Second Post in a Two-Part Series on Recent OFAC DesignationsAs we blogged yesterday, OFAC has been busy. Right before OFAC designated the virtual currency exchange SUEX for allegedly facilitating ransomware payments, OFAC announced another significant but more traditional action on September 17, 2021 by designating members of a network of Lebanon and Kuwait-based
OFAC Updates Advisory on Enforcement Risks Relating to Agreeing to Pay RansomwareOn September 21, 2021 OFAC issued its first sanctions designation against a virtual currency exchange by designating the virtual currency exchange, SUEX OTC, S.R.O. (SUEX) “for its part in facilitating financial transactions for ransomware variants.” Although this is a unique development, the broader and more important issue for any financial institution or company facing a ransomware attack is the continuing problem encapsulated in OFAC’s six-page Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, which OFAC released in conjunction with the announcement of the SUEX designation. The Updated Advisory illustrates a “Catch 22” scenario, in which a victim that halts a ransomware attack by making the demanded payment then may find itself under scrutiny from OFAC on a strict-liability basis if it turns out that the attackers were sanctioned or otherwise had a sanctions nexus. The Updated Advisory states that OFAC will consider self-reporting, cooperation with the government and strong cybersecurity measures to be mitigating factors in any contemplated enforcement action.
OFAC has been busy. Tomorrow, we will blog on a more traditional action announced by OFAC right before the SUEX designation: OFAC’s designation of members of a network of financial conduits funding Hizballah and Iran’s Islamic Revolutionary Guard Corps-Qods Force. This designation is notable for the targets’ alleged use of gold as a vehicle to launder illicit funds through front companies.
Continue Reading OFAC Targets Virtual Currency Exchange For Ransomware Attack
On April 12, 2021, the Office of the Comptroller of the Currency (“OCC”), the Board of Governors of the Federal Reserve System (“Board”), the Federal Deposit Insurance Corporation (“FDIC”), the National Credit Union Administration (“NCUA”) and the Financial Crimes Enforcement Network (“FinCEN”) issued a Request for Information (“RFI”) requesting comment on the extent to which the agencies’ previous guidance on model risk management supports banks’ compliance with Bank Secrecy Act (“BSA) and Anti-Money Laundering (“AML”) regulations and Office of Foreign Asset Control (“OFAC”) requirements.
The RFI asks for comments from interested parties on suggested changes to guidance or regulations, and whether aspects of the agencies’ approaches to BSA/AML and OFAC compliance are either working well, or could be improved. The agencies explained that the reason for the RFI is to further understand current bank practices, and determine whether additional explanation or clarification of their guidance may be helpful. Although the genesis of the RFI is not entirely clear, it appears that it was issued in response to certain financial institution inquiries or comments regarding how the maintenance of their BSA/AML compliance programs should incorporate principles set forth in earlier, more general regulatory guidance on model risk management for banks, which we describe below. Further, the RFI has not occurred in a vacuum, but rather has appeared in the midst of a major, ongoing overhaul of the BSA/AML legislative, regulatory and enforcement regime. Comments to the RFI must be received by June 11, 2021.
Continue Reading Risk Management: Agencies Issue Request for Information on Intersection of Model Risk Management Guidance and BSA/AML Compliance
As we’ve blogged, high-end artwork can create an ideal vehicle for money laundering. And, as we’ve also blogged, the Permanent Subcommittee on Investigations for the U.S. Senate released in July 2020 a detailed report titled “The Art Industry and U.S. Policies That Undermine Sanctions,” focusing on the nexus between high-end art and U.S. sanctions law violations, potential money laundering schemes and anti-money laundering (“AML”) risks. The Senate report recommends in part that the Bank Secrecy Act (“BSA”) be amended to include art dealers as “financial institutions” subject to AML obligations under the BSA.
