success. Spectrum Gaming Managing Director Fredric Gushin stresses that secure, trustworthy gaming often depends on its geography. He divides gaming into two camps-regulated jurisdictions within the U.S, Canada, Europe, Singapore and Australia, and the unregulated rest of the world.
The European Union (EU) considers honest gaming a key priority and continually updates its regulations. The 4th AML Directive, the EU’s most recent recommended standards, took effect in June 2017.
Gushin says, “To uncover suspicious activity, member nations have implemented individual regulations, consistent with the Directive, for types of games, ownership and controls. Regulated jurisdictions have established proactive money laundering controls. I see distinct correlations between jurisdictions with the fewest controls and the worst money laundering problems.”
While Southeastern Asia nations like Vietnam, Cambodia, Burma and Thailand, plus former Soviet Union and African countries, lack sophisticated regulatory structures, Gushin believes they will over time. He supports stringent compliance programs to prevent illegal funds from bankrolling international property and financing terrorism.
Compliance mandates
The concept of strong compliance mandates dates back to the paper days. From 1978 through the early 2000s, Atlantic City enjoyed an East Coast gaming monopoly. Regulators worried about billions flowing through this one jurisdiction.
Former FBI Special Agent Thomas W. Raftery III (1988-2010) was there. His educational credentials in economics, accounting, and as a Certified Fraud Examiner (CFE), trained him to expose corruption and white collar crimes.
He confronted corruption in the Afghanistan Reconstruction efforts and was also the first Inspector General of the Delaware River Port Authority and Port Authority Transit Corp. These organizations operate bridges and trains connecting Pennsylvania and New Jersey. Raftery headed the Newark (New Jersey) Public Corruption Task Force, interfacing with the FBI, IRS, U.S. Customs and New Jersey State Police (NJSP).
Raftery’s expertise resulted in his 1995 transfer to Atlantic City, where he directed its public corruption program through 2010. He led the Atlantic City Casino Money Laundering Task Force, a group comprised of members of the FBI, IRS, U.S. Customs, Drug Enforcement Administration (DEA),
The job description included investigating money laundering and related casino crimes, plus reviewing casinos’ filed suspicious activity and transaction reports. Raftery often searched for a tactic called “structuring“ or “smurfing.”
He explains, “Smurfing divides large sums of money into smaller amounts to avoid detection. It often uses more than one person to launder money through the casinos. The good news is that casinos are better prepared against it.“
After leaving law enforcement, Raftery launched The Falcon Consulting Group, International, LLC in New Jersey in May 2014. The group of retired special agents from various federal agencies, state troopers, county and local police officers and financial experts provide numerous services. Their roster includes anti-money laundering and training assistance, background checks, investigations, compliance assessments, cyber security, fraud and forensic accounting.
What crime-fighting tools help Raftery? The Financial Crimes Enforcement
Network (FinCEN) has developed national requirements for financial institutions- including casinos-with assets over $1 million. They must submit a written compliance plan, based on specific risks of their casino products and services.
Risk assessment
Raftery urges every casino to conduct its own money laundering risk assessment, considering its size, location, dollar volume, types of games, customer profiles and internal controls. He states, “All reports go directly to FinCEN, which may level serious fines for non-compliance. From April to October 2016, FinCEN fined three casinos nationwide a total $16 million.”
The Bank Secrecy Act (“BSA”), a complex set of federal laws and regulations, requires financial institutions keep records, make reports and conduct due diligence to help the federal government detect financial crimes. Failure can prove costly. Mandated Currency Transaction Reports-Casino (CTR-C) document individuals “cashing out” more than $10,000 at once. Raftery says, “This $10,000 threshold has held for years, without an inflation adjustment.
CTR-C reports are derived from cash transactions involving both average people and criminals. Only a person’s imagination limits their money laundering methods. Some individuals time their “cash out“ for different days to prevent detection by casino personnel. FinCEN also requires anti-money laundering training of casino personnel and the pit boss is the first line of defense.“
In addition, casinos file a Suspicious Activity Report-C (SAR-C) about customers displaying questionable behavior and FinCEN receives a copy. SAR-Cs are a valuable tool to help law enforcement deter and track illicit activity.
The USA Patriot Act amended the BSA after the September 11, 2001 terrorist attacks. It aimed to strengthen U.S. measures to prevent, detect and prosecute international money laundering and terrorism financing. The Patriot Act facilitates financial institutions and casinos‘ information sharing while protecting them from liability.
Raftery says that money laundering is one component of a broader picture. Corruption may also exist in the decisions on awarding licenses and setting tax rates that could affect gaming.
The gaming industry has improved its own compliance standards since 2006, according to the December 1, 2016 report from the independent inter-governmental Financial Action Task Force (FATF). The study, released every 10 years, praised the American Gaming Association‘s (AGA) greater anti-money laundering and anti-terrorism financing efforts. Recognizing its growing importance, the AGA surpassed prior recommendations via enhanced customer identification procedures, suspicious transactions reporting and further regulating, supervising and monitoring anti-money laundering operations.
This comprehensive report aids foreign regulators when judging gaming license suitability and a jurisdiction‘s oversight capability to confront illegal activities. Financial institutions also use the FATF research to determine client loan and account integrity.
