On November 13, 2024, the Financial Crimes Enforcement Network (FinCEN) issued FIN-2024-Alert004 to help financial institutions identify fraud schemes associated with the use of deepfake media created with generative artificial intelligence (GenAI) in response to increased suspicious activity reporting. “Deepfake media” are a type of synthetic content that use artificial intelligence/machine learning to create realistic
The Nevada Gaming Control Board (“Board”) recently filed a complaint (“Complaint”) against Resorts World Las Vegas casino (“Resorts World”), alleging that, despite repeated red flags, Resorts World’s Anti-Money Laundering (“AML”) Committee, executives, and other employees failed to bar Matthew Bowyer and other individuals who were patrons of Resorts World while being suspected of engaging in illegal bookmaking and other illicit activities.
The Board is seeking fines, actions against Resorts World’s licenses, and the appointment of a supervisor if the Nevada Gaming Commission (the “Commission”) revokes or suspends Resorts World’s gaming license. The Complaint is the latest development in a series of recent high-profile enforcement actions implicating major gaming institutions and the alleged use of the institutions to launder illegal bookmaking funds by high-end clients, with the institutions’ alleged tacit consent.
Bowyer came to the attention of both the Nevada Gaming Control Board and the Department of Justice (“DOJ”) following the investigation and guilty plea of Ippei Mizuhara, the Japanese-language interpreter and de facto manager of baseball superstar Shohei Ohtani. One of Bowyer’s clients was Mizuhara, who allegedly placed at least 19,000 bets with Bowyer’s illegal gambling business. Bowyer, in turn, allegedly took the proceeds of his bookmaking business and wagered millions of dollars at Resorts World.
Last week, the United States Attorney’s Office for the Southern District of New York unsealed an indictment against global cryptocurrency exchange KuCoin and two of its founders, Chun Gan and Ke Tang, for allegedly conspiring to operate an unlicensed money transmitting business and conspiring to violate the Bank Secrecy Act (“BSA”) by willfully failing to maintain an adequate anti-money laundering (“AML”) program. KuCoin also was charged with operating an unlicensed money transmitting business and a substantive violation of the BSA. Further, the Commodity Futures Trading Commission (the “CFTC”) filed a complaint on the same day in the United States District Court for the Southern District of New York alleging that KuCoin violated the Commodity Exchange Act (the “CEA”) and related regulations.
The indictment alleges that KuCoin failed to design and implement procedures to prevent it from being used for money laundering and terrorist financing, failed to maintain reasonable procedures for verifying the identity of customers, and failed to file any Suspicious Activity Reports. When distilled, the indictment alleges that KuCoin had no real BSA/AML compliance program at all, because it pretended to not have any U.S. customers. This allegation is familiar theme in similar U.S. enforcement actions, including those against Binance.
The CFTC civil complaint specifically alleges that KuCoin illegally dealt in off-exchange commodity futures transactions; solicited and accepted orders for commodity futures and swaps, and leveraged, margined, or financed retail commodity transactions without registering with the CFTC as a Futures Commission Merchant (“FCM”); failed to diligently supervise its FCM activities; operated a facility for the trading or processing of swaps without registering with the CFTC as a swap execution facility or designated contract market; and failed to implement an effective customer identification program.
Recently, the Industrial and Commercial Bank of China Ltd. (“ICBC”) entered into two consent orders. The first consent order is with the New York State Department of Financial Services (the “NYDFS”) for alleged deficiencies in the bank’s Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) and Office of Foreign Assets Control (“OFAC”) compliance screening programs over the past several examination cycles, as well as alleged violations of sharing confidential supervisory information. As we will discuss, the NYDFS consent order finds that ICBC violated New York banking law by backdating internal certifications – not themselves required by statute or regulation – and then not immediately disclosing these “false entries” to the NYDFS.
ICBC also entered into an Order to Cease and Desist (“C&D Order”) with the Board of Governors of the Federal Reserve (the “Federal Reserve”) for the alleged improper disclosure of confidential supervisory information, or CSI. Generally, CSI is information relating to a regulatory examination or investigation, which cannot be disclosed without the agreement of the financial institution’s examining regulator – which here, of course, is the Federal Reserve. As noted above, the NYDFS consent order also contains allegations of improper disclosure of CSI, which is also protected as confidential under New York banking law. Ironically, the alleged disclosure of CSI was to the bank’s foreign regulator.
