FINANCIAL CRIME WAVE – SEC CRUSHES CELEB-BACKED CRYPTO SCAM, REPORT DINGS CANUCK AML GAPS, AND MORE

In this week’s Financial Crime Wave, the chief regulator of the U.S. securities sector brings the hammer on a flashy, celeb-backed crypto coin offering, a “secret” government report finds major gaps in Canada’s anti-money laundering framework, a United Kingdom politico accuses a Maltese bank of being a money laundering and sanctions busting machine, and more.

Virtual currencies

SEC levels fraud charges against flashy, celebrity-backed crypto scheme as more than $30 million in false promises 

The Securities and Exchange Commission (SEC) on Monday levied fraud charges against two men behind a $32 million cryptocurrency investment scheme hawked by celebrities such as Floyd Mayweather Jr. and DJ Khaled – glossy gimmicks and virtual hucksterism eventually fabricated into a “web of lies.” Sohrab “Sam” Sharma and Robert Farkas, co-founders of Centra Tech Inc., were arrested and charged with several counts of fraud after allegedly duping investors through an “initial coin offering,” or ICO, an area that is a major focal point of both federal regulators and investigators due to its intense gravitational pull drawing fraudsters.

Sharma and Farkas, through Centra, offered unregistered investments in the company through the sale of CTR virtual tokens, a cryptocurrency akin to bitcoin, Ethereum and other digital coins. “We allege that Centra sold investors on the promise of new digital technologies by using a sophisticated marketing campaign to spin a web of lies about their supposed partnerships with legitimate businesses,” said Stephanie Avakian, co-director of the SEC’s enforcement division. They misled investors with lofty promises to develop cutting edge technology through funds raised in the ICO. Centa claimed support from Visa and MasterCard in creating a credit card that could convert cryptocurrencies into U.S dollars, and promoted the scheme through a company website with fictional executives, (via The Hill).

FBI warns on mushrooming tech support fraud targeting holders of crypto currency

The FBI’s Internet Crime Complaint Center (IC3) has published a public service announcement warning about scammers posing as tech support for a variety of industries, including the cryptocurrency sector. The FBI defines tech support fraud as a “criminal claiming to provide customer, security, or technical support in an effort to defraud unwitting individuals,” and references the increasing frequency of this type of fraud leading to criminals “pos[ing] as government agents, even offering to recover supposed losses related to tech support fraud schemes or to request financial assistance with ‘apprehending’ criminals.”

Tech support fraud, which can occur through the telephone, search engines, pop-ups, locked screens, and phishing emails, is now also being perpetrated through the new targets of virtual currency exchanges, according to the FBI. The section on the new variations and trends of this type of fraud notes that virtual currency fraud has led to “individual victim losses often in the thousands of dollars.” The scam is carried out by a criminal who pretends to be a virtual currency service’s support representative in order to gain access to a crypto holder’s wallet, then transferring all of the crypto out while the fake “maintenance” is taking place, only to “cease all communication” and disappear with the funds, (via Coin Zapp).

After implosion, liquidation, former virtual exchange head balks at $1 billion

Former CEO of defunct virtual currency exchange behemoth, Mt. Gox, is eschewing a potential $1 billion in bitcoins remaining after foreign liquidation, allowed under Japanese bankruptcy law, calling the practice of profiting from the massive cyber fraud and crypto implosion, “distasteful,” (via Coin Telegraph).

Compliance

Secret government report chastises Canada’s banks on AML, uncovering “significant” failures, including missed STRs to FIU

An internal report by Ottawa’s money-laundering watchdog paints a picture of Canada’s banks that’s far less flattering than the one presented in a sanitized report it issued for Parliament and the public, revealing that institutions in the Great White North are broadly struggling with many of the same issues as banks in the United States, including customer risk ranking, monitoring and reporting on aberrant actions.  The Financial Transactions and Reports Analysis Centre, known as Fintrac, released its 2016-2017 annual report through Parliament last November.

But a confidential annual report was delivered to Finance Minister Bill Morneau weeks earlier, probing nine banks. The document found “significant” problems at six of the nine banks — including problems in providing Fintrac with suspicious transaction reports, or STRs. The law requires financial entities to file an STR to Fintrac when a transaction is suspected of being linked to a money-laundering or terrorist activity financing offence, regardless of the dollar amount. “In examinations of the banking sector … 67% were found to have significant levels of non-compliance,” says the report for Morneau. “Deficiencies were identified in obligations related to STR reporting, risk assessment, and policies and procedures …” (via the CBC).

Banker or crime fighter? A look at the role of bank compliance in disrupting crime in the 21st century

The framework for identifying financial crime needs to be transformed to a cost-effective, tech-based model that aligns all stakeholders and enables information to easily flow between both the public and private sectors, according to analysis from global audit firm Ernst & Young. Uncovering financial crime in a sea of millions of transactions moving trillions of dollars is a daunting task, even while criminal groups are amassing and laundering billions of dollars in illicit income. By looking for patterns and indicators among banking transactions, the hope is that law enforcement could potentially identify behavior that connects the criminals. This, in itself, is a huge task. Globally, human trafficking is estimated to be worth $150 billion a year, and much of this is funneled through layers of fake accounts and fronting companies.

