Some Commentary on the Unfortunate Relationship Between Crisis and Fraud

The Financial Crimes Enforcement Network (“FinCEN”) released today an update (“Update”) on its March 16, 2020 COVID-19 Notice, on which we previously blogged, for the stated reason of assisting “financial institutions in complying with their Bank Secrecy Act (BSA) obligations during the COVID-19 pandemic, and announc[ing] a direct contact mechanism for urgent COVID-19-related issues.” Further, the Update states that “FinCEN is committed to promoting the success of the Coronavirus Aid, Relief, and Economic Security Act (CARES Act), including the need to facilitate expeditious disbursal of CARES Act funds.”  This post will summarize briefly the Update, and make a few high-level comments.

The COVID-19 pandemic — pernicious, unpredictable and continually evolving — resists facile pronouncements.  With that caveat, it is rational to predict that many financial institutions subject to the BSA will face significant issues in the very near future because of the unfortunate confluence of increased fraud schemes seeking to capitalize on the pandemic, coupled with the fact that many BSA/AML compliance teams will be straining in this age of “social distancing” and enforced working remotely to maintain an adequate amount of staff and degree of communication needed to catch and report suspicious activity, among other obligations under the BSA.  Stated otherwise, we are entering a time of maximum fraud and a reduced capacity to stand guard.

Further, as the pandemic continues and then recedes, the previously existing fraud schemes will come to light — just like during the financial crisis of 2008, when the Bernie Madoffs of the world were exposed — because desperate investors will be demanding their cash back, and some soon will discover that their money actually was stolen a while ago.  Investigations, prosecutions and litigations will ensue.

Turning to the Update by FinCEN, we summarize here greatly.  In our view, the Update provides some generally helpful information, but little in the way of concrete guidance. Continue Reading FinCEN Issues COVID-19 AML Update for Financial Institutions

Second Post in a Two-Post Series

On March 19, 2020, Swedbank received its first sanction at the conclusion of parallel investigations by Swedish and Estonian authorities for its role in the seemingly non-stop Anti-Money Laundering (“AML”) debacle centered around Danske Bank and its now-notorious Estonian Branch. In the first of what will likely be multiple sanctions, Swedbank AB was ordered to pay a record 4 billion Swedish Krona ($38 million) and its subsidiary, Swedbank AS, has been ordered to improve its AML risk control systems to comply with applicable requirements.

In our first post, we discussed the various public AML-related investigations and enforcement actions plaguing Swedbank. In this post, we discuss the details and implication of the report of internal investigation regarding Swedbank’s alleged deficiencies in its AML processes performed by an outside law firm at the request of Swedbank, which has made the report publically available.

The Report is lengthy and detailed.  As we discuss, however, the Report highlights some basic, evergreen issues in AML compliance and enforcement: the need to implement adequate systems to manage high-risk customers; the need to identify beneficial ownership; the need for top management to understand and truly respect AML compliance; the need for transparency with regulators; and the need for transparency by financial institutions with investors and the public.

Continue Reading AML Problems Plague Swedbank: The Internal Investigation Report

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.

In this podcast, we examine two recent OCC consent orders involving alleged Anti-Money Laundering (“AML”) failings — one with a bank, and another with an individual in-house professional.  Specifically, we review the OCC’s allegations underlying these two orders, and discuss how the OCC focuses on the core pillars of BSA/AML compliance and its own internal criteria when deciding whether to use its discretion to pursue enforcement.  We also discuss the practical takeaways for boards and management of financial institutions when choosing to accept higher-risk customers, including customers involved in the digital currency industry.  Although it is certainly possible for a financial institution to accept and manage certain higher-risk customers, the appropriate AML policies and programs must be in place, and effectively executed.

We further discuss the critical issue of AML liability risk for individuals – including how such individual risk can be minimized, but also the inherent tension between the interests of institutions, and the interests of their individual executives and compliance officers, when the government comes calling.  This tension can lead to institutions unfairly blaming individuals, but also to individuals acting in overly-defensive ways.  Of course, this is a tension that exists not only in the realm of BSA/AML compliance, but also when any significant legal and compliance problems face a corporation.

Finally, we discuss how the use of third-party consultants and advisors regarding AML compliance can serve, perversely, as a double-edged sword for financial institutions and individuals facing possible downstream enforcement actions.  Although the work product of consultants and advisors can produce improved compliance and lower overall risk — and BSA/AML compliance in fact demands independent auditing — internal reports also can become the weapons of would-be whistleblowers and government enforcement staff.  This is particularly true if the consultant is pre-disposed to find problems anywhere, or — conversely and ironically — if the consultant is regarded by the government as incompetent.

We hope that you enjoy the podcast, moderated by our partner Chris Willis, and find it useful.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here.  To visit Ballard Spahr’s award-winning Consumer Financial Monitor blog, please click here.

