I just love the casino business. Every thinker and observer of corporate compliance issues should.
Really, where else can you find such a perfect blend of internal control and corporate culture concerns, plus all those whacky casino names? The enforcement examples you find here always straddle hard-edged financial controls and business practices that make you wince. Misconduct happens in colorful ways at colorful places, with business names that just kill it.
Which brings us to FinCEN’s recent enforcement action against—wait for it—Sparks Nugget.
Sparks is a small-time casino in Sparks, Nevada, but its misconduct is the stuff of big lessons nevertheless. FinCEN fined Sparks $1 million last week for failure to nurture a culture of compliance, and given regulators’ talk of culture so often these days, the consent decree is crammed with great examples of how senior leaders should not treat their compliance programs.
In one form or another, the misconduct stretches back into the 2000s, and it first came to light during an IRS audit in 2010. More agencies got involved after that, and FinCEN’s settlement specifically covers violations of the Bank Secrecy Act from 2010 into 2013. The primary lapses: failure to establish an effective anti-money laundering program, failure to file suspicious activity reports, and failure to secure various records. All three stem from the larger, deeper flaw that Sparks Nugget simply did not care about compliance. A few examples:
- The casino’s Bank Secrecy Act compliance officer did draft suspicious activity reports (SARs), which were then ignored by her managers and never filed with the authorities.
- During that IRS exam in 2010, the BSA compliance officer’s supervisors told her to stop talking to the IRS agents. She was also blocked from seeing the results of that exam.
- The casino never bothered to implement a strong, sophisticated AML program—and remember, this outfit was a casino. It already had a strong, sophisticated program to know the high rollers and deadbeats for marketing purposes, that could have been adapted for AML concerns. No dice.
- Whenever an employee did bother to file an SAR, that report went to an SAR Committee for review. The committee, however, never held a meeting. Which is to be expected, since numerous members of said committee didn’t even know they were on it.
- The Sparks Nugget general counsel who embezzled $3 million and got fired for it? No SAR filed. The local official who embezzled $2.2 million from the county and blew half of that sum at the casino? No SAR filed.
- Employees told the IRS agents conducting that 2010 exam that SARs were never filed because “nothing suspicious ever happened” at the casino. Other than the general counsel and the county boss, who both had already ended up in the news before the IRS ever showed up.
You get the picture. The tales of poor culture at Sparks Nugget are eye-rolling, but they are all the worse because a casino can’t really say, “Well, we didn’t know how to impose controls!” Casinos are more sharp about cash controls, and more skilled at knowing their customers, than just about any other business. They are no strangers to exacting procedures and exhaustive record-keeping.
So when you hear stories that a casino failed to implement a control program or file SAR reports, that is poor tone at the top landing on the whole organization with a two-ton thud. Compliance officers marginalized, programs not launched, data not collected, records not kept—this is painful stuff, and senior leadership’s lax attitude is to blame. Tom Fox, one of the great anti-corruption compliance voices out there, calls it the difference between having a compliance program and actually doing compliance. This is the same phenomenon happening in the Bank Secrecy Act context.
Many large organizations probably already know the lessons that Sparks Nugget offers. The CEOs at those companies do often understand the importance of a strong culture and good ethics (or at least, they talk a good game about it). The real audience here are smaller businesses like Sparks Nugget. They have fewer resources to devote to compliance, and therefore must rely more on managers who embrace the spirit of it—which you can do, even without the technical resources of a strong control system. That’s what tone at the top and culture of compliance are all about.