Cybersecurity

Subscribe to Cybersecurity

Seventh Post in an Extended Series on Legislative Changes to BSA/AML Regulatory Regime

On April 5, 2021, the Financial Crimes Enforcement Network (“FinCEN”) issued an advance notice of proposed rulemaking (“ANPRM”) to solicit public comment on questions pertaining to the implementation of the Corporate Transparency Act (“CTA”), passed as part of the Anti-Money Laundering Act of 2020 (“AMLA”).  The CTA requires certain legal entities to report their beneficial owners at the time of their creation to a database accessible by U.S. and foreign law enforcement and regulators, and to U.S. financial institutions seeking to comply with their own Anti-Money Laundering (“AML”) and Customer Due Diligence (“CDD”) compliance obligations.

According to the ANPRM, the ability to operate through legal entities without requiring the identification of beneficial owners is a key risk for the U.S. financial system.  The CTA seeks to mitigate the risk by reducing an individual’s ability to use corporate structures to conceal illicit activity such as money laundering, financing of terrorism, proliferation financing, serious tax fraud and human and drug trafficking.  The CTA seeks to set a clear federal standard for incorporation practices, protect vital U.S. national security interests, protect interstate and foreign commerce, better enable various law enforcement agencies to counter illicit activities and bring the U.S. into compliance with international standards.  With the goals of the CTA in mind, the ANPRM seeks public input on procedures and standards for reporting companies to submit information to FinCEN about their beneficial owners, and input on the implementation and maintenance of a database safeguarding disclosed information subject to appropriate protocols.

Written comments on the ANPRM are due soon – by May 5, 2021.  The CTA is a critical development in AML regulation, and FinCEN can expect a considerable response to this important ANPRM, both from the businesses that are covered and the financial institutions that would have access to the beneficial ownership database.  Although the ANPRM is detailed and poses many questions, the ultimate, real-world implementation of the CTA will involve even more questions.
Continue Reading FinCEN Seeks Comments on Corporate Transparency Act Implementation

Sixth Post in an Extended Series on Legislative Changes to BSA/AML Regulatory Regime

As we have blogged, the Anti-Money Laundering Act of 2020 (“AMLA”) contains major changes to the Bank Secrecy Act (“BSA”), coupled with other changes relating to money laundering, anti-money laundering (“AML”), counter-terrorism financing (“CTF”), and protecting the U.S. financial system against illicit foreign actors.

A recurring theme of the changes offered by AMLA is information sharing. AMLA mandates that the Department of Treasury’s supervision priorities must include “appropriate frameworks for information sharing among financial institutions, their agents and service providers, their regulatory authorities, associations of financial institutions, the Department of the Treasury, and law enforcement authorities.” The increased emphasis on information sharing is accompanied by provisions requiring confidentiality and data security protocols.

The Financial Crimes Enforcement Network (“FinCEN”) is already beginning to address AMLA’s focus on the sharing and protection of information, as it explained in its recent detailed Report on FinCEN’s Innovation Hours Program, which focuses on fostering technological innovation in AML/CTF compliance.  In this post, we explore AMLA’s expansion of information sharing, corresponding privacy and data security protections, and the tensions that lie therein.
Continue Reading AMLA Information-Sharing and Privacy and Data Security Concerns

The Financial Crimes Enforcement Network (“FinCEN”) issued on February 24, 2021 “an [A]dvisory to alert financial institutions to fraud and other financial crimes related to Economic Impact Payments (EIPs), authorized by the Coronavirus Aid, Relief, and Economic Security (CARES) Act, and the Coronavirus Response and Relief Supplemental Appropriations Act of 2021.” The Advisory describes EIP

Reunification of Korean Peninsula Memorial at the Entrance to Pyongyang

Related Money Laundering Case Relying on ATM Cash-Outs and BEC Schemes Also Unsealed

On February 17, the Department of Justice unsealed a sprawling indictment against three members of North Korea’s military intelligence agency – known as the Reconnaissance General Bureau –

Providing yet more proof that anything positive can be twisted into something negative, the Financial Crimes Enforcement Network (“FinCEN”) released a Notice yesterday “to alert financial institutions about the potential for fraud, ransomware attacks, or similar types of criminal activity related to COVID-19 vaccines and their distribution.”  This Notice comes on the heels of several

On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require supervised banking organizations to provide notification of significant computer security incidents to their primary federal regulator.  Under the proposed rule, for incidents

October is National Cybersecurity Awareness Month, and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and Office of Foreign Assets Control (“OFAC”) kicked off the month by issuing two advisories that aim to increase cybersecurity awareness, assist financial institutions in detecting and reporting ransomware activity, and highlight potential sanctions risks for facilitating ransomware payments.

