Cybersecurity

Subscribe to Cybersecurity

Director Blanco Emphasizes BSA Resource Sharing, Technological Innovation, and Collaboration Between Public and Private Sectors

The Financial Crimes Enforcement Network (FinCEN) released prepared remarks delivered by FinCEN director, Kenneth A. Blanco, at the Securities Industry and Financial Markets Association (SIFMA) Anti-Money Laundering (AML) & Financial Crimes Conference on February 4, 2019. Director Blanco’s speech highlights various regulatory reform efforts, including the approval of collaborative sharing of Bank Secrecy Act (BSA) resources and an interagency initiative to promote innovation in the technologies and methodologies used to combat money laundering and terrorist financing. The Director also emphasized the importance of collaboration among the public and private sectors.  These remarks do not occur in a vacuum; rather, they represent just part of what has been an ongoing conversation in the BSA/AML realm. Potential resource sharingtechnological innovation and information sharing have been repeated topics in this blog. Continue Reading FinCEN Director’s Remarks Highlight AML Regulatory Reform Efforts

OCC Identifies AML/BSA and Cyber Threats as Elevated Risks Facing Banks

Last week, the Office of the Comptroller of the Currency (“OCC”) published the Spring 2018 Semiannual Risk Perspective (the “Report”), which uses up-to-date data to identify risks to U.S. banks and measure their compliance with applicable laws and regulations.  The Report concluded that some of the OCC’s primary concerns are with banks’ abilities to comply with the anti‑money laundering (“AML”) laws and regulations, as well as to manage risks associated with cybersecurity threats.

Many of the OCC’s observations and recommendations remained the same from its Fall 2017 report, about which we previously blogged, begging readers to wonder what will spur less conversation and potentially more action among OCC-supervised banks or concrete guidance by the OCC.  Regardless, a common thread running throughout both reports is the potential risk presented to financial institutions by emerging technologies, which carry the simultaneous blessing and curse of business opportunities and compliance risks. Continue Reading OCC Report: Same Threats, Different Season

Last week, the Office of the Comptroller of the Currency (“OCC”) released its semiannual risk report (“Report”) highlighting credit, operational, and compliance risks to the federal banking system.  The Report focuses on issues that pose threats to those financial institutions regulated by the OCC and is intended to be used as a resource to by those financial institutions to address the key concerns identified by the OCC.  Specifically, the OCC places cybersecurity and Anti-Money Laundering (“AML”) among the top concerns highlighted in the Report.  The Report further observes that the total number of enforcement actions by the OCC against banks — instituted for any kind of alleged violations — have declined steadily after peaking in 2009. Continue Reading OCC Report: Cybersecurity and Money Laundering Threats are the Key Risks Facing Banks

We are really pleased to announce that Ballard Spahr has launched CyberAdviser, a new blog focused on the latest news and developments in privacy and cybersecurity law.

It will offer insights into the latest governance and compliance matters, investigations, civil and criminal litigation, regulatory and legislative developments, industry trends, emerging technologies, and other cyber issues that may be just a click away. CyberAdviser is produced by the members of our Privacy and Data Security Group—a nationwide team of more than 50 attorneys who provide a wide range of legal services to help clients identify, manage, and mitigate cyber risk.

CyberAdviser will serve as an excellent counterpart to the issues we discuss in Money Laundering Watch. To demonstrate the (increasingly) frequent overlap between AML and privacy and cybersecurity issues, our colleague Kim Phan is posting today in both blogs about a new report issued by the Office of the Comptroller of the Currency regarding the cybersecurity and money laundering threats currently facing banks.

Please visit CyberAdviser and subscribe to receive regular updates.  Click here to subscribe to Money Laundering Watch.

As digital currency continues to evolve, it continues to pose unfolding compliance, regulatory and criminal law challenges.  We will present two webinars on this topic in September, in which we will discuss issues posed under the Bank Secrecy Act and the money laundering and federal securities laws, among other issues.

The first webinar, “Current Trends in Criminal Law:  The Mechanics of Virtual Currency, from Legitimate Use to Misuse,” will be presented through Lawline, on September 7 at 11:30 am ET.

The second webinar, “Eye on Virtual Currency and Blockchain Technology,” will be presented through Ballard Spahr LLP, on September 19 at 12:00 pm ET.  Our colleague Odia Kagan also will participate in this free webinar, which also will discuss some of the data privacy issues posed by digital currency.

We hope that you join us.  You may review the webinars and register through the links provided above.  The innovative blockchain technology that is at the heart of digital currency likely will be embraced increasingly by more “traditional” financial institutions, so these issues have broad relevance.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.

