Search results for: 311

On August 27, 2024, the New York State Department of Financial Services (“NYDFS”) announced a consent order involving a $35 million settlement with Nordea Bank Abp (“Nordea”) for alleged significant failures related to anti-money laundering (“AML”) compliance. Nordea, headquartered in Helsinki, Finland, operates globally, including through a licensed branch in New York, which has its own AML and transaction monitoring requirements.

The enforcement action, which followed revelations from the Panama Papers leak, found that Nordea allegedly failed to conduct proper due diligence on high-risk correspondent banking relationships and maintained inadequate AML controls.  According to the NYDFS, the Panama Papers implicated Nordea in aiding clients in establishing offshore shell companies in order to facilitate illicit activities.

The consent order alleges that Nordea violated New York law by allowing compliance failures in its AML program and procedures to persist.  Meanwhile, Danish officials recently charged Nordea with repeatedly violating Denmark’s anti-money laundering act between 2012 and 2015, thereby exposing Nordea, potentially, to extremely significant fines.  As we will discuss, although the consent order implicates many different issues, the NYDFS enforcement action represents, in part, the latest chapter in the continued fall-out from the massive AML scandal involving Dankse Bank.  The consent order also highlights, once again, the particular risks posed by correspondent banking relationships, on which we repeatedly have blogged (for example, here, here, and here).

Continue Reading NYDFS Imposes $35 Million Fine on Nordea Bank for Alleged AML Failures Following Panama Papers Revelations

Strategy Touts Regulations on Beneficial Ownership, Real Estate and Investment Advisers, but Bemoans Lack of Supervisory Resources for Non-Bank Financial Institutions

The U.S. Department of the Treasury has issued its 2024 National Strategy for Combatting Terrorist and Other Illicit Financing (“Strategy”).  It is a 55-page document which, according to the government’s press release, “addresses the key risks from the 2024 National Money Laundering, Terrorist Financing, and Proliferation Financing Risk Assessments. . . and details how the United States will build on recent historic efforts to modernize the U.S. anti-money laundering/countering the financing of terrorism (AML/CFT) regime, enhance operational effectiveness in combating illicit actors, and embrace technological innovation to mitigate risks.”

The Strategy discusses an enormous list of topics.  Given the breadth of its scope, the Strategy generally makes only very high-level comments regarding any particular topic.  This post accordingly is extremely high level as well, and offers only a few select comments. 

Continue Reading Treasury Issues Broad National Strategy for Combatting Illicit Financing

The Financial Crimes Enforcement Network (“FinCEN”) recently issued a Financial Trend Analysis (“Analysis”) focusing on patterns and trends identified in Bank Secrecy Act (“BSA”) data linked to Elder Financial Exploitation (“EFE”) involving scams or theft perpetrated against older adults.

The Analysis is a follow up to FinCEN’s June 2022 EFE Advisory (“2022 Advisory”). The Analysis reviews BSA reports filed between June 15, 2022 and June 15, 2023 that either used the key term referenced in the 2022 Advisory (“EFE FIN-2022-A002”) or checked “Elder Financial Exploitation” as a suspicious activity type.  In its 2022 Advisory, FinCEN warned financial institutions (“FIs”) about the rising trend of EFE, which FinCEN defines as “the illegal or improper use of an older adult’s funds, property, or assets, and is often perpetrated either through theft or scams.” The 2022 Advisory identified 12 “behavioral” and 12 “financial” red flags to help FIs detect, prevent, and report suspicious activity connected to EFE. Additionally, FinCEN recommended EFE victims file incident reports to the FBI’s Internet Crime Complaint Center (IC3) and the Federal Trade Commission. Consistent with a risk-based approach to BSA compliance, FinCEN encouraged FIs to perform additional due diligence where appropriate.

Continue Reading FinCEN Issues Analysis of Increasing Elder Financial Exploitation

Years in the making, on February 13, the Financial Crimes Enforcement Network (“FinCEN”) issued a notice of proposed rulemaking (“NPRM”) to include “investment adviser” (“IA”) within the definition of “financial institution” under the Bank Secrecy Act (“BSA”). FinCEN has posted a fact sheet on the NPRM here.

The NPRM subjects broad categories of IAs to statutory and regulatory anti-money laundering/countering terrorist financing (“AML/CTF”) compliance obligations. FinCEN is accepting comments on the NPRM until April 15, 2024.

Continue Reading FinCEN Seeks to Make Investment Advisers Subject to Bank Secrecy Act

A Huge Monetary Penalty for Sprawling Allegations – But Will Zhao Receive a Prison Sentence?

As the world now knows, Binance Holdings Limited, doing business as Binance.com (“Binance” or the “Company”), has entered into a plea agreement with the U.S. Department of Justice (“DOJ”).  

