FINANCIAL CRIME WAVE – HACKS COSTLY TO BANKS, NYDFS CYBER DEADLINE, CRYPTO CLEANSING, AND MORE

In this week’s Financial Crime Wave, a new study highlights the rising cost of hack attacks targeting banks, the New York Department of Financial Services reminds subject sectors of cyber reporting deadline, a look at how criminals launder crypto coins, and more.

Cybersecurity

Surge in hack attacks targeting financial sector now make cyber costliest risk to banks, strain on resources

Cyberattacks cost financial-services firms more to address and contain than in any other industry, and the rate of breaches in the industry has tripled over the past five years, according to a report from Accenture and the Ponemon Institute. The report, “Cost of Cyber Crime Study,” examines the costs that organizations incur when responding to cybercrime incidents.

It found that the average cost of cybercrime for financial services companies globally has increased by more than 40 percent over the past three years, from just under $13 million per firm in 2014 to more than $18 million in 2017 – significantly higher than the average cost of roughly $12 million per firm across all industries included in the study. The analysis focuses on the direct costs of the incidents and does not include the longer-term costs of remediation, (via Accenture).

Cyber job demand to grow

A guide on how to break into the cybersecurity field, which is expected to have millions of unfilled jobs over the next few years, (via Tech Republic).

NYDFS reminder on new cyber rules, requirements

New York regulator issues warning reminder for firms that are subject to landmark cyber rules: First certification of compliance is due February 15, (via the NYDFS).

South Australian government releases strategic cyber prevention, resilience plan, with focus on strengthening public, private portals, collaboration, innovation

In response to more aggressive cyber hackers, the state government of South Australia (SA) has released a Cyber Security Strategic Plan 2018-2021. The Department of the Premier and Cabinet (DPC) is tasked with the responsibility of leading the delivery of this plan on behalf of the South Australian Government. The Plan is part of a broader initiative to strengthen cyber hygiene countrywide as part of the Australian Government’s Cyber Security Strategy launched in 2016. Strategic objectives of the Plan include making the government’s infrastructure, services and systems resilient to cyber threats and empowering the government’s digital and innovation agenda through a strong risk culture.

The Plan also aims to minimize the cost and disruption to recover from cyber security incidents and maintain citizen’s trust and confidence in the government’s digital services is maintained through measured improvements in cyber security maturity. The industry is a key aspect of the Plan. One of the objectives is to motivate industry to invest, stimulating the state’s economy and helping establish South Australia as a recognized cyber security leader in the Asia-Pacific region, (via Open Gov).

Corporate transparency

A look at how Canada became an offshore destination for ‘snow washing’

Canada is one the world’s most opaque jurisdictions when it comes to identifying the owners of private companies and trusts, according to anti-corruption campaigners who say that more rigorous checks are required to obtain a library card than to set up a company in the country. While publicly traded firms in Canada are required to disclose major shareholders, private companies need only note their directors, allowing those who own, control or benefit from the firm to remain in the shadows, in some cases rather cheaply – as little as around $200. Most provinces allow nominee directors and shareholders and do not require them to disclose that they are acting on behalf of another person.

How Canada stacks up against other countries – including known tax havens – was suggested in a 2013 study by American researchers. After sending out thousands of queries about setting up anonymous shell companies, researchers ranked Canada among the easiest of 60 countries to set up an untraceable company, along with Kenya and a few US states. This opacity – described in a recent Transparency International report as the “getaway car of financial crime” – has become the perfect vehicle for “snow washing”: the use of Canada’s positive image to tout the country as an offshore destination where suspect transactions can be legitimized, (via the Guardian).

Virtual currency

After Bitcoin, Litecoin is virtual currency of choice for denizens of dark net: study

A recent study has revealed Litecoin to be the second most adopted means of payment among dark marketplaces. The study also indicated a significant increase in adoption of Monero among English-speaking platforms. The study, conducted by Recorded Future, involved the analysis of 150 leading dark web “message boards, marketplaces, and illicit services” in order to ascertain the scale of alternative cryptocurrency adoption on the part of criminal entities in response to rising bitcoin fees.

The study revealed Litecoin to be the second most dominant currency among dark marketplaces – with LTC payment systems being implemented on 30% of the platforms analyzed in the study. Despite the Recorded Future claiming to have identified an increasing number of “members of the cybercriminal underground” expressing a “growing dissatisfaction with bitcoin as a payment vehicle” as early as “mid-2016”, 100% of the platforms had integrated BTC payment systems, (via Bitcoin News).

Virtual exchanges choice targets for hackers

After cyber breach, Coincheck users suing to get money from hacked crypto exchange, (via Tech Crunch).

Fraud

Congress takes on synthetic ID fraud

Congress and financial services groups are banding together to better tackle the rising scourge of synthetic identity fraud, (via the Financial Services Roundtable).

Money laundering

FinCEN names Latvian bank a ‘primary money laundering concern’ for enabling criminal, terror groups

The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) has levied a rare and powerful 311 measure against a Latvian bank the bureau says has “institutionalized money laundering,” actively thwarted financial crime compliance programs and sought out and profited from dealings with organized criminal groups, terror cells and rogue regimes.  The authority for FinCEN to designate a country or a region as a “primary money laundering concern” is granted under section 311 of the USA Patriot Act and requires banks subject to U.S. AML rules to “prohibit the opening or maintaining of a correspondent account in the United States for, or on behalf of, ABLV Bank.” FinCEN has only used 311 roughly two dozen times.

