Cybersecurity

Subscribe to Cybersecurity

OCC Identifies AML/BSA and Cyber Threats as Elevated Risks Facing Banks

Last week, the Office of the Comptroller of the Currency (“OCC”) published the Spring 2018 Semiannual Risk Perspective (the “Report”), which uses up-to-date data to identify risks to U.S. banks and measure their compliance with applicable laws and regulations.  The Report concluded that some of the OCC’s primary concerns are with banks’ abilities to comply with the anti‑money laundering (“AML”) laws and regulations, as well as to manage risks associated with cybersecurity threats.

Many of the OCC’s observations and recommendations remained the same from its Fall 2017 report, about which we previously blogged, begging readers to wonder what will spur less conversation and potentially more action among OCC-supervised banks or concrete guidance by the OCC.  Regardless, a common thread running throughout both reports is the potential risk presented to financial institutions by emerging technologies, which carry the simultaneous blessing and curse of business opportunities and compliance risks.
Continue Reading OCC Report: Same Threats, Different Season

Last week, the Office of the Comptroller of the Currency (“OCC”) released its semiannual risk report (“Report”) highlighting credit, operational, and compliance risks to the federal banking system.  The Report focuses on issues that pose threats to those financial institutions regulated by the OCC and is intended to be used as a resource to by those financial institutions to address the key concerns identified by the OCC.  Specifically, the OCC places cybersecurity and Anti-Money Laundering (“AML”) among the top concerns highlighted in the Report.  The Report further observes that the total number of enforcement actions by the OCC against banks — instituted for any kind of alleged violations — have declined steadily after peaking in 2009.
Continue Reading OCC Report: Cybersecurity and Money Laundering Threats are the Key Risks Facing Banks

We are really pleased to announce that Ballard Spahr has launched CyberAdviser, a new blog focused on the latest news and developments in privacy and cybersecurity law.

It will offer insights into the latest governance and compliance matters, investigations, civil and criminal litigation, regulatory and legislative developments, industry trends, emerging technologies, and other cyber

As digital currency continues to evolve, it continues to pose unfolding compliance, regulatory and criminal law challenges.  We will present two webinars on this topic in September, in which we will discuss issues posed under the Bank Secrecy Act and the money laundering and federal securities laws, among other issues.

The first webinar, “Current

As digital currency becomes more ubiquitous, state and federal regulators across the United States, as well as regulators in many other countries, are examining how existing regulatory structures need to be adapted to account for unique aspects of digital currency. News from both India and Australia reflect different approaches to the ever-evolving world of digital currency and potential money laundering risks associated with that currency.  As we previously have blogged, U.S. enforcement personnel aggressively have asserted jurisdiction over international digital currency operations.  As we will discuss, it appears that digital currency businesses will find themselves having to comply with a kaleidoscope of various Anti-Money Laundering (“AML”) regulatory regimes across the globe.
Continue Reading As Digital Currency Spreads, So Does its Global Regulation: India and Australia Enter the Fray

On July 26, FinCEN, in coordination with the U.S. Attorney’s Office for the Northern District of California (“NDCA USAO”), assessed a $110,003,314 civil money penalty against BTC-e a/k/a Canton Business Corporation (“BTC-e”) for willfully violating the Bank Secrecy Act (“BSA”), and a $12 million penalty against Alexander Vinnik, a Russian national who is one of the alleged operators of BTC-e, for his role in the violations.  FinCEN’s press release indicates that this is the first enforcement action it has taken against a foreign-located money services business (“MSB”) doing business in the United States.  As we previously have blogged, FinCEN released interpretive guidance in March 2013 stating that an administrator or exchanger of virtual currency is an MSB under the BSA unless a limitation or exemption applies.

In a parallel criminal investigation, Vinnik was arrested and detained in Greece and charged in a 21-count superseding indictment brought by the NDCA USAO and DOJ’s Computer Crime and Intellectual Property Section. The superseding indictment alleges that Vinnik and BTC-e operated an unlicensed MSB doing business in the U.S., in violation of 18 U.S.C. § 1960, and committed money laundering, in violation of 18 U.S.C. §§ 1956 and 1957, by facilitating virtual currency transactions involving various crimes, including computer hacking, identity theft, tax refund fraud schemes, public corruption, and drug trafficking. The superseding indictment also provides some clues to the fate of the collapsed virtual currency exchange Mt. Gox, once reportedly the largest such exchange in the world.
Continue Reading FinCEN Takes First Action Against Foreign-Located MSB—“The Virtual Currency Exchange of Choice for Criminals”—For Willfully Violating U.S. AML Laws

We were pleased to contribute an article to the May 2017 issue of Business Crimes Bulletin titled “The Growing Convergence of Cyber-Related Crime and Suspicious Activity Reporting.” Regulators and law enforcement are taking proactive steps to further leverage anti-money laundering monitoring and reporting tools in their battle with cyber attacks and cyber crimes. In-house legal

Employers increasingly face the difficult scenario of employees who misappropriate company data in the pursuit of whistleblower claims alleging misconduct by the employer. Such cases can present a complex mix of regulatory, cybersecurity, and employment issues. These issues were front and center in a recent whistleblower case pitting a bank against its former internal auditor, who engaged in computer-facilitated misappropriation of the bank’s confidential information allegedly to support whistleblower conduct.Whistle

The U.S. District Court for the Southern District of California recently declined to summarily adjudicate whether the employee’s confidentiality agreement precluded any whistleblower affirmative defense based on the employee’s alleged violation of computer fraud, contract, and tort laws. The whistleblower laws in question included the Bank Secrecy Act, Sarbanes-Oxley, Dodd-Frank, and the California Labor Code.

In Erhart v. Bofi Holding, plaintiff Charles Matthew Erhart filed a whistleblower complaint against his employer, Bank of the Internet (BofI), alleging BofI retaliated against him for reporting unlawful conduct to the government. BofI, in turn, filed a complaint, alleging that Erhart breached his employee confidentiality agreement by misappropriating confidential data relating to his employer and its clients and disseminating that data to the government, family members, and the national press.

Erhart illustrates the complex and practical problems faced by employers dealing with employees who engage in conduct that would otherwise constitute computer fraud, intellectual property theft, breaches of employment-related agreements and policies, and related tort claims under the mantle of “whistleblower.” A key issue in the case was whether Erhart would be entitled to pursue his retaliation claims before a jury or would be precluded from doing so as a matter of law given his computer-facilitated theft of confidential information.
Continue Reading Bank Whistleblower Suits Highlight Limits of Employee Confidentiality Agreements

Despite the staggering $8 billion figure estimated to be spent on global compliance in 2017, U.S.-based rules regarding Anti-Money Laundering (“AML”) and Combating the Financing of Terrorism (“CFT”) remain anchored in their 1970s design. Contrary to the generally slow pace of Congressional action, new technologies may reshape the global financial system (“GFS”) and with it, the ability to detect and disrupt money laundering schemes and terrorist plots. Chief among these is blockchain, a peer-to-peer technology first implemented as the backbone of the virtual currency Bitcoin.
Continue Reading Combating Money Laundering and Terrorist Financing with a Distributed Ledger