Cybersecurity

FinCEN Director’s Remarks Highlight AML Regulatory Reform Efforts

By Jessica C. Watt on February 6, 2019

Posted in Bank Secrecy Act (BSA), BSA AML Reform, Cybersecurity, Information Sharing, Technological Innovation

Director Blanco Emphasizes BSA Resource Sharing, Technological Innovation, and Collaboration Between Public and Private Sectors

The Financial Crimes Enforcement Network (FinCEN) released prepared remarks delivered by FinCEN director, Kenneth A. Blanco, at the Securities Industry and Financial Markets Association (SIFMA) Anti-Money Laundering (AML) & Financial Crimes Conference on February 4, 2019. Director Blanco’s speech highlights various regulatory reform efforts, including the approval of collaborative sharing of Bank Secrecy Act (BSA) resources and an interagency initiative to promote innovation in the technologies and methodologies used to combat money laundering and terrorist financing. The Director also emphasized the importance of collaboration among the public and private sectors. These remarks do not occur in a vacuum; rather, they represent just part of what has been an ongoing conversation in the BSA/AML realm. Potential resource sharing, technological innovation and information sharing have been repeated topics in this blog. Continue Reading FinCEN Director’s Remarks Highlight AML Regulatory Reform Efforts

OCC Report: Same Threats, Different Season

By Juliana B. Carter on June 5, 2018

Posted in Anti-Money Laundering (AML), Cybersecurity, Office of Foreign Assets Control (OFAC), Office of the Comptroller of the Currency (OCC)

OCC Identifies AML/BSA and Cyber Threats as Elevated Risks Facing Banks

Last week, the Office of the Comptroller of the Currency (“OCC”) published the Spring 2018 Semiannual Risk Perspective (the “Report”), which uses up-to-date data to identify risks to U.S. banks and measure their compliance with applicable laws and regulations. The Report concluded that some of the OCC’s primary concerns are with banks’ abilities to comply with the anti‑money laundering (“AML”) laws and regulations, as well as to manage risks associated with cybersecurity threats.

Many of the OCC’s observations and recommendations remained the same from its Fall 2017 report, about which we previously blogged, begging readers to wonder what will spur less conversation and potentially more action among OCC-supervised banks or concrete guidance by the OCC. Regardless, a common thread running throughout both reports is the potential risk presented to financial institutions by emerging technologies, which carry the simultaneous blessing and curse of business opportunities and compliance risks. Continue Reading OCC Report: Same Threats, Different Season

“Panama Papers” Law Firm Announces Its Closure Due to Fallout from Massive Data Breach

By Edward J. McAndrew, Peter D. Hardy & Alicia M. Went on March 15, 2018

Posted in Attorney Client Privilege, Attorney Liability, Cybersecurity, International Tax Evasion, Offshore Account, Panama Papers

The beleaguered law firm at the center of the international Panama Papers scandal – Mossack Fonseca – has announced that it is closing its doors. It offered no apologies.

Founded in 1977 by Jurgen Mossack and Ramon Fonseca, Mossack Fonseca had been perched at the top of offshore legal services providers until April 2016, when it became ground zero for a global controversy because approximately 11.5 million of the firm’s internal legal and financial documents were leaked to the media. These leaked documents – publicized primarily by the International Consortium of Investigative Journalists (“ICIJ”) – allegedly reveal a global system of undisclosed offshore accounts, money laundering and tax evasion, and how the rich and powerful around the world use shell companies to conceal assets and possible illegal activity.

The incident is the largest publicly disclosed data breach involving a law firm. Following the April 2016 publication of data, founding partner Ramon Fonseca and other public sources claimed that the firm’s network had been compromised by hackers sometime in 2015. Security researchers and other public sources identified numerous unpatched vulnerabilities in Mossack’s website and email server, which could have been very easily compromised by hackers. Approximately 2.6 terabytes of data – including 4.8 million emails, 3 million database files, and 2.1 million.pdf files – were leaked, including client documents dating back to the 1970s.

The Panama Papers scandal not only sharpened the national and global focus on the general risks of money laundering, tax evasion, and terrorist financing, but it also helped fuel the international critique of the United States as a potential haven for money laundering and tax evasion due to opportunities in the U.S. to form legal entities without having to disclose the entities’ true beneficial owners. The scandal also reminded the world how lawyers potentially can facilitate their clients’ money laundering.

