In today’s ACFCS Fincrime Briefing, Elliptic reviews the fincrime compliance conundrums around Facebook’s Libra crypto coin in a lively podcast, authorities shutter Latvian bank with checkered AML history, new FCC telephone scam glossary, and more.

Please enjoy this unlocked story, part of the many benefits of being an ACFCS member.

Want to talk about industry trends, story ideas or get published? Feel free to reach out to ACFCS Vice President of Content Brian Monroe at the email address above. Now, on to more sweet sweet content!

ACFCS Financial Crimecast – Facebook’s Libra crypto coin is coming: A look at what it means for fincrime professionals

Facebook made big waves in the crypto world and beyond this June when it released plans for a new cryptocurrency, Libra.

The system is still in the making, but once completed, it would be rolled out to Facebook’s more than two billion users, bringing cryptocurrencies thoroughly into the mainstream and possibly challenging existing payment systems.

The announcement was met with excitement from some, and deep skepticism from others. Worries over financial crime risk were among the top concerns already voiced by regulators like the US Federal Reserve and legislators in both houses of Congress.

In this Financial Crimecast, Dr. Tom Robinson, Chief Scientist and Co-Founder of Elliptic, guides listeners on what Libra is, how it operates differently than other cryptocurrencies, and why it matters at all for those in AML, fraud and other fincrime roles.

He gives insights on things that professionals can do right now to prepare for this potentially game-changing development.

To listen to the full ACFCS podcast, click here.

I really enjoyed this podcast as it cut through the hype, hoopla and fear mongering that has been going on by prognosticators, pundits and politicians to really explain why Facebook decided to create a new currency for the masses, a mission meant to more easily link the world together – not provide an invisible crypto coin to enable criminals to tear it apart.

Even so, this podcast points out that many of the same risks for Bitcoin and other crypto currencies will likely be challenges for Libra, including money laundering, fraud and sanctions evasion – critical vulnerabilities that make having a strong anti-money laundering program at related crypto exchanges all the more important.

Interestingly, as the Elliptic subject matter expert points out in this podcast, the seemingly anonymous nature of crypto transactions could actually be the key to a criminal financial crime network’s downfall as all transactions are built on a foundation of transparency on a public ledger.

And while, yes, flesh and blood entities are not inextricably linked with the these at-times gibberish names on the blockchain, companies like Elliptic and others have advanced analytical capabilities to link crypto currency addresses to real world entities and then further to illicit activity to better uncover when certain addresses are tied to groups engaged in felonious financial crimes.  

Rooting for OFAC: A Sanctions to-don’t list that gets to the ‘root’ of the problem by reviewing recent penalties through lens of new compliance guidance

In guidance published earlier this year (Framework document), the US Treasury Department’s Office of Foreign Assets Control (OFAC) lists 10 “root causes” of inadequate sanctions compliance programs (SCPs) derived from historical enforcement actions it has taken:

1. Lack of a formal OFAC SCP
2. Misinterpreting, or failing to understand the applicability of, OFAC’s regulations
3. Facilitating transactions by non-U.S. persons, including through or by overseas subsidiaries or affiliates
4. Exporting or re-exporting U.S.-origin goods, technology or services to OFAC-sanctioned persons or countries
5. Utilizing the U.S. financial system, or processing payments to or through U.S. financial institutions, for commercial transactions involving OFAC-sanctioned persons or countries
6. Sanctions screening software or filter faults
7. Improper due diligence on customers/clients (e.g., ownership, business dealings, etc.)
8. Decentralized compliance functions and inconsistent application of an SCP
9. Utilizing non-standard payment or commercial practices
10. Individual liability

Let’s look back at OFAC’s 2019 enforcement actions and see how they correspond to each of these program faults, based on the behaviors related to each penalty, and OFAC’s assessment of those behaviors. That will give us some sense of how frequently each of these occurs.

Here is a slice of those actions focusing on financial institutions:

Western Union Financial Services, Inc: June 7, 2019

Western Union had a substantial screening program for its agents, but did not similarly scrutinize discrete locations of those agents.

In the case which was the focus of the enforcement, a sub-agent was mischaracterized as a location of one of Western Union’s agents and was therefore not identified as an Specially Designated National (SDN) for a substantial amount of time.

Relevant root causes: 2, 7

State Street Bank and Trust Co: May 28, 2019

State Street utilized a separate screening system, and used personnel other than those in the firm’s central sanctions compliance unit to review matches, for its Retiree Services unit.

Although the system did produce alerts for 45 payments linked to a US citizen resident in Iran, all the items were ultimately approved by compliance personnel who were not sanctions specialists.

Relevant root causes: 2, 8

UniCredit Bank: April 15, 2019

UniCredit’s German, Austrian (as Bank Austria) and Italian operations all used non-transparent payment structures, including use of SWIFT cover payments, to process funds related to parties blacklisted under multiple OFAC sanctions programs.

There is also evidence that at least some transactions processed by the Austrian and Italian operations were altered after being rejected by US financial institutions so that they would be processed without incident.

Additionally, the German offices also made reimbursements under a letter of credit with the apparent knowledge that the goods being shipped would be re-exported to Iran.

Relevant root causes: 5, 9

Standard Chartered Bank: April 9, 2019

Standard Chartered (SCB) had two separate settlements on this date. In the first case, due to an inadequate set of controls that included insufficient due diligence, SCB’s Dubai branch processed a large number of financial transactions that violated sanctions against Iran, Sudan and Syria.

