Exceptive Relief for Casinos from Certain Customer Identity Verification Requirements

1 Financial Crimes Enforcement Network U.S. Department of the Treasury FIN-2021-R001 Issued: October 19, 2021 Subject: Exceptive Relief for Casinos from Certain Customer Identity Verification Requirements The Financial Crimes Enforcement Network (FinCEN) grants limited exceptive relief under the authority set forth in 31 U.S.C. § 5318(a)(7) and 31 CFR § 1010.970(a) to casinos1

from certain customer identity verification requirements in the context of online gaming. Specifically, under the terms of this relief, a casino may utilize suitable non-documentary methods to verify the identity of online customers. The suitability or non-suitability of any particular method should be evaluated based on risk. This exceptive relief is effective as of October 19, 2021. Background Pursuant to 31 CFR § 1021.410(a), prior to each deposit of funds, account opening, or extension of credit, a casino must obtain the name, permanent address, and social security number of a customer. The name and address of such person must be verified by the casino at the time the deposit is made, account opened, or credit extended. Verification must be made by examination of a document described in 31 CFR § 1010.312.2 Casinos are not subject to Customer Identification Program (CIP) regulations issued pursuant to Section 326 of the USA PATRIOT Act. As a result, casinos do not have the ability to rely upon non-documentary verification of a customer’s identity.3 Banks, brokers or dealers in securities, mutual funds, futures commission merchants, and introducing brokers in commodities, for example, are required to implement a CIP4 that includes risk-based verification procedures that enable the financial institution to form a reasonable belief that it knows the true identity of its customers.5 A financial institution subject to a CIP regulation must obtain identifying information from each customer before opening an account, to

1. References to “casinos” include both “casinos” and “card clubs,” as those terms are defined at 31 CFR § 1010.100(t)(5) and (6).
2. See 31 CFR § 1021.410(a). For those customers who are both citizens and residents of the United States, the casino must examine “a document that is normally acceptable within the banking community as a means of identification when cashing checks for nondepositors.” See 31 CFR § 1010.312. The provision lists as examples of such documents “a driver’s license or credit card.” Verification of identity for an individual who indicates that “he or she is an alien or is not a resident of the United States” must be made by “passport, alien identifi￾cation card, or other official document evidencing nationality or residence.” Id.
3. See 31 CFR §§ 1010.312 and 1021.410(a). The provisions state explicitly that “verification must be made by examination of a document.”
4. See generally 31 CFR § 1020.220 (banks); 31 CFR § 1023.220 (brokers or dealers in securities); 31 CFR § 1024.220 (mutual funds); 31 CFR § 1026.220 (futures commission merchants and introducing brokers in commodities).
5. See, e.g., 31 CFR § 1020.220(a)(2).