The incident and resulting scandal also illustrates the growing frequency, ease, and potentially devastating consequences of data breaches. Cyber incidents – whether malicious or non-malicious in nature – can threaten even the richest and most powerful people, and the breach of client confidential information held by a law firm can have serious potential legal consequences for both the firm and its affected clients. Continue Reading “Panama Papers” Law Firm Announces Its Closure Due to Fallout from Massive Data Breach

OCC Report: Cybersecurity and Money Laundering Threats are the Key Risks Facing Banks

By Edward J. McAndrew on January 22, 2018

Posted in Anti-Money Laundering (AML), Bank, Bank Secrecy Act (BSA), Beneficial Ownership, Customer Due Diligence, Cybersecurity, Office of the Comptroller of the Currency (OCC)

Last week, the Office of the Comptroller of the Currency (“OCC”) released its semiannual risk report (“Report”) highlighting credit, operational, and compliance risks to the federal banking system. The Report focuses on issues that pose threats to those financial institutions regulated by the OCC and is intended to be used as a resource to by those financial institutions to address the key concerns identified by the OCC. Specifically, the OCC places cybersecurity and Anti-Money Laundering (“AML”) among the top concerns highlighted in the Report. The Report further observes that the total number of enforcement actions by the OCC against banks — instituted for any kind of alleged violations — have declined steadily after peaking in 2009. Continue Reading OCC Report: Cybersecurity and Money Laundering Threats are the Key Risks Facing Banks

Ballard Spahr Launches New Privacy and Cybersecurity Blog

By Peter D. Hardy on January 22, 2018

Posted in Cybersecurity

We are really pleased to announce that Ballard Spahr has launched CyberAdviser, a new blog focused on the latest news and developments in privacy and cybersecurity law.

It will offer insights into the latest governance and compliance matters, investigations, civil and criminal litigation, regulatory and legislative developments, industry trends, emerging technologies, and other cyber issues that may be just a click away. CyberAdviser is produced by the members of our Privacy and Data Security Group—a nationwide team of more than 50 attorneys who provide a wide range of legal services to help clients identify, manage, and mitigate cyber risk.

CyberAdviser will serve as an excellent counterpart to the issues we discuss in Money Laundering Watch. To demonstrate the (increasingly) frequent overlap between AML and privacy and cybersecurity issues, our colleague Kim Phan is posting today in both blogs about a new report issued by the Office of the Comptroller of the Currency regarding the cybersecurity and money laundering threats currently facing banks.

Please visit CyberAdviser and subscribe to receive regular updates. Click here to subscribe to Money Laundering Watch.

Upcoming Webinars on Digital Currency

By Marjorie J. Peerce & Peter D. Hardy on August 27, 2017

Posted in Anti-Money Laundering (AML), Bank Secrecy Act (BSA), Civil Penalty, Criminal Enforcement, Cybersecurity, Money Services Business, Virtual Currency

As digital currency continues to evolve, it continues to pose unfolding compliance, regulatory and criminal law challenges. We will present two webinars on this topic in September, in which we will discuss issues posed under the Bank Secrecy Act and the money laundering and federal securities laws, among other issues.

The first webinar, “Current Trends in Criminal Law: The Mechanics of Virtual Currency, from Legitimate Use to Misuse,” will be presented through Lawline, on September 7 at 11:30 am ET.

The second webinar, “Eye on Virtual Currency and Blockchain Technology,” will be presented through Ballard Spahr LLP, on September 19 at 12:00 pm ET. Our colleague Odia Kagan also will participate in this free webinar, which also will discuss some of the data privacy issues posed by digital currency.

We hope that you join us. You may review the webinars and register through the links provided above. The innovative blockchain technology that is at the heart of digital currency likely will be embraced increasingly by more “traditional” financial institutions, so these issues have broad relevance.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.

As Digital Currency Spreads, So Does its Global Regulation: India and Australia Enter the Fray

By Marjorie J. Peerce on August 22, 2017

Posted in Anti-Money Laundering (AML), Customer Due Diligence, Cybersecurity, Know Your Customer (KYC), Money Services Business, Securities and Exchange Commission (SEC), Virtual Currency

As digital currency becomes more ubiquitous, state and federal regulators across the United States, as well as regulators in many other countries, are examining how existing regulatory structures need to be adapted to account for unique aspects of digital currency. News from both India and Australia reflect different approaches to the ever-evolving world of digital currency and potential money laundering risks associated with that currency. As we previously have blogged, U.S. enforcement personnel aggressively have asserted jurisdiction over international digital currency operations. As we will discuss, it appears that digital currency businesses will find themselves having to comply with a kaleidoscope of various Anti-Money Laundering (“AML”) regulatory regimes across the globe. Continue Reading As Digital Currency Spreads, So Does its Global Regulation: India and Australia Enter the Fray

FinCEN Takes First Action Against Foreign-Located MSB—“The Virtual Currency Exchange of Choice for Criminals”—For Willfully Violating U.S. AML Laws

By Peter D. Hardy on July 30, 2017

Posted in 18 USC 1956, 18 USC 1957, Anti-Money Laundering (AML), Civil Penalty, Criminal Enforcement, Cybersecurity, Department of Justice (DOJ), Extraterritorial Application of US Law, Financial Crimes Enforcement Network (FinCEN), Individual Liability, Money Services Business, Virtual Currency

On July 26, FinCEN, in coordination with the U.S. Attorney’s Office for the Northern District of California (“NDCA USAO”), assessed a $110,003,314 civil money penalty against BTC-e a/k/a Canton Business Corporation (“BTC-e”) for willfully violating the Bank Secrecy Act (“BSA”), and a $12 million penalty against Alexander Vinnik, a Russian national who is one of the alleged operators of BTC-e, for his role in the violations. FinCEN’s press release indicates that this is the first enforcement action it has taken against a foreign-located money services business (“MSB”) doing business in the United States. As we previously have blogged, FinCEN released interpretive guidance in March 2013 stating that an administrator or exchanger of virtual currency is an MSB under the BSA unless a limitation or exemption applies.

