In this week’s Financial Crime Wave, a new report details depth of Danish money laundering scandal, Liberia pursues former central bank chief for missing millions, one expert asks if the communal efforts of the compliance world are failing, and more.
Danske Bank states Estonian branch may have laundered $230 billion, CEO steps down
Denmark’s largest bank admitted that a Northern European branch has potentially laundered hundreds of billions of dollars in a widening financial crime probe that has risen larger each month, with the latest twist being that the head of the entire bank has stepped down in disgrace. When a whistle-blower alleged that employees of a branch of the Danish lender Danske Bank had been knowingly working with customers who had broken the law, it was not the first time that questions had been raised about that particular office. It would not be the last. Danske Bank said on Wednesday that its headquarters and its Estonian branch failed for years to prevent suspected money laundering involving thousands of customers.
The lender said it was unable to estimate the total amount of the suspicious transactions, but its nonresident operation in the Baltic nation improbably had total flows of 200 billion euros, or $234 billion — nearly equivalent to the size of the Danish economy. The chief executive, who had previously headed the bank’s international operations, quickly said he would resign. In an 87-page report commissioned and paid for by Danske Bank, a Danish law firm, Bruun & Hjejle, found that misconduct took place at the lender’s Estonian branch from 2007 to 2015, involving “objectionable” omissions, inaction and faulty processes at all levels of the bank. That meant the lender “was not sufficiently effective in preventing the branch in Estonia from being used for money laundering,” (via the New York Times).
Denmark’s largest bank, at the center of $150 billion money laundering investigation, took two years to close accounts of blacklisted Russian clients: report
Denmark’s largest bank, Danske Bank, reportedly knew that some of its Estonian branch’s clients were on the Russian government’s blacklist but did not close their accounts for two years. The bank is currently being probed by three countries over $150 billion money laundering allegations. Danske seemingly OK with sanctioned clients? Danske Bank is currently under investigation by authorities in three countries: the US, Denmark, and Estonia. Its officials reportedly “knew earlier than previously indicated about problems at its tiny Estonia branch, including that it held accounts for blacklisted Russian clients,” The Wall Street Journal reported Tuesday, citing correspondence it has seen. The publication elaborated:
The Estonian branch was one of the bank’s profit drivers, generating a net profit of €63 million (~US$73.5 million) in 2012, the most lucrative year. The whole bank reported €636.6 million (~$742.6 million) in net profit that year, the publication noted. The largest bank in Denmark has been at the center of one of Europe’s largest money laundering cases. Between 2007 and 2015, an estimated $150 billion was suspected to have flowed through the branch to accounts belonging to non-Estonian customers including Russian clients. However, the bank has not confirmed how much of that figure comes from suspicious transactions. It has launched an internal investigation and is expected to announce the results on Wednesday, Sept. 19, (via Bitcoin News).
Ex-Liberia Central Bank chief under probe for missing $104 million, state seeks FBI help
More than a dozen government officials, including former central bank governor and his deputy, have come under investigation in Liberia after $104 million of newly printed banknotes vanished from the state purse. Liberia has issued a travel ban to Milton Weeks, the ex-Central Bank of Liberia chief, his deputy Charles Sirleaf, son of former president Ellen Jonhson Sirleaf, and several others pending the investigation. The Liberian government has enlisted the United States of America and the International Monetary Fund (IMF) to assist in the investigation of L$16 billion (roughly US$104 million), which disappeared from state coffers.
This comes as the West African country on Wednesday barred at least 15 people, including former central bank governor Milton Weeks and Charles Sirleaf, son of the former president, from leaving the country pending the investigation. According to the Liberian Observer, President George Weah’s administration approached the U.S. Federal Bureau of Investigations (FBI), Treasury Department and the IMF seeking assistance in the ongoing probe, to “adequately account for all flaws of monies printed and brought into the country between 2016 and 2018,” (via Bitcoin News).
Former Malaysian leader Najib faces 25 charges linked to $681 million in 1MDB case
Former Malaysian premier Najib Razak seeks trial for charges linked to $681 million that appeared in his personal bank accounts, as authorities speed up efforts to prosecute those who had allegedly embezzled from the 1MDB state fund. Najib faces allegations comprising 21 counts of receiving, using and receiving illicit funds, as well as four counts of corruption after he appeared at court in Kuala Lumpur on Thursday. He has pleaded not guilty in earlier arraignments linked to the receipt of 42 million ringgit ($10.2 million) from a 1MDB unit, as well as to accusations of money laundering and abuse of power.
