Incorporating in the Seychelles but Allegedly Operating in the U.S. Spells Trouble for Company and its Founders

Anse Source d’Argent, La Digue Island, Seychelles

The Bitcoin Mercantile Exchange, or BitMEX, is a large and well-known online trading platform dealing in futures contracts and other derivative products tied to the value of cryptocurrencies. Recently, the Commodity Futures Trading Commission (“CFTC”) filed a civil complaint against the holding companies that own and operate BitMEX, incorporated in the Seychelles, and three individual co-founders and co-owners of BitMEX for allegedly failing to register with the CFTC and violating various laws and regulations under the Commodity Exchange Act (“CEA”). The 40-page complaint alleges in part that the defendants operated BitMEX as an unregistered future commission merchant and seeks monetary penalties and injunction relief.

In a one-two punch, the U.S. Attorney’s Office for the Southern District of New York on the same day unsealed an indictment against the same three individuals, as well as a fourth individual who allegedly served various roles at BitMEX, including as its Head of Business Development. The indictment charges the defendants with violating, and conspiring to violate, the requirement under 31 U.S.C. § 5318(h) of the Bank Secrecy Act (“BSA”) that certain financial institutions – including futures commissions merchants – maintain an adequate anti-money laundering (“AML”) program.

Both documents are detailed and unusual. This appears to be only the second contested civil complaint filed by the CFTC based on the failure to register under the CEA in connection with the alleged illegal trading of digital assets (other than those for which settlement orders were entered into with the CFTC). The first such complaint was filed only a week prior against Latino Group Limited (doing business as PaxForex), but the BitMEX complaint has garnered more attention in light of BitMEX’s reputation and size. Most of the CFTC’s prior actions against digital asset companies involved claims for fraud or misrepresentation in the solicitation of customers. This complaint, against a relatively mature and large digital asset company, demonstrates that the CFTC continues to actively pursue trading platforms and exchanges that solicit orders in the United States without proper registration. In addition to failing to register, the complaint alleges that the defendants failed to comply with the regulation under the CEA, 17 C.F.R. § 42.2, which incorporates BSA requirements such as an adequate AML program.

The indictment is unusual because it charges a rare criminal violation of Section 5318(h) – the general requirement to maintain an adequate AML program. Although indictments against defendants involved in digital assets are increasingly common, this also appears to be the first indictment combining allegations involving the BSA, digital assets, and alleged futures commissions merchants.

The complaint and the indictment share the common theme that the defendants attempted to avoid U.S. law and regulation by incorporating in the Seychelles but nonetheless operating in the United States. The opening lines of the CFTC complaint declare that “BitMEX touts itself as the world’s largest cryptocurrency derivatives platform in the world with billions of dollars’ worth of trading each day. Much of this trading volume and its profitability derives from its extensive access to United States markets and customers.” Meanwhile, the indictment alleges that defendant Arthur Hayes – a Fortune “40 Under 40” listee – “bragged . . . that the Seychelles was a more friendly jurisdiction for BitMEX because it cost less to bribe Seychellois authorities – just “a coconut” – than it would cost to bribe regulators in the United States and elsewhere.” Continue Reading CFTC and DOJ Charge BitMEX and Executives With Illegally Trading in Digital Assets and Ignoring BSA/AML Requirements

October is National Cybersecurity Awareness Month, and the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) and Office of Foreign Assets Control (“OFAC”) kicked off the month by issuing two advisories that aim to increase cybersecurity awareness, assist financial institutions in detecting and reporting ransomware activity, and highlight potential sanctions risks for facilitating ransomware payments.

The FinCEN and OFAC advisories signal the seriousness with which the Department of Treasury treats the threat of cybercriminals and ransomware attacks. Both FinCEN and OFAC have now squarely placed an obligation on financial institutions and other payment intermediaries to put procedures in place to detect ransomware payments and to restrict payments to blocked individuals. It appears FinCEN and OFAC want to make sure cybercrime does not pay by cutting off cybercriminals’ access into the financial system.