Indeed, recent legislation has included a proposal to (i) add to the list of “financial institutions” covered by the BSA “a person trading or acting as an intermediary in the trade of antiquities, including an advisor, consultant or any other person who engages as a business in the solicitation of the sale of antiquities;” and (ii) require a study by the Secretary of the Treasury “on the facilitation of money laundering and terror finance through the trade of works of art or antiquities,” including an evaluation of whether art industry markets should be regulated under the BSA.
This is a “hot” topic. In the latest development in this area, and in what appears to be a response to — or affirmation of – the Senate report, the U.S. Department of the Treasury’s (“Treasury”) Office of Foreign Assets Control (“OFAC”) recently issued a new advisory (the “Advisory”) highlighting the related problem of individuals blocked by OFAC from entering the U.S. financial system trying to evade those restrictions through the commerce of art, and emphasizing sanctions for U.S. persons who engage in prohibited transactions.
Continue Reading Art and OFAC
October is National Cybersecurity Awareness Month, and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and Office of Foreign Assets Control (“OFAC”) kicked off the month by issuing two advisories that aim to increase cybersecurity awareness, assist financial institutions in detecting and reporting ransomware activity, and highlight potential sanctions risks for facilitating ransomware payments.
The FinCEN and OFAC advisories signal the seriousness with which the Department of Treasury treats the threat of cybercriminals and ransomware attacks. Both FinCEN and OFAC have now squarely placed an obligation on financial institutions and other payment intermediaries to put procedures in place to detect ransomware payments and to restrict payments to blocked individuals. It appears FinCEN and OFAC want to make sure cybercrime does not pay by cutting off cybercriminals’ access into the financial system.
While both FinCEN and OFAC have offered guidance to financial institutions formulating policies and procedures for deciding whether to process or report payment requests that may be connected to ransomware attacks, OFAC has also offered a warning: facilitating ransomware payments may lead to an enforcement action and civil penalties. Given the growing national security concerns associated with ransomware attacks, the advisories rightly encourage financial institutions and other payment intermediaries that facilitate ransomware payments to share information via Suspicious Activity Reports (“SARs”) and to fully cooperate with law enforcement during and after ransomware attacks.
Continue Reading FinCEN and OFAC Advisories Aim to Increase Cybersecurity Awareness and Thwart Ransomware Attacks in the Financial Sector
Last week, the Permanent Subcommittee on Investigations for the U.S. Senate released a detailed, 147-page report titled “The Art Industry and U.S. Policies That Undermine Sanctions” (“the Report”). Although the Report ostensibly addresses the evasion of U.S. sanctions law, much of the Report actually focuses on the connection between high-end art and potential money laundering schemes and anti-money laundering (“AML”) risks. Among other proposals, the Report recommends that the Bank Secrecy Act (“BSA”) be amended to include art dealers as “financial institutions” subject to AML obligations under the BSA.
The Report focuses on an elaborate case study documenting how certain Russian oligarchs allegedly used transactions involving high-end art and shell companies to evade U.S. sanctions, imposed on them on March 20, 2014 in response to Russia’s invasion of Ukraine and the annexation of Crimea. We will not focus on the detailed allegations in the Report regarding the particular facts of this alleged scheme, or the alleged involvement of certain major art auction houses. Rather, we will focus on the more general sections in the Report relating to systemic concerns about the potential role of high-end art in money laundering schemes, and the more general findings of fact and recommendations generated by these concerns.
The Report was not issued in a vacuum; rather, it clearly was written in part to spur legislative action. Proposed legislation on BSA/AML reform is pending before the U.S. Congress and Senate, including a proposal – currently nestled within a lengthy proposed amendment to a defense spending bill – to (i) add to the list of “financial institutions” covered by the BSA “a person trading or acting as an intermediary in the trade of antiquities, including an advisor, consultant or any other person who engages as a business in the solicitation of the sale of antiquities;” and (ii) require a study by the Secretary of the Treasury “on the facilitation of money laundering and terror finance through the trade of works of art or antiquities,” including an evaluation of whether certain art industry markets (“by size, entity type, domestic or international geographic locations, or otherwise”) should be regulated under the BSA. And, this general issue has been percolating for some time. Last year, we blogged in detail about the potential role of high-end art and antiquities in money laundering schemes, and the voluntary AML programs which art dealers might adopt to combat such schemes.
