levya@ballardspahr.com | 215.864.9278 | view full bio

Alexa focuses her practice on white collar defense and consumer financial services, including the defense of financial institutions accused of having enabled alleged fraud schemes perpetrated by former customers against investors, consumers, and others. Alexa has published on the topic of crimes against humanity and genocide.

Farewell to 2022, and welcome 2023.  As we do every year, let’s look back.

We highlight 12 of our most-read blog posts from 2022, which address many of the key issues we’ve examined during the past year: the Corporate Transparency Act (“CTA”) and beneficial ownership reporting; sanctions — particularly sanctions involving Russia; cryptocurrency and digital

Report Previews Potential Implications for the United States

The European Commission (“Commission”) recently released its 2022 Supranational Risk Assessment Report (“SNRA Report”) to the European Parliament and Counsel regarding the “risk of money laundering and terrorist financing affecting the internal market and relating to cross-border activities.”  The SNRA Report analyzes, on a broad scale, money laundering and terrorism financing risks and proposes a plan of action to address them.  The Report also examines more specifically “sectors or products where relevant changes have been detected.” 

The SNRA Report flags the “Gambling Sector” as a “high risk” area of Anti-Money Laundering (“AML”) and Countering the Financing of Terrorism (“CFT”) concern, with a particular focus on online gambling.  According to the Commission, online gambling presents a particularly high AML/CFT risk due to factors such as “the non-face-to face element, [and] huge and complex volumes of transactions and financial flows.”  The potential use of e-money and virtual currencies, as well as the emergence of unlicensed online gambling sites, exacerbates this risk.

As the European Union (“EU”) considers how to tackle the potential risks of online gambling, the United States is simultaneously grappling with the rapid expansion of online gambling and online sports betting in particular.  Before May 2018, when the Supreme Court struck down a 1992 federal law that effectively banned commercial sports betting in most states, Nevada was the only state with legalized sports betting in the United States.  Although California ballot Proposition 27, which would have legalized online and mobile sports betting in California, failed to pass during last week’s national and state elections, more than 30 states still have legalized some form of sports betting, and there is politial pressure to continue to expand online gambling and other forms of gaming.  As Americans jockey for the immense potential receipts that the expansion of online gambling can bring, it may be worth taking a page out of the EU’s book in order to consider the potential money laundering and terrorist financing risks that can accompany it.

Continue Reading  European Commission Highlights Online Gambling’s Money Laundering Risks

On August 8, the U.S. Department of the Office of Foreign Assets Control (“OFAC”) sanctioned “notorious” virtual currency “mixer” Tornado Cash, which allegedly has been used to launder more than $7 billion worth of virtual currency since its creation in 2019.  Tornado Cash is a virtual currency mixer that operates on the Ethereum blockchain.  Tornado Cash receives a variety of transactions and mixes them together before transmitting them to their individual recipients.  The stated purpose of such mixing is to increase privacy, but mixers are often used by illicit actors to launder funds because the process enhances anonymity and makes it very hard to track the flow of funds.  According to the Treasury Department press release, “[d]espite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risk.”  This statement seems to imply that Tornado Cash is run by actual people – an implication that is at the heart of the controversy over these sanctions, as we will discuss.

The sanctions against Tornado Cash have elicited enormous controversy in the crypto world because, some argue, (1) Tornado Cash is not an entity run by actual people, but is merely code; and (2) although OFAC has the legal authority to sanction people and entities, it lacks such authority to sanction code or a technology – or at the very least, such sanctions create many practical problems for innocent actors, including in ways which no one has foreseen fully.  As we discuss,  even a member of the U.S. House of Representatives has waded into the controversy this week, questioning the ability of OFAC to issue the sanctions and demanding answers.  The controversy also reflects that, once again, whether one chooses to focus on the word “privacy” or on the word “anonymity” typically reflects an a priori value judgment predicting one’s conclusion as to whether something in the crypto world is good or bad. 

