In this week’s Financial Crime Wave, a look at the top fincrime compliance challenges 2018 could bring, a confusing battle between U.S. federal regulators over who should have oversight of virtual currencies and initial coin offering, investigators indict sanctions busting Iranian helping Venezuela, and more.
The top financial crime compliance challenges of 2018 and beyond: key insights from industry survey
From more regulatory pressure, to the perennial pain of penalties, it’s clear the stakes for financial crime compliance remain high. Regulatory in recent years, with a strong start to 2018, actions have produced a bevy of investigations and sanctions, jeopardized licenses and found individuals personally accountable and liable for noncompliance – jeopardizing not just employment at their current institution, but branding a red letter that could stigmatize a future in compliance. An industry survey has parsed out several key trends to prepare for, including:
- Board involvement, understanding: Boards of directors at financial institutions play a crucial role in the adoption and implementation of effective enterprise-wide AML and sanctions-compliance programs, but many boards aren’t leading the way, are involved enough to know what to do or have not been trained enough to make informed decisions on AML compliance.
- De-risking, re-risking: The de-risking trend seems to have led to a reduction in relationships—primarily correspondent banking—maintained by institutions, leading to more knotty problems. What? Now, de-risked entities are trying to re-risk themselves behind other front companies or go through other banks with less compliance savvy, leading to nigh invisible nested relationship dynamics.
- Sanctions blind-spots: Banks are expecting in the next two years to spend to spend prodigiously on AML systems, including a hefty bit of cash on sanctions screening systems. But these systems are not bullet proof, and must rely on informed, experienced and cross-trained analysis to make the right decisions to bury an alert, document the decision, or proclaim a positive hit. Those challenges magnify as geopolitical whims expand and contract the touch points of rogue regimes and their criminal minions improve their own creativity in sanctions busting, (via International Banker).
A look at AML segmentation: how to intelligently cluster similar entities to best parse out risk, behavior
Segmentation is a fundamental component of the anti-money laundering (AML) process, and is concerned with the groupings of entities based on similar business attributes and transactional behavior. Segmentation, when done well, enables AML typologies to focus on unusual behavior for specific groups of entities, using thresholds that allow precise detection of bad actors while minimizing the number of false positive alerts. In a large, geographically distributed bank that provides correspondent banking services, the transactions that involve non-bank customers appear as 3rd party corresponds, also known as pseudo-customers. Unlike a bank’s own customers for which KYC (know your customer) information is available, very little is known about these pseudo-customers. Because a definite identification of the party does not exist, it is particularly difficult to monitor such customers and categorize them.
Most institutions employ a hierarchical approach to segmentation. This approach requires business attributes for the top-down analysis and transaction summaries for the bottom-up analysis. This doesn’t work for pseudo-customers. Due to the absence of KYC information, the business attributes for non-bank customers are very limited, meaning the top-down analysis is not practical. Moreover, the bottom-up analysis is only focused on the rough summary of transactional behaviors, such as total transaction volume and/or dollar amount. The result is large, uneven segments that lack defining characteristics, (via Ayasdi).
In bank tech spending, AML continues to be hungry black hole
A new survey on bank risk, including where institutions on spending on technology to improve compliance, with the biggest money pit being AML, (via Bank Director).
Afghans logging thousands of graft cases, but still not enough
Afghanistan’s government said it has investigated 2,800 corruption cases since the country adopted its anti-graft strategy a year ago but non-governmental organizations claim this is not nearly enough in a country where corruption should be considered a threat to national security, (via the OCCRP).
Lessons from the first FCPA action of 2018: Corporates, don’t let your company lose focus of third-party due diligence, oversight of contractor payments
Just to remind every one of the threat of enforcement, the SEC announced its first enforcement action of this year against Elbit Imaging, an Israeli company. Elbit agreed to a $500,000 civil penalty and an SEC administrative settlement related to never engaging in adequate due diligence of third party consultants, and never checking they actually did the work they were getting paid millions of dollars to do. The new twist this year: an action related to the potential of a payment being corrupt – without actually showing it was gilded by graft. The SEC’s enforcement action is an important reminder of the importance of adhering to internal controls, conducting third-party due diligence, following accounts payable controls, and contracting/payment authorizations. The SEC’s ability to hold companies accountable for circumventing internal controls is a powerful enforcement tool, and the Elbit Engineering case is yet another example of the SEC’s use of this tool against global companies.