1MDB is at the center of a global scandal involving claims of embezzlement and money laundering, which have also triggered investigations in the US, Singapore, Switzerland and other countries. Malaysian investigators are increasingly moving their sights overseas to advance probes and the government has sought cooperation from other countries to repatriate monies and assets that it said were purchased with 1MDB money. Prime Minister Mahathir Mohamad seeks to recoup $4.5 billion potentially lost through the state fund as Malaysia grapples with debt and liabilities worsened by government guarantees on 1MDB debt, (via the Bangkok Post).
Phishing, Vishing And Smishing: Organized Cybercrime Under GDPR, could new data rules be making things worse?
Technology is fueling all manner of cybercrime, from credit card skimming to extortion of money from data breach victims, according to the Internet Organised Crime Assessment 2018, a report by Europol. And far from helping, GDPR and other privacy laws could actually hamper investigation of these crimes. For one thing, regulatory measures such as GDPR and the NIS Directive are limiting law enforcement’s ability to access data. In addition, the redacting of all personal data from WHOIS records is “significantly hampering the ability of investigators across the world to identify and investigate online crime,” the report states.
As if all that wasn’t bad enough, here’s the most bizarre thing: That steep GDPR fines for data breaches could lead to “scenarios where hackers may try to extort companies over their data loss,” the report states. “While this is not new, it may be that the hacked companies would rather pay a smaller ransom to a hacker for non- disclosure than the steep fine that might be imposed by their competent authority.” There certainly is a lot to investigate. Among the many forms of criminal mischief are:
- Ransomware — While growth is slowing, ransomware is “still overtaking banking Trojans in financially-motivated malware attacks.”
- DDos — This means distributed denial-of-service attacks, an increasingly common form of attack because it is “low-cost and low-risk,” the report states.
- Card-Not-Present fraud — Skimmed credit-card data is often sold on the dark net, but it is decreasing, thanks to geo-blocking technology.
- Cryptocurrency crime — Criminals are abusing cryptocurrencies to fund their activities, and hacking currency exchangers, mining services and other “wallet-holders.”
- Social engineering — Email phishing is the most frequent form of this crime, along with vishing (via telephone) and smishing (via SMS). Bad actors use these tools to obtain personal data, steal identities and obtain money.
- Cryptojacking — An emerging form of cybercrime, this is the exploitation of internet users’ bandwidth and processing power to mine cryptocurrencies.
- The Darknet — This continues to serve as a free market for criminals, despite the closing down of three of the largest dark net markets in 2017: AlphaBay, Hansa and RAMP
In investigating all of these crimes, banks, financial intelligence units, domestic and international law enforcement agencies all need access to data to follow money trails, investigate parties hiding in virtual worlds and craft the foundation of cases. If the data has been destroyed or certain entities are fearful to share data for fear of GDPR penalties, that could hamstring investigations and allow criminal groups to operate freely, (via Email Insider).
Is compliance failing?
With more companies spending more than ever compliance, why are there so many examples of financial crime non-compliance with related scandals and high-profile penalties? Volkswagen cheated on diesel emissions tests. Wells Fargo opened millions of unauthorized bank accounts. Barclays Bank rigged interest rates — then, on orders from the CEO, hunted down an internal whistleblower. Uber “greyballed” some customers so they wouldn’t see it violating local laws. Mylan price-gouged the public with its Epipen. Theranos was a top-to-bottom blood-testing sham.
In the FCPA world, Telia, VimpelCom, and SocGen bribed their way to business growth. Even Keppel Offshore & Marine from squeaky clean Singapore was into big-time graft in Brazil. But do those headlines, as bad as they are, prove that compliance has failed? Not at all. As more companies adopt compliance programs so they can be part of the global supply chain, there’s more compliance in the world, not less. Why, then, are there so many bad headlines? The reason is because it has never been easier to expose fraud and corruption, or harder to hide it, (via the FCPA Blog).