Indisputably, the Tornado Cash sanctions are, to date, unique and unprecedented.  Although they may turn out to be an outlier experiment by OFAC, public pronouncements by the U.S. Treasury Department strongly suggest that, to the contrary, they represent part of the future of crypto regulation, in which the enormous power of the U.S. government to issue broad sanctions obliterates legal and practical hurdles which could stymie other agencies, such as the Financial Crimes Enforcement Network (FinCEN).  This may be because, ultimately, the government actually agrees that no person is in control of a powerful technology that has easy application for malicious uses, and that is precisely the problem.

Continue Reading  OFAC Sanctions Virtual Currency “Mixer” Tornado Cash and Faces Crypto Backlash

On May 19, 2022, the Associate Director of the Enforcement and Compliance Division of the Financial Crimes Enforcement Network (“FinCEN”), Alessio Evangelista, spoke at the Chainalysis Links Conference in New York City on the topic of “The Intersection of Cryptocurrencies and National Security.”  Associate Director Evangelista stressed “responsible innovation” by the cryptocurrency industry, in order to protect consumers and national security interests, as well as to combat cybercrime and other illicit financial activity.  Associate Director Evangelista also denied that FinCEN’s enforcement efforts represent a “gotcha” enterprise.

Shortly after Associate Director Evangelista’s speech, Acting Comptroller of the Currency Michael J. Hsu discussed vulnerabilities in the cryptocurrency framework and recent volatility with stablecoins in pointed remarks at the DC Blockchain Summit 2022.  Describing himself as a “crypto skeptic,” Acting Comptroller Hsu acknowledged the potential value of innovation presented by crypto, but repeatedly bemoaned a “hyped-based” crypto economy, and stressed that “hype is not harmless.”

Combined, these speeches leave no doubt that regulators are exceedingly focused on digital assets and cryptocurrencies, and in particular are increasingly focused on consumer protection concerns, beyond the usual illicit finance and terrorist financing concerns.

Continue Reading  FinCEN and OCC Address Cryptocurrency:  Responsible Innovation and Pervasive Hype

The New York State Department of Financial Services (“NYDFS” or “the Department”) published a press release on February 24, 2022 announcing the issuance of a Consent Order (“the Consent Order”) to the National Bank of Pakistan (“NBP” or “the Bank”), which will require the Bank to pay $35 million in penalties to NYDFS.  In conjunction with the Department’s enforcement action, the Federal Reserve Bank of New York (“FRBNY”) also announced a $20.4 million penalty against NBP for its alleged Anti-Money Laundering (“AML”) violations.

The Consent Order describes NBP as a “multinational commercial bank incorporated in Pakistan in 1949 that is majority owned by the Pakistani government, with more than $20 billion in assets as of June 30, 2021.”  The Department’s issuance of the Consent Order marks the first major fine against a bank since Adrienne A. Harris was confirmed as New York’s top financial regulator (Superintendent of NYDFS) in January 2022.  In November 2021, while still leading the Department on an acting basis, Harris issued a consent order to Dubai-based Mashreqbank for sanctions violations requiring the bank to pay $100 million in penalties.

As we will discuss, the Department’s and the NYFRB’s actions sends a clear message confirming that repeated findings of violations over multiple examinations is a sure-fire way to become subject to enforcement.
Continue Reading  National Bank of Pakistan Fined $55.4 Million for Alleged Repeated AML and Compliance Deficiencies

Farewell to 2021, and welcome 2022 — which hopefully will be better year for all.  As we do every year, let’s look back — because 2021 was a very busy year in the world of money laundering and BSA/AML compliance, and 2022 is shaping up to be the same.

Indicative of the increased pace and

On December 1, 2021, the Federal Financial Institutions Examination Council (“FFIEC”) released updates to its Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual (the “Manual”), which provides guidance to examiners for evaluating a financial institution’s BSA/AML compliance program and its compliance with related regulatory requirements.  This update is the third of 2021: the FFIEC also released updates to the Manual on February 25, 2021 and June 21, 2021.