The SEC’s Order does not allege that Elbit paid bribes to a foreign official. To the contrary, the SEC’s discussion of the facts concludes with the fact that the undocumented and unverified payments may have been used for bribery payments to Romanian government officials. Plaza had no documentation or evidence that the two consultants performed any work to assist in the real estate project. Neither consultant attended any meetings or provided any reports relating to their consulting engagements. Nonetheless, between 2007 to 2012, Plaza paid the consultants approximately $14 million. Plaza’s top officers approved the payments to these consultants without securing appropriate documentation of the services provided, (via Michael Volkov).
With securities regulators, FinCEN battling over ICO oversight, do token issuers have to register as MSBs to hedge bets?
A new statement in a letter by the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), the country’s financial intelligence unit and administrator of anti-money laundering (AML) laws, has potentially added more confusion than clarity in determining what compliance rules apply to which virtual currency exchange initial coin offerings (ICOs). That because in recent months, the U.S. Securities Exchange Commission (SEC) and Commodities Futures Trading Commission (CFTC) have equated virtual currencies commodities and trading on their fluctuating value something under their purview. Complicating matters, however is a recent letter by from stating that, depending on the structure of the exchange and its offerings, it could potentially be a money services business (MSB), which comes with its own special set of AML requirements, including registering with FinCEN and being subject to federal exams.
As well, currently, virtual currency exchangers are required by federal rules to create AML compliance programs, vet and monitor customers and report suspicious activity, though many in some cases are hamstrung because certain transactions trace back to online monikers and not flesh and blood users or beneficial owners. In short, FinCEN stated that: “A developer that sells convertible virtual currency, including in the form of ICO coins or tokens, in exchange for another type of value that substitutes for currency is a money transmitter and must comply with AML/CFT requirements that apply to [MSBs].” As it stands now, only time will tell, through future government guidance or enforcement actions, which regulator exchanges must obey, (via O’Melveny and Myers).
Illicit financial flows in New Zealand soar past billion dollar mark
More than $1.35 billion-worth of illicit funds from fraud, tax offending and drug trafficking is ending up in New Zealand every year to be laundered, according to a new report from the NZ Police Financial Intelligence Unit, (via NZCity).
Offshore tax cheating remains on IRS “Dirty Dozen” list of tax scams, with twist of corporate opacity adding to mix
Over the years, numerous individuals have been identified as evading U.S. taxes by attempting to hide income in offshore banks, brokerage accounts or nominee entities. They then access the funds using debit cards, credit cards or wire transfers. Others have employed foreign trusts, employee-leasing schemes, private annuities or insurance plans for the same purpose. The IRS uses information gained from its investigations to pursue taxpayers with undeclared accounts, as well as bankers and others suspected of helping clients hide their assets overseas. While there are legitimate reasons for maintaining financial accounts abroad, there are reporting requirements that need to be fulfilled.
U.S. taxpayers who maintain such accounts and who do not comply with reporting requirements are breaking the law and risk significant fines, as well as the possibility of criminal prosecution. Avoiding taxes by hiding money or assets in unreported offshore accounts remains on the IRS “Dirty Dozen” tax scams for 2018, the agency said today. This long-running scheme to hide money in international accounts to avoid paying taxes has been a major focus for the IRS in recent years. Taxpayers should remain wary of these schemes given the continuing focus on this by the tax agency and the Justice Department, (via IRS).
More Fatca deadlines looming
U.S. releases draft Fatca compliance certification forms, hits at possible extension of looming July deadline, (via Fox Rothschild).