AML and Anti-Fraud: How inefficient AML gets regulators all riled up and some strategies to improve compliance pain points
A look at how disparate data dilemmas and tech troubles can spell doom for compliance programs. Financial services providers who violate Anti-Money Laundering (AML) and Anti-Fraud compliance requirements by neglecting to report suspicious transactions expeditiously risk paying a higher price than ever. What should firms watch out for? Particularly the financial services sector in the U.S. is feeling the increased pressure since the new Beneficial Ownership requirements of the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) went into effect earlier this year. Enforcement actions under federal law in the U.S. by regulators have included fines in the million or even billion-dollar range, banking or brokerage license revocation, and criminal charges levied against individual executives.
How can financial services firms ensure compliance under growing regulatory scrutiny? In many cases which resulted in enforcement action, companies handling transactions that should have raised red flags had not filed Suspicious Activity Reports (SARs) as required by regulators. Among the reasons cited frequently were technical complexities and the lack of internal oversight and adequately trained personnel. In many enforcement cases, these factors were exacerbated without need by a sluggish response to the investigating authority’s demand. This begs the question: Why did firms continue to violate compliance once they were put on notice by regulators? In addition to simple negligence, the available enforcement reports indicate two main reasons. Disparate data sources and a lack of compliance-ready IT tools prevent companies to “promptly produce” the requested documents as demanded by the authorities, (via Tech Bullion).
With more banks, regulators sharing more financial data domestically, internationally to fight financial crime, ethics questions arise: should they and what protections are in place?
As more country’s financial intelligence units, institutions and investigators share more data on customers to counter increasingly aggressive and global criminal groups, new questions arise about innocent accountholders who get investigated, shunned or their accounts dropped while new fears arise related to data security, misuse and the greater potential for abuse.Banks, regulators and law-enforcement agencies are sharing more intelligence through voluntary networks to deter money laundering and terrorism financing. As the practice spreads, so do the risks of data mishandling, observers said. Information-sharing partnerships are sprouting across the global financial landscape. The U.K. pioneered the practice in 2015, and new partnerships were launched in Singapore, the U.S. and Australia last year. The Netherlands, Hong Kong and law-enforcement agency Europol are running pilot programs with the goal of setting up hubs to share intelligence on financial crime.
The partnerships are evolving as a way to share patterns of criminality without regulatory burdens. But as more data is collected, these groups are facing ethical issues of privacy, disclosure and conflict of interest, according to experts who gathered last week at the International Symposium on Economic Crime at Cambridge University. “Do we really want vast amounts of data in the financial system to be accessible to law enforcement investigators? Is there public consent for this development in intelligence gathering capability? How robust are the accountability and governance processes?” asked Nick Maxwell, head of the Future Financial Intelligence Sharing program at security think tank Royal United Services Institute in London. Some ethical questions concern procedures for keeping open accounts that have been flagged by suspicious transactions, for instance, because of conflicting interests, (via the Anti-Corruption Digest).
NYDFS approves ‘BitLicense’ for two USD-pegged cryptocurrency tokens
One of the strictest cryptocurrency regulatory regimes in the United States has approved proposals from two companies under its oversight to issue cryptocurrency tokens whose values are pegged to the U.S. dollar. In a statement published Monday, the New York Department of Financial Services (NYDFS), creator of the “BitLicense” framework for cryptocurrency companies, confirmed that it had given two chartered companies, Gemini Trust Company and Paxos Trust Company, permission to begin issuing these so-called “stablecoins” to clients, (via CCN).
U.S. regulators reject Wells Fargo’s attempt to ameliorate customers defrauded by insider abuses
U.S. regulators have rejected Wells Fargo & Co’s plan to repay customers who were pushed into unnecessary auto insurance,telling the bank it must do more to ensure it has found and compensated every affected driver, sources told reporters, (via Reuters).
The oddly confrontational strategies in ‘Bank of Tokyo-Mitsubishi-Union v. DFS’
The position of the DFS is that to allow a bank to jump to another regulator when the state is poised to continue disciplinepunctuated with prior consent orders is like letting a thief find sanctuary by crossing state lines, (via the New York Law Journal).
Religious-based financial fraud is rampant. Here’s how to fight it
Bank financial crime compliance teams and first line staff can help combat the rising challenge of fraudsters taking advantage of customers’ faith – by asking more questions of individuals stating they are an investor focusing on religious groups, or if they see a customer start pulling out their funds for a supposedly blessed get-rich-quick scheme. Law enforcement officials call them affinity frauds — targeting victims through a common bond, most often religion. While nationwide statistics are hard to come by because the scams are so widespread, it’s fair to say that affinity fraud losses run into the billions of dollars per year. Few were better at targeting people of faith than Ephren Taylor, who fleeced some $16 million from members of church flocks in 43 states by preaching so-called “prosperity gospel.”
