The “Highlights” — To Russia, With Crypto

The Financial Crimes Enforcement Network (“FinCEN”) issued on November 1 a Financial Trend Analysis regarding ransomware-related Bank Secrecy Act (“BSA”) filings during the second half of 2021 (the “Report”).  This publication follows up on a similar ransomware trend analysis issued by FinCEN regarding the first half of 2021, on which we blogged here.  

In the most recent analysis, FinCEN found that both the number of ransomware-related Suspicious Activity Reports (“SAR”) filed, and the dollar amounts at issue, nearly tripled from 2020 to 2021.  The notable takeaways from the Report include:

  • Ransomware-related SARs were the highest ever in 2021 (both in number of SARs and in dollar amounts of activity reported).
  • Ransomware-related SARs reported amounts totaling almost $1.2 billion in 2021.
  • Approximately 75% of ransomware-related incidents between June 2021 and December 2021 were connected to Russia-related ransomware variants.

The Report, which stated that the majority of these ransomware payments were made in Bitcoin, serves as a particular reminder to cryptocurrency exchanges of their role in both identifying and reporting ransomware-related transactions facilitated through their platforms.  The Report stresses that SAR filings play an essential role in helping FinCEN identify ransomware trends.

Continue Reading  FinCEN Reports Staggering Increase in Reported Ransomware Attacks

With Guest Speaker Matthew Haslinger of M&T Bank

We are extremely pleased to offer a podcast (here) on the legal and logistical issues facing financial institutions as they implement the regulations issued by the Financial Crimes Enforcement Network (FinCEN) pursuant to the Anti-Money Laundering Act of 2020 (AMLA) and the Corporate Transparency Act

Enforcement Trends, Crypto, the AML Act — and More

We are very pleased to be moderating, once again, the Practising Law Institute’s 2022 Anti-Money Laundering Conference on May 17, 2022, starting at 9 a.m. This year’s conference will be both live and virtual — and it will be as informative, interesting and timely as always. 

On April 5, 2022 the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) announced sanctions against “the world’s largest and most prominent darknet market, Hydra Market” and Garantex, a virtual currency exchange registered in Estonia but operating in Moscow and St. Petersburg, Russia.  The sanctions are part of a larger initiative targeting Russian cybercrime that spans across multiple federal departments—including the U.S. Department of Justice, Federal Bureau of Investigations, Drug Enforcement Administration, Internal Revenue Service Criminal Investigation, and Homeland Security Investigations—and across the globe—including international partners like the German Federal Criminal Police and Estonia’s Financial Intelligence Unit.  The sanctions follow September and November sanctions of SUEX OTC, S.R.O. and CHATEX, two virtual currency exchanges operated out of Moscow that allegedly facilitated transactions for ransomware actors.  SUEX was the first virtual currency exchange subject to OFAC sanctions (and the subject of a previous post).

While ostensibly focused on closing another avenue for ransomware purveyors to profit off of their wares, the sanctions may also cut off all types of cybercriminals who allegedly find “a haven” in Russia and used Hydra or Garantex.
Continue Reading  OFAC Designates “Hydra” –  the Largest Darknet Market – and Third Russian Virtual Currency Exchange

On March 1, 2022, the U.S. Department of the Treasury (“Treasury”) published its National Risk Assessment for Money Laundering, Terrorist Financing, and Proliferation Financing (the “NMLRA”), identifying the national threats, vulnerabilities, and risks facing the U.S. financial system.  The NMLRA is 74 pages long and comprehensively covers many different perceived threats and vulnerabilities, including the misuse of legal entities, virtual assets, real estate, investment advisors, and casinos.  This post therefore selects three key issues for closer analyses.

First, cybercrime (a topic we cover frequently) in the form of ransomware received the dubious honor of representing “a larger and growing share of the overall money laundering threat in the United States.”  Second, professional money laundering organizations (“PMLOs”) continue to peddle their illicit services internationally to launder the proceeds of cybercrime, narcotics trafficking, and other schemes on behalf of organized criminal enterprises.  Third, merchants and professionals, such as lawyers, real estate professionals, and financial services employees, continue to perform – knowingly or unknowingly – critical functions in support of money laundering schemes and obfuscating the source of ill-gotten gains.
Continue Reading  U.S. Treasury Identifies Ongoing and Emergent Money Laundering Risks and Vulnerabilities

