FinCEN Casino SAR Filing: Obligations Under 31 CFR § 1021.320

Under 31 CFR § 1021.320, every casino and card club subject to the Bank Secrecy Act must file a Suspicious Activity Report with FinCEN when a transaction, whether conducted, attempted, or detected, meets both a monetary threshold and one of four enumerated grounds for suspicion. The obligation is not discretionary. A casino that “knows, suspects, or has reason to suspect” that a qualifying transaction has occurred must file, regardless of whether the casino can confirm that a crime has taken place. Compliance teams that treat SAR filing as a judgment call reserved for near-certainty cases are already outside the regulation’s requirements.

The Statutory Foundation: 31 U.S.C. § 5318(g)

The SAR obligation derives from 31 U.S.C. § 5318(g) of the Bank Secrecy Act, which grants the Secretary of the Treasury authority to require financial institutions, including casinos, to report any suspicious transaction relevant to a possible violation of law or regulation. FinCEN exercises that authority through Part 1021 of Title 31 of the Code of Federal Regulations, the dedicated ruleset for casinos and card clubs. Section 1021.320 is the operative SAR provision.

Casinos qualify as “financial institutions” under the BSA. That classification carries the full suite of BSA obligations, including Currency Transaction Report (CTR) filing under § 1021.311, the aggregation rules under § 1021.313, anti-money laundering program requirements under § 1021.210, and the suspicious activity reporting mandate under § 1021.320. Compliance officers managing US-licensed gaming properties must read § 1021.320 against this broader Part 1021 architecture, not in isolation.

What Is the Casino SAR Threshold?

A transaction requires reporting under § 1021.320(a)(2) if it is conducted or attempted by, at, or through a casino, and involves or aggregates at least $5,000 in funds or other assets. That threshold applies whether the casino identifies a single qualifying transaction or a pattern of transactions that collectively reach $5,000.

The $5,000 figure is substantially lower than the $10,000 CTR threshold under § 1021.311 and § 1021.313. The CTR threshold triggers on currency transactions and applies an aggregation rule across the gaming day: multiple cash transactions by or on behalf of the same person are treated as a single transaction once they collectively exceed $10,000. The SAR threshold operates differently. It applies to any transaction type, not only currency, and aggregation for SAR purposes follows the identification of a pattern rather than a fixed gaming-day window. Compliance programs that calibrate transaction monitoring exclusively to the $10,000 CTR level will miss the SAR obligation on a substantial portion of qualifying activity.

“A transaction requires reporting under the terms of this section if it is conducted or attempted by, at, or through a casino, and involves or aggregates at least $5,000 in funds or other assets, and the casino knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part)” meets one of the four enumerated grounds., 31 CFR § 1021.320(a)(2)

The Four Grounds for Suspicion

Reaching the $5,000 threshold alone does not trigger a SAR obligation. The casino must also know, suspect, or have reason to suspect that the transaction meets at least one of four statutory grounds, set out in § 1021.320(a)(2)(i) through (iv).

Illegal funds and concealment. Under § 1021.320(a)(2)(i), the obligation arises when a transaction involves funds derived from illegal activity, or is intended or conducted to hide or disguise funds or assets derived from illegal activity, including, without limitation, the ownership, nature, source, location, or control of those funds, as part of a plan to violate or evade any federal law or regulation, or to avoid any transaction reporting requirement. This ground captures not only direct money-laundering placements, such as the buy-in of criminal proceeds at the cage, but also layering transactions designed to obscure the audit trail once funds are already inside the gaming environment.

BSA evasion and structuring. Under § 1021.320(a)(2)(ii), the obligation arises when a transaction is designed, whether through structuring or other means, to evade any requirement of the BSA or any other regulation promulgated under it. Structuring is the deliberate division of transactions to avoid CTR filing thresholds. A patron who makes multiple cash buy-ins over the course of a gaming session, each under $10,000, with the evident purpose of avoiding CTR identification, triggers this ground. The casino’s knowledge of the pattern, assessed against the aggregation awareness standard in § 1021.313, is sufficient, no admission by the patron is required.

Facilitation of criminal activity. The third ground under § 1021.320(a)(2) covers transactions that involve funds used to facilitate criminal activity. This captures scenarios where the casino’s products or services are being used as a conduit: chip-dumping schemes between colluding players, match-fixing-adjacent wagering activity, and transactions where the apparent gaming purpose masks a predicate offence unrelated to the casino’s own operations.

No apparent lawful purpose. The fourth ground under § 1021.320(a)(2) applies where the transaction has no business or apparent lawful purpose, or is not the sort of transaction in which the customer would normally be expected to engage, and the casino knows of no reasonable explanation after examining the available facts. This is the broadest trigger. In practice, it reaches transactions that do not display obvious criminal signals but are anomalous against the customer’s established profile, account history, or the typical patterns for that game type or stake level.