Binance is registered in the Cayman Islands and regarded as the world’s largest virtual currency exchange. It agreed to plead guilty to conspiring to willfully violating the Bank Secrecy Act (“BSA”) by failing to implement and maintain an effective anti-money laundering (“AML”) program; knowingly failing to register as a money services business (“MSB”); and willfully causing violations of U.S. economic sanctions issued pursuant to the International Emergency Economic Powers Act (“IEEPA”). Despite the plea agreement, Binance will continue to operate.

Changpeng Zhao, also known as “CZ,” also pleaded guilty to violating the BSA by failing to implement and maintain an effective AML program. Zhao is Binance’s primary founder, majority owner, and – until now – CEO. As part of his plea agreement, Zhao has stepped down as the CEO, although he apparently will keep his shares in Binance.

As part of its plea agreement, Binance has agreed to forfeit $2,510,650,588 and to pay a criminal fine of $1,805,475,575 for a total criminal penalty of $4,316,126,163. Binance also entered into related civil consent orders with the Financial Crimes Enforcement Network (“FinCEN”), the Commodity Futures Trading Commission (“CFTC”), and the Office of Foreign Assets Controls (“OFAC”). Zhao also entered into a consent order with the CFTC.

The allegations are vast and detailed, and much digital ink already has been spilled regarding this matter. Our discussion therefore will be relatively high-level. Distilled, the government alleges that Binance – under the direction of Zhao – tried to hide the fact that it operated in the U.S., purposefully avoided any meaningful AML compliance, and consequently laundered many millions of dollars’ worth of cryptocurrency involving extremely serious criminal conduct, including terrorism, child pornography, and U.S. sanctions evasion.

As for Zhao, and as we will discuss, whether he will go to prison – and if so, for how long – is an open and very interesting question. His sentencing currently is scheduled for February 23, 2024.

Continue Reading Binance Settles Criminal and Civil AML and Sanctions Enforcement Actions for Multiple Billions – While its Founder, Owner and Former CEO Zhao Pleads Guilty to Single AML Crime

On October 23, the Financial Crimes Enforcement Network (“FinCEN”) published a notice of proposed rulemaking (“NPRM”) entitled Proposal of Special Measure Regarding Convertible Virtual Currency Mixing, as a Class of Transactions of Primary Money Laundering Concern.  Section 311 of the Patriot Act, codified at 31 U.S.C. § 5318A (“Section 311”), grants the Secretary of the Treasury authority – which has been delegated to FinCEN – to require domestic financial institutions and agencies to take certain “special measures” if FinCEN finds that reasonable grounds exist for concluding that one or more classes of transactions within or involving a jurisdiction outside of the United States is of “primary money laundering concern.” 

In this NPRM, FinCEN proposes to designate under Section 311 all convertible virtual currency (“CVC”) mixing transactions, as defined by the NPRM.  This designation would require imposing reporting and recordkeeping requirements upon covered financial institutions (“FIs”) regarding transactions occurring by, through, or to a FI when the FI “knows, suspects, or has reason to suspect” that the transaction involves CVC mixing.

The NPRM is complicated and raises complex questions.  We only summarize here, and note selected issues.  Comments are due on January 22, 2024.  FinCEN can expect many comments.

Continue Reading FinCEN Proposes to Require Recordkeeping and Reporting for CVC Mixing Transactions

Complex Civil and Criminal Cases Converge

On August 17, 2023, Judge Robert Pitman of the federal district court for the Western District of Texas issued an Order granting summary judgment for the U.S. Treasury Department (“Treasury”) in a lawsuit brought by six individuals, and denying the cross-motion for summary judgment filed by the individuals. The lawsuit alleged that Treasury overstepped its authority by imposing sanctions on the coin mixing service Tornado Cash.  Deciding for the government, Judge Pitman determined that Tornado Cash is a “person” that may be designated by OFAC sanctions.  Specifically, the regulatory definition of “person” includes an “association,” and Tornado Cash is an “association” within its ordinary meaning.

Shortly thereafter, on August 23, 2023, the U.S. Department of Justice (“DOJ”) unsealed an indictment returned in the Southern District of New York against the alleged developers of Tornado Cash, Roman Storm (“Storm”), a naturalized citizen residing in the U.S., and Roman Semenov (“Semenov”), a Russian citizen.  The indictment charges them with conspiring to commit money laundering, operate an unlicensed money transmitting business, and commit sanctions violations involving the International Emergency Economic Powers Act, or IEEPA.  When the indictment was unsealed, Storm was arrested and then released pending trial.  Treasury simultaneously sanctioned Semenov, who remains outside of the U.S., adding him to OFAC’s Specially Designated Nationals and Blocked Persons (“SDN”) List.

These are very complicated cases raising complicated issues.  They are separate but obviously related.  As we will discuss, the factual and legal issues tend to blend together, and how a party characterizes an issue says a lot about their desired outcome:  has the government taken incoherent action against a technology, or has it pursued a group of people attempting to hide behind tech?