Since taking the job on July 1, 2013, AGA CEO/President Geoff Freeman has advocated tighter gaming controls that include regulated sports betting. When then FinCEN Director Jennifer Shasky-Calvery challenged casinos to improve their compliance practices at G2E 2013, AGA soon released its first Best Practices for AML Compliance in 2014. It is updated annually.
Freeman states that over four years, “The AGA has built a partnership with the federal government that serves as a model for other industries.”
The AGA membership has responded favorably, especially among those international companies like MGM Resorts International and Las Vegas Sands. According to Gushin, “Gamblers coming from Macau to Las Vegas posed potential problems. The casino representatives, no longer the junket reps, now file their CTR-Cs. This process also protects players’ identities.“
How can companies and jurisdictions protect themselves?
Sophisticated intelligence complements law enforcement action. The Arkin Group’s diverse professionals, who worked within the U.S. government, policy world and private sector, provide on-going intelligence reporting, physical security gap assessments and cyber security vulnerability analyses. Their extensive expert network among government agencies guides them with solutions in a fast-moving cyber crisis situation.
Devine says, “Gaming’s greatest threats move as fast as gaming’s evolution and new technologies. It’s no longer limited to stolen money. Virtual reality is now a new landscape and cyber issues blend with physical security issues. One grave concern is that data intrusion and the use of gaming platforms can fairly easily spread viruses, steal user data and disable wider networks. This causes a paralyzing chain reaction within the physical world.“
What can casinos do? Devine acknowledges that although casinos recognize their losses and intrusions, they often lack sufficient resources to respond.
He states, “Casinos must allocate money to hire cyber skill experts because they will either pay upfront or suffer consequences later. Gaming companies cannot ignore these issues and each must assess its own risk management equation. The Arkin Group’s independent evaluations help with recommendations against vulnerabilities.”
For example, Devine describes “FIN10,” an active hacking group from 2013-2016. A 2016 report reveals it used loopholes in publicly available software to hack North American casino and mining companies. FIN10 entered company systems, stole and encrypted their data and extorted ransom to prevent publication of sensitive information. Their price…from 100-500 bitcoins, or a $124,000 to $620,000 cash value.
The daily expenses to use defensive software can cost millions. Devine questions the gaming industry‘s ability to absorb these costs to keep pace or ahead of the threats.
Background checks may be as high level or detailed as a client wants and Devine advises varied checks for different employees. However, he also warns this data expires when completed and needs to be run periodically.
“Organizations should incorporate an on- going background check process that ensures no red flags arise once the investigation concludes,” says Devine.
Raftery agrees. He recommends at least a 10- year look back at an employee’s work history, criminal history and social media presence.
Regulating operation and accountability is another tough security measure. Gushin frequently travels internationally to consult with foreign clients. His compliance recommendations urge jurisdictions to initiate and enforce audit trail, surveillance tapes and licensing controls.
He says, “Casino team members should be regularly evaluated because backroom paper accounting is unregulated. Sophisticated jurisdictions using thorough software programming often catch people whose personal greed and arrogance has them frequently taking risks. Regulators without a solid tax system cannot analyze and audit.”
Another crucial modern problem is fighting workplace violence. Raftery says their training inside the business benefits employees who learn safety techniques applicable to their everyday lives. They feel safer at home and work, which increases productivity.
Raftery says, “Cost-conscious casinos may allocate resources for financial crimes over external/internal staff violence. Falcon‘s workplace violence training techniques are costly compared to the price of potential lawsuits. However, many casinos and other businesses do not recognize they need this training, doubting a workplace violence incident will occur at their facility. I believe it is not ‘if’ but ‘when‘ and insurance carriers have begun selling workplace violence policies.“
The Foreign Corrupt Practices Act of 1977 (FCPA) also affects international casino portfolios. It bars companies and their executives from using personal payment or rewards to influence foreign officials and secure business.
Some foreign locations require using a local business liaison and/or partner to do business. Raftery says, “These agents are on the payroll, represent the company and must maintain integrity. In 2015, the average corporate FCPA fine was approximately $156 million. Since 2016, the Department of Justice added 100 FBI agents to the FCPA squads to pursue both individuals and corporations.“
Unregulated casinos
Despite continuous efforts to update strict rules, unregulated online casinos are difficult to monitor. Nevada, New Jersey and Delaware have proactively designed comprehensive, highly- regulated programs and more states may follow. To foster accountability, New Jersey Internet gaming operators must link to a licensed land- based Atlantic City casino and share the profits. Geographically, anyone betting must be physically within New Jersey’s borders at the time.
Consumers, especially problem gamblers, may unknowingly aid illegal online activity. Self- exclusion from commercial casinos or regulated Internet gaming may not deter their wagers them on illegal, unregulated sites or exposing important personal and financial information to criminals.
“Illegal online gaming threatens players who never know who’s on the other side of the screen. Is the technology far enough along since people can launder money via multiple legal online accounts?
Casinos should now know their customers. There has been talk of gathering important information by mandating player cards for all gamblers, but I see it going nowhere. Some argue its urgency for effective surveillance; others warn against possible gambler ‘profiling.‘ However, high rollers must explain their incomes, like how can someone earning $100,000 gamble $200,000 a year? That throws up a red flag for the government.“
The challenge against the bad guys is forever, but experienced, skilled people continually fight the good fight to stop them in their tracks.