When Does the 30-Day Clock Start?

Under § 1021.320(b), a casino must file a SAR no later than 30 calendar days after the date of initial detection of facts that may constitute a basis for filing. The clock starts at detection: the point at which a casino employee, system alert, or review process first identifies facts sufficient to constitute a potential SAR basis. It does not start when the compliance team completes its investigation, when the AML officer signs off, or when certainty is reached.

Where no suspect is identified at the time of initial detection, the casino may delay filing for an additional 30 calendar days to identify a suspect. That extension does not reset the base window. The outer limit is 60 calendar days from the date of initial detection, absolute. No further delay is permitted regardless of the complexity of the investigation or whether the casino has reached a conclusion.

Where the suspicious activity involves an ongoing violation requiring immediate attention, such as an active money laundering scheme, the casino must immediately notify an appropriate law enforcement authority by telephone, in addition to filing the SAR within the applicable deadline. Casinos that identify possible terrorist-activity financing connections are directed by § 1021.320(b) to call FinCEN’s Financial Institutions Hotline at 1-866-556-3974, in addition to filing timely.

The Robbery and Burglary Exception

Section 1021.320(c) provides a narrow exception: a casino is not required to file a SAR for a robbery or burglary committed or attempted that is reported to appropriate law enforcement authorities. This is the only enumerated exception. It does not extend to fraud, embezzlement, chip theft, cage irregularities, or any other category. Any compliance team that interprets § 1021.320(c) broadly, as a general exception for crimes the casino has already self-reported to police, is misreading the text.

Record Retention: Five Years

Section 1021.320(d) requires each casino to maintain a copy of any SAR filed and the original, or business record equivalent, of all supporting documentation for five years from the date of filing the SAR. Supporting documentation must be identified as such and maintained separately. That documentation is deemed filed with FinCEN as a matter of law, meaning it is constructively available to law enforcement from the date of SAR filing, not only if FinCEN formally requests it.

Retention of the decision trail matters as much as retention of the SAR itself. Where FinCEN or a state gaming regulator examines a casino’s BSA compliance program, examiners will review whether the supporting documentation demonstrates a rigorous detection and decision-making process. A filed SAR with inadequate supporting records is a compliance deficiency distinct from the SAR filing itself.

SAR Confidentiality and the Tipping-Off Prohibition

Section 1021.320(e)(1)(i) imposes an absolute prohibition: no casino, and no director, officer, employee, or agent of any casino, may disclose a SAR or any information that would reveal the existence of a SAR. The prohibition applies not only to voluntary disclosure but to compelled disclosure. A casino or its personnel that receives a subpoena or other request to produce a SAR must decline, citing § 1021.320(e)(1) and 31 U.S.C. § 5318(g)(2)(A)(i), and must notify FinCEN of the request and the response.

The regulation permits narrow intra-group exceptions. A casino may share a SAR, or information revealing its existence, within its corporate organizational structure for purposes consistent with Title II of the BSA. It may also share in connection with filing a joint SAR. These exceptions do not extend to disclosure to the subject of the SAR, to general counsel in a private civil matter, or to any party seeking to use the SAR in private legal proceedings.

“No casino, and no director, officer, employee, or agent of any casino, shall disclose a SAR or any information that would reveal the existence of a SAR.”, 31 CFR § 1021.320(e)(1)(i)

In practice, the tipping-off prohibition creates significant operational risk for customer-facing staff. Frontline employees who detect suspicious activity and initiate a SAR review must not request information from the patron in a manner that would indicate a SAR is being prepared. The casino’s compliance program under § 1021.210 must address this through training: staff identify the activity, escalate internally, and allow the AML function to determine how to handle any additional information-gathering without signaling the investigation to the patron.

The Safe Harbor: Limitation on Liability

Section 1021.320(f) provides statutory safe harbor protection. A casino, and any director, officer, employee, or agent of a casino, that makes a voluntary disclosure of any possible violation of law or regulation to a government agency, or makes a disclosure pursuant to § 1021.320 or any other authority, including a disclosure made jointly with other financial institutions, is not liable to any person under any law or regulation of the United States, any State, or any political subdivision, for that disclosure or for any failure to provide notice of the disclosure to the person who is the subject of the disclosure or any other person.

The safe harbor operates in both directions. It protects the casino from civil liability brought by the patron whose transaction was reported, and it protects individual employees who participated in the SAR decision and filing. Compliance officers should be explicit in their internal procedures that the safe harbor attaches to good-faith filings even where the underlying activity ultimately proves to be legitimate. The obligation to file does not require proof of criminality. It requires a reasonable, documented basis for suspicion, and the safe harbor reflects that calibration.