Danske Bank: “If we’re going down, you’re coming with us.”

First Post in a Two-Post Series

On March 19, 2020, Swedbank received the first of what will likely be multiple sanctions regarding alleged deficiencies in its Anti-Money Laundering (“AML”) processes and mishandling of information exchanges with public investigations. At the conclusion of parallel investigations by Swedish and Estonian authorities, Swedbank AB must now pay a record 4 billion Swedish Krona ($38 million) and its subsidiary, Swedbank AS, has been ordered to improve its AML risk control systems to comply with the applicable requirements. These penalties are all prelude to the ongoing investigations by the Latvian Police Department, European Central Bank, Swedish Economic Crime Authority, several United States authorities and, presumably, the inevitable private securities litigation to come.

In this post, we will discuss the various public AML-related investigations and enforcement actions plaguing Swedbank.  In our next post, we will discuss the details and implications of the report of internal investigation regarding these problems performed by an outside law firm at the request of Swedbank, which has made the report publicly available.  The bigger picture: the saga of Swedbank is just part of the larger and seemingly non-stop AML debacle centered around Danske Bank and its now-notorious Estonian Branch. Continue Reading AML Problems Plague Swedbank

Regulatory Examination and Related Enforcement Also Highlights Perceived Risks of Banking Crypto Clients

The Department of the Treasury’s Office of the Comptroller of the Currency (“OCC”) recently issued a Consent Order against M.Y. Safra Bank arising from the bank’s decision to accept a variety of high-risk, Digital Asset Customers (“DACs”), allegedly without implementing the necessary Bank Secrecy Act (“BSA”) and Anti-Money Laundering (“AML”) controls. Although the OCC did not impose a monetary penalty against the bank, it demanded that the bank implement and maintain a remarkably broad array of potentially costly and extremely detailed measures to strengthen its AML program. And, notably, the OCC specifically tasked the bank’s Board of Directors with implementing, overseeing, and reporting on these measures.

We describe here the OCC’s examination into and requirements imposed on M.Y. Safra Bank. The Consent Order is a reminder to the boards and management of all financial institutions that if they pursue novel and higher-risk customers – certainly, a potentially defensible business plan in our increasingly competitive business environment – then they absolutely have to adjust accordingly their AML compliance program and accompanying transaction monitoring to compensate for such increased risk. This is particularly true when those new customers employ novel technologies or business products which require a particularized ability to understand and address from an AML perspective. New, creative business lines are not necessarily bad – so long as the implementation of the AML compliance program is adjusted appropriately to identify and manage the new risk.

The Consent Order also is a reminder that, as the BSA/AML Examination Manual of the Federal Financial Institutions Examination Council states, “[t]he board of directors, acting through senior management, is ultimately responsible for ensuring that the bank maintains an effective BSA/AML internal control structure,” and otherwise must create a culture of compliance.

This Consent Order and related OCC AML exam and enforcement issues – including the liability of not just institutions, but also the potential individual liability of AML in-house professionals – will be the topic of a forthcoming installment in Ballard Spahr’s Consumer Finance Monitor Podcast by the firm’s AML Team. Please stay tuned our podcast, and read on here. Continue Reading OCC Action Highlights Increased Accountability Facing Boards of Directors

The Financial Crimes Enforcement Network (“FinCEN”) just issued a release, entitled “The Financial Crimes Enforcement Network (FinCEN) Encourages Financial Institutions to Communicate Concerns Related to the Coronavirus Disease 2019 (COVID-19) and to Remain Alert to Related Illicit Financial Activity.”  Given the topic and the simplicity of the release, this post merely provides the release in its entirety (including its footnotes and related links), without commentary — other than to sadly observe that whenever widespread and severe misery occurs, human nature apparently produces a 100% likelihood that fraudsters will exacerbate the situation by trying to scam people when they are most vulnerable.

The release states as follows:

On March 13, 2020, President Trump declared a National Emergency in response to COVID-19.[1]  FinCEN requests financial institutions affected by the COVID-19 pandemic to contact FinCEN and their functional regulator as soon as practicable if a COVID-19-affected financial institution has concern about any potential delays in its ability to file required Bank Secrecy Act (BSA) reports.  Financial institutions seeking to contact FinCEN should call FinCEN’s Regulatory Support Section (RSS) at 1-800-949-2732 and select option 6 or e-mail at FRC@fincen.gov. FinCEN’s RSS will continue to be available to support financial institutions for the duration of the COVID-19 pandemic.

Financial institutions are encouraged to keep FinCEN and their functional regulators informed as their circumstances change.