In a parallel criminal investigation, Vinnik was arrested and detained in Greece and charged in a 21-count superseding indictment brought by the NDCA USAO and DOJ’s Computer Crime and Intellectual Property Section. The superseding indictment alleges that Vinnik and BTC-e operated an unlicensed MSB doing business in the U.S., in violation of 18 U.S.C. § 1960, and committed money laundering, in violation of 18 U.S.C. §§ 1956 and 1957, by facilitating virtual currency transactions involving various crimes, including computer hacking, identity theft, tax refund fraud schemes, public corruption, and drug trafficking. The superseding indictment also provides some clues to the fate of the collapsed virtual currency exchange Mt. Gox, once reportedly the largest such exchange in the world. Continue Reading FinCEN Takes First Action Against Foreign-Located MSB—“The Virtual Currency Exchange of Choice for Criminals”—For Willfully Violating U.S. AML Laws

The Growing Convergence of Cyber-Related Crime and Suspicious Activity Reporting

By Marjorie J. Peerce & Kevin D. Leitão on May 10, 2017

Posted in Anti-Money Laundering (AML), Bank, Criminal Enforcement, Cybersecurity, Financial Crimes Enforcement Network (FinCEN), New York Department of Financial Services (NYDFS), Suspicious Activity Report (SAR), USA PATRIOT Act

We were pleased to contribute an article to the May 2017 issue of Business Crimes Bulletin titled “The Growing Convergence of Cyber-Related Crime and Suspicious Activity Reporting.” Regulators and law enforcement are taking proactive steps to further leverage anti-money laundering monitoring and reporting tools in their battle with cyber attacks and cyber crimes. In-house legal and compliance teams need to be fully versed in the latest Financial Crimes Enforcement Network (FinCEN) and bank regulatory guidance on cyber-related crimes and have the right professionals available to assist them with these matters.

Cyber-related crimes increasingly are making headlines across the globe as cyber attacks and other cyber incidents grow in intensity, volume and sophistication against government, political and business targets. The motives of attackers are as varied as their methods, but there is clearly an increasing number of attacks and other illegal activity motivated by financial gain against businesses, including financial institutions. Recent regulatory developments reveal that that illegal cyber activity has become more relevant to the fight against money laundering and terrorist financing as well.

Click here to read the full article.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch.

Bank Whistleblower Suits Highlight Limits of Employee Confidentiality Agreements

By Priya Roy, Edward J. McAndrew, Brian D. Pedrow & Peter D. Hardy on February 24, 2017

Posted in Bank, Bank Secrecy Act (BSA), Cybersecurity, Office of the Comptroller of the Currency (OCC), Securities and Exchange Commission (SEC), Whistleblower

Employers increasingly face the difficult scenario of employees who misappropriate company data in the pursuit of whistleblower claims alleging misconduct by the employer. Such cases can present a complex mix of regulatory, cybersecurity, and employment issues. These issues were front and center in a recent whistleblower case pitting a bank against its former internal auditor, who engaged in computer-facilitated misappropriation of the bank’s confidential information allegedly to support whistleblower conduct. Whistle

The U.S. District Court for the Southern District of California recently declined to summarily adjudicate whether the employee’s confidentiality agreement precluded any whistleblower affirmative defense based on the employee’s alleged violation of computer fraud, contract, and tort laws. The whistleblower laws in question included the Bank Secrecy Act, Sarbanes-Oxley, Dodd-Frank, and the California Labor Code.

In Erhart v. Bofi Holding, plaintiff Charles Matthew Erhart filed a whistleblower complaint against his employer, Bank of the Internet (BofI), alleging BofI retaliated against him for reporting unlawful conduct to the government. BofI, in turn, filed a complaint, alleging that Erhart breached his employee confidentiality agreement by misappropriating confidential data relating to his employer and its clients and disseminating that data to the government, family members, and the national press.

Erhart illustrates the complex and practical problems faced by employers dealing with employees who engage in conduct that would otherwise constitute computer fraud, intellectual property theft, breaches of employment-related agreements and policies, and related tort claims under the mantle of “whistleblower.” A key issue in the case was whether Erhart would be entitled to pursue his retaliation claims before a jury or would be precluded from doing so as a matter of law given his computer-facilitated theft of confidential information. Continue Reading Bank Whistleblower Suits Highlight Limits of Employee Confidentiality Agreements

Money Laundering Watch