Wallet flaw can mean easy PINs for criminal hackers
A 15-year-old programmer named Saleem Rashid discovered a flaw in the popular Ledger hardware wallet that allowed hackers to grab secret PINs before or after the device was shipped, (via TechCrunch).
Processor vulnerability could allow widespread malware attacks
AMD vows to fix newly-disclosed processor vulnerabilities, which could allow attackers to access sensitive data, install malware and gain complete access to compromised machines, (via Engadget).
Federal, state regulators want public firms to report cyber events more quickly, fully
An analysis of NYDFS, SEC guidance on what companies must disclose related to cyberattacks, what constitutes “materiality” and a fresh reminder not to allow top officials to trade on stock after an attack, but before the virtual incursion has been announced to customers and industry, (via JD Supra).
More states turning against civil asset forfeiture
In federal civil asset forfeiture fight, more states decrying the practice, including Alabama, (via Tuscaloosa News).
As more countries capture beneficial ownership data, U.S. lags behind
A look at how the peculiarities of the U.S. financial system – read lack of beneficial ownership disclosure requirements or rules to make the data available to banks or law enforcement – is fueling widespread criminal money laundering throughout the land, (via Quartz).
FATF updates G20 on global fincrime fight as countries grapple with virtual currency conundrums
Global AML watchdog updates G20 on progress to fight financial crime, including widespread corporate opacity, terror attacks, rampant de-risking, and improving effectiveness of AML laws, prosecutions, forfeitures, (via FATF).
DOJ indicts Iranian national for evading sanctions, moving $115 Million from Venezuela through U.S.
The U.S. Department of Justice (DOJ) has charged Ali Sadr Hashemi Nejad (Sadr) for his alleged involvement in a scheme to evade U.S. economic sanctions against Iran, to defraud the U.S., and to commit money laundering and bank fraud. Sadr was charged with participating in a scheme in which more than $115 million in payments for a Venezuelan housing complex were illegally funneled through the U.S. financial system for the benefit of Iranian individuals and entities. In August 2004, the Governments of Iran and Venezuela entered into an agreement, whereby they agreed to cooperate in certain areas of common interest. The following year, both governments supplemented the Agreement by entering into a Memorandum of Understanding regarding an infrastructure project in Venezuela, which was to involve the construction of thousands of housing units in Venezuela.
The Project was led by Stratus Group, an Iranian conglomerate controlled by Sadr and his family with international business operations in the construction, banking, and oil industries. In December 2006, Stratus Group incorporated a company in Tehran, which was then known as the Iranian International Housing Corporation (IIHC). In connection with his role on the Project, Sadr took steps to evade U.S. economic sanctions and to defraud U.S. banks by concealing the role of Iran and Iranian parties in U.S. dollar payments sent through the U.S. banking system. For example, in 2010, Sadr and a co-conspirator used St. Kitts and Nevis passports and a United Arab Emirates address to incorporate two entities outside Iran that would receive U.S. dollar payments related to the Project on behalf of IIHC, (via DOJ).
Global sanctions can’t quench North Korea’s lux appetite
A look at the cunning and creativity of North Korean sanctions evaders, including the recalcitrant regimes taste for lux life in the form of diamonds and wine, (via the NY Times).
Facebook under fire for handling of user data
Facebook Inc. is drawing scrutiny from the main U.S. privacy watchdog and half a dozen congressional committees over how the personal data of 50 million users was obtained by a data analytics firm that helped elect President Donald Trump, (via Bloomberg).
Gemini cryptocurrency exchange has put forward a proposal to set up a self-regulatory organization (SRO) for the U.S. virtual currency industry, (via EconoTimes).
UK regulator clangs gong on fintech, pushes successful sandbox global
The U.K.’s Financial Conduct Authority is taking its fintech regulatory sandbox global, the regulator is looking to expand its popular regulatory sandbox overseas, with the aim of allowing companies to run tests across geographies, (via Computer World).
