Currency Transactions Reporting (CTR)
by Nichole Karr, Audit Manager
Currency transaction reporting (CTR) requirements, including record-keeping, were established decades ago to help ensure individuals were not able to perform money laundering transactions, also known as making “dirty” money from illegal acts into “clean” money, by giving the appearance it was earned legally. Casinos were a great place to try and create money laundering transactions, due to the opportunity and large amounts of influx and output of cash, so casinos, including tribal casinos, were not exempt from following the FINCEN and IRS CTR and record-keeping requirements. As the years have passed and more individuals and businesses are conducting illegal activities, FINCEN has updated and changed their CTR requirements. As with any regulations, updates are always necessary to ensure the most effective and efficient ways of reporting transactions are being implemented. Because of these updates, it’s important to audit the current practices to ensure the new regulations and requirements are properly incorporated into the current operating procedures.
Since all casinos must have written internal controls and standard operating procedures, having a CTR compliance program is no exception and is a requirement per FINCEN. This program should include internal controls designed to ensure and monitor ongoing compliance with the federal requirements. Additionally a well designed program should ensure adequate training is provided to all casino personal which includes identifying suspicious or unusual transactions. The frequency of the training and the type of training varies based on the risk associated with potential money laundering. Potential training would include quarterly, semi-annual, or annual review of the FINCEN requirements followed by a quiz to ensure employees understand the requirements.
As with all internal control procedures, auditing for compliance is a must, as well as a requirement by FINCEN. Per the Electronic Code of Federal Regulation, §1021.210(2014, August 7), “internal and/or external independent testing for compliance is required of the compliance program. The scope and frequency of the testing shall be commensurate with the money laundering and terrorist financing risks posed by the products and services provided by the casino.” The testing or auditing can be done by and should be done by a variety of individuals including regulators, internal auditors, and casino management. Having different types of reviewers/auditors of the information ensures that the information is understandable by a diverse group of people and helps to ensure that all possible interpretations are addressed.
The audit review process should include the following:
- Review of the documented compliance program and comparison to the FINCEN regulations to ensure all requirements are addressed.
- Review of the training program to ensure vital information is outlined and includes real life examples for employees to comprehend.
- Review of the current CTR quiz to ensure there are sufficient questions to test the employees’ knowledge of the CTR requirements.
- Review of a sample of active employees to ensure their training and quizzes are adequately documented, including dates and scores.
- Review of submitted CTR forms to ensure they are completed properly and filed in a timely manner.
- Review of sample days of the CTR audit to ensure internal audit documentation is sufficient, includes all possible CTR areas in the casino, and is retained.
The quantity of information that needs to be audited in the steps outlined above will be influenced by the level of risk a casino might experience with regards to money laundering activities. That risk will also dictate how often an audit needs to be conducted. Generally, regulators should be reviewing this information annually while casino management or internal auditors should be conducting semi-annual audits.
While CTR requirements are not controlled by gaming regulators, it is important for them to understand how the casinos are handling the compliance with FINCEN requirements as issues with non-compliance can have an impact of other aspects of the casinos business, such as inadequate documentation and training on gaming required internal controls or lack of record-keeping. If casinos don’t have and follow the compliance program outlined by federal regulations, there is always a possibility that gaming regulations are also not effectively documented or followed