2 include name, date of birth, address, and identification number (e.g., Social Security number, taxpayer identification number or an alien identification number).6 A CIP must describe when the financial institution will verify identity through documentary methods, non￾documentary methods, or a combination of both.7 With respect to documentary methods, the CIP must describe minimum acceptable documentation, which may include, for an individual, unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver’s license or passport.8 Financial institutions subject to a CIP regulation may also use non-documentary methods to verify a customer’s identity.9 Non-documentary methods may include the following: contacting the customer; independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source; checking references with other financial institutions; and obtaining a financial statement.10 Non-documentary procedures must address situations where: the customer is unable to present an unexpired government￾issued identification document that bears a photograph or similar safeguard; the financial institution is unfamiliar with the documents presented; the account is opened without obtaining documents; the customer opens the account without appearing in person; or there are circumstances that increase the risk that the financial institution will be unable to verify the true identity of the customer through documents.11 Analysis The identity verification requirement at 31 CFR § 1021.410(a) reflects technological constraints and legal restrictions that incentivized in-person interaction with customers.12 The gaming industry has since evolved, with many casinos now offering new types of gaming, such as online sports wagering and online casino gambling, that involve remote interaction with customers.13 FinCEN recognizes that the onboarding procedures for online customers used by many brick and mortar casinos, which may include non-documentary identity verification, can provide more comprehensive verification of an online patron’s identity than the procedures currently required under FinCEN rules. FinCEN has heard from a number of stakeholders about concerns regarding the customer identity verification requirement at 31 CFR § 1021.410(a). Specifically, these stakeholders 6. See, e.g., 31 CFR § 1020.220(a)(2)(i)(A). 7. See, e.g., 31 CFR § 1020.220(a)(2)(ii). 8. See, e.g. 31 CFR § 1020.220(a)(2)(ii)(A). 9. See, e.g., 31 CFR § 1020.220(a)(2)(ii)(B). 10. See, e.g., 31 CFR § 1020.220(a)(2)(ii)(B)(1). 11. See, e.g., 31 CFR § 1020.220(a)(2)(ii)(B)(2). 12. Legal restrictions include those arising under state law and federal statutes such as the Interstate Wire Act of 1961 and the Professional and Amateur Sports Protection Act (PASPA) of 1992. On May 14, 2018, the U.S. Supreme Court struck down PASPA on constitutional grounds. See generally Murphy v. NCAA, 138 S.Ct. 1461 (2018). 13. In New Jersey, a patron may open and fund an account and place wagers over the Internet without entering a facility at any point, although servers must be located at licensed establishments within the state and wagers may be placed only while the patron is present within the state.

3 informed FinCEN that the use of third-party databases, which pull information from a multitude of publicly available resources, is widespread throughout the industry and can provide more comprehensive verification of an online patron’s identity than the documentary methods currently required by FinCEN’s regulations. These third-party databases can verify a customer’s identifying information across thousands of sources. This service can also validate that the information appears to be legitimate, belongs to a single identity and does not appear to be compromised or otherwise suspicious, and provides an overall risk assessment based on the information obtained. Exceptive Relief Under 31 U.S.C. § 5318(a)(7) and 31 CFR § 1010.970(a), FinCEN has the authority to grant exceptions to the requirements of 31 CFR Chapter X. Such exceptions may be either conditional or unconditional and may apply to particular persons or classes of persons, but only to the extent that such limits are expressly stated in the order of authorization. FinCEN may modify or revoke exceptions at its discretion. Under the terms of the exceptive relief set out herein, casinos may comply with the requirement in 31 CFR § 1021.410(a) to verify the identities of online customers by implementing compliance measures consistent with a CIP. In the context of online gaming, casinos may use non-documentary methods to the extent consistent with the risk-based approach set forth in FinCEN’s regulations governing the establishment and implementation of CIPs. The casino’s anti-money laundering (AML) program would need to describe when the casino will verify identity through documentary methods, non-documentary methods, or a combination of both. With respect to documentary methods, the casino’s AML program would need to describe minimum acceptable documentation, which may include, for an individual, unexpired government-issued identification evidencing nationality or residence and bearing a photograph or similar safeguard, such as a driver’s license or passport.14 Non-documentary methods may include the following: contacting the customer; independently verifying the customer’s identity through the comparison of information provided by the customer with information obtained from a consumer reporting agency, public database, or other source; checking references with other financial institutions; and obtaining a financial statement.15 Non-documentary procedures must address situations where: the customer is unable to present an unexpired government-issued identification document that bears a photograph or similar safeguard; the casino is unfamiliar with the documents presented; the account is opened without obtaining documents; the customer opens the account without appearing in person; or there are circumstances that increase the risk that the casino will be unable to verify the true identity of the customer through documents.16 14. See, e.g., 31 CFR § 1020.220(a)(2)(ii)(A)(1). 15. See, e.g., 31 CFR § 1020.220(a)(2)(ii)(B)(1). 16. See, e.g., 31 CFR § 1020.220(a)(2)(ii)(B)(2).