Continue Reading Using Art to Evade Sanctions and Launder Money: The Senate Report
The Southern District of New York (“SDNY”) recently rejected a retaliation claim brought by a former bank employee under the Bank Secrecy Act (“BSA”), granting summary judgment in favor of the employer bank because the former employee failed to demonstrate that his firing was caused by his act of reporting a potential violation of law to the government. Although the reasoning underlying the Court’s Order is straight-forward, the case provides another reminder of the often difficult employment issues that both financial institutions and potential whistleblowers can face.
Whistleblowing as to alleged anti-money laundering (AML) violations is a growing phenomenon, perhaps best exemplified by the fact that a whistleblower precipitated the colossal Dankse Bank money laundering scandal. Previously, we blogged about a bank whistleblower case producing the opposite result as the SDNY Order here. In this post, we discuss both the BSA whistleblower statute and the SDNY Order, and, more generally, we note steps that financial institutions might take to protect themselves from liability and legitimate whistleblowers from retaliation.
Continue Reading Would-Be Whistleblower Fails to Show Causation Under the Bank Secrecy Act for Termination
On May 28, 2020, the U.S. Department of Justice (“DOJ”) unsealed a 50-page indictment against 28 North Korean and 5 Chinese bankers accused of using more than 250 front companies to obscure $2.5 billion in illicit financial dealings (“the Indictment”). The complex and far-flung scheme purportedly involved covert branches of North Korea’s state-owned Foreign Trade Bank (“FTB”)—all opened in foreign countries in an attempt to access the U.S. financial system, and to circumvent sanctions intended to guard against threats to national security, foreign policy, and the U.S. economy. The Indictment charges the individuals with conspiring to launder money, violations of the “international” prong of the money laundering statute (about which we have blogged), bank fraud, and violations of the International Emergency Economic Powers Act.
Although the Indictment is interesting standing alone, it also represents the latest in a series of enforcement actions involving North Korea and the U.S. financial system.
Continue Reading 28 North Korean and 5 Chinese Bankers Accused of a $2.5 Billion Laundering Scheme
We are really pleased to be moderating the Practising Law Institute’s 2020 Anti-Money Laundering Conference on May 12, 2020, starting at 9 a.m. Perhaps needless to say, this year’s conference will be entirely virtual. But the conference still should be as informative, interesting and timely as always. Our conference co-chair, Nicole S. Healy of Ropers
Second Post in a Two-Post Series On March 19, 2020, Swedbank received its first sanction at the conclusion of parallel investigations by Swedish and Estonian authorities for its role in the seemingly non-stop Anti-Money Laundering (“AML”) debacle centered around Danske Bank and its now-notorious Estonian Branch. In the first of what will likely be multiple sanctions, Swedbank AB was ordered to pay a record 4 billion Swedish Krona ($38 million) and its subsidiary, Swedbank AS, has been ordered to improve its AML risk control systems to comply with applicable requirements.
In our first post, we discussed the various public AML-related investigations and enforcement actions plaguing Swedbank. In this post, we discuss the details and implication of the report of internal investigation regarding Swedbank’s alleged deficiencies in its AML processes performed by an outside law firm at the request of Swedbank, which has made the report publically available.
The Report is lengthy and detailed. As we discuss, however, the Report highlights some basic, evergreen issues in AML compliance and enforcement: the need to implement adequate systems to manage high-risk customers; the need to identify beneficial ownership; the need for top management to understand and truly respect AML compliance; the need for transparency with regulators; and the need for transparency by financial institutions with investors and the public.
Continue Reading AML Problems Plague Swedbank: The Internal Investigation Report