FinCEN also advises financial institutions to remain alert about malicious or fraudulent transactions similar to those that occur in the wake of natural disasters.  FinCEN is monitoring public reports and BSA reports of potential illicit behavior connected to COVID-19 and notes the following emerging trends:

  1. Imposter Scams – Bad actors attempt to solicit donations, steal personal information, or distribute malware by impersonating government agencies (e.g., Centers for Disease Control and Prevention), international organizations (e.g., World Health Organization (WHO)[2]), or healthcare organizations.
  2. Investment Scams – The U.S. Securities and Exchange Commission (SEC) urged investors to be wary of COVID-19-related investment scams, such as promotions that falsely claim that the products or services of publicly traded companies can prevent, detect, or cure coronavirus.[3]
  3. Product Scams – The U.S. Federal Trade Commission (FTC) and U.S. Food and Drug Administration (FDA) have issued public statements and warning letters to companies selling unapproved or misbranded products that make false health claims pertaining to COVID-19.[4]  Additionally, FinCEN has received reports regarding fraudulent marketing of COVID-19-related supplies, such as certain facemasks.
  4. Insider Trading – FinCEN has received reports regarding suspected COVID-19-related insider trading.

In addition, please see FinCEN’s advisory, FIN-2017-A007 “Advisory to Financial Institutions Regarding Disaster-Related Fraud” (October 31, 2017) for descriptions of other relevant typologies, such as benefits fraud, charities fraud, and cyber-related fraud.[5]  For suspected suspicious transactions linked to COVID-19, along with checking the appropriate suspicious activity report-template (SAR-template) box(es) for certain typologies, FinCEN also encourages financial institutions to enter “COVID19” in Field 2 of the SAR-template.

Financial institutions are encouraged to review information from other relevant functional regulators as updates are available.  FinCEN will continue to monitor this situation and will release updated information for financial institutions as appropriate.

[1] Remarks by President Trump, Vice President Pence, and Members of the Coronavirus Task Force in Press Conference: https://www.whitehouse.gov/briefings-statements/remarks-president-trump-vice-president-pence-members-coronavirus-task-force-press-conference-3/.

[2] WHO statement concerning imposter scams: https://www.who.int/about/communications/cyber-security.

[3] SEC Notice on COVID-19 related investment scams: https://www.sec.gov/oiea/investor-alerts-and-bulletins/ia_coronavirus.

[4] FTC and FDA joint updated statement concerning product scams: https://www.consumer.ftc.gov/blog/2020/03/ftc-fda-warnings-sent-sellers-scam-coronavirus-treatments.

FDA statement concerning product scams: https://www.fda.gov/consumers/health-fraud-scams/fraudulent-coronavirus-disease-2019-covid-19-products.

[5] FIN-2017-A007- Advisory to Financial Institutions Regarding Disaster-Related Fraud (October 31, 2017): https://www.fincen.gov/sites/default/files/advisory/2017-10-31/FinCEN%20Advisory%20FIN-2017-A007-508%20Compliant.pdf.

___________________________________________________________________

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

The District of Connecticut recently vacated a defendant’s convictions at trial for violating the Foreign Corrupt Practices Act (“FCPA”) — but declined to similarly vacate his related money laundering convictions.  This case provides another example of how the money laundering statutes can be a particularly powerful and flexible tool for federal prosecutors, and how they can yield convictions even if the underlying offenses do not (and perhaps are not even charged).

The case involves Lawrence Hoskins, a British citizen who had been employed by Alstom UK Limited but worked primarily for a French subsidiary of Alstom, the parent company.  Hoskins allegedly participated in a corruption scheme involving a project in Indonesia.  The bidding process for the project also involved Alstom Power Inc. (“API”), another subsidiary of Alstom that is based in Windsor, Connecticut.  According to the government, Alstom hired two consultants, Sharafi and Aulia, who bribed Indonesian officials to secure the contract for the project.

Much ink has been spilled by the media and legal commentators regarding the district court’s decision (which the government is appealing) to vacate the defendant’s FCPA convictions, on the grounds that he did not qualify as an “agent” of API for the purposes of the FCPA statute.  We will not focus on that issue here. Rather,  we of course will focus on the fact that the defendant’s convictions for money laundering, and conspiring to launder money, nonetheless survived.  Importantly for the money laundering charges, the district court did not find that there in fact was no underlying corruption scheme.  Rather, the court found that the defendant could not be convicted under the FCPA for allegedly participating in this scheme.  Thus, there was still a “specified unlawful activity,” or SUA, which produced “proceeds” to generate money laundering transactions.