The global settlement also includes evidence of a relationship manager coaching an Iranian person on how to process their transactions, presumably to avoid OFAC penalties. In the second case, SCB’s Zimbabwe affiliate processed financial transactions through its New York branch for parties on the SDN List, as well as those implicated by the 50 Percent Rule.

Root causes referenced: 5, 7, 10, (via KYC 360).

ACFCS extensively covered the OFAC SCP guidance in stories and a video review. What I really enjoyed about this story is it graded recent OFAC actions through the updated filter of the SCP, which itself was a seminal piece of guidance, but also came tethered with a list of major failures and their “root” causes.

This story analyzes several high-profile actions against banks, corporates and other firms and details what OFAC would consider the root failure, helping to create a roadmap for future companies to identify these issues now and, hopefully, prevent themselves from making the same mistakes.

On heels of National Fraud Awareness Week, FCC launches new scam glossary, offering tips, tactics to identify, evade more than 50 phone-based hustles

The U.S. Federal Communications Commission (FCC) on Monday released a helpful, detailed guide to help consumers from being defrauded by phone-based charlatans, scofflaws and snake oil salesmen with the publication of its “scam glossary.”

The alphabetized glossary describes more than 50 classic and emerging fraudster machinations, including robocall scams, spoofing scams and related consumer fraud, which the FCC tracks through complaints filed by consumers, news reports, and notices from other government agencies, consumer groups and industry sources.

Glossary entries also include links to more detailed information posted in the Consumer Help Center and to trusted external sources, (via the FCC).

I absolutely loved reading through this resource and think the FCC should scream from the mountaintops it has created such a helpful piece of consumer shielding by arming the everyman with knowledge on top scammer tactics.

In short: read this and share it liberally with everyone you know. At your job. At home. Be particularly annoying and cloying with older relatives and parents – the prime senior targets that are aggressively hounded by fraudsters and who sometimes fall for their ploys.

Here are snippets of some of my favorites:

• Back-to-School-Scams: Calls or messages to college students may offer what seem to be official scholarships, house rentals, roommate arrangements, loans or tech support, with the aim of maliciously acquiring sensitive information or money.
• “Can You Hear Me” Scam: Scammers open by asking a yes-or-no question, such as: “Can you hear me?” or “Is this X?” Their goal is to record you saying “yes” in response. They then may use that recording to authorize charges over the phone.
• Catfishing/Online Dating Scams: Catfishers create fake identities on dating apps and social media to coax you into fake online relationships. They often quickly move to personal channels such as phone or email, using your trust to acquire money or personal info, or help you hide their criminal activities. You’ll probably never meet them in person.

Latvian bank with checkered AML past that also accused central bank head of corruption to be shuttered: ECB

A Latvian lender that accused the country’s central bank head of corruption – the same institution that changed its name after broad financial crime compliance and sanctions failures – is failing and will be shut down, European banking authorities said on Thursday.

PNB Banka, one of the smallest lenders under ECB supervision with just 550 million euros of assets, has seen “significant deterioration in its capital situation to the point that the bank’s assets were less than its liabilities,” the ECB said in a statement.

The lender came into the spotlight when it accused Latvia’s central bank chief Ilmars Rimsevics of seeking bribes and using the local supervisor’s decisions “as a goad to extort.” The bank also has struggled in its compliance program tied to dealing with regions blacklisted by the U.S.

Rimsevics, who has denied all accusations, was briefly detained by Latvian authorities last year and barred from office for several months but the European Court of Justice said that Latvia has failed to prove his guilt so his removal was illegal.

Rimsevics, still faces corruption charges but has been reinstated as central bank chief and ECB Governing Council member while the legal proceedings are ongoing.

The bank has also struggled on anti-money laundering.

In 2017, Latvian supervisor FCMC fined PNB 1.5 million euros ($1.7 million) for allowing clients to violate sanctions imposed by the European Union and United Nations on North Korea.

To read the full FCMC penalty order, which cites the help of U.S. federal investigative agencies, click here.

In what many considered a bid to distance itself from the high-profile sanctions failings, the bank renamed itself from Norvik to PNB, in late 2018, (via Reuters). To read the full European Central Bank release, click here.

This is a rare action by the Latvian government – a full bank shutdown – but the move has many layers to it and seemingly predestined some of the broader financial crime and compliance failings in Latvia that eventually led to the Danske Bank money laundering scandal, involving illicit sums in the hundreds of billions of dollars.

In the FCMC penalty order from 2017, the regulator stated it had detected similar violations of circumventing international sanctions requirements in four other banks in Latvia.

“At the end of June this year the FCMC entered into administrative agreements that stipulates banks pay the monetary fine. The FCMC also publicly disclosed the findings and provided comprehensive information,” it said at the time.

It’s clear Latvia is trying to follow in the footsteps of regulators and investigators in the U.S., European Union and the United Kingdom by engaging in statement-making actions to capture the attention of regional banks to strengthen AML compliance processes and prod them into investigating larger and more complex potential laundering cases.

The FCMC is under enormous pressure, as are other watchdog bodies in Latvia, to prove to European authorities it can handle financial crime compliance oversight in its region – or it could face the wrath from EU officials who are currently retooling laws to better name, shame and penalize member state regulators – not just banks – for failing on AML and tacitly allowing their jurisdictions to become the destination of choice for mega money laundering networks.