This page contains a Flash digital edition of a book.
REDFLAGS

BY DAVID D. WADDELL AND DOUGLAS L. MINKE

PROTECTING CUSTOMER ACCOUNTS FROM IDENTITY FRAUD:

IS YOUR CASINO COMPLIANT?

T

he casino industry is unique when it comes to the relationship opera- tors have with their customers. Commercial and Native American casino operations across the United States have invested billions of dollars to establish safe, comfortable and secure environments for

their patrons to enjoy a dynamic entertainment experience. In addition to world-class leisure amenities that are offered in the modern casino environment, the core service provided by casinos continues to be a secure and regulated gam- ing experience. As a result of the unique nature of the casino environment, numerous laws

categorize casinos as financial institutions and require reporting of various finan- cial transactions, to prevent these businesses from being used by unscrupulous people for laundering money, evading taxation or funding criminal activities. Casinos across the country have developed sound practices to ensure com-

pliance with the anti-money laundering provisions of the Bank Secrecy Act/Title 31 and the Patriot Act. Despite the fact that casino operators have developed systems to ensure a safe experience, new regulations continue to be adopted that, if not complied with, could expose operators to regulatory fines and/or civil/criminal liability. Starting in 2010, certain casino operators that offer specific types of finan-

cial accounts will be required to develop policies and procedures to prevent iden- tity theft. According to a 2010 congressional report, identify theft is the fastest- growing type of fraud in the United States. In 2008, an estimated 9.9 million Americans were victims of identify theft, an increase of 22 percent from 2007. The Federal Trade Commission estimates that identity theft costs consumers approximately $50 billion annually. As a result, the FTC is implementing a new “Red Flags Rule” to seek assistance from businesses to prevent identity theft. There is a lot of confusion within the gaming industry over these matters.

The purpose of this article is to provide some clarity with regard to the changes in federal law, and to provide a general overview of the steps casinos should take to assure ongoing compliance. Jim Dowling, a former anti-money laundering official with the United

States Office of National Drug Control Policy and currently president of Dowling Advisory Group (a company that has extensive experience in auditing and assisting companies in federal compliance matters), states that “identify theft continues to plague many different industries, and is a growing concern with

30

companies that store customer information electronically.” Dowling says current cases show where a single breach can result in thousands of individuals’ personal information being compromised. Beginning June 1, after four extensions of the enforcement date, the FTC is scheduled to begin enforcing the Red Flags Rule, a set of identity theft prevention regulations issued pursuant to the Fair and Accurate Credit Transactions Act. The Red Flags Rule, which is codified at 16 C.F.R.

§681.1, generally requires: the development and implementation of a written identity theft protection program that is designed to detect, prevent and miti- gate identity theft; and the periodic performance of a risk assessment to deter- mine whether the business offers or maintains any other accounts for which there is a “reasonably foreseeable risk” to customers or to the business from identity theft.

IS YOUR CASINO SUBJECT TO THE RED FLAGS RULE?

The Red Flags Rule is applicable to “financial institutions” and/or “creditors” that maintain “covered accounts.” For the purposes of the Red Flags Rule, a “financial institution” is defined as “a

state or national bank, a state or federal savings and loan association, a mutual sav- ings bank, a state or federal credit union, or any other person that, directly or indi- rectly, holds a transaction account (as defined in 12 U.S.C. §461(b)) belonging to a consumer.” Many casino operators will not likely meet the definition of a “financial institu-

tion” for purposes of the Red Flags Rule. It is important to note that the analysis does not end there, as the identity theft prevention regulations also cover entities that are considered “creditors.” A “creditor” is “any person who regularly extends, renews or continues credit;

any person who regularly arranges for the extension, renewal or continuation of credit; or any assignee of an original creditor who participates in the decision to extend, renew or continue credit.” It is this definition of “creditor” which may bring many casino operators within

these regulatory confines. An organization that qualifies as either a “financial institution” or a “creditor”

must then analyze its internal operations to determine whether it maintains “cov- ered accounts,” which are defined as:

Global Gaming Business • May 2010 Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56
Produced with Yudu - www.yudu.com