Suspicious Activity Report (SAR)

Subscribe to Suspicious Activity Report (SAR)

Indictment Focuses on “High Risk” Transactions Involving Mexico, Bulk Cash, and Zero SAR Filings

On September 13, the United States Attorney’s Office for the Eastern District of New York announced that defendant Hanan Ofer pleaded guilty to “failing to maintain an effective anti-money laundering program.”  Ofer and his co-defendant, Gyanendra Asre, were named in a March 2021 indictment (the “Indictment”) alleging they funneled “hundreds of millions of dollars from high-risk foreign jurisdictions” – primarily, Mexico – from 2014 to 2016, through “small, unsophisticated financial institutions” without implementing an anti-money laundering program as required by the Bank Secrecy Act (“BSA”).  Ofer and Asre were charged with failure to maintain an effective anti-money laundering (“AML”) program, failure to file (any) Suspicious Activity Reports (“SARs”), and the operation of an unlicensed money transmitting business.

As we discuss, it is a little difficult to draw clear lessons from the Indictment.  Although the DOJ press release emphasizes the eye-catching number of $1 billion, neither the press release nor the Indictment actually describe these transactions as “suspicious,” much less as involving specific illicit proceeds.  Rather, and as we discuss, the transactions are described merely as “high risk.” Thus, and although it is entirely possible that the government has access to evidence which it did not reference in the charges, the Indictment appears to rely heavily on a very process-oriented theory of prosecution:  the defendants failed to implement adequate processes to monitor and/or prevent transfers that were “high risk,” but not demonstrably related to illicit funds involving specific underlying criminality.

It is also important to acknowledge the Indictment’s allegations against both defendants for operating, apparently “on the side,” a separate unlicensed money transmitter business of their own.  Here, the allegations are more concretely severe:  the unlicensed money transmitter business “involved the transportation and transmission of funds that were known to the defendants to have been derived from a criminal offense or were intended to be used to promote and support unlawful activity.”  Although it is impossible to know, this charge presumably pressured in part Mr. Ofer to plead guilty to more process-oriented BSA charges involving the $1 billion in “high risk” transfers at other financial institutions.

Continue Reading  AML Compliance “Expert” Pleads Guilty to Failure to Maintain Effective AML Program for Over $1 Billion in High-Risk Transactions

How effective is the current framework for filing Suspicious Activity Reports, or SARs?  The AML Act mandates that federal law enforcement agencies provide statistics to assist Congress, regulators, and financial institutions answer this question.  Specifically, it requires the Department of Justice (“DOJ”) to annually produce a report to the Secretary of the Treasury containing statistics, metrics and other information on the use of Bank Secrecy Act (“BSA”) reports.  It further requires the Financial Crimes Enforcement Network (“FinCEN”), to the extent possible, to periodically disclose to financial institutions summary information on SARs that proved useful to law enforcement; it also requires FinCEN to review SARs and publish information on threat patterns and trends.

Yet, on August 25, 2022, the United States Government Accountability Office (“GAO”) published a report, Action Needed to Improve DOJ Statistics on Use of Reports on Suspicious Financial Transactions, describing how the DOJ has not fulfilled that statutory mandate.  The GAO’s report sets forth two recommendations: (1) the DOJ should include data on the use of BSA reports in its ongoing agency-wide efforts to improve data collection; and (2) involve its Chief Information Officer and Statistical Official in the design of its annual BSA statistical report. 

Arguably, the most eye-catching observation of the report is that FinCEN itself “cannot currently provide comprehensive feedback on the impact of BSA reports [to the DOJ] because agencies do not provide FinCEN with comprehensive data on their use of those reports or the effect they had.”  Accordingly, and despite ongoing calls for FinCEN to provide meaningful feedback (now, a statutory requirement under the AML Act), FinCEN “cannot connect their data on report searches to the impact of those reports on case outcomes.”