The FinCEN and OFAC advisories signal the seriousness with which the Department of Treasury treats the threat of cybercriminals and ransomware attacks. Both FinCEN and OFAC have now squarely placed an obligation on financial institutions and other payment intermediaries to put procedures in place to detect ransomware payments and to restrict payments to blocked individuals. It appears FinCEN and OFAC want to make sure cybercrime does not pay by cutting off cybercriminals’ access into the financial system.

While both FinCEN and OFAC have offered guidance to financial institutions formulating policies and procedures for deciding whether to process or report payment requests that may be connected to ransomware attacks, OFAC has also offered a warning: facilitating ransomware payments may lead to an enforcement action and civil penalties. Given the growing national security concerns associated with ransomware attacks, the advisories rightly encourage financial institutions and other payment intermediaries that facilitate ransomware payments to share information via Suspicious Activity Reports (“SARs”) and to fully cooperate with law enforcement during and after ransomware attacks.
Continue Reading FinCEN and OFAC Advisories Aim to Increase Cybersecurity Awareness and Thwart Ransomware Attacks in the Financial Sector

The Financial Crimes Enforcement Network (“FinCEN”) just issued yet another Advisory regarding fraud threats faced by financial institutions, as exacerbated by the COVID-19 pandemic. This Advisory pertains to “Cybercrime and Cyber-Enabled Crime Exploiting the Coronavirus Disease (COVID-19) Pandemic.” We consistently have blogged on FinCEN’s pronouncements on the enhanced fraud risks created by COVID-19.

A Guest Blog by Professor Moyara Ruehsen

Today we are very pleased to welcome guest blogger Moyara Ruehsen, PhD, CAMS, CFCS, who is  an Associate Professor and Director of the Financial Crime Management Program at the Middlebury Institute of International Studies in Monterey, California. For more than 20 years, Professor Ruehsen has taught financial crime-related courses on a variety of topics including money laundering, trade-based financial crime, corruption, proliferation financing, terrorist financing and cyber-enabled financial crime.  She has published articles and book chapters on a variety of topics related to threat finance and is a Certified Anti-Money Laundering Specialist and a Certified Financial Crime Specialist. Professor Ruehsen also consults for the U.S. government, multilateral organizations and the private sector. She served for several years on the Editorial Advisory Board of Money Laundering Alert, and the Middle East Task Force of the Association of Certified Anti-Money Laundering Specialists, or ACAMS.

For an extremely entertaining and illuminating discussion by Professor Ruehsen of how popular TV and movies get money laundering right (and wrong), see here.

This blog post takes the form of a Q & A session, in which Professor Ruehsen responds to several questions posed by Money Laundering Watch about the critical topic of cyber-enabled financial crime. We hope you enjoy this discussion, which addresses how cyber-enabled financial crime threatens financial institutions and their customers. –Peter Hardy
Continue Reading Cyber-Enabled Financial Crime and Money Laundering

ABA Tax Fraud Panel to Discuss IRS CI and Crypto Criminals

The Internal Revenue Service – Criminal Investigation (IRS CI) has made it clear that it is focusing on the abuse of digital currencies to further tax evasion, money laundering, and other offenses. IRS-CI also has made it clear that this is an international effort, and that it is trying to partner with law enforcement agencies across the globe in order to coordinate and share investigative leads.

This is a hot topic, and we are honored that Ballard Spahr will be moderating a panel on these very same issues, at the ABA’s annual Tax Fraud/Tax Controversy Conference in Las Vegas on December 12, entitled Charging Cryptocurrency Violations—Tax Crimes or Money Laundering.  We are pleased to be joined by our wonderful panelists, Evan J. Davis, Betty J. Williams, and Ian M. Comiskey.  This is a unique conference, and we invite you to attend if you are interested in the fascinating cross-section of tax evasion and money laundering.

This blog will discuss the recent efforts by IRS-CI to “up its game” in investigating cross-border offenses committed through cryptocurrency, such as its participation in the international Joint Chiefs of Global Tax Enforcement task force. We then will discuss a recent high-profile case which exemplifies these two goals of fighting crypto-related crime and collaborating with foreign law enforcement officials to do so: the notorious “Welcome to Video” case, which led to a global takedown of a darkweb child pornography website, its administrator, and its customers. The Welcome to Video investigation, led by IRS-CI, also illustrates a key point we will discuss at the ABA conference: that cryptocurrency is only “pseudo-anonymous,” and that its protections can yield to a determined combination of modern digital forensics and old-fashioned investigative techniques.
Continue Reading IRS CI Highlights International Efforts to Tackle Cryptocurrency Abuse, Money Laundering and Tax Evasion