The bank has “institutionalized money laundering as a pillar of the bank’s business practices.” The bank allowed employees to “orchestrate” money laundering schemes, including from high-risk regions, shell companies and involving corrupt politically-exposed persons (PEPs). The bank’s lax policies “made the bank attractive to a range of illicit actors engaged in organized crime, weapons proliferation, corruption, and sanctions evasion,” and involving regions including North Korea, Russia and Ukraine, (via FinCEN).

A look at ‘crypto cleansing:’ how rogue regimes and terror groups launder digital value and how to stop them

The promise of crypto-currencies upending global finance and commerce must be balanced against these technologies also creating new money laundering tools allowing countries like Iran, North Korea, and Russia to evade international sanctions. This is especially true of so-called “privacy coins,” which offer personal anonymity and covert transactions to their users. These technologies have allowed certain countries to evade international sanctions through organized digital money laundering, or “crypto-cleansing”, weakening Western diplomatic efforts and thereby escalating global conflict.

Failure to restrict privacy coins through regulation of digital currency exchanges has created a financial haven for sanctioned governments, terrorists, and criminal organizations. As digital currencies are unfettered by geographic and political borders, a coalition of regulatory, law enforcement, banking, and academic partners must establish global standards to address the growing threat of digital money laundering, (via Reuters).

De-risking

In the de-risking shell game, where banks drop customers and regions due to AML risk, who wins? The answer: mostly the bad guys

On the surface, the story of derisking is simple enough. Rather than deal with the possibility of regulatory run-ins, traditional financial institutions decide to close the accounts of companies such as money service businesses and digital currency firms that are deemed “too risky” to bank. The unintended consequences of the derisking phenomenon include strained remittance corridors and frustration for legal businesses struggling to get by without reliable banking services. Other consequences of derisking are less widely discussed.

A growing lack of transparency between some businesses and their banking service providers now directly threatens our ability to effectively manage money laundering and terrorist financing risk. We’ve wound up in a shell game of “hide the risk” – and everybody’s losing. As well, these businesses find ways to carry on when banks reject them, whether that means using alternative financial service providers, payment processors, personal bank accounts or simply opening accounts at other financial institutions without revealing the true nature of the underlying activity. This further strains bank resources to counter a growing clientele of law abiding entities trying to outwit institutions just to keep their accounts open, (via American Banker).

FATF

Under U.S. pressure, Pakistan could return to FATF blacklist

U.S. using its influence on FATF to push for Pakistan being added to global AML/terror watchlist, (via U.S. News).

Corruption

Reading the Trump tea leaves on FCPA enforcement

Despite still frothy FCPA enforcement activity in 2017, though down from a record 2016, the Trump administration’s approach to graft enforcement remains elusive and not readily characterized, making it unclear if 2018 will be a return to enforcement form or if U.S. and international scofflaws will get a pass, (via Harvard Law).

Nigerian corruption judge judged to be corrupt

Nigeria’s top corruption judge charged himself with corruption, (via News 24).

Aviation giant Airbus pays nearly $100 million to settle five-year German bribery investigation tied to Eurofighter

Aviation behemoth Airbus SE agreed to pay an 81 million-euro ($99 million) fine to end a five-year bribery investigation by German prosecutors in connection with Eurofighter jets the defense company sold to Austria in 2003 – though the final penalty was related to control violations, rather than concrete graft. The Munich Public Prosecutor found former Airbus space and defense executives were guilty of a “negligent breach of supervisory duties” by failing to implement internal controls, the company said Friday in a statement. The probe failed to find any evidence of bribes, the prosecutors said in a statement on their website.

Airbus is the subject of bribery and fraud investigations by prosecutors in the U.K., France and Austria, among other countries. Chief Executive Officer Tom Enders has said he has tried to remodel the aircraft maker to rid it of the external agents who have often been used to pay bribes to government and airline officials. Austrian allegations against Airbus claim that the company knew Eurofighters wouldn’t be available on time and in the right configuration and that the country was overcharged for expenses that included lobbying and kickbacks. Airbus was the partner in the fighter program that negotiated the sale, (via Bloomberg).

Federal prosecutors charge five Venezuelan PEPs massive bribery, money laundering scheme related to beleaguered energy juggernaut PDVSA

Federal prosecutors Monday unsealed charges against five former Venezuelan government officials for their alleged participation in an international money laundering scheme involving bribes made to corruptly secure energy contracts from Venezuela’s state-owned and state-controlled energy company, Petroleos de Venezuela S.A. (PDVSA).  Two of the five defendants are also charged with conspiracy to violate the Foreign Corrupt Practices Act (FCPA).

The indictment alleges that the five defendants were known as the “management team” and wielded significant influence within PDVSA.  According to the indictment, the management team conspired to solicit several PDVSA vendors, including U.S. vendors, for bribes and kickbacks in exchange for assistance to those vendors in their PDVSA business. The co-conspirators then allegedly laundered the proceeds of the bribery scheme through a series of complex international financial transactions, including bank accounts in the United States, and, in some instances, real estate transactions and other investments in the United States, (via DOJ).

Investigations

DOJ earmarks more budget spending to fight opioid crisis, TNOCs

The U.S. Department of Justice (DOJ) has released its has released it’s 2019 budget request, with a notable increase in funds tied to key law enforcement focal points, including: nearly $300 million to counter the deadly opioid crisis, $13 million to improve international cooperation and more than $100 million to fight transnational organized criminal groups and other violent crime, (via DOJ).