Continue Reading  GAO Report: DOJ Cannot Provide Meaningful Feedback on SAR Use

Case Involves Familiar But Instructive Regulatory Findings

The New York Department of Financial Services (“NYDFS”) made clear last week that crypto companies can be held accountable for allegedly failing to comply with anti-money laundering (“AML”) / Bank Secrecy Act (“BSA”) regulations.  Federal and certain State laws require crypto companies like Robinhood Crypto, LLC (“RHC”) to maintain effective AML programs, and to implement systems to identify suspicious activity and block illegal transactions on their platforms (which we have previously discussed, including here and here).  On August 2, 2022, NYDFS announced that it entered a Consent Order penalizing RHC $30 million for alleged AML, cybersecurity and consumer protection violations.  RHC also is required to retain an independent consultant to perform compliance assessments evaluating the Company’s remediation efforts. 

This enforcement action is entirely consistent with the recent Guidance on Use of Blockchain Analytics issued by the NYDFS, directed to all virtual currency business entities that either have a NYDFS Bitlicense or are chartered as a limited purpose trust company under the New York Banking Law.  As we have blogged, the Guidance emphasizes “the importance of blockchain analytics to effective [AML] policies, processes, and procedures, including, for example, those relating to customer due diligence, transaction monitoring, and sanctions screening.”

The Consent Order contains a litany of alleged AML deficiencies, many of which have figured prominently in other enforcement actions.  We detail them below.  From a BSA/AML perspective, the key focus – not surprisingly – was on the adequacy of RHC’s transaction monitoring systems.  Again, the message is:  written policies and programs may look great on their face, but actual execution is key.  The adequate funding and staffing of compliance functions is also critical.

Continue Reading  Crypto Compliance Matters: NYDFS Fines Robinhood $30M for Alleged AML, Cybersecurity, and Consumer Protection Violations

The Financial Crimes Enforcement Network (FinCEN) and the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) issued a joint alert on June 28, 2022, warning of evasion attempts by individuals or entities to circumvent BIS export controls implemented in response to the Russian Federation’s renewed invasion of Ukraine. Both agencies urged financial institutions to remain vigilant against bad actors’ attempts to evade BIS export controls. The alert provided an overview of current BIS export restrictions, listed particular commodities of concern for export control evasion, and outlined transactional and behavioral red flags that could indicate attempts to avoid sanctions.

This is FinCEN’s third alert in relation to sanctions imposed on Russian in response to the war in Ukraine.  As we previously blogged, on March 7, 2022, FinCEN urged vigilance by financial institutions against potential Russian Federation attempts to evade sanctions. On March 16, 2022, FinCEN reiterated the need for increased vigilance by financial institutions in detecting suspicious transactions involving real estate, luxury goods, and other high-value assets.

The joint alert comes on the heels of the June 27, 2022 announcement by the United States and the other G7 nations to intensify their coordinated sanction measures in response to Russia’s war of aggression.  A day later, on June 28, 2022, the Treasury Department’s Office of Foreign Assets Control (OFAC) issued determinations pursuant to prior Executive Orders implementing the new measures.  These include prohibiting the importation of Russian gold (EO 14068), as well as new sanctions and export restrictions on entities like Rostec, a key Russian state owned conglomerate, which forms the foundation of Russia’s defense industry (EO 14024).

Continue Reading  FinCEN and BIS Issue Joint Alert on Potential Russian and Belarusian Export Control Evasion

On June 15, FinCEN issued an Advisory on Elder Financial Exploitation (“Advisory”) to warn financial institutions about the rising trend of elder financial exploitation (“EFE”), which FinCEN defines as “the illegal or improper use of an older adult’s funds, property, or assets, and is often perpetrated either through theft or scams.”  The Advisory is detailed.  It highlights new EFE typologies and potential red flags and builds upon a related advisory issued in 2011.  It also offers tips on Suspicious Activity Report (“SAR”) filings and describes other resources available to fight EFE.

Continue Reading  FinCEN Warns Against Elder Financial Exploitation

Enforcement Trends, Crypto, the AML Act — and More

We are very pleased to be moderating, once again, the Practising Law Institute’s 2022 Anti-Money Laundering Conference on May 17, 2022, starting at 9 a.m. This year’s conference will be both live and virtual — and it will be as informative, interesting and timely as always. 

On April 28, 2022 the New York Department of Financial Services (“NYDFS”) issued its Guidance on Use of Blockchain Analytics, a document directed to all virtual currency business entities that either have a NYDFS Bitlicense or are chartered as a limited purpose trust company under the New York Banking Law.  The Guidance emphasizes “the importance of blockchain analytics to effective policies, processes, and procedures, including, for example, those relating to customer due diligence, transaction monitoring, and sanctions screening.”