Texas gold refinery to pay $15 million fine for lax AML program, $3.6 billion laundering scheme
In a move that will no doubt prod banks to rethink their precious metals and gold refinery customers, a Texas gold refinery has agreed to be fined $15 million after three former employees were convicted in a $3.6 billion money-laundering case involving South American gold. Dallas-based Elemetal LLC pleaded guilty in Miami federal court Friday to one count of failure to maintain an adequate anti-money-laundering program. A judge must still approve the plea agreement.
Samer Barrage, Renato Rodriguez and Juan Granda pleaded guilty last year to importing illegally mined gold from Peru and other South American countries into the United States. Court documents show the men smuggled tainted gold between January 2013 and March 2017 for an Elemetal subsidiary, NTR Metals, in Miami. Prosecutors say the men circumvented Elemetal’s anti-money-laundering compliance program by buying gold from a drug trafficker, bribing Peruvian officials and falsifying paperwork, (via AP).
Singapore banking regulator fines Standard Chartered-related entities nearly $5 million on AML failures tied to customer risk ranking, monitoring
Singapore’s central bank imposed penalties of S$5.2 million ($3.95 million) on Standard Chartered Bank (SCBC) and S$1.2 million on Standard Chartered Trust (Singapore) (SCTS) for breaching money laundering rules and terrorism financing safeguards, echoing U.S. financial crime compliance penalties from 2014 that resulted in fines in the hundreds of millions of dollars. In a statement on Monday, the Monetary Authority of Singapore (MAS) said the breaches occurred when trust accounts of SCBS’ customers were transferred from Standard Chartered Trust (Guernsey) to SCTS from December 2015 to January 2016.
The MAS and Guernsey’s Financial Services Commission had been looking into Standard Chartered’s movement of some assets, mainly of Indonesian clients in late 2015, just before the Channel Island adopted new global rules on exchanging tax information. “The timing of the transfers raised questions of whether the clients were attempting to avoid their CRS reporting obligations. However, SCBS and SCTS did not adequately assess and mitigate against this risk factor, and also failed to file suspicious transaction reports in a timely manner,” MAS said, (via Reuters).
As HSBC uses new tech to clean house related to AML risk, some innocent businesses getting caught in the net, thrown out due to system glitches
A fitness operation is one of hundreds of HSBC clients whose accounts have been frozen as part of a compliance crackdown called Safeguard aimed at fighting financial crime, even after the bank said in September it had addressed flaws in the program. HSBC reinstated the person’s bank account within hours of being contacted by Reuters to ask about the reasons for the closure. Others have not been so lucky. Interviews with HSBC customers, letters and emails from the bank seen by Reuters, and a review of the lender’s social media complaints channels show some problems continue, and in some cases are worse.
The Safeguard program was launched in 2012 to gather more information about customers, such as who their own customers are and why they made or received certain payments. Complaints started to build up after they received a questionnaire in September 2015 presented by the bank as a routine check. HSBC introduced the program partly in response to scrutiny from the U.S. authorities who said that weak anti-money laundering controls had allowed Mexican drug cartels to launder hundreds of millions of dollars through the bank. HSBC was under threat of prosecution for five years unless it tightened controls. That period ended in December without prosecution, (via Reuters).
Banks want to push out push payment fraud, run by predatory scammers
Victims of a fraud which leads them to transfer money to a con-artist are typically losing nearly £3,000 each, new figures show. The cost of so-called authorized push payment fraud has been calculated by UK Finance, the banking trade body. A total of £236 million was lost last year, with banks unable to return nearly three-quarters (74 percent) of the money lost.
Victims think they are transferring money to someone official, such as a solicitor. They often occur when people transfer money during a housing transaction, or when paying an invoice for work done on the home. The fraudsters may have intercepted mail or hacked emails, then pose as the legitimate business by sending a payment demand, (via the BBC).
Latvia aiding Russia in laundering hefty sums
Dodgy Russian billions slipping through porous Latvian AML defenses, (via Reuters).
Russia lashing out in cyber world
Analysis of new sanctions on Russia tied to blatant and virulent cyberattacks, (via the IELR).
Virtual value key to cyber attack, laundering schemes
Crypto currency is the main tool for money laundering of cybercriminals, (via Finscanner).