be effective, it must be risk-based, and a casino must regularly engage in a comprehensive assessment of all money laundering risks it faces. Each assessment must identify these risks, evaluate them, rank them, and prescribe controls to eliminate or mitigate them. Ideally, an updated risk assessment should be done regularly. An initial risk assessment, or an update to one that is more than a few years old, can be a complex undertaking and the use of an outside expert should be considered. Once a good template is developed, regular updates are relatively simple and can be done in-house. Recent enforcement actions have suggested that the risk assessment is one of the most critical aspects of an effective BSA compliance program. Indeed, while not currently required, the Financial Crimes Enforcement Network (“FinCEN”) has proposed a new rule that would make such regular risk assessments a regulatory requirement (See Anti-Money Laundering and Countering the Financing of Terrorism Programs: 89 Fed.Reg. 55428 (July 3, 2024).Senior Management Should Understand AML Compliance and Take Their Oversight Role Seriously. Any casino large enough to be subject to the BSA’s requirements should establish an internal oversight structure that can assure senior leadership that the casino’s BSA compliance program is appropriately designed, adequately resourced and is effectively functioning. This starts with ensuring that the BSA Officer is qualified and performing at a high level. Effective oversight of the BSA Officer can be performed by a committee of the company’s board of directors, such as an audit committee, or by an independent committee made up, in whole or in part, of persons who are not company board members or executives. However it is structured, the key is that the casino’s AML efforts are regularly reviewed to include a review of the independent audit findings or other independent reviews of the BSA compliance performance.Customer Barring Decisions Should Be Risk-Based and Documented. While the BSA itsel

notes:[ See FDIC FIL-45-2024 (July 25, 2024).[] See Interagency Guidance on Third-Party Relationships: Risk Management, 88 Fed. Reg. 37920 (June 9, 2023). Although this refers to “third-party relationships,” it also applies to parties in multilayer relationships without a direct relationship to the bank. These indirect sources of risk are sometimes referred to as “nth party risk.”[] See FDIC Official Signs and Advertising Requirements, False Advertising, Misrepresentation of Insured Status, and Misuse of the FDIC’s Name or Logo89 Fed. Reg. 3504, (Jan. 18, 2024).[] See, e.g., FDIC Press Release, ”FDIC Demands Five Entities Cease Making False or Misleading Representations About Deposit Insurance” (Jan. 19, 2024).[] See OCC, Federal Reserve, FDIC, and NCUA, Anti-Money Laundering and Countering the Financing of Terrorism Program Requirements (Proposed Rule), 89 Fed. Reg. 65242 (August 9, 2024); FinCEN,Anti-Money Laundering and Countering the Financing of Terrorism Programs(Proposed Rule), 89 Fed. Reg. 55428 (July 3, 2024).[] As just one example of a recent enforcement action, on June 14, 2024, the Federal Reserve Board issued an enforcement action against Evolve Bancorp, Inc. and Evolve Bank & Trust. Examinations conducted in 2023 found that Evolve “engaged in unsafe and unsound banking practices by failing to have in place an effective risk management framework” for its partnerships with various financial technology companies that, in turn, provide access to banking products and services to their end customers. SeeFederal Reserve Press Release, “Federal Reserve Board issues an enforcement action against Evolve Bancorp, Inc. and Evolve Bank & Trust for deficiencies in the bank’s anti-money laundering, risk management, and consumer compliance programs” (June 14, 2024).[] See In re Synapse Financial Technologies Inc., Debtor, U.S. Bankruptcy Court (C.D. Cal.), Trustee’s Third Status Report (June 21, 2024), p.3.[] In re Synapse Financial Technologies Inc., Debtor, U.S. Bankruptcy Court (C.D. Cal.), Truste