Nikki Hatza | hatzan@ballardspahr.com |  215.864.8402 | view full bio

Nikki  is a litigator focusing her practice on investigations, commercial litigation, and government affairs. She has experience assisting financial services clients with BSA/AML matters, including in the cryptocurrency space, and conducting internal investigations in order to respond to investigations and subpoenas by state and federal regulators. Nikki also has experience in the diversity, equity, and inclusion (DEI) training field and is a member of Ballard Spahr’s DEI Counseling Team, which advises organizations on internal anti-discrimination policies and best practices.

In its first use of Section 9714(a) of the Combating Russian Money Laundering Act, the Financial Crimes Enforcement Network (“FinCEN”) issued a notice of enforcement order (the “Order”) on January 18, 2023 against the cryptocurrency exchange Bitzlato Limited (“Bitzlato”), which has operated globally and is registered in Hong Kong.  The Order was issued in conjunction with the Department of Justice’s (“DOJ”) arrest of Bitzlato’s founder, Russian national Anatoly Legkodymov.  Bitzlato has processed over four billion dollars in cryptocurrency transactions since 2018.  According to the government, a substantial portion of those transactions involved criminal proceeds.

Legkodymov, who resided in China until his arrest in the United States, has been charged initially, via complaint and warrant, with conducting an unlicensed money-transmitting business under 18 U.S.C. § 1960, although the allegations against Bitzlato appear to extend far beyond mere unlicensed money transmission. Both the Order and the lengthy affidavit in support of the complaint stress that Bitzlato openly touted its intentional lack of any sort of real anti-money laundering (“AML”) program.  For example, “Bitzlato’s website advertised for years (and as recently as March 31, 2022) that the site offered ‘Simple Registration without KYC.  Neither selfies nor passports required.  Only your email needed.’  Similarly, a blog post on Bitzlato’s website stated:  ‘On Bitzlato no KYC is required for you to trade.’”

This post will focus on FinCEN’s Order, which identifies Bitzlato as a “primary money laundering concern,” and prohibits certain money transmission involving Bitzlato by covered financial institutions.  The Order also highlights the threats posed to U.S. national security and the integrity of the U.S. financial sector by Bitzlato’s active facilitation of laundering of Russian illicit finance. However, FinCEN’s press release makes clear that Bitzlato is just one part of a larger ecosystem of Russian cybercriminals, including ransomware attackers, operating with impunity in Russia.

Continue Reading  FinCEN Issues Enforcement Order Against Crypto Exchange Bitzlato in First-Time Use of Section 9714(a)

Farewell to 2022, and welcome 2023.  As we do every year, let’s look back.

We highlight 12 of our most-read blog posts from 2022, which address many of the key issues we’ve examined during the past year: the Corporate Transparency Act (“CTA”) and beneficial ownership reporting; sanctions — particularly sanctions involving Russia; cryptocurrency and digital

The “Highlights” — To Russia, With Crypto

The Financial Crimes Enforcement Network (“FinCEN”) issued on November 1 a Financial Trend Analysis regarding ransomware-related Bank Secrecy Act (“BSA”) filings during the second half of 2021 (the “Report”).  This publication follows up on a similar ransomware trend analysis issued by FinCEN regarding the first half of 2021, on which we blogged here.  

In the most recent analysis, FinCEN found that both the number of ransomware-related Suspicious Activity Reports (“SAR”) filed, and the dollar amounts at issue, nearly tripled from 2020 to 2021.  The notable takeaways from the Report include:

  • Ransomware-related SARs were the highest ever in 2021 (both in number of SARs and in dollar amounts of activity reported).
  • Ransomware-related SARs reported amounts totaling almost $1.2 billion in 2021.
  • Approximately 75% of ransomware-related incidents between June 2021 and December 2021 were connected to Russia-related ransomware variants.

The Report, which stated that the majority of these ransomware payments were made in Bitcoin, serves as a particular reminder to cryptocurrency exchanges of their role in both identifying and reporting ransomware-related transactions facilitated through their platforms.  The Report stresses that SAR filings play an essential role in helping FinCEN identify ransomware trends.

Continue Reading  FinCEN Reports Staggering Increase in Reported Ransomware Attacks

Case Involves Familiar But Instructive Regulatory Findings

The New York Department of Financial Services (“NYDFS”) made clear last week that crypto companies can be held accountable for allegedly failing to comply with anti-money laundering (“AML”) / Bank Secrecy Act (“BSA”) regulations.  Federal and certain State laws require crypto companies like Robinhood Crypto, LLC (“RHC”) to maintain effective AML programs, and to implement systems to identify suspicious activity and block illegal transactions on their platforms (which we have previously discussed, including here and here).  On August 2, 2022, NYDFS announced that it entered a Consent Order penalizing RHC $30 million for alleged AML, cybersecurity and consumer protection violations.  RHC also is required to retain an independent consultant to perform compliance assessments evaluating the Company’s remediation efforts. 