While both FinCEN and OFAC have offered guidance to financial institutions formulating policies and procedures for deciding whether to process or report payment requests that may be connected to ransomware attacks, OFAC has also offered a warning: facilitating ransomware payments may lead to an enforcement action and civil penalties. Given the growing national security concerns associated with ransomware attacks, the advisories rightly encourage financial institutions and other payment intermediaries that facilitate ransomware payments to share information via Suspicious Activity Reports (“SARs”) and to fully cooperate with law enforcement during and after ransomware attacks. Continue Reading FinCEN and OFAC Advisories Aim to Increase Cybersecurity Awareness and Thwart Ransomware Attacks in the Financial Sector

Second Post in a Three-Post Series Regarding Recent Regulatory Action by FinCEN

On September 16, 2020, the Financial Crimes Enforcement Network (“FinCEN”) issued an Advance Notice of Proposed Rulemaking (“ANPRM”) soliciting public comment on what it describes as “a wide range of questions pertaining to potential regulatory amendments under the Bank Secrecy Act (“BSA”).” As stated, the job which FinCEN created for itself that resulted in the ANPRM was not a small one: “to re-examine the BSA regulatory framework and the broader AML regime.”

The ANPRM seeks to help modernize the current BSA/AML regime – modernization being a frequent theme of public comments by FinCEN Director Ken Blanco, as we have blogged. Indeed, the U.S. Department of Treasury’s 2020 National Strategy for Combating Terrorist and Other Illicit Financing calls for AML modernization, in order to “[l]everag[e] new technologies and other responsible innovative compliance approaches to more effectively and efficiently detect illicit activity.” Meanwhile, and as we have blogged, Congress has been contemplating various proposals for BSA/AML reform for some time (see here, here, here, here and here).

Despite its broad language, however, the ANPRM essentially boils down to a potential amendment requiring those financial institutions already required under the BSA to have an AML compliance program to formally include a risk assessment as part of their program – and for the risk assessment to take into account the government’s AML priorities, which the government will announce approximately every two years. On the one hand, this proposal does not add much that is new, because the vast majority of financial institutions required to maintain AML programs already perform risk assessments in order to conduct KYC and file Suspicious Activity Reports (“SARs”). On the other hand, the ANPRM takes a standard industry practice and turns it into a new regulatory requirement, thereby increasing liability risk. The ANPRM also touches on the tension between the government creating objective requirements – which can be helpful because they add clarity – in a compliance and enforcement regime that is supposed to be flexible and “risk based.” Under any scenario, the ANPRM is important and certainly will be the focus of industry attention.

This is the second post in a series of three blogs regarding a recent flurry of regulatory activity by FinCEN. In our first post, we discussed a final rule by FinCEN extending BSA/AML regulatory requirements to banks lacking a Federal functional regulator. In our third and final post, we will discuss the publication by FinCEN of a request for comment on existing regulations regarding enhanced due diligence for correspondent bank accounts. Continue Reading Regulatory Round Up: FinCEN Wants To Know What You Think About Modernizing the BSA/AML Regime

First Post in a Three-Post Series Regarding Recent Regulatory Action by FinCEN

The Financial Crimes Enforcement Network (“FINCEN”) has been busy. In the last two weeks, FinCEN has posted three documents in the Federal Register. Any one of these publications, standing alone, would be significant, particularly given the infrequency of such postings. Collectively they reflect an unusual flurry of regulatory activity by FinCEN, perhaps spurred by the impending election and potential management turn-over at FinCEN. These publications are:

  • A final rule (“Final Rule”) extending BSA/AML regulatory requirements to banks lacking a Federal functional regulator;
  • An advanced notice of proposed rulemaking regarding potential regulatory amendments regarding “effective and reasonably designed” anti-money laundering (“AML”) programs; and
  • A request for comment on existing regulations regarding enhanced due diligence for correspondent bank accounts.