The case also reminds us that, as we have blogged, it is relatively easy for the U.S. government to prosecute foreign individuals for conduct occurring almost entirely overseas, because the nexus between the offense conduct and the U.S. does not need to be robust for U.S. jurisdiction to exist. Continue Reading High-Profile FCPA Prosecution Reflects: Government Can Lose on Lead Corruption Charges But Still Win on Related Money Laundering Charges

Case Sheds Light on Latest Methods to Evade Detection: “Peeling” Chains

On March 2, the U.S. government sanctioned and indicted two Chinese nationals for helping North Korea launder nearly $100 million in stolen cryptocurrency. The indictment, filed in the District of Columbia, charges the defendants with conspiring to commit money laundering transactions designed to both “promote” and “conceal” the underlying crimes of wire fraud (the theft of the cryptocurrency via hacking) and operating as an unlicensed money transmitter — the latter of which is also charged in the indictment as an additional count.

According to the related and detailed civil forfeiture complaint, these funds were only a portion of those stolen in 2018 by state-sponsored hackers for North Korea from a South Korean exchange. These actions, notable in several respects, provide a glimpse at the latest methods of laundering cryptocurrency.

Anyone attempting to launder illicit cryptocurrency faces at least two big challenges. First, due to rigid know-your-customer rules, one cannot simply deposit large amounts of funds at an exchange without raising red flags. Second, because all cryptocurrency transactions are recorded on a blockchain, they can be traced.

To clear these hurdles, the complaint alleges that North Korean hackers used “peeling chains.” In a peeling chain, a single address begins with a relatively large amount of cryptocurrency. A smaller amount is then “peeled” off this larger amount, creating a transaction in which a small amount is transferred to one address, and the remainder is transferred to a one-time change address. This process is repeated – potentially hundreds or thousands of times – until the larger amount is pared down, at which point the amount remaining in the address might be aggregated with other such addresses to again yield a large amount in a single address, and the peeling process goes on. Continue Reading Two Chinese Nationals Charged with Money Laundering Over $100 Million in Cryptocurrency for North Korea

Report Focuses on Anonymity, Real Estate Transactions and Complicit Lawyers

Report Also Signals Upcoming AML Regulation for Certain Niche Institutions

Second Post in a Two-Post Series

In its 2020 National Strategy for Combating Terrorist and Other Illicit Financing (“2020 Strategy”), the U.S. Department of Treasury (“Treasury”) has laid out its AML and money laundering enforcement priorities. Last week, we blogged about the 2020 Strategy and focused on the document’s findings and recommendations for increased transparency into beneficial ownership; strengthening international regulation and coordination, and modernization of the BSA/AML regime in regards to technological innovation.

Here, we focus on the 2020 Strategy as it relates to combating money laundering relating to real estate transactions and gatekeeper professions in general, such as lawyers, real estate professionals and other financial professionals, including broker dealers. Importantly, the 2020 Strategy also notes that the Financial Crimes Enforcement Network (“FinCEN”) is working on a proposed regulation which would extend AML obligations for banks and other financial institutions not subject to a federal functional regulator; there are an estimated 669 such institutions in the U.S. Continue Reading Treasury Report Targets Money Laundering Risks in Real Estate and Gatekeeper Professions

Plaintiffs Failed to Sufficiently Allege Knowledge or Recklessness by Company Concerning AML Compliance Problems, Despite Admissions Made by Company When Responding to Major Government Enforcement Actions 

On February 25, 2020, the Tenth Circuit Court of Appeals upheld the dismissal of shareholders’ securities-fraud class action against the Western Union Company (“Western Union”) and several of its current and former executive officers based on the company’s alleged anti-money laundering (“AML”) compliance failings.

The suit was filed in February 2017 following the announcement of a deferred prosecution agreement (“DPA”) between Western Union and the U.S. Department of Justice. The DPA was based upon Western Union’s alleged willful failure to maintain an effective AML program and aiding and abetting of wire fraud between 2004 and 2012. The DPA, about which we have previously blogged, charged Western Union with filing Suspicious Activity Reports (“SARs”) regarding activity by its customers but failing to file SARs regarding the actions of its own agents who were likely complicit. The DPA and related civil enforcement actions from the Federal Trade Commission and FinCEN required Western Union to pay a combined penalty of $586 million.

As we also have blogged, shareholder derivative suits based on alleged AML failures are proliferating, for both U.S.-based and foreign-based financial institutions – as well as their executives. Primary examples include Danske Bank and some of its former executives, as well as Westpac, Australia’s second-largest retail bank, which currently face such lawsuits in the U.S. Such lawsuits now represent predictable collateral consequences flowing from AML-related scandals. Here, Western Union obtained dismissal because the plaintiffs failed to allege sufficient facts regarding the key issue of mental state – that is, facts that would support a strong inference of actual knowledge or reckless disregard that the public statements regarding Western Union’s actual state of AML compliance were false. The detailed Tenth Circuit opinion illuminates the practical contours of the scienter standard regarding AML compliance, or alleged lack thereof. Ultimately, plaintiffs’ arguments based upon a “fraud by hindsight” theory will fail. Continue Reading Tenth Circuit Rejects Shareholders’ Fraud Claims Against Western Union Based on Alleged AML Failings