This is not the first time ICBC has had issues involving alleged BSA/AML deficiencies. In 2018, ICBC entered into a consent Cease and Desist Order with the Federal Reserve for similar BSA/AML deficiencies at its New York branch, about which we blogged here. Despite ICBC’s noted efforts in enhancing BSA/AML and OFAC compliance programs and promptly reporting the unauthorized disclosure of confidential supervisory information to the regulators, the bank was subjected to a $30 million civil money penalty from the NYDFS and another $2.4 million civil money penalty from the Federal Reserve.
As the world now knows, Binance Holdings Limited, doing business as Binance.com (“Binance” or the “Company”), has entered into a plea agreement with the U.S. Department of Justice (“DOJ”).
Binance is registered in the Cayman Islands and regarded as the world’s largest virtual currency exchange. It agreed to plead guilty to conspiring to willfully violating the Bank Secrecy Act (“BSA”) by failing to implement and maintain an effective anti-money laundering (“AML”) program; knowingly failing to register as a money services business (“MSB”); and willfully causing violations of U.S. economic sanctions issued pursuant to the International Emergency Economic Powers Act (“IEEPA”). Despite the plea agreement, Binance will continue to operate.
Changpeng Zhao, also known as “CZ,” also pleaded guilty to violating the BSA by failing to implement and maintain an effective AML program. Zhao is Binance’s primary founder, majority owner, and – until now – CEO. As part of his plea agreement, Zhao has stepped down as the CEO, although he apparently will keep his shares in Binance.
As part of its plea agreement, Binance has agreed to forfeit $2,510,650,588 and to pay a criminal fine of $1,805,475,575 for a total criminal penalty of $4,316,126,163. Binance also entered into related civil consent orders with the Financial Crimes Enforcement Network (“FinCEN”), the Commodity Futures Trading Commission (“CFTC”), and the Office of Foreign Assets Controls (“OFAC”). Zhao also entered into a consent order with the CFTC.
The allegations are vast and detailed, and much digital ink already has been spilled regarding this matter. Our discussion therefore will be relatively high-level. Distilled, the government alleges that Binance – under the direction of Zhao – tried to hide the fact that it operated in the U.S., purposefully avoided any meaningful AML compliance, and consequently laundered many millions of dollars’ worth of cryptocurrency involving extremely serious criminal conduct, including terrorism, child pornography, and U.S. sanctions evasion.
As for Zhao, and as we will discuss, whether he will go to prison – and if so, for how long – is an open and very interesting question. His sentencing currently is scheduled for February 23, 2024.
On August 17, 2023, Judge Robert Pitman of the federal district court for the Western District of Texas issued an Order granting summary judgment for the U.S. Treasury Department (“Treasury”) in a lawsuit brought by six individuals, and denying the cross-motion for summary judgment filed by the individuals. The lawsuit alleged that Treasury overstepped its authority by imposing sanctions on the coin mixing service Tornado Cash. Deciding for the government, Judge Pitman determined that Tornado Cash is a “person” that may be designated by OFAC sanctions. Specifically, the regulatory definition of “person” includes an “association,” and Tornado Cash is an “association” within its ordinary meaning.
Shortly thereafter, on August 23, 2023, the U.S. Department of Justice (“DOJ”) unsealed an indictment returned in the Southern District of New York against the alleged developers of Tornado Cash, Roman Storm (“Storm”), a naturalized citizen residing in the U.S., and Roman Semenov (“Semenov”), a Russian citizen. The indictment charges them with conspiring to commit money laundering, operate an unlicensed money transmitting business, and commit sanctions violations involving the International Emergency Economic Powers Act, or IEEPA. When the indictment was unsealed, Storm was arrested and then released pending trial. Treasury simultaneously sanctioned Semenov, who remains outside of the U.S., adding him to OFAC’s Specially Designated Nationals and Blocked Persons (“SDN”) List.
These are very complicated cases raising complicated issues. They are separate but obviously related. As we will discuss, the factual and legal issues tend to blend together, and how a party characterizes an issue says a lot about their desired outcome: has the government taken incoherent action against a technology, or has it pursued a group of people attempting to hide behind tech?
