A Guest Blog by Professor Moyara Ruehsen

Today we are very pleased to welcome guest blogger Moyara Ruehsen, PhD, CAMS, CFCS, who is  an Associate Professor and Director of the Financial Crime Management Program at the Middlebury Institute of International Studies in Monterey, California. For more than 20 years, Professor Ruehsen has taught financial crime-related courses on a variety of topics including money laundering, trade-based financial crime, corruption, proliferation financing, terrorist financing and cyber-enabled financial crime.  She has published articles and book chapters on a variety of topics related to threat finance and is a Certified Anti-Money Laundering Specialist and a Certified Financial Crime Specialist. Professor Ruehsen also consults for the U.S. government, multilateral organizations and the private sector. She served for several years on the Editorial Advisory Board of Money Laundering Alert, and the Middle East Task Force of the Association of Certified Anti-Money Laundering Specialists, or ACAMS.

For an extremely entertaining and illuminating discussion by Professor Ruehsen of how popular TV and movies gets money laundering right (and wrong), see here.

This blog post takes the form of a Q & A session, in which Professor Ruehsen responds to several questions posed by Money Laundering Watch about the critical topic of cyber-enabled financial crime. We hope you enjoy this discussion, which addresses how cyber-enabled financial crime threatens financial institutions and their customers. –Peter Hardy
Continue Reading Cyber-Enabled Financial Crime and Money Laundering

The Office of the Comptroller of the Currency (“OCC”) issued a letter yesterday stating that  “a national bank [and federal savings associations] may provide . . . cryptocurrency custody services on behalf of customers, including by holding the unique cryptographic keys associated with cryptocurrency. This letter also reaffirms the OCC’s position that national banks may provide permissible banking services to any lawful business they chose, including cryptocurrency business, so long as they effectively manage the risks and comply with applicable law.”  (“Letter”).

The key phrase above is “any lawful business.”  When a financial institution deals with crypto clients, whether the institution is actually dealing with a customer engaged in lawful activity is literally the question.  Oddly, therefore, the Letter is simultaneously groundbreaking and yet also nothing new.
Continue Reading OCC Announces that Federally-Chartered Banks and Thrifts May Provide Custody Services for Crypto Assets

OIG Audit Alleges DEA Ignored Oversight, Misunderstood Digital Currency, Didn’t Actually “Follow the Money,” and Overstated Accomplishments

A recent audit conducted by the Department of Justice (“DOJ”)’s Office of Inspector General (the “OIG”) revealed that the Drug Enforcement Agency (“DEA”) acted outside the scope of its authority while transacting tens of millions of dollars involving illicit activity during undercover operations from fiscal years 2015 to 2017.

The focus of the audit was a specific type of undercover operation known as Attorney General Exempted Operations (AGEOs). AGEOs are particularly risky because they are income-generating operations, designed to infiltrate and dismantle drug trafficking and money laundering organizations. Because of the sensitive nature of these investigations and the amount of money at stake, AGEOs are meant to be heavily supervised by the Attorney General (AG), other lawyers within DOJ and Congress.

The 72-page, partly redacted audit clearly found that the DEA repeatedly ignored its reporting policies, neglected its internal controls, and flagrantly violated the statutes governing AGEOs. This audit an important reminder that law enforcement agencies, even when pursuing the laudable goal of investing criminals through the often highly successful tool of undercover investigations, are still subject to legal limitations and standards, because agencies themselves are susceptible to fraud and abuse. This audit shows the importance of oversight and accountability, and reveals how bad actors sometimes can exist on both sides of an investigation.  Finally, the audit also suggests that the DEA often failed to pursue investigative leads and did not examine whether businesses and other third parties knowingly laundered the illicit money being transacted through AGEOs: once the target of the AGEO was “in the bag,” spin-off money laundering investigations did not occur.
Continue Reading DEA Accused of Ongoing Missteps in Undercover Operations

Travel These Days

Kenneth Blanco, Director of the Financial Crimes Enforcement Network (“FinCEN”), recently provided remarks about FinCEN’s “Travel Rule” at the first truly-virtual Consensus Blockchain Conference. The Travel Rule, which became effective in 1996, requires money services businesses (“MSBs”) – including cryptocurrency exchanges – to maintain identifying information on all parties in fund transfers of over $3,000 between financial institutions. As we discuss below, this principle creates real-world practical problems in the digital currency industry, in which it is not necessarily easy to obtain such information, unlike the traditional banking industry.

