Cybersecurity

Subscribe to Cybersecurity

Director Blanco Emphasizes BSA Resource Sharing, Technological Innovation, and Collaboration Between Public and Private Sectors

The Financial Crimes Enforcement Network (FinCEN) released prepared remarks delivered by FinCEN director, Kenneth A. Blanco, at the Securities Industry and Financial Markets Association (SIFMA) Anti-Money Laundering (AML) & Financial Crimes Conference on February 4, 2019. Director Blanco’s speech highlights various regulatory reform efforts, including the approval of collaborative sharing of Bank Secrecy Act (BSA) resources and an interagency initiative to promote innovation in the technologies and methodologies used to combat money laundering and terrorist financing. The Director also emphasized the importance of collaboration among the public and private sectors.  These remarks do not occur in a vacuum; rather, they represent just part of what has been an ongoing conversation in the BSA/AML realm. Potential resource sharingtechnological innovation and information sharing have been repeated topics in this blog.
Continue Reading

OCC Identifies AML/BSA and Cyber Threats as Elevated Risks Facing Banks

Last week, the Office of the Comptroller of the Currency (“OCC”) published the Spring 2018 Semiannual Risk Perspective (the “Report”), which uses up-to-date data to identify risks to U.S. banks and measure their compliance with applicable laws and regulations.  The Report concluded that some of the OCC’s primary concerns are with banks’ abilities to comply with the anti‑money laundering (“AML”) laws and regulations, as well as to manage risks associated with cybersecurity threats.

Many of the OCC’s observations and recommendations remained the same from its Fall 2017 report, about which we previously blogged, begging readers to wonder what will spur less conversation and potentially more action among OCC-supervised banks or concrete guidance by the OCC.  Regardless, a common thread running throughout both reports is the potential risk presented to financial institutions by emerging technologies, which carry the simultaneous blessing and curse of business opportunities and compliance risks.
Continue Reading

Last week, the Office of the Comptroller of the Currency (“OCC”) released its semiannual risk report (“Report”) highlighting credit, operational, and compliance risks to the federal banking system.  The Report focuses on issues that pose threats to those financial institutions regulated by the OCC and is intended to be used as a resource to by those financial institutions to address the key concerns identified by the OCC.  Specifically, the OCC places cybersecurity and Anti-Money Laundering (“AML”) among the top concerns highlighted in the Report.  The Report further observes that the total number of enforcement actions by the OCC against banks — instituted for any kind of alleged violations — have declined steadily after peaking in 2009.
Continue Reading

We are really pleased to announce that Ballard Spahr has launched CyberAdviser, a new blog focused on the latest news and developments in privacy and cybersecurity law.

It will offer insights into the latest governance and compliance matters, investigations, civil and criminal litigation, regulatory and legislative developments, industry trends, emerging technologies, and other cyber

As digital currency continues to evolve, it continues to pose unfolding compliance, regulatory and criminal law challenges.  We will present two webinars on this topic in September, in which we will discuss issues posed under the Bank Secrecy Act and the money laundering and federal securities laws, among other issues.

The first webinar, “Current

As digital currency becomes more ubiquitous, state and federal regulators across the United States, as well as regulators in many other countries, are examining how existing regulatory structures need to be adapted to account for unique aspects of digital currency. News from both India and Australia reflect different approaches to the ever-evolving world of digital currency and potential money laundering risks associated with that currency.  As we previously have blogged, U.S. enforcement personnel aggressively have asserted jurisdiction over international digital currency operations.  As we will discuss, it appears that digital currency businesses will find themselves having to comply with a kaleidoscope of various Anti-Money Laundering (“AML”) regulatory regimes across the globe.
Continue Reading

On July 26, FinCEN, in coordination with the U.S. Attorney’s Office for the Northern District of California (“NDCA USAO”), assessed a $110,003,314 civil money penalty against BTC-e a/k/a Canton Business Corporation (“BTC-e”) for willfully violating the Bank Secrecy Act (“BSA”), and a $12 million penalty against Alexander Vinnik, a Russian national who is one of the alleged operators of BTC-e, for his role in the violations.  FinCEN’s press release indicates that this is the first enforcement action it has taken against a foreign-located money services business (“MSB”) doing business in the United States.  As we previously have blogged, FinCEN released interpretive guidance in March 2013 stating that an administrator or exchanger of virtual currency is an MSB under the BSA unless a limitation or exemption applies.

In a parallel criminal investigation, Vinnik was arrested and detained in Greece and charged in a 21-count superseding indictment brought by the NDCA USAO and DOJ’s Computer Crime and Intellectual Property Section. The superseding indictment alleges that Vinnik and BTC-e operated an unlicensed MSB doing business in the U.S., in violation of 18 U.S.C. § 1960, and committed money laundering, in violation of 18 U.S.C. §§ 1956 and 1957, by facilitating virtual currency transactions involving various crimes, including computer hacking, identity theft, tax refund fraud schemes, public corruption, and drug trafficking. The superseding indictment also provides some clues to the fate of the collapsed virtual currency exchange Mt. Gox, once reportedly the largest such exchange in the world.
Continue Reading

We were pleased to contribute an article to the May 2017 issue of Business Crimes Bulletin titled “The Growing Convergence of Cyber-Related Crime and Suspicious Activity Reporting.” Regulators and law enforcement are taking proactive steps to further leverage anti-money laundering monitoring and reporting tools in their battle with cyber attacks and cyber crimes. In-house legal

Employers increasingly face the difficult scenario of employees who misappropriate company data in the pursuit of whistleblower claims alleging misconduct by the employer. Such cases can present a complex mix of regulatory, cybersecurity, and employment issues. These issues were front and center in a recent whistleblower case pitting a bank against its former internal auditor, who engaged in computer-facilitated misappropriation of the bank’s confidential information allegedly to support whistleblower conduct.Whistle

The U.S. District Court for the Southern District of California recently declined to summarily adjudicate whether the employee’s confidentiality agreement precluded any whistleblower affirmative defense based on the employee’s alleged violation of computer fraud, contract, and tort laws. The whistleblower laws in question included the Bank Secrecy Act, Sarbanes-Oxley, Dodd-Frank, and the California Labor Code.

In Erhart v. Bofi Holding, plaintiff Charles Matthew Erhart filed a whistleblower complaint against his employer, Bank of the Internet (BofI), alleging BofI retaliated against him for reporting unlawful conduct to the government. BofI, in turn, filed a complaint, alleging that Erhart breached his employee confidentiality agreement by misappropriating confidential data relating to his employer and its clients and disseminating that data to the government, family members, and the national press.

Erhart illustrates the complex and practical problems faced by employers dealing with employees who engage in conduct that would otherwise constitute computer fraud, intellectual property theft, breaches of employment-related agreements and policies, and related tort claims under the mantle of “whistleblower.” A key issue in the case was whether Erhart would be entitled to pursue his retaliation claims before a jury or would be precluded from doing so as a matter of law given his computer-facilitated theft of confidential information.
Continue Reading