“Biblical principles (are) investing wisely, responsibly, and for the purpose of furthering the kingdom. But also, God wants us to be prosperous,” said Anita Dorio, who, along with her husband, Gary, heard Taylor’s pitch at the giant Lakewood Church in Houston. The Dorios invested their life’s savings of $1.3 million with Taylor, who professed to be a self-made multimillionaire, having created a video game as a teenager. Appearing at churches across the country, often at the behest of the pastor, Taylor sold promissory notes that he claimed were backed by socially responsible ventures like small businesses and affordable housing projects. But it was all a Ponzi scheme. The Dorios and hundreds of other investors lost everything. Taylor is serving a 19-year federal prison sentence after pleading guilty to a single count of fraud, (via CNBC).
AML supervisory guidance does not have the force of laws, regulations, Federal regulators say in rare multi-agency ‘clarification’
The top banking agencies of the United States, in conjunction with the U.S. Treasury, have attempted to delineate more clearly what banks should do in crafting financial crime compliance programs related to following laws, regulations or guidance.Regulators, including the Office of the Comptroller of the Currency and Federal Reserve, are likely issuing the guidance on supervisory guidance to address industry criticisms that examiners can fault bank anti-money laundering programs solely on their subjective interpretation of already murky guidance.
In response, the agencies stated clearly: “Unlike a law or regulation, supervisory guidance does not have the force and effect of law, and the agencies do not take enforcement actions based on supervisory guidance. Rather, supervisory guidance outlines the agencies’ supervisory expectations or priorities and articulates the agencies’ general views regarding appropriate practices for a given subject area.” Some other key areas regulators worked to clarify:
- The agencies intend to limit the use of numerical thresholds or other “bright-lines” in describing expectations in supervisory guidance.
- Examiners will not criticize a supervised financial institution for a “violation” of supervisory guidance. Rather, any citations will be for violations of law, regulation, or non-compliance with enforcement orders or other enforceable conditions.
- The agencies will aim to reduce the issuance of multiple supervisory guidance documents on the same topic and will generally limit such multiple issuances going forward.
- The agencies will continue efforts to make the role of supervisory guidance clear in their communications to examiners and to supervised financial institutions, (via the OCC).
Nigeria accuses HSBC of money laundering, helping to loot country
Nigeria’s Economic and Financial Crimes Commission (EFCC) has vowed to ensure that money it says was looted by past Nigerian leaders with the help of HSBC Bank is returned. The EFCC’s Sunday statement was in support of an earlier statement released by President Muhammadu Buhari’s office that the global giant bank had supported previous Nigerian dictators to strip the country of funds, the Premium Times reported, (via IOL). As well, the EFCC stated it is ready to repatriate all stolen money from Nigeria’s coffers, stressing that it won’t stop until every penny belonging to the country is returned.
The anti-graft agency was reacting to a statement made by global giant bank, HSBC, predicting that President Muhammadu Buhari’s second tenure would stunt Nigeria’s economy. The presidency had in a statement by the senior special assistant to the president on media and publicity, Malam Garba Shehu, cautioned the bank against doomsday prophecy and accused it of aiding corruption in the country. The presidency also tasked HSBC to return Nigeria’s looted fund in its care, (via NAIJ).
Finma chides browbeaten Credit Suisse on AML, graft gaffes
Swiss regulator Finma Monday chastised Credit Suisse on broad AML, corruption failures related to FIFA, PDVSA, noting that bank juggled an array of risky relationships with politically-exposed persons and rewarded, instead of punishing, a relationship manager for willfully flouting compliance rules, (via Finma).
IRS Amnesty Program ends Sept. 28, has resulted in $11 billion paid in back taxes
The Offshore Voluntary Disclosure Program (OVDP), a program the IRS started to give amnesty to American taxpayers who had previously unreported overseas accounts, will end September 28, 2018. Since the OVDP’s initial launch in 2009, more than 56,000 taxpayers have used the various terms of the program to comply voluntarily with U.S. tax laws.
These taxpayers with undisclosed offshore accounts have paid a total of $11.1 billion in back taxes, interest and penalties. The planned end of the current OVDP also reflects advances in third-party reporting and increased awareness of U.S. taxpayers of their offshore tax and reporting obligations, (via the CPAPA).