During his remarks, Director Blanco applauded the Financial Action Task Force’s (“FATF”) guidance issued last June, about which we have blogged here, instructing its 180 international member governments to similarly demand that virtual asset service providers (“VASPs”) collect “accurate originator information and required beneficiary information” on transactions of $1,000 or more. FATF’s pronouncement sent some shockwaves through the digital currency industry.

Notably, Director Blanco also lauded the efforts of cross-sector organizations and working groups to develop international standards and solutions to aid compliance with the Travel Rule. He urged for continued cooperation between FinCEN and the virtual currency industry to effectively implement Anti-Money Laundering (“AML”) measures consistent with the Travel Rule.
Continue Reading FinCEN Director Blanco Urges Collaboration Across Virtual Currency Industry to Comply with Travel Rule

We are really pleased to be moderating the Practising Law Institute’s 2020 Anti-Money Laundering Conference on May 12, 2020, starting at 9 a.m. Perhaps needless to say, this year’s conference will be entirely virtual.  But the conference still should be as informative, interesting and timely as always.  Our conference co-chair, Nicole S. Healy of Ropers

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.

In this podcast, we examine two recent OCC

Regulatory Examination and Related Enforcement Also Highlights Perceived Risks of Banking Crypto Clients

The Department of the Treasury’s Office of the Comptroller of the Currency (“OCC”) recently issued a Consent Order against M.Y. Safra Bank arising from the bank’s decision to accept a variety of high-risk, Digital Asset Customers (“DACs”), allegedly without implementing the necessary Bank Secrecy Act (“BSA”) and Anti-Money Laundering (“AML”) controls. Although the OCC did not impose a monetary penalty against the bank, it demanded that the bank implement and maintain a remarkably broad array of potentially costly and extremely detailed measures to strengthen its AML program. And, notably, the OCC specifically tasked the bank’s Board of Directors with implementing, overseeing, and reporting on these measures.

We describe here the OCC’s examination into and requirements imposed on M.Y. Safra Bank. The Consent Order is a reminder to the boards and management of all financial institutions that if they pursue novel and higher-risk customers – certainly, a potentially defensible business plan in our increasingly competitive business environment – then they absolutely have to adjust accordingly their AML compliance program and accompanying transaction monitoring to compensate for such increased risk. This is particularly true when those new customers employ novel technologies or business products which require a particularized ability to understand and address from an AML perspective. New, creative business lines are not necessarily bad – so long as the implementation of the AML compliance program is adjusted appropriately to identify and manage the new risk.

The Consent Order also is a reminder that, as the BSA/AML Examination Manual of the Federal Financial Institutions Examination Council states, “[t]he board of directors, acting through senior management, is ultimately responsible for ensuring that the bank maintains an effective BSA/AML internal control structure,” and otherwise must create a culture of compliance.

This Consent Order and related OCC AML exam and enforcement issues – including the liability of not just institutions, but also the potential individual liability of AML in-house professionals – will be the topic of a forthcoming installment in Ballard Spahr’s Consumer Finance Monitor Podcast by the firm’s AML Team. Please stay tuned our podcast, and read on here.
Continue Reading OCC Action Highlights Increased Accountability Facing Boards of Directors

Case Sheds Light on Latest Methods to Evade Detection: “Peeling” Chains

On March 2, the U.S. government sanctioned and indicted two Chinese nationals for helping North Korea launder nearly $100 million in stolen cryptocurrency. The indictment, filed in the District of Columbia, charges the defendants with conspiring to commit money laundering transactions designed to both “promote” and “conceal” the underlying crimes of wire fraud (the theft of the cryptocurrency via hacking) and operating as an unlicensed money transmitter — the latter of which is also charged in the indictment as an additional count.