This most recent update to the Manual adds a new introductory section, Introduction – Customers.  The updated Manual also includes changes to sections pertaining to Charities and Nonprofit Organizations, Independent Automated Teller Machine Owners or Operators, and Politically Exposed Persons (“PEP”).  The breadth of this most recent Manual update is consistent with the previous 2021 updates.  In February, FFIEC released an introductory section and updates to three sections pertaining to Customer Identification Programs (“CIP”), Currency Transaction Reporting (“CTR”), and Transactions of Exempt Persons.  In June, the FFIEC released updates to four sections pertaining to International Transportation of Currency or Monetary Instruments Reporting, Purchase and Sale of Monetary Instruments Recordkeeping, Reports of Foreign Financial, and Special Measures.

Consistent with prior FFIEC Interagency press releases associated with Manual updates, the FFIEC explained that “[t]he updates should not be interpreted as new requirements or as a new or increased focus on certain areas,” but rather “provide information and considerations related to certain customers that may indicate the need for bank policies, procedures, and processes to address potential money laundering, terrorist financing, and other illicit financial activity risks.”  Despite this disclaimer, the updates provide helpful insight into what examiners prioritize with regard to BSA/AML compliance.
Continue Reading  The FFIEC’S Third 2021 Update to the BSA/AML Examination Manual

Second Post in a Two-Part Series on Recent OFAC Designations

As we blogged yesterday, OFAC has been busy.  Right before OFAC designated the virtual currency exchange SUEX for allegedly facilitating ransomware payments,  OFAC announced another significant but more traditional action on September 17, 2021 by designating members of a network of Lebanon and Kuwait-based

OFAC Updates Advisory on Enforcement Risks Relating to Agreeing to Pay Ransomware

First Post in a Two-Part Series on Recent OFAC Designations

On September 21, 2021 OFAC issued its first sanctions designation against a virtual currency exchange by designating the virtual currency exchange, SUEX OTC, S.R.O. (SUEX) “for its part in facilitating financial transactions for ransomware variants.”  Although this is a unique development, the broader and more important issue for any financial institution or company facing a ransomware attack is the continuing problem encapsulated in OFAC’s six-page Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, which OFAC released in conjunction with the announcement of the SUEX designation.  The Updated Advisory illustrates a “Catch 22” scenario, in which a victim that halts a ransomware attack by making the demanded payment then may find itself under scrutiny from OFAC on a strict-liability basis if it turns out that the attackers were sanctioned or otherwise had a sanctions nexus.  The Updated Advisory states that OFAC will consider self-reporting, cooperation with the government and strong cybersecurity measures to be mitigating factors in any contemplated enforcement action.

OFAC has been busy.  Tomorrow, we will blog on a more traditional action announced by OFAC right before the SUEX designation:  OFAC’s designation of members of a network of financial conduits funding Hizballah and Iran’s Islamic Revolutionary Guard Corps-Qods Force.  This designation is notable for the targets’ alleged use of gold as a vehicle to launder illicit funds through front companies.
Continue Reading  OFAC Targets Virtual Currency Exchange For Ransomware Attack

Third Post in a Series on the FATF Plenary Outcomes

This blog is the third post on the Financial Action Task Force (“FATF”) fourth Plenary, an event where delegates were invited from around the world to (virtually) meet and discuss a wide range of global financial crimes and ongoing risk areas.  Among the several strategic initiatives identified by FATF was Ethnic or Race Motivated Terrorist Financing (“EoRMTF”), on which FATF issued a report detailing its implications for anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) (the “Report”).

Similar to FATF’s first-time report regarding environmental crime and money laundering, the Report marks the first time FATF has looked at the financing of ethnically or racially motivated terrorism. The Report highlights how very difficult it can be to identify and trace EoRMTF, including because of the following factors: the major role of so-called “lone wolf” actors; competing legal regimes in different countries; growing transnational links between extreme right wing (“ERW”) groups; limited information on ERW groups; and the fact that some ERW groups are not considered illegal or have not been listed as groups to monitor.  The Report also notes the irony that ERW groups often use legal – not illicit – funds to promote their efforts, and that “ERW groups appear to be less concerned with concealing their transactions than in other forms of [terrorist financing]” – but that “many jurisdictions also reported that ERW actors are becoming increasing operationally sophisticated in how they move [and conceal] their funds.”
Continue Reading  FATF Report Stresses Challenges in Combatting Ethnically- and Racially-Motivated Terrorism