Key insights:

• • • Pushing innovation in the financial sector 鈥� The OCC is actively enabling innovation among financial service institutions, not resisting it.

• • • Regulation is being refocused, not removed 鈥� Priorities may change with each administration, but oversight remains, and crypto is increasingly central.

    • Compliance is a growth requirement 鈥� Regulations around the BSA, sanctions, and KYC still apply, so durable controls and experienced teams do matter, even with AI.

Shortly after being named Acting Director of the Comptroller of the Currency in early 2025, Rodney E.聽Hood in the financial sector. Hood spoke about improving bank-fintech partnerships and providing regulatory frameworks for digital asset activities.

As expected, the Hon. Jonathan V. Gould was sworn in as the 32nd on July 15, 2025. Under his leadership of the Office of the Comptroller of the Currency (OCC), the spigot of technology-enabled financial innovation is set to remain wide-open, with blockchain-based products at the forefront.

In his speech to the , Comptroller Gould laid out a road map to a future that includes more de novo charters, with many of them coming from the ranks of blockchain and digital or virtual asset service providers (VASP). He refuted notions that these things cannot be done under current rules and reaffirmed the agency’s ability to regulate such institutions.

Register now for The 2026 Future of AI and Technology Forum, a cutting-edge conference that will explore the latest advancements in GenAI and their potential to revolutionize compliance, legal, and tax practices

Institutions that fail to embrace these emerging technologies as they arise risk falling behind, Gould said, describing how any legal framework that treats digital assets differently than existing electronic means is risking 鈥渁 recipe for irrelevance.鈥� Such an antiquated approach keeps companies, institutions, and indeed the nation鈥檚 entire financial system, mired in the past, he added.

Digi-mon go!

In word and deed, the current OCC continues to offer a green light to VASPs as well as to traditional financial institutions that are looking to dabble with blockchain, stablecoins, and the like. Regulatory action in the past year mostly served to end prior enforcement against traditional institutions while putting ancillary companies in check. For example, of US/Mexican border casinos, crypto ATM-style terminals, and armored car companies demonstrates the regulatory shift that takes place after each change in administration.

Government rarely gives up its authority, but it does shift the focus. Border cash is out, crypto is in. Clear regulation for this sector is important, necessary, and will continue to create an entirely new set of financial products & services.

Institutions that fail to embrace these emerging technologies as they arise risk falling behind… [and] any legal framework that treats digital assets differently than existing electronic means is risking ‘a recipe for irrelevance.’

Normally I advocate more caution but, in this case, having any regulation is better than having no regulation. Blockchain is here to stay and having any kind of clarity around it is the right way to begin. Those who legislate have an opportunity to improve the regulatory framework over this technology as it evolves 鈥� as long as a framework exists. It’s sort of like the slippery slope argument in reverse: When we build a foundation on regulations that encourage innovation while protecting consumers, including the companies themselves, we create a healthier economy. These rules can always be improved and adjusted as we understand better what we have unleashed upon the world.

Compliance is on the 鈥渃an鈥檛 cut鈥� list

Rumors are swirling of cuts to many corporate compliance budgets. Many compliance pros think this administration will let companies do as they please! Let a professional risk manager urge caution here instead. The power of the Bank Secrecy Act (BSA), the extraterritorial reach of sanctions, and the requirements to know your customers (KYC) are not going anywhere. Regulations are refocused, not removed. A proliferation of nouveau financial institutions will provide a target-rich environment for the regulators of today and tomorrow to find things they dislike and prosecute those offenses. A business that hopes to make it big should be built to withstand the winds of change and weather different regulatory conditions over time.

Therefore, smart compliance professionals will keep an eye on the horizon and keep their risk controls tight. Yes, it may be a good time to start a crypto company; but no, that does not mean you can process drug cash, ignore sanctions, or fail to collect basic personally identifying information.

With increasingly ubiquitous AI tools, your humans in the loop are more important than ever. As entry level jobs become automated, depth of experience becomes more valuable. Retain talent and institutional knowledge on your compliance teams because those individuals will train the AI as well as the investigators of tomorrow.

Indeed, no matter who is in charge of the government鈥檚 regulations, enforcement will come when you let your guard down and ignore basic risk management principles.

You can find more about how government agencies are managing various risk, fraud, and compliance issues here

Key insights:

• • • 4 pillars of surveillance 鈥� Casinos operate under a comprehensive BSA and Title 31 anti-money laundering framework, anchored by four pillars that together create a surveillance network to detect and deter illicit activity.

    • Significant gap in enforcement 鈥� Despite a massive surge in SAR filings, enforcement actions were virtually nonexistent, revealing a significant enforcement gap that undermines deterrence.

    • Balancing regulatory rules and risk 鈥� Effective CTR and SAR practices are both a regulatory obligation and a risk signal: Strong, timely, accurate reporting and a compliance-first culture help avoid penalties and protect reputation, while weak programs invite costly, rigorous enforcement.

Casino operators face increasingly rigorous anti-money laundering (AML) obligations under federal banking secrecy laws that require extensive reporting, customer monitoring, and record maintenance systems. These regulatory mandates, enforced by the U.S. Treasury鈥檚 Financial Crimes Enforcement Network (FinCEN), establish four core pillars of compliance: i) currency transaction reporting for cash activities exceeding $10,000; ii) suspicious activity reporting for potentially illicit behavior; iii) customer identification protocols; and iv) comprehensive recordkeeping standards.