Today, we discuss the Final Rule, published on September 14, 2020, extending BSA/AML regulatory requirements to banks lacking a Federal functional regulator. In our next posts, we will discuss the advanced notice and request for comment.

The Final Rule provides that banks lacking a Federal functional regulator now will be required to (i) develop and implement an AML program, (ii) establish a written Customer Identification Program (“CIP”) appropriate for the bank’s size and type of business, and (iii) verify the identity of the beneficial owners of their customers. While stressing the perceived importance of closing this prior gap in regulatory coverage, FinCEN also attempted to minimize concern that the Final Rule would impose a serious burden on the covered financial institutions. The Final Rule will become effective on November 16, 2020, with a compliance deadline of March 15, 2021. Continue Reading Regulatory Round Up: FinCEN Extends BSA/AML Requirements to Banks Lacking a Federal Functional Regulator

The Financial Action Task Force (FATF) recently published a report titled Virtual Assets: Red Flag Indicators of Money Laundering and Terrorist Financing. The report discusses a number of red flag indicators of suspicious virtual asset (VA) activities identified “through more than one hundred case studies collected since 2017 from across the FATF Global Network, literature reviews, and open source research.” The purpose of the report is to help financial institutions (FIs), designated non-financial businesses and professions (DNFBPs), and virtual asset service providers (VASPs) to create a “risk-based approach to their Customer Due Diligence (CDD) requirements.”

The report focuses on the following six categories of red flag indicators: those (1) related to transactions, (2) related to transaction patterns, (3) related to anonymity, (4) about senders or recipients, (5) in the source of funds or wealth, and (6) related to geographical risks.

When discussing red flags relating to transactions, FATF suggests that the size and frequency of transactions can be a good indicator of suspicious activity. For example, making multiple high-value transactions in short succession (i.e. within a 24-hour period) or in a staggered and regular pattern, with no further transactions during a long period afterwards. With regard to transaction patterns, FATF notes that large initial deposits with new users or transactions involving multiple accounts should also raise suspicion. Continue Reading FATF Identifies Red Flags for Virtual Assets and Money Laundering

We are pleased to offer the latest episode in Ballard Spahr’s Consumer Financial Monitor Podcast series — a weekly podcast focusing on the consumer finance issues that matter most, from new product development and emerging technologies to regulatory compliance and enforcement and the ramifications of private litigation.  Following up on a recent blog post, our podcast discusses how the banking regulators and FinCEN will approach the decision whether to take enforcement action against a financial institution (including what BSA/AML program failures typically would – or would not – result in cease and desist orders), and how the regulators’ statement differs from 2007 guidance.  We also discuss how the enforcement statements relate to recent updates to the BSA/AML examination manual, suggested practices for reducing compliance risk for institutions and individuals, and the upcoming national election’s potential impact on BSA/AML enforcement.

We hope that you enjoy the podcast, moderated by our partner Alan Kaplinksy, and find it useful.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here.  To visit Ballard Spahr’s Consumer Financial Monitor blog, please click here.

 

“Front” Seafood Businesses Allegedly Hid the Proceeds From Smuggled Shark Fins and Marijuana Distribution

Last week, the U.S. Attorney’s Office for the Southern District of Georgia unsealed an indictment returned in July, charging twelve defendants and two businesses with wire and mail fraud conspiracy, drug trafficking conspiracy, and money laundering conspiracy. The indictment describes a transnational criminal organization that allegedly began as early as 2010 and spanned multiple locations including, Georgia, District of Columbia, California, Florida, Michigan, Arizona, Hong Kong, Mexico, and Canada. The indictment accuses the defendants of submitting false applications for import/export licenses to the U.S. Fish and Wildlife Services, and using two seafood businesses and dozens of bank accounts to hide the proceeds of illegal activities.