This enforcement action is entirely consistent with the recent Guidance on Use of Blockchain Analytics issued by the NYDFS, directed to all virtual currency business entities that either have a NYDFS Bitlicense or are chartered as a limited purpose trust company under the New York Banking Law.  As we have blogged, the Guidance emphasizes “the importance of blockchain analytics to effective [AML] policies, processes, and procedures, including, for example, those relating to customer due diligence, transaction monitoring, and sanctions screening.”

The Consent Order contains a litany of alleged AML deficiencies, many of which have figured prominently in other enforcement actions.  We detail them below.  From a BSA/AML perspective, the key focus – not surprisingly – was on the adequacy of RHC’s transaction monitoring systems.  Again, the message is:  written policies and programs may look great on their face, but actual execution is key.  The adequate funding and staffing of compliance functions is also critical.

Continue Reading  Crypto Compliance Matters: NYDFS Fines Robinhood $30M for Alleged AML, Cybersecurity, and Consumer Protection Violations

Strategy Includes Professionals Not Yet Covered by BSA

On May 13, 2022, the U.S. Treasury (“Treasury”) released its 2022 Strategy for Combatting Terrorist and Other Illicit Financing (“2022 Strategy”).  The proposed 2022 Strategy, prepared pursuant to Sections 261 and 262 of the Countering America’s Adversaries Through Sanctions Act (CAATSA), outlines four goals to address the key risks identified by the 2022 National Money Laundering, Terrorist Financing, and Proliferation Financing Risk Assessments:

  • Increasing transparency and closing legal and regulatory gaps in the U.S. Anti-Money Laundering / Combating the Financing of Terrorism (“AML/CFT”) framework exploited by bad actors;
  • Making the AML/CFT regulatory framework for financial institutions more effective and efficient;
  • Enhancing operational effectiveness in combating illicit finance; and
  • Utilizing technological innovation to combat illicit finance risks.

The 2022 Strategy is incredibly broad, identifying sixteen threats and vulnerabilities to the AML/CFT system as top priorities, and providing fourteen separate supporting actions necessary to achieve Treasury’s four goals outlined above.  This post summarizes the priorities outlined in the 2022 Strategy, and details the specific supporting action targeting financial intermediaries and gatekeepers not presently covered by the Bank Secrecy Act (“BSA”), such as investment advisors, lawyers and accountants. 

Continue Reading  U.S. Treasury Releases 2022 Strategy for Combatting Terrorist and Other Illicit Financing

Farewell to 2021, and welcome 2022 — which hopefully will be better year for all.  As we do every year, let’s look back — because 2021 was a very busy year in the world of money laundering and BSA/AML compliance, and 2022 is shaping up to be the same.

Indicative of the increased pace and

On December 6, FinCEN announced that it was issuing an Advanced Notice of Proposed Rulemaking (“AMPRM”) to solicit public comment on potential requirements under the Bank Secrecy Act (“BSA”) for certain persons involved in real estate transactions to collect, report, and retain information.  If finalized, such regulations could affect a whole new set of professionals and one of the largest industries in the U.S.—an industry which, heretofore, has not been subject to the requirements of the BSA, with limited exceptions.

The ANPRM envisions imposing nationwide recordkeeping and reporting requirements on specified participants in transactions involving non-financed real estate purchases, with no minimum dollar threshold.  Fundamentally, FinCEN highlights two alternate, proposed rules.  One proposed option, promulgated under 31 U.S.C § 5318(a)(2), would involve implementing specific and relatively limited reporting requirements, similar to those currently required of title insurance companies in the non-financed real estate market.  This rule would require covered persons to collect and report certain prescribed information, such as, presumably, beneficial ownership.  Alternatively, FinCEN is considering imposing more fulsome Anti-Money Laundering (“AML”) monitoring and reporting requirements, including filing Suspicious Activity Reports (“SARs”) and establishing AML/CFT programs under 31 U.S.C. § 5318(g)(1) and 31 U.S.C. §§ 5318(h)(1)-(2).   This latter option would require covered persons to adopt adequate AML/CFT policies, designate an AML/CFT compliance officer, establish AML/CFT training programs, implement independent compliance testing, and perform customer due diligence.

Notably, FinCEN suggests that any new rule may cover attorneys and law firms, along with other client-facing participants.  FinCEN also is considering regulations applicable to both residential and commercial real estate transactions.

As we discuss, real estate and money laundering has been a long-simmering issue.  We repeatedly have blogged on AML and real estate, and previously published a detailed chapter, The Intersection of Money Laundering and Real Estate, in Anti-Money Laundering Laws and Regulations 2020, a publication issued by International Comparative Legal Guides.  FinCEN’s ANPRM appears to represent the culmination of an inevitable march towards the issuance of regulations under the BSA regarding real estate transactions, following years of increasing focus by the U.S. government and others on perceived AML risks in the real estate industry.
Continue Reading  Real Estate and Money Laundering: FinCEN Issues Advanced Notice of Regulations for the Real Estate Industry