U.S. Casinos Face Inflection Point as AML Compliance Guide Sets New Standard

The newest edition of the American Gaming Association’s Best Practices for Anti-Money Laundering Compliance Guide represents a decisive moment for the U.S. casino industry. With more than 1,000 land-based casinos operating across the country, ten states having legalized sports betting, and iGaming expanding into new jurisdictions, the visibility of gaming in the financial system has never been greater. This visibility has not gone unnoticed by criminals. Every innovation—whether a new wallet integration, a digital betting option, or a VIP service—creates potential avenues to disguise illicit wealth. Against this backdrop, the AGA’s updated guidance emerges as far more than a simple handbook. It functions as a survival blueprint for an industry that must demonstrate its ability to grow responsibly without transforming into a magnet for financial crime.

Casinos operate under one of the most rigorous regulatory regimes in the world, balancing state-level licensing requirements with federal obligations under the Bank Secrecy Act. Beyond being centers of entertainment, they provide financial services that include check cashing, wire transfers, front-money accounts, and increasingly, cashless wallets. These very features heighten their exposure to financial crime. A patron arriving for a weekend of leisure may appear indistinguishable, at least on the surface, from an individual intent on layering criminal proceeds. The AGA guide sets the tone clearly: compliance is not optional. It insists on risk-based vigilance and underscores that effective AML programs safeguard not only individual casinos but also the integrity of the wider financial system.

The guidelines begin by establishing governance as the foundation. Board members and senior executives are reminded that ultimate accountability lies with them, not merely with compliance teams. They are expected to formally approve AML/CFT programs, allocate sufficient resources, and demonstrate working knowledge of requirements. A culture of compliance is framed as a performance benchmark, with compensation systems designed to reward adherence and penalize any shortcuts. Staff are urged to integrate compliance into operational priorities rather than regard it as an external imposition.

Central to this governance framework is the AML Officer. Far from being a symbolic position, the officer must remain independent from gaming operations, equipped with the authority to escalate concerns, and empowered to brief senior leadership directly. The guide advises casinos to establish formal reporting mechanisms, including anonymous hotlines and structured investigation procedures, to guarantee that staff can raise concerns without fear of retaliation.

Risk assessment is presented as a critical dimension of compliance. Casinos are instructed to map every single entry and exit point for funds—whether cages, markers, digital wallets, sportsbooks, or even promotional credits. Each service must be evaluated to determine which ones present disproportionate laundering risks, from high-stakes poker rooms to online accounts that permit multiple payment instruments. Annual risk assessments are mandated, and additional reviews are required whenever new products or mergers alter the operating environment. Regulators expect casinos to identify residual risks and adopt tangible action plans, not leave vulnerabilities unresolved.

Acknowledging that risk evolves with technology, the guidelines extend to online platforms, which must deploy geolocation checks, block suspicious devices, and identify “impossible travel” scenarios where a patron’s account logs in from geographically incompatible regions within short timeframes. Minimal gaming activity paired with large deposits or withdrawals is flagged as a classic layering technique requiring close scrutiny. For cashless play and digital wallets, the rules demand full alignment with KYC standards and insist that accounts remain tied consistently to a single verified identity.

Know Your Customer procedures and Suspicious Activity Reporting stand at the heart of detection. Casinos are instructed to collect names, addresses, Social Security numbers when applicable, and government-issued identification before permitting any BSA-reportable transaction. Online onboarding is expected to employ non-documentary verification methods using third-party databases, photo IDs, or selfies. The guidelines also encourage casinos to gather supplementary information—such as occupation or email—when transactions approach threshold levels, signaling a shift toward a holistic, risk-based model rather than simple compliance box-ticking.

Enhanced diligence is mandatory for high-risk categories that include politically exposed persons, foreign patrons from countries with capital controls, high-loss players, and individuals linked to known illicit finance typologies. Unlike earlier editions, the 2025 update explicitly calls for analysis of both the source of funds and the source of wealth. This dual scrutiny is designed to confirm not only that immediate funds are legitimate, but that a patron’s overall financial profile plausibly supports their level of gaming activity.