The NYDFS is stressing the role of blockchain analytics in anti-money laundering (“AML”) compliance because “virtual currencies such as Bitcoin and Ether can be transferred peer-to-peer directly from one individual or entity to another pseudonymously, absent the use of a regulated third party (e.g., between non-custodial wallets, or self-hosted wallets that allow users to maintain control of their private keys). . . . [T]hese wallet addresses are typically pseudonymous, with nothing on the face of the transfer tying back to the originator, beneficiary, or underlying beneficial owners.”

Given the potential compliance challenges presented by such characteristics, the NYDFS wants virtual currency entities to leverage the fact that virtual currencies also enable provenance tracing because “the blockchain ledger’s immutability typically allows a historical view of a virtual currency transmission between wallet addresses, providing the opportunity for greater visibility into transaction lineage than is typically found with traditional, fiat funds transfers.”

The Guidance provides that, ultimately, all risk mitigation strategies must account for an entity’s business profile to assess risk across types of virtual currencies and effectively address the specific characteristics of any particular virtual currency involved.  If a virtual currency entity chooses to outsource its control functions to third-party service providers rather than use only internally developed blockchain analytics, it must have “clearly documented policies, processes, and procedures with regard to how the [third-party] blockchain analytics activity integrates into the [entity’s] overall control framework consistent with the [entity’s] risk profile.”
Continue Reading  NYDFS Stresses Use of Blockchain Analytics for AML Compliance by Virtual Currency Businesses

The Office of the Comptroller of the Currency (“OCC”) entered into a Consent Order (available here) with Anchorage Digital Bank (“Anchorage”), which requires Anchorage to create a compliance committee and take steps to remediate alleged shortcomings with respect to the implementation and effectiveness of Anchorage’s Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) program.  Notably, Anchorage will pay no civil penalty.

Anchorage is not any regular entity overseen by the OCC:  it is a cryptocurrency custodian.  As we will discuss, the timing of the Consent Order indicates that even when regulators permit crypto activities by financial institutions, they remain cautious, particularly as to BSA/AML compliance.  The OCC’s actions send a clear message that regulated entities offering emerging technology financial services must adhere to the same BSA/AML monitoring and reporting requirements as more traditionally regulated entities.
Continue Reading  OCC Targets BSA/AML Compliance by Anchorage Digital Bank – Only 15 Months After Granting National Trust Bank Charter to the Crypto Custodian

Sanctions involving Russia is a front-burner issue for all businesses, but particularly for financial institutions. As we previously blogged, the Financial Crimes Enforcement Network (“FinCEN”) issued on March 7 an alert calling for increased vigilance in the face of potential evasion of Russian sanctions. On March 16, FinCEN issued its second alert on the topic (the “Alert”), reiterating the need for increased vigilance and assisting financial institutions in detecting suspicious transactions involving high-value assets to evade sanctions.

We discuss here the Alert, which provides guidance to financial institutions on how to identify suspicious transactions relating to the use of certain high-value assets by Russian elites, their family members and their “proxies.” The Alert reminds financial institutions of the importance of quickly identifying suspicious activity related to the disposition of sanctioned Russian assets. The Alert also highlights the international and domestic task forces that were formed to effectuate the sanctions laws we describe below, emphasizing the need for cross-agency collaboration and information sharing to achieve the common goal of sanctioning Russia’s power players.  However, and as we discuss, the Alert unfortunately offers no guidance on how “proxies” should be identified or defined.
Continue Reading  Russian Sanctions Redux: FinCEN Issues Guidance on Suspicious Transactions and Evasion Using High-Value Assets

On March 7, the Financial Crimes Enforcement Network (“FinCEN”) issued an alert “advising all financial institutions to be vigilant against potential efforts to evade the expansive sanctions and other U.S.-imposed restrictions implemented in connection with the Russian Federation’s further invasion of Ukraine.”  The press release is here.  The alert itself is here.
Continue Reading  Russian Sanctions:  FinCEN Provides Red Flags for Potential Evasion Attempts