Voluntary Reporting Below the Threshold

Section 1021.320(a)(1) permits, but does not require, voluntary SAR filing where the transaction does not meet the $5,000 threshold but is nonetheless believed by the casino to be relevant to a possible violation of law or regulation. Compliance teams should treat this provision carefully. A casino that consistently files voluntary SARs below threshold as a substitute for proper threshold-based monitoring is not satisfying its mandatory obligations. The voluntary filing pathway is for genuinely anomalous low-value activity, not for papering over gaps in transaction monitoring coverage at the $5,000 level.

How FinCEN Casino SAR Obligations Differ from FINTRAC’s STR Regime

Operators holding both a US gaming authorization and a Canadian registration must manage two distinct suspicious transaction reporting regimes in parallel. The structural difference is material.

Under FinCEN, the casino SAR obligation is threshold-dependent: no SAR is required unless the transaction involves or aggregates at least $5,000. Under FINTRAC’s Suspicious Transaction Report (STR) regime, governed by section 7 of the Proceeds of Crime (Money Laundering) and Terrorist Activity Financing Act (PCMLTFA, S.C. 2000, c. 17), there is no monetary threshold. A casino reporting to FINTRAC must file an STR whenever it completes the measures that enable it to establish reasonable grounds to suspect that a transaction, of any value, is related to the commission or attempted commission of a money laundering or terrorist activity financing offence.

FINTRAC’s guidance distinguishes “reasonable grounds to suspect” from “reasonable grounds to believe.” The former is the STR filing standard: a step above simple suspicion, requiring that the reporting entity considered the facts, the context, and the applicable money laundering or terrorist financing indicators, and concluded that there is a possibility of a relevant offence, without requiring verified facts or proof. FINTRAC has identified, as a common compliance deficiency, the practice of applying a higher threshold than “reasonable grounds to suspect” before submitting an STR, effectively treating the no-threshold regime as if it had one.

The operational implication for dual-jurisdiction operators is that FINTRAC-covered Canadian casino accounts require a detection and escalation process calibrated to any transaction amount, while FinCEN-covered US accounts require a parallel process calibrated specifically to the $5,000 floor. A single monitoring ruleset cannot satisfy both requirements. Compliance teams overseeing multi-jurisdiction gaming operations must document each regime’s trigger separately and ensure that the Canadian STR process does not inadvertently import the US $5,000 floor as a de facto threshold. For operators active in Ontario’s regulated iGaming market, the AGCO compliance obligations that sit alongside federal FINTRAC requirements are covered in detail in Ontario iGaming at Year Three: AGCO Compliance Lessons for New Entrants.

Integration with the Casino’s AML Program

The SAR obligation does not stand alone. Section 1021.210 requires every casino to develop and implement a written AML compliance program reasonably designed to assure and monitor compliance with the BSA requirements. At minimum, that program must include a system of internal controls for ongoing compliance, independent testing commensurate with money laundering and terrorist financing risks, training of casino personnel in the identification of unusual or suspicious transactions, and an individual or individuals designated to assure day-to-day compliance.

The program must include procedures for using all available information to identify the occurrence of transactions or patterns of transactions required to be reported under § 1021.320. In practice, this means transaction monitoring systems must be tuned to detect structuring activity below the CTR $10,000 level, unusual wagering patterns consistent with the “no apparent lawful purpose” trigger, and activity that could indicate the facilitation of criminal conduct. Detection is a program obligation, not solely a judgment call at the point of human review.

Casinos operating internet-facing gaming platforms in US-regulated markets, including New Jersey (Division of Gaming Enforcement), Pennsylvania (Gaming Control Board), and Michigan (Gaming Control Board), must also satisfy state-level AML requirements alongside the federal FinCEN regime. State examiners frequently review federal BSA program records during their own compliance inspections, and deficiencies surfaced at the state level can prompt FinCEN referrals. Compliance officers must not treat federal and state AML programs as fully separate tracks.

Key Resources

The primary sources for US casino SAR obligations are the FinCEN Rules for Casinos and Card Clubs at 31 CFR Part 1021 (eCFR, updated as of 26 May 2026), specifically § 1021.320 for SAR obligations, § 1021.311 through § 1021.313 for CTR context, and § 1021.210 for the AML program requirement. The statutory authority sits in 31 U.S.C. § 5318(g) of the Bank Secrecy Act. FinCEN’s casino-specific guidance and examination procedures are published at fincen.gov/resources/financial-institutions/casinos-and-card-clubs. For the Canadian STR comparison, the operative statute is the PCMLTFA (S.C. 2000, c. 17) and FINTRAC’s published guidance on suspicious transaction reporting requirements. Given the complexity of multi-jurisdictional application, compliance officers are strongly advised to obtain qualified US legal counsel when calibrating their BSA program to the requirements of 31 CFR Part 1021. For practical guidance on developing transaction monitoring policies and audit procedures aligned to the SAR regime, review our companion resource on Casino BSA Compliance Procedures and Documentation Standards.