Suspicious Activity Reports remain the backbone of detection. Casinos are obligated to file SARs for any transaction aggregating $5,000 or more that shows signs of illicit origin, structuring, or lacking a lawful purpose. The obligation extends to attempted transactions. Filing deadlines remain 30 days from detection, with a maximum of 60 days if the subject cannot be immediately identified. The guidance stresses the importance of robust escalation frameworks, ensuring that alerts move swiftly from frontline staff to compliance investigators to avoid delays that might jeopardize reporting deadlines.

The typologies outlined in the document are drawn directly from enforcement experience. These include chip-walking, exploitation of line-of-credit services, intra-property transfers across multiple jurisdictions, and structuring through ticket-in ticket-out kiosks. Casinos are encouraged to review their filed SARs annually, identifying patterns that can inform adjustments to compliance programs. This continuous cycle of detection, reporting, and refinement embodies the risk-based approach regulators now demand.

Perhaps the most notable update in the 2025 edition addresses the intersection of digital wallets, cryptocurrency, and gaming. These tools blur the lines between casinos and traditional financial institutions. Patrons can now fund wallets through bank transfers, cards, or in-person deposits, wager digitally, and then withdraw with relative ease. While this creates convenience, it also introduces potential for abuse if not closely monitored.

The best practice, according to the guide, is to restrict wallets to a single verified user, mandate that withdrawals return to the original deposit method, and flag accounts that cycle deposits and withdrawals without meaningful gaming activity. Casinos are reminded that even though online transactions may not automatically trigger Currency Transaction Reports, cash deposits and withdrawals at the cage still do. Integrated oversight across physical and digital platforms is therefore essential.

Cryptocurrency receives special treatment. The guidance advises casinos to require conversion of virtual assets into U.S. dollars before they may be used for gaming. This places such transactions under the established frameworks of CTRs and SARs. Given the anonymity and pseudonymity associated with crypto transfers, direct use is deemed too risky. By channeling crypto activity into familiar reporting structures, casinos minimize their vulnerability as potential weak links in the financial system.

Warnings also extend to shell companies and third-party payments. Accepting funds from anonymous entities, whether domestic or foreign, without clearly documented relationships is described as a major risk. Policies must define precisely which third-party transactions are permissible, and approvals must be documented at senior levels. Anything short of that, the guidance cautions, invites regulatory scrutiny.

The scope of the updated guide stretches beyond casino walls, reflecting the broader expectations of AML/CFT oversight. Independent reviews conducted by external auditors or IRS examiners must feed directly into risk assessments and trigger corrective action where necessary. Recordkeeping obligations emphasize document retention for at least five years, allowing regulators to verify that decisions were justified and consistent over time.

Employee training is singled out for particular attention. Casinos are directed to provide not only onboarding education but also continuous, role-specific refresher training. These programs must address emerging typologies such as human trafficking, which now has a dedicated section in the guide. Staff are expected to recognize red flags linking trafficking to gaming, including third parties exerting control over patron accounts or groups of individuals showing signs of coercive play.

Information sharing also forms a cornerstone of the guidance. Casinos are encouraged to use Section 314(b) of the USA PATRIOT Act to exchange intelligence with banks and other institutions, while maintaining proactive channels with law enforcement. By aligning reporting practices with federal priorities such as the National Illicit Finance Strategy, casinos can demonstrate that they are not merely complying with obligations, but actively contributing to the national effort against financial crime.

The introduction to the guide emphasizes a point often overlooked: casinos have been legally defined as financial institutions under the Bank Secrecy Act since 1985. This designation cements their status as full participants in the U.S. AML framework, not simply entertainment venues burdened with compliance duties. Their role is integral to the financial system’s defense against abuse.

The 2025 Best Practices ultimately highlight that the gaming industry recognizes its dual identity—provider of entertainment and financial gateway. With that dual identity comes responsibility. The guidance does not offer a universal checklist. Instead, it lays out principles that must be tailored to each casino’s unique risk profile. What regulators expect is not mechanical compliance but demonstrable effectiveness.

Casinos that neglect to embrace this message risk more than monetary penalties; they risk reputational collapse in an industry where legitimacy has been painstakingly built. By embedding a culture of compliance, reinforcing KYC protocols, enhancing suspicious activity monitoring, and applying rigorous controls to digital transactions, the sector can protect both its customers and the U.S. financial system. As the AGA guide makes clear, the standard has been set. Meeting it is about far more than avoiding fines. It is about securing a future for gaming that is sustainable, responsible, and resilient against the relentless ingenuity of financial crime.

By fLEXI tEAM