According to the indictment, the criminal organization engaged in an international wildlife trafficking scheme involving shark finning—where a shark is caught at sea, its fins are removed, and the remainder of the living shark is discarded and left to die in the ocean. According to the indictment, shark finning supports the demand for shark fin soup, an Asian delicacy. Shark finning is among many illegal wildlife trade practices. Continue Reading DOJ and Multi-Agency Task Force Charge International Money Laundering, Drug Trafficking, and Illegal Wildlife Trade Scheme

It may go too far to say things are looking up for Danske Bank, but the institution was handed a significant victory when the Southern District of New York dismissed an investor lawsuit on August 24, 2020. As we blogged about here, here, here, and here, Danske Bank has been the subject of significant regulatory oversight, which has resulted in a foreseeable onslaught of investor lawsuits.

One such class action securities suit was brought by purchasers of DB American Depository Receipts against Danske and its former officers and board members over alleged misrepresentations about the bank’s financial condition in light of the now well-known anti-money laundering (AML) deficiencies in its Estonia branch, as well as the subsequent fallout. The suit relies heavily on the September 19, 2018 Bruun & Jhejle investigative report, which outlined various internal whistleblower complaints about the Estonia branch’s AML controls that were confirmed by a published audit by the Danish Financial Supervisory Authority. Subsequent investigations followed, including by U.S. authorities, resulting in significant financial blows to the bank.

The Court found that the plaintiffs not only had failed to meet the heightened pleading requirements regarding mental state for securities fraud claims, but had not even alleged facts sufficient to allege a material misrepresentation.  The decision reflects the potential difficulty of alleging (much less proving) a successful securities fraud claim based on alleged AML failures, particularly because it arises out of the globe’s largest and most notorious money laundering scandal.

Continue Reading Danske Bank Gets a (Rare) Break: New York Investor Lawsuit Dismissed for Failure to Sufficiently Allege Misrepresentations or Scienter

Regulators’ Joint Statement Attempts to Clarify AML Expectations Regarding Potential Corrupt Actors

On August 21, the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) and other banking regulators – specifically the Federal Reserve, the FDIC, the National Credit Union Administration, and the OCC – issued a joint statement that provides additional guidance in applying Bank Secrecy Act (“BSA”) due diligence requirements to customers who may be “politically exposed persons” (“PEPs”).

According to the joint statement, PEPs are “foreign individuals who are or have been entrusted with a prominent public function, as well as their immediate family members and close associates.” By nature of their roles in government and/or relationships with people of public influence, PEPs may present a higher level of risk of public corruption and bribery and, in turn, may pose a higher risk of taking part in transactions that involve illicit proceeds.

The joint statement thus identifies what constitutes a PEP; describes various risk-based factors that banks and other financial institutions should consider when determining whether to collect additional information from PEPs; and clarifies expectations on due diligence requirements for PEPs. Key clarifications regarding PEPs in the joint statement include:

  • PEPs do not include U.S. public officials.
  • PEPs are not high risk, ipso facto, by virtue of their status. Rather, banks ought to assess risk by a variety of factors, including, for instance, the nature of the PEP’s authority or influence over government activities or officials, his or her access to significant government assets or funds, the volume and nature of their transactions, and the type of products and services used.
  • There is no regulatory requirement in FinCEN’s customer due diligence (“CDD”) rule nor a supervisory expectation for banks and other financial institutions to implement “unique, additional due diligence steps for customers who are considered PEPs.” That said, PEPs are subject to traditional BSA/anti-money laundering requirements, including, for instance, suspicious activity reporting, customer identification, and beneficial ownership identification.
  • The CDD rule does not require banks to screen for or determine whether a customer – or a beneficial owner of the customer – is a PEP.

Notably, this guidance may be at odds with previously issued Financial Action Task Force (“FATF”) guidance that measures countries’ compliance with FATF standards; namely, a requirement in local law to conduct enhanced due diligence in certain “high risk circumstances,” a phrase that includes foreign PEP relationships.