On March 7, the Financial Crimes Enforcement Network (“FinCEN”) issued an alert “advising all financial institutions to be vigilant against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions implemented against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions implemented in connection with the Russian Federation’s further invasion of Ukraine.”  The press release is here.  The alert itself is here.
Continue Reading  Russian Sanctions:  FinCEN Provides Red Flags for Potential Evasion Attempts

Federal law enforcement and regulators continue to focus on technology-driven financial crime — specifically, cyber-enabled fraud and the laundering of illicit funds through cryptocurrency.  Last week, the Department of Justice (“DOJ”) announced that Eun Young Choi will serve as the first Director of the National Cryptocurrency Enforcement Team (“NCET”).  As we have blogged, the DOJ created in 2021 the NCET in order to address issues on which we repeatedly have blogged:  crypto exchangers and their AML obligations; the process of tracing digital asset transactions; ransomware; so-called “professional” money launderers; and the use of crypto to launder serious crimes such as drug trafficking and human trafficking.  This attempt at a coordinated government approach to crypto enforcement followed the announcement earlier in 2021 by the Financial Crimes Enforcement Network (“FinCEN”) of appointing its first-ever Chief Digital Currency Advisor.

Meanwhile, FinCEN has stressed the need for, and utility of, specific information to be submitted by the victims of cyber-enabled financial crime schemes, or the financial institutions of those victims, to FinCEN’s Rapid Response Program, or RRP.  The RRP seeks to share financial intelligence and recover the proceeds of crime.
Continue Reading  DOJ, FBI and FinCEN Continue to Focus on Crypto and Cyber Financial Crime

On January 13, 2022, Himamauli “Him” Das, the Acting Director of FinCEN, virtually addressed the Financial Crimes Enforcement Conference hosted by the American Bankers Association and the American Bar Association.  In his speech, Mr. Das highlighted the transformation and modernization of the anti-money laundering/counter-terrorist financing (“AML/CFT”) regulatory framework from a tool updated in the wake of September 11, 2001 to combat money flows to terrorist organizations, to an instrument designed to address the more complex current and future challenges presented by digital assets and strategic corruption.

Acting on the authority accorded FinCEN by the Anti-Money Laundering Act of 2020 (the “AML Act”), FinCEN has been in the process of reorganizing and upscaling several of its divisions in order to meet increased obligations. New divisions include the Global Investigations Division, the Strategic Operations Division and the Enforcement and Compliance Division, which together work to combine resources against bad actors, share information, and act to resolve investigations across the financial sector. Mr. Das focused on three additional areas that FinCEN would concentrate on moving forward: new threats, new innovations and new partnerships.
Continue Reading  Transformation of the AML/CFT Regulatory Regime Requires Innovation and Collaboration, According to FinCEN Acting Director

As anticipated, the Office of the Comptroller of the Currency, the Federal Reserve Board, and the FDIC recently approved and released the Final Rule Requiring Computer-Security Incident Notification (“Final Rule”).  The Final Rule is designed to promote early awareness and stop computer security incidents before they become systemic.  It places new reporting requirements on both

On October 15, 2021, the Financial Crimes Enforcement Network (“FinCEN”) issued a financial trend analysis on ransomware relating to Suspicious Activity Reports (“SARs”) filed in the first half of this year (“Analysis”).  According to the Analysis, U.S. banks and financial institutions reported $590 million in suspected ransomware payments in SARs filed between January and June 2021, more than the total for all of 2020.  FinCEN found that ransomware payments are often made using virtual currency, such as Bitcoin (“BTC”).  The Office of Foreign Assets Control (“OFAC”) also released guidance in tandem with the FinCEN Analysis, addressing how the virtual currency industry can address sanctions-related risks.

Ransomware appears to be top-of-mind at the U.S. Treasury, as we have blogged.  FinCEN’s Analysis and OFAC’s guidance came quickly on the heels of OFAC issuing on September 21 a six-page Updated Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments, which states that OFAC will consider self-reporting, cooperation with the government and strong cybersecurity measures to be mitigating factors in any contemplated enforcement action against a ransomware victim that halts an attack by making the demanded payment to attackers who were sanctioned or otherwise had a sanctions nexus.  Also on September 21, 2021, OFAC issued its first sanctions designation against a virtual currency exchange by designating the virtual currency exchange “for its part in facilitating financial transactions for ransomware variants.”
Continue Reading  FinCEN Reports Spiraling SARs Relating to Ransomware