Continue Reading All Roads Lead to Roman: Alleged Tornado Cash Co-Founders Roman Storm Arrested and Roman Semenov Sanctioned, Days After Treasury Defeats Lawsuit Challenging OFAC

The “Highlights” — To Russia, With Crypto

The Financial Crimes Enforcement Network (“FinCEN”) issued on November 1 a Financial Trend Analysis regarding ransomware-related Bank Secrecy Act (“BSA”) filings during the second half of 2021 (the “Report”).  This publication follows up on a similar ransomware trend analysis issued by FinCEN regarding the first half of 2021, on which we blogged here.  

In the most recent analysis, FinCEN found that both the number of ransomware-related Suspicious Activity Reports (“SAR”) filed, and the dollar amounts at issue, nearly tripled from 2020 to 2021.  The notable takeaways from the Report include:

  • Ransomware-related SARs were the highest ever in 2021 (both in number of SARs and in dollar amounts of activity reported).
  • Ransomware-related SARs reported amounts totaling almost $1.2 billion in 2021.
  • Approximately 75% of ransomware-related incidents between June 2021 and December 2021 were connected to Russia-related ransomware variants.

The Report, which stated that the majority of these ransomware payments were made in Bitcoin, serves as a particular reminder to cryptocurrency exchanges of their role in both identifying and reporting ransomware-related transactions facilitated through their platforms.  The Report stresses that SAR filings play an essential role in helping FinCEN identify ransomware trends.

Continue Reading FinCEN Reports Staggering Increase in Reported Ransomware Attacks

On October 19, 2022, the U.S. Attorney’s Office for D.C., on behalf of the Financial Crimes Enforcement Network (“FinCEN”), filed a civil complaint against Larry Dean Harmon (“Harmon”), seeking $60 million in civil penalties for alleged violations of the Bank Secrecy Act (“BSA”) in connection with Harmon’s involvement in now-defunct cryptocurrency services Helix and Coin Ninja LLC.  The complaint seeks to obtain a judgment on FinCEN’s 2020 Assessment of Civil Money Penalty against Harmon (“Assessment”), which is attached to the complaint and includes a detailed statement of facts.

As we have blogged, Harmon previously pled guilty to operating an unlicensed money transmitter business.  Harmon’s sentencing hearing in the criminal case has been continued, and he reportedly has been attempting to cooperate with the government.  It appears that the civil complaint may represent something of a formality:  it seeks to reduce the assessment against Harmon to an actual civil judgment, upon which the government can collect in theory, in anticipation of Harmon’s criminal sentencing and any potential additional matters in which he may attempt to cooperate.

According to the complaint, starting in 2014, Harmon operated Helix, a bitcoin “mixing” service, which Harmon allegedly advertised explicitly as a way for customers to conceal their identities from the government.  The statement of facts attached to the Assessment alleged that Harmon “publicly advertised Helix on Reddit forums dedicated to darknet marketplaces, actively seeking out and facilitating high-risk transactions directly through customer service and feedback.”  Such “mixing” services – designed to maximize anonymity – increasingly have drawn the ire of the government, as reflected by the recent and controversial action by the Office of Foreign Assets Control to sanction virtual currency “mixer” – or passive technology – Tornado Cash.  

Continue Reading DOJ Files Lawsuit for $60 Million in Civil Penalties for Alleged BSA Violations by Crypto “Mixer”

Case Involves Familiar But Instructive Regulatory Findings

The New York Department of Financial Services (“NYDFS”) made clear last week that crypto companies can be held accountable for allegedly failing to comply with anti-money laundering (“AML”) / Bank Secrecy Act (“BSA”) regulations.  Federal and certain State laws require crypto companies like Robinhood Crypto, LLC (“RHC”) to maintain effective AML programs, and to implement systems to identify suspicious activity and block illegal transactions on their platforms (which we have previously discussed, including here and here).  On August 2, 2022, NYDFS announced that it entered a Consent Order penalizing RHC $30 million for alleged AML, cybersecurity and consumer protection violations.  RHC also is required to retain an independent consultant to perform compliance assessments evaluating the Company’s remediation efforts. 

This enforcement action is entirely consistent with the recent Guidance on Use of Blockchain Analytics issued by the NYDFS, directed to all virtual currency business entities that either have a NYDFS Bitlicense or are chartered as a limited purpose trust company under the New York Banking Law.  As we have blogged, the Guidance emphasizes “the importance of blockchain analytics to effective [AML] policies, processes, and procedures, including, for example, those relating to customer due diligence, transaction monitoring, and sanctions screening.”

The Consent Order contains a litany of alleged AML deficiencies, many of which have figured prominently in other enforcement actions.  We detail them below.  From a BSA/AML perspective, the key focus – not surprisingly – was on the adequacy of RHC’s transaction monitoring systems.  Again, the message is:  written policies and programs may look great on their face, but actual execution is key.  The adequate funding and staffing of compliance functions is also critical.

Continue Reading Crypto Compliance Matters: NYDFS Fines Robinhood $30M for Alleged AML, Cybersecurity, and Consumer Protection Violations