Looking ahead, financial institutions may take comfort that there are no unique, additional due diligence requirements for PEPs. In practice, however, financial institutions should continue to assess their BSA/AML programs to ensure that its risk-based procedures are sufficient for conducting CDD on PEPs.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. Please click here to find out about Ballard Spahr’s Anti-Money Laundering Team.

Can BSA/AML Requirements Lead to Deemed Knowledge of Borrower Fraud?

The first two weeks of August brought a milestone of sorts in the ongoing recovery from the economic downturn brought on by the COVID-19 pandemic. The Paycheck Protection Program (“PPP”) ended its enrollment period on August 8, 2020 and the window for borrowers to apply to have their PPP loans forgiven opened on August 10, 2020.

The PPP was a centerpiece of the over $2 trillion Coronavirus Aid, Relief and Economic Security Act (“CARES Act”) that, according to a study by the Massachusetts Institute of Technology published on July 22, 2020 had to that point saved between 1.4 and 3.2 million jobs. Less formally observed but possibly more widely agreed, the PPP caused at least as many headaches with its rocky initial rollout and the ongoing uncertainty over applicable loan forgiveness standards. But, whereas implementing the PPP poses challenges to lenders now, due to the rampant fraud in the program (which, along with all COVID-19-related enforcement actions and policy statements, we track here) and its funding mechanics, it creates substantial downstream enforcement risk through the False Claims Act (“FCA”) for participating financial institutions.

Numerous districts already have charged borrowers with PPP-related fraud. To date, cases generally involve one of these scenarios:

  • Borrowers submitted fraudulent loan applications and supporting documents to seek PPP funds for businesses that either already had failed pre-pandemic or that they did not actually own.
  • Borrowers lied about amount, or even existence, of employees and payroll. These schemes involve inflated numbers of employees for companies, or even completely fake companies.
  • Borrowers certified that they would use loan funds to support payroll expenses or other allowable expenses, but in fact used all or most loan funds to pay personal and non-business expenses.

The prosecutions to date have all centered on relatively obvious fraud by borrowers, not lenders. But, wider-reaching investigations are occurring and though we are very much at the beginning of the enforcement phase, the magnitude of fraud in these programs is coming into focus. On September 1, 2020, the House Select Committee on the Coronavirus Crisis released a preliminary analysis finding, among other things, over $1 billion in fraudulent PPP loans were issued and identifying red flags with respect to an additional $2.98 billion in loans made to 11,000 borrowers.

And, as we discuss, the anti-money laundering (“AML”) requirements of lenders imposed under the Bank Secrecy Act (“BSA”) may expose lenders to greater risk under the FCA, which can impose civil liability for the reduced mental state of reckless disregard. Many lenders have extended PPP loans to previously-existing customers. This is a rational business decision, given typically lower business risks presented by existing customers and lower compliance costs, because existing customers do not need to provide beneficial ownership information under the Customer Due Diligence (“CDD”) rule of the BSA. However, because lenders also are required under the BSA to understand to a degree the historical and current activities of its customers, lenders may be deemed in future FCA actions to have “known” about red flags generated by fraudulent borrowers because of information obtained by the lenders properly executing their AML programs. That is, compliance with the BSA ironically may generate evidence for downstream FCA enforcement actions based on deemed “knowledge” by the lender of borrower malfeasance. This irony may be exacerbated by any disconnect in real time between the AML compliance staff at financial institutions and the front-line business people extending loans, particularly given the incredible speed with which institutions have extended PPP loans, at the government’s urging.

The point here is not that PPP lenders will face direct regulatory liability for alleged BSA/AML failures – although they may. Rather, the point is that PPP lenders may face enhanced FCA liability due to borrower information obtained through an entirely functional BSA/AML program. This phenomenon highlights the need for the “front” and “back” offices at lenders to communicate. Continue Reading PPP Lenders and Fraudulent Borrowers: False Claims Act Liability and AML Risk