According to the related and detailed civil forfeiture complaint, these funds were only a portion of those stolen in 2018 by state-sponsored hackers for North Korea from a South Korean exchange. These actions, notable in several respects, provide a glimpse at the latest methods of laundering cryptocurrency.

Anyone attempting to launder illicit cryptocurrency faces at least two big challenges. First, due to rigid know-your-customer rules, one cannot simply deposit large amounts of funds at an exchange without raising red flags. Second, because all cryptocurrency transactions are recorded on a blockchain, they can be traced.

To clear these hurdles, the complaint alleges that North Korean hackers used “peeling chains.” In a peeling chain, a single address begins with a relatively large amount of cryptocurrency. A smaller amount is then “peeled” off this larger amount, creating a transaction in which a small amount is transferred to one address, and the remainder is transferred to a one-time change address. This process is repeated – potentially hundreds or thousands of times – until the larger amount is pared down, at which point the amount remaining in the address might be aggregated with other such addresses to again yield a large amount in a single address, and the peeling process goes on.
Continue Reading Two Chinese Nationals Charged with Money Laundering Over $100 Million in Cryptocurrency for North Korea

First in a Two-Post Series

The U.S. Department of Treasury (“Treasury”) has issued its 2020 National Strategy for Combating Terrorist and Other Illicit Financing (“2020 Strategy”). This document sets forth the key priorities of the U.S. government regarding enforcement of the Bank Secretary Act (“BSA”), and the furthering of the government’s Anti-Money-Laundering (“AML”) and Combating the Financing of Terrorism (“CFT”) goals in general. It is lengthy document addressing numerous issues – albeit in a relatively high-level fashion in regards to any specific issue.

In this post, we will summarize the findings and recommendations of the 2020 Strategy, and will highlight some topics this blog has followed closely – including calls for: increased transparency into beneficial ownership; strengthening international regulation and coordination, and modernization of the AML/BSA regime. Our next post will focus on the 2020 Strategy as it relates to combating money laundering relating to real estate transactions and “gatekeeper” professions, such as lawyers, real estate professionals and other financial professionals, including broker-dealers.

The 2020 Strategy also focuses on several other important issues which we will not discuss in this limited blog series, but on which we certainly have blogged before, including the role of money laundering in international trade, casinos, money services businesses and digital assets.
Continue Reading Treasury Department’s 2020 National Illicit Finance Strategy: Aspirations for BSA/AML Modernization and the Combatting of Key Threats

Last Thursday, FinCEN Deputy Director Jamal El-Hindi appeared at the 20th annual Anti-Money Laundering (AML) and Financial Crimes Conference hosted by the Securities Industry and Financial Markets Association (SIFMA) in New York City. His prepared remarks covered three main topics at the intersection of the securities industry and FinCEN’s enforcement goals: (i) AML compliance trends and current challenges; (ii) the value of Bank Secrecy Act (BSA) filing data; and (iii) the current regulatory landscape.

El-Hindi not surprisingly stressed transparency and information sharing, the value of BSA reporting data, and the need for legislation regarding the collection of beneficial ownership at the corporate formation stage. El-Hindi also suggested – perhaps without the complete agreement of his audience – that regulators tend to under-regulate, rather than over-regulate. He stated: “But in an area such as ours where we have developed a strong partnership with industry and where we believe that you are just as vested in our mission to thwart bad actors as we are, it is important for us to use our authorities fully.”

His remarks are particularly relevant given the 2020 Examination Priorities recently issued by the SEC’s Office of Compliance Inspections and Examinations (OCIE), which states that the OCIE will prioritize examining broker-dealers and investment companies “for compliance with their AML obligations in order to assess, among other things, whether firms have established appropriate customer identification programs and whether they are satisfying their SAR filing obligations, conducting due diligence on customers, complying with beneficial ownership requirements, and conducting robust and timely independent tests of their AML programs.”
Continue Reading FinCEN Stresses Transparency, BSA Filing Data, and Perils of “Under- Regulating” to Securities Industry