AGA Publishes Anti-Money Laundering Best Practices Guide

The Best Practices for Anti-Money Laundering Compliance published by the American Gaming Association in 2025 is a comprehensive guide for casinos and gaming operators seeking to strengthen compliance with U.S. anti-money laundering (AML) and counter-terrorist financing (CFT) obligations. It reflects the dual regulatory environment casinos face: stringent state-level gaming laws combined with federal requirements under the Bank Secrecy Act (BSA). The guidance stresses that casinos must operate risk-based compliance programs tailored to their business models and patrons, and that these programs must be dynamic, adapting to technological innovation, evolving regulatory priorities, and emerging criminal threats.

A key theme is governance and accountability. Boards of directors and senior leadership are ultimately responsible for compliance with the BSA and must prioritize regulatory integrity above revenue. This includes:

• approving AML programs, 
• ensuring they are adequately resourced and independently tested, 
• appointing a qualified AML Officer. 

The AML Officer must oversee daily compliance, act as liaison with regulators and law enforcement, and be empowered with sufficient authority to influence corporate decision-making. Leadership is expected to set a “tone from the top” that builds a culture of compliance, reinforced by training, internal reporting mechanisms, and performance evaluations that link employee incentives to compliance outcomes. Casinos are advised to establish multiple safe reporting channels for staff and maintain strong anti-retaliation protections so concerns can be raised and acted upon effectively.

The document places significant weight on risk assessment, which should be conducted at least annually and updated whenever new products, services, or market expansions introduce material changes. Casinos must identify points at which illicit funds may enter or exit the system, assess the nature of high-risk products such as junkets, private salons, or digital wallets, and evaluate geographic vulnerabilities. FinCEN’s enforcement priorities highlight risks such as corruption, cybercrime, terrorist financing, drug trafficking, and human trafficking. 

For casinos, typologies include:

• misuse of line-of-credit services, 
• chip-walking below reporting thresholds,
• foreign intra-property fund transfers, 
• deposits into betting accounts followed by minimal play and withdrawal. 

Preventive measures are recommended, including restrictions on cash-for-cash exchanges, stricter oversight of ticket redemption kiosks, heightened scrutiny of wires and checks from nonprofits or law firms, and strong surveillance in high-risk areas such as poker rooms. For online platforms, additional safeguards include geolocation tracking, device intelligence to detect “impossible travel,” and limits on the number of payment instruments linked to player accounts.

Patron identification and due diligence (KYC/CDD) are presented as cornerstones of compliance. Casinos must verify identities for any reportable transaction, account opening, or digital wallet setup using government-issued photo IDs, supported by Social Security Numbers for U.S. citizens and residents. Online operators, which cannot rely on in-person verification, must use non-documentary methods such as electronic databases, biometric scans, and uploaded identification. Sanctions screening is mandatory at onboarding and throughout the customer relationship to prevent dealings with individuals or entities on the U.S. Treasury’s Office of Foreign Assets Control (OFAC) lists. Enhanced due diligence is required for higher-risk patrons such as politically exposed persons (PEPs), foreign nationals from high-risk jurisdictions, repeat SAR subjects, and those linked to high-risk industries like cryptocurrency or cannabis. Casinos are expected to review both the source of funds (the immediate origin of money used in transactions) and the source of wealth (the broader accumulation of assets over time), often requiring documentation such as bank statements, employment records, tax filings, or investment history. Information from public databases, negative media checks, and Section 314(b) information-sharing with other financial institutions should be integrated into these reviews.

Examples of high-risk patrons outlined in the guide include:

• Foreign nationals from countries with weak AML regimes or high corruption scores.
• Politically exposed persons (PEPs), whether full-time or part-time officials, and their close associates.
• Junket operators or independent marketing agents who bring patrons into casinos without sufficient transparency.
• Individuals linked to cannabis enterprises, which remain illegal under federal law despite state-level legalization.

Suspicious activity reporting (SAR) obligations remain central to casino compliance. Casinos must file a SAR for transactions of $5,000 or more when there is knowledge or suspicion of illegal activity, structuring to avoid reporting, a lack of legitimate purpose, or the use of the casino to facilitate crime. Attempted transactions also fall under this requirement. Reports must be filed within 30 days of initial detection, or within 60 days if a suspect cannot be immediately identified. The guide provides detailed instructions for escalation, monitoring, and filing processes, stressing that SARs are confidential and cannot be disclosed to patrons. Casinos are reminded to monitor for patterns such as large deposits with minimal gameplay, repeated structuring just below thresholds, chip-walking, or cross-border intra-property transfers designed to bypass reporting requirements.

Other important compliance areas include:

• currency reporting, 
• independent reviews, 
• employee training, 
• recordkeeping, 
• information sharing. 

Casinos must file Currency Transaction Reports (CTRs) for cash transactions above $10,000 and retain all relevant records for at least five years. Independent audits are required to test CTR, SAR, and program effectiveness, while training should be ongoing, role-specific, and aligned with current risks. Information-sharing across enterprises, with service providers, and under Section 314(b) is strongly encouraged to enhance the overall effectiveness of the industry’s AML controls. The guide also highlights casinos’ role in combating human trafficking, advising operators to monitor for patterns associated with exploitation and ensure staff are trained to escalate such cases promptly.

In conclusion, the AGA’s 2025 best practices reflect a broad, modern approach to AML compliance in the gaming sector. Casinos are urged to integrate governance, risk assessment, due diligence, monitoring, and training into a cohesive program that is adaptable and forward-looking. Emerging technologies such as digital wallets, cryptocurrencies, and online gaming require new compliance measures, but traditional risks such as junket operations and high-stakes cash play remain relevant. A successful AML program, according to the AGA, must be proactive, risk-based, and embedded in the culture of the organization, ensuring that casinos not only comply with regulatory requirements but also protect the integrity of the broader financial system.