As digital currency becomes more ubiquitous, state and federal regulators across the United States, as well as regulators in many other countries, are examining how existing regulatory structures need to be adapted to account for unique aspects of digital currency. News from both India and Australia reflect different approaches to the ever-evolving world of digital currency and potential money laundering risks associated with that currency.  As we previously have blogged, U.S. enforcement personnel aggressively have asserted jurisdiction over international digital currency operations.  As we will discuss, it appears that digital currency businesses will find themselves having to comply with a kaleidoscope of various Anti-Money Laundering (“AML”) regulatory regimes across the globe. Continue Reading As Digital Currency Spreads, So Does its Global Regulation: India and Australia Enter the Fray

On July 26, FinCEN, in coordination with the U.S. Attorney’s Office for the Northern District of California (“NDCA USAO”), assessed a $110,003,314 civil money penalty against BTC-e a/k/a Canton Business Corporation (“BTC-e”) for willfully violating the Bank Secrecy Act (“BSA”), and a $12 million penalty against Alexander Vinnik, a Russian national who is one of the alleged operators of BTC-e, for his role in the violations.  FinCEN’s press release indicates that this is the first enforcement action it has taken against a foreign-located money services business (“MSB”) doing business in the United States.  As we previously have blogged, FinCEN released interpretive guidance in March 2013 stating that an administrator or exchanger of virtual currency is an MSB under the BSA unless a limitation or exemption applies.

In a parallel criminal investigation, Vinnik was arrested and detained in Greece and charged in a 21-count superseding indictment brought by the NDCA USAO and DOJ’s Computer Crime and Intellectual Property Section. The superseding indictment alleges that Vinnik and BTC-e operated an unlicensed MSB doing business in the U.S., in violation of 18 U.S.C. § 1960, and committed money laundering, in violation of 18 U.S.C. §§ 1956 and 1957, by facilitating virtual currency transactions involving various crimes, including computer hacking, identity theft, tax refund fraud schemes, public corruption, and drug trafficking. The superseding indictment also provides some clues to the fate of the collapsed virtual currency exchange Mt. Gox, once reportedly the largest such exchange in the world. Continue Reading FinCEN Takes First Action Against Foreign-Located MSB—“The Virtual Currency Exchange of Choice for Criminals”—For Willfully Violating U.S. AML Laws

We were pleased to contribute an article to the May 2017 issue of Business Crimes Bulletin titled “The Growing Convergence of Cyber-Related Crime and Suspicious Activity Reporting.” Regulators and law enforcement are taking proactive steps to further leverage anti-money laundering monitoring and reporting tools in their battle with cyber attacks and cyber crimes. In-house legal and compliance teams need to be fully versed in the latest Financial Crimes Enforcement Network (FinCEN) and bank regulatory guidance on cyber-related crimes and have the right professionals available to assist them with these matters.

Cyber-related crimes increasingly are making headlines across the globe as cyber attacks and other cyber incidents grow in intensity, volume and sophistication against government, political and business targets. The motives of attackers are as varied as their methods, but there is clearly an increasing number of attacks and other illegal activity motivated by financial gain against businesses, including financial institutions. Recent regulatory developments reveal that that illegal cyber activity has become more relevant to the fight against money laundering and terrorist financing as well.

Click here to read the full article.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.

Reprinted with permission from the May 2017 issue of Business Crimes Bulletin.
© 2017 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.

 

 

Employers increasingly face the difficult scenario of employees who misappropriate company data in the pursuit of whistleblower claims alleging misconduct by the employer. Such cases can present a complex mix of regulatory, cybersecurity, and employment issues. These issues were front and center in a recent whistleblower case pitting a bank against its former internal auditor, who engaged in computer-facilitated misappropriation of the bank’s confidential information allegedly to support whistleblower conduct.Whistle

The U.S. District Court for the Southern District of California recently declined to summarily adjudicate whether the employee’s confidentiality agreement precluded any whistleblower affirmative defense based on the employee’s alleged violation of computer fraud, contract, and tort laws. The whistleblower laws in question included the Bank Secrecy Act, Sarbanes-Oxley, Dodd-Frank, and the California Labor Code.

In Erhart v. Bofi Holding, plaintiff Charles Matthew Erhart filed a whistleblower complaint against his employer, Bank of the Internet (BofI), alleging BofI retaliated against him for reporting unlawful conduct to the government. BofI, in turn, filed a complaint, alleging that Erhart breached his employee confidentiality agreement by misappropriating confidential data relating to his employer and its clients and disseminating that data to the government, family members, and the national press.

Erhart illustrates the complex and practical problems faced by employers dealing with employees who engage in conduct that would otherwise constitute computer fraud, intellectual property theft, breaches of employment-related agreements and policies, and related tort claims under the mantle of “whistleblower.” A key issue in the case was whether Erhart would be entitled to pursue his retaliation claims before a jury or would be precluded from doing so as a matter of law given his computer-facilitated theft of confidential information. Continue Reading Bank Whistleblower Suits Highlight Limits of Employee Confidentiality Agreements