The Office of Foreign Asset Control (“OFAC”) announced on June 20 that Swedbank Latvia AS (“Swedbank Latvia”), a subsidiary of Swedbank AB (“Swedbank AB”) headquartered in Riga, Latvia, agreed to pay $3,430,900 to settle its potential civil liability for 386 “apparent” violations of OFAC sanctions involving Crimea. Specifically, Swedbank Latvia allegedly allowed a client to initiate payments from Crimea through an e-banking platform that ultimately were processed by a U.S. correspondent bank. The settlement amount reflects OFAC’s determination that Swedbank Latvia’s conduct was “non-egregious” – but not voluntarily self-disclosed.
Although unrelated to this OFAC action, Swedbank Latvia was the topic of a 2019 internal investigation report commissioned by Swedbank AB revealing that from before 2007 through 2016, Swedbank Latvia (and Swedbank Estonia) actively pursued certain high-risk customers as a business strategy. This conduct, related to the Danske Bank scandal and its now-notorious Estonian Branch, resulted in Swedish and Estonian authorities ordering Swedbank AB in 2020 to pay a record 4 billion Swedish Krona (then, approximately $38 million) in anti-money laundering related penalties.
This OFAC enforcement action involves alleged conduct which occurred even before Russia’s 2022 unprovoked invasion of Ukraine, the ensuing host of expanded U.S. sanctions, and the recent drive by U.S. regulators and prosecutors to combat the attempted evasion of Russia sanctions and export controls. The enforcement action reflects how OFAC can learn of potential sanctions violations through other financial institutions. It also emphasizes, once again, some of the risks inherent in providing correspondent bank services to foreign banks, and the need for good communication between U.S. and foreign banks. It further reflects the need for a financial institution (or any company) to integrate customer data into a sanctions compliance program, keep up to date on evolving sanctions, and pursue potential red flags of non-compliance – including in the face of customer representations of compliance.
Continue Reading Swedbank Latvia Settles with OFAC for Apparent Crimea Sanctions Violations
On June 5, 2023, the SEC filed an extensive civil complaint against Binance Holdings Limited, its assorted affiliates and its beneficial owner and CEO, Changpeng Zhao, alleging multiple violations of the Securities Act of 1933 and the Securities Exchange Act of 1934. The Binance suit, as all of SEC’s enforcement efforts in the crypto space, arises from the hotly contested and frequently litigated predicate categorically asserted by the SEC that at least some cryptocurrencies are “securities” under, and therefore subject to, the federal securities laws. The Binance case demonstrates how, from that premise, the SEC takes a utilitarian approach to the crypto industry, essentially overlaying the functions and participants in the traditional securities industry against their counterparts in crypto.
Although the Binance enforcement action obviously focuses on securities law, it is relevant to anti-money laundering concepts because the action focuses on Know-Your-Customer (“KYC”) requirements, as a predicate to discussing the securities laws. The Binance enforcement action is similar to the enforcement action against Bitmex and other entities, which rested on the allegation that the entity attempted to pretend that it did not have U.S. customers — even though it in fact had such customers, as it allegedly well knew and despite efforts to obfuscate such U.S. contacts. This post therefore will focus on the KYC and customer identification issues presented by the Binance complaint.
Continue Reading SEC’s Suit Against Binance Demonstrates Scope of Its Crypto Enforcement Efforts
On June 16, 2023, Michael J. Hsu, Acting Comptroller of the Currency made remarks to the American Bankers Association (“ABA”) Risk and Compliance Conference in San Antonio, Texas. In his remarks, Hsu discussed both the benefits and risks of artificial intelligence (“AI”) and tokenization. The core of Hsu’s remarks is that, given the rapid innovation of AI and tokenization in banking, banks should closely work with regulators to manage technological risks.
Hsu’s remarks came at the right time. Five days later, and as we discuss below, Google Cloud announced the launch of an AI anti-money laundering program. Early results seem promising, but only time will tell whether Hsu’s remarks concerning AI’s risks prove prophetic.
We are pleased to offer the latest episode in Ballard Spahr’s Consumer Finance Monitor podcast series, A Look at the Treasury Department’s April 2023 Report on Decentralized Finance or “DeFi.”
In this episode, we follow up and expand upon our blog post regarding the U.S. Department of the Treasury’s April 6, 2023 report examining vulnerabilities