Kelly A. Lenahan-Pfahlert

Subscribe to Kelly A. Lenahan-Pfahlert's Posts

Kelly A. Lenahan-Pfahlert | lenahanpfahlertk@ballardspahr.com |  215.864.7311 | view full bio

Kelly focuses her practice on white collar defense and complex civil litigation.  Kelly has substantial experience in litigating BSA/AML issues on behalf of financial institutions relating to both discovery and liability, assisting with AML-related internal investigations

Contact:Read more about Kelly A. Lenahan-Pfahlert

On October 15, 2021, the Financial Crimes Enforcement Network (“FinCEN”) issued a financial trend analysis on ransomware relating to Suspicious Activity Reports (“SARs”) filed in the first half of this year (“Analysis”).  According to the Analysis, U.S. banks and financial institutions reported $590 million in suspected ransomware payments in SARs filed between January and June 2021, more than the total for all of 2020.  FinCEN found that ransomware payments are often made using virtual currency, such as Bitcoin (“BTC”).  The Office of Foreign Assets Control (“OFAC”) also released guidance in tandem with the FinCEN Analysis, addressing how the virtual currency industry can address sanctions-related risks.

Ransomware appears to be top-of-mind at the U.S. Treasury, as we have blogged.  FinCEN’s Analysis and OFAC’s guidance came quickly on the heels of OFAC issuing on September 21 a six-page Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, which states that OFAC will consider self-reporting, cooperation with the government and strong cybersecurity measures to be mitigating factors in any contemplated enforcement action against a ransomware victim that halts an attack by making the demanded payment to attackers who were sanctioned or otherwise had a sanctions nexus.  Also on September 21, 2021, OFAC issued its first sanctions designation against a virtual currency exchange by designating the virtual currency exchange “for its part in facilitating financial transactions for ransomware variants.”
Continue Reading  FinCEN Reports Spiraling SARs Relating to Ransomware

Government Alleges Systemic and Deliberate AML Failures

Filings Describe Tools for CVC Exchanges to Use for Customer Due Diligence and Transaction Monitoring

The Financial Crimes Enforcement Network (“FinCEN”) and the Commodity Futures Trading Commission (“CFTC”) announced on August 10 (here and here) settlements with the operators of the BitMEX cryptocurrency trading platform for alleged anti-money laundering (“AML”) violations under the Bank Secrecy Act (“BSA”), and for allegedly failing to register with the CFTC.  More specifically, FinCEN’s assessment of a civil monetary penalty and the CFTC’s consent order both involved the five companies operating the BitMEX platform: HDR Global Trading Limited, 100x Holding Limited, ABS Global Trading Limited, Shine Effort Inc Limited, and HDR Global Services (Bermuda) Limited (collectively, “BitMEX”).

BitMEX will pay regulators up to a combined $100 million civil monetary penalty; perform a “lookback” regarding the potential need to file additional Suspicious Activity Reports (“SARs”); and hire an independent consultant to conduct two reviews of BitMEX’s operations, policies, procedures, and controls, in order to confirm that BitMEX is not operating in the U.S., and that no U.S. customers are able to trade with the BitMEX platform.

According to the government filings, BitMEX is one of the oldest cryptocurrency derivative exchanges, with 1.3 million user accounts and a collection of annual fees in excess of $1 billion.  Combined, the government filings allege that for a period of six years between November 2014 and October 1, 2020, BitMEX offered trading of cryptocurrency derivatives to retail and institutional customers in the U.S. and worldwide through BitMEX’s website. Customers in the U.S. placed orders to buy or sell contracts directly through the website and BitMEX was aware that U.S. customers could access the BitMEX platform via virtual private network (“VPN”).

The civil penalty will be split between FinCEN and the CFTC.  However, the settlement involves an interesting “carrot” offered by the regulators:  $20 million of the penalty is suspended pending the successful completion of the SAR lookback and the two independent consultant reviews.

According to the government’s allegations, BitMEX deliberately ignored for years the most basic AML requirements, resulting in multitudinous violations and inviting – and even encouraging – its customers to launder illicit funds.  As we will describe, the government has alleged that BitMEX operated on the announced pretext that it was not subject to the BSA or U.S. commodities laws because it had no U.S. customers or operations, when senior management knew otherwise.
Continue Reading  FinCEN and CFTC Reach Groundbreaking $100 Million AML Settlement with BitMEX

Seventh Post in an Extended Series on Legislative Changes to BSA/AML Regulatory Regime

On April 5, 2021, the Financial Crimes Enforcement Network (“FinCEN”) issued an advance notice of proposed rulemaking (“ANPRM”) to solicit public comment on questions pertaining to the implementation of the Corporate Transparency Act (“CTA”), passed as part of the Anti-Money Laundering Act of 2020 (“AMLA”).  The CTA requires certain legal entities to report their beneficial owners at the time of their creation to a database accessible by U.S. and foreign law enforcement and regulators, and to U.S. financial institutions seeking to comply with their own Anti-Money Laundering (“AML”) and Customer Due Diligence (“CDD”) compliance obligations.