While recent enforcement data reveals significant gaps between the volume of filed reports and actual regulatory actions, casinos must prioritize robust AML programs to avoid substantial penalties and reputational damage.

Under United States federal law, casinos operate within a stringent AML framework governed by Title 31 of the U.S. Code, commonly known as the Bank Secrecy Act (BSA). FinCEN serves as the primary regulator, enforcing comprehensive requirements designed to prevent casinos from becoming conduits for financial crimes.

The 4 pillars of casino AML compliance

1. Currency Transaction Reports (CTRs)鈥� These reports form the foundation of casino reporting obligations. When a customer’s combined cash transactions exceed $10,000 in a single day, casinos must electronically file a detailed report within 15 calendar days. These reports capture essential customer information, such as name, address, Social Security number (SSN), and other identification details.

2. Suspicious Activity Reports (SARs)鈥� These reports, filed with FinCEN, target potentially illicit behavior. For transactions of $5,000 or more that raise red flags, casinos must file comprehensive SARs within 30 days. Crucially, customers are never informed of these confidential reports.

3. Customer identification and due diligence鈥� These requirements ensure casinos know who they’re serving during critical transactions. While not as extensive as traditional banking鈥檚 know-your-customer protocols, casinos must collect and verify customer information 鈥� name, birth date, address, and SSN 鈥� whenever filing CTRs or SARs or establishing certain accounts. This extends to monitoring gambling patterns for suspicious patterns.

4. Recordkeeping requirements鈥� Rules around keeping records create the documentation foundation for compliance. Casinos must maintain all CTRs, SARs, supporting documentation, account records, negotiable instrument logs, and gaming activity records for five years in organized, accessible formats. Without robust recordkeeping systems, casinos risk missing reportable transactions or a failure to document suspicious activity.

Together, these four interconnected requirements create a comprehensive surveillance network, ensuring casinos serve as vigilant gatekeepers against money laundering while maintaining the integrity of their operations and supporting law enforcement investigations.

Public enforcement

SARs and CTRs are the backbone of Title 31 enforcement. Regulators use them to assess casino activity and compliance 鈥� and when reporting lapses, enforcement follows. Casinos that neglect filings or run weak AML programs face fines and mandated overhauls, while those with strong reporting and internal controls can largely avoid penalties.

The stark disparity between SAR filings and enforcement actions reveals a troubling enforcement gap.聽, financial institutions filed tens of thousands of SARs annually, yet only were completed during this entire period. This represents an enforcement rate that is virtually non-existant.

This enforcement deficit becomes even more striking when viewed historically.聽As recently as 2000, fewer than 20 SARs were filed annually. Despite this dramatic 1,000-fold increase in reporting over two decades, enforcement actions have remained stagnant.

Indeed, the numbers tell a clear story: The current system generates massive volumes of reports but delivers minimal accountability. This, in turn, undermines the entire purpose of the SARs system and calls into question whether these reporting requirements are achieving their intended deterrent effect.

Enforcement revived in 2024, and the AML Act of 2020 also has raised expectations and risks. All casinos 鈥� large or small 鈥� must treat BSA compliance as core duty. That means casinos need to file accurate, timely CTRs; investigate and report suspicious activity via SARs; and then act on those insights to mitigate risk. Recent cases 鈥� from suppressed SARs to absent AML programs 鈥� show that failures are costly and reputationally damaging.

SARs and CTRs are the backbone of Title 31 enforcement. Regulators use them to assess casino activity and compliance 鈥� and when reporting lapses, enforcement follows.

Casinos have incurred multi-million-dollar fines for serious compliance violations, including deliberately failing to maintain AML programs, ignoring BSA requirements, and neglecting to report suspicious transactions. Additional penalties have been imposed for persistent AML deficiencies and the use of misleading compliance policies. Many of these violations occurred within some casinos over multiple years, demonstrating systemic, long-term compliance failures rather than isolated incidents.

These patterns reveal that the problems extend far beyond simple administrative mistakes. Instead, they represent fundamental breakdowns in comprehensive compliance programs 鈥� failures that can only be detected and addressed through extensive data analysis using information that must come directly from the casinos themselves.

Effective filings of SARs and CTRs serve as a double-edged sword: They not only fulfill a critical regulatory obligation but also act as a barometer of a casino’s commitment to compliance. When done well, these filings protect the institution from potential sanctions and reputational damage. Conversely, poor execution can lead to severe penalties and, more alarmingly, enable illicit activities.

The requirements are straightforward. Casino operators need to prioritize compliance investments, thoroughly know their customers, submit accurate reports, and cultivate a culture that encourages the identification of suspicious transactions. The consequences of non-compliance are steep, both financially and in terms of facilitating crime.

As FinCEN underscores, a robust compliance framework is essential to maintaining the integrity of the financial system. By embracing this responsibility, casinos can establish a strong foundation for regulatory adherence 鈥� and those that fail to do so can expect rigorous enforcement action.

You can find out more about how businesses, like casinos, are managing the threat of fraud here