According to the ANPRM, the ability to operate through legal entities without requiring the identification of beneficial owners is a key risk for the U.S. financial system.  The CTA seeks to mitigate the risk by reducing an individual’s ability to use corporate structures to conceal illicit activity such as money laundering, financing of terrorism, proliferation financing, serious tax fraud and human and drug trafficking.  The CTA seeks to set a clear federal standard for incorporation practices, protect vital U.S. national security interests, protect interstate and foreign commerce, better enable various law enforcement agencies to counter illicit activities and bring the U.S. into compliance with international standards.  With the goals of the CTA in mind, the ANPRM seeks public input on procedures and standards for reporting companies to submit information to FinCEN about their beneficial owners, and input on the implementation and maintenance of a database safeguarding disclosed information subject to appropriate protocols.

Written comments on the ANPRM are due soon – by May 5, 2021.  The CTA is a critical development in AML regulation, and FinCEN can expect a considerable response to this important ANPRM, both from the businesses that are covered and the financial institutions that would have access to the beneficial ownership database.  Although the ANPRM is detailed and poses many questions, the ultimate, real-world implementation of the CTA will involve even more questions.
Continue Reading  FinCEN Seeks Comments on Corporate Transparency Act Implementation

On February 25, 2021, the Federal Financial Institutions Examination Council (“FFIEC”) released updates to the Bank Secretary Act/Anti-Money Laundering (“BSA/AML”) Examination Manual (the “Manual”), which provides guidance to examiners for evaluating a financial institution’s BSA/AML compliance program and its compliance with related regulatory requirements.

First, the Manual adds a new introductory section, Assessing Compliance with [BSA] Regulatory Requirements.  Second, the Manual updates the sections pertaining to Customer Identification Program (“CIP”), Currency Transaction Reporting (“CTR”), and Transactions of Exempt Persons. The Manual explains that, consistent with prior updates, that the “updates should not be interpreted as new instructions or as a new or increased focus on certain areas,” but are intended to “offer further transparency into the examination process and support risk-focused examination work.”

The 2021 updates are not quite as substantial as the 2020 updates to the Manual, which pertained to scoping and planning of examinations; the review of a financial institution’s BSA/AML risk assessment; the assessment of an institution’s BSA/AML compliance program; and guidance for examiners on developing conclusions and finalizing the examination.  Nonetheless, the updates provide useful insight into what examiners regard as important for BSA/AML compliance.
Continue Reading  The FFIEC Updates the BSA/AML Examination Manual

Court Rejects Halkbank’s Claim That the Foreign Sovereign Immunities Act Shields the Bank From Prosecution

A motion to dismiss an indictment accusing Turkey’s majority state-owned Halkbank of money laundering, bank fraud and Iran-related sanctions offenses was denied by U.S. District Judge Richard M. Berman of the Southern District of New York in a recent 16-page decision.  The Court ruled that the Foreign Sovereign Immunities Act (“FSIA”) does not bestow immunity in U.S. criminal proceedings on financial institutions owned in whole or in part by foreign governments. Even if it did, the FSIA’s commercial activity exemptions would apply and support Halkbank’s prosecution. This development is the latest in the ongoing, complex battle between Halkbank the U.S. Department of Justice – a prosecution involving potential political battles as well.

As we have blogged, the U.S. Attorney for the Southern District of New York charged Halkbank on October 15, 2019 with a six count indictment for bank fraud, money laundering and conspiracy to violate the International Emergency Economic Powers Act (“IEEPA”), stemming from the bank’s alleged involvement in a multi-billion dollar scheme to evade U.S. sanctions against Iran.  The Court later rejected an attempt by Halkbank to enter a “special appearance” contesting jurisdiction, making it clear that international financial institutions must appear for arraignment in criminal actions.  The decision served as a warning to foreign defendants brought into U.S. federal court: issues of jurisdiction in criminal cases must be litigated only after arraignment.

Judge Berman’s most recent ruling found that Halkbank is not immune from criminal prosecution in the United States under FSIA, and that the allegations in the indictment were plead sufficiently to avoid dismissal.  This ruling of course has a potentially broader application to any foreign majority state-owned entities which allegedly scheme to violate U.S. criminal law: given sufficient nexus between the scheme and the United States, FSIA will not shield the foreign entities, because the Act only applies to civil matters that do not fall under its “commercial activities” exceptions.
Continue Reading  Turkey’s Majority State-Owned Halkbank Is Not Immune from U.S. Prosecution in Iran Sanctions and Money Laundering Case