In total, there is an estimated $2 trillion to $4 trillion of illicit funds in circulation. Only about 0.2 percent is ever recovered. That figure is even more frustrating when you consider that financial crime compliance is very expensive. A global bank’s average budget for financial crime operations is over $1 billion a year. And yet, most of this investment historically has focused on making the bank compliant rather than on proactively targeting criminal behavior. Many feel that paradigm must shift, away from a system where examiners ding banks on minor program snags to a dynamic where institutions are free to experiment with technology, innovate with intelligence and work in a more coordinated, complete way with other banks, global investigators and even regulators, (via EY).

Irish eyes aren’t smiling after chiding, court threats over slow adoption of updated AML rules

Ireland may face EU court over anti-laundering law: EU’s fourth anti-money-laundering directive should have been transposed by last June, (via the Irish Times).

PEPs

Is Malta-based Pilatus Bank a corrupt portal for money laundering PEPs into the U.K?

The UK’s National Crime Agency (NCA) has said it would “review” material provided by MEP David Casa about what he termed as “evidence of systemic money-laundering” at Malta-based Pilatus Bank, with growing concerns the bank could be a haven for corrupt and risky politically-exposed persons attempting to legitimize sullied funds and support rogue regimes. In a letter to the NCA sent days before the arrest of Pilatus Bank’s owner Seyed Ali Sadr Hasheminejad, Casa said the bank’s clients were predominantly Azeri politically exposed persons (PEPs).

NCA director Donald Toon said the agency is considering criminal allegations of bribery and corruption which potentially had an impact on the integrity of the UK as a financial sector. Pilatus Bank operated a Mayfair branch after it passported its Maltese banking license to the UK. The bank’s owner faces up to 125 years imprisonment on money-laundering and sanction- busting charges. In his letter, the MEP pointed out links between Hasheminejad and Mehdi Shamszadeh, an Iranian national who was sentenced to death in-absentia for embezzeling  billions of public dollars. Casa said Pilatus Bank’s mother company, Pilatus Capital Ltd, was a UK company opened in 2008 by Shamszadeh, (via the Times of Malta).

Corruption

A lawmaker, lobbyist and CEO walk into a bar…

The FBI has arrested a sitting Alabama lawmaker, a lobbyist and healthcare CEO in a corruption scheme that saw graft payments made to grease the wheels of legislature to push a bill that would require an insurance company to cover certain diabetes treatments – in essence strong-arming the insurance company through political pressure to benefit corporate bottom lines, (via the WSFA).

FCPA enforcement might have started slowly in 2018, but slowly picking up steam

During the first calendar of 2018, six companies disclosed new FCPA-related investigations, and investigations ended for five companies, with fresh forays into areas including: Chemicals, defense, banking, mining, and more, (via the FCPA Blog).

FCPA momentum likely to increase as year trudges on

In first quarter FCPA report, U.S. enforcement off to slow start compared with prior years, (via the FCPA Blog).

So, I wonder why Facebook wouldn’t want to help out in a Brazilian corruption investigation? Oh wait, I think I just answered my own question.

A Brazilian judge has ordered that Facebook Inc pay 111.7 million reais ($33.4 million) for failing to cooperate with a corruption investigation, prompting Facebook to say it was exploring “all legal options,” in a case where the company denied access to Whatsapp messages potentially tied to a widespread pilfering of public funds, (via Reuters).

In Angola, ex-president’s son accused of stealing some $500 million from country’s oil-swollen SWF, transferring funds to U.K.

The son of Angola’s ex-president has been accused of attempting to defraud $500 million from the oil-rich nation’s sovereign wealth fund, another reminder for banks to keep a warier eye on past as well as current politically-exposed persons (PEPs).  Jose Filomeno dos Santos was removed from the position in January after he was named in the Paradise Papers – a massive leak related to obscure, offshore secrecy havens and shell companies – for making personal investments with the nation’s wealth. The sum was transferred from Angola’s central bank to a bank in the United Kingdom while he managed the fund during part of his father’s rule.

Now under formal charges, he can’t leave the country.  The UK’s National Crime Agency froze the money due to suspicions of fraud arising from the extremely large transaction and has said it can be returned to the south African country.  Maka Angola, a site run by an Angolan investigative journalist, previously reported that the alleged transfer, part of a scheme involving bogus foreign investments and loans to the Angolan government, took place last year. Jose Eduardo dos Santos ruled the country for 38 years and was succeeded by President Joao Lourenco who promised to crack down on corruption, (via the OCCRP).

Former French leader Sarkozy could get cozy in prison cell depending on outcome of bribery trial

Former French President Nicolas Sarkozy is being ordered to stand trial on charges of corruption and influence peddling, including charges he took millions in illegal campaign financing from former Libyan dictator Moammar Gadhafi, (via the Washington Post).

Corporate transparency

Nexus of transparency and corruption, the new vanguard of grounding grand graft

Improving transparency to regain lost trust in governments around the world is key to tackling corruption, according to global watchdog group, (via PFI).

FinCEN releases rapid fire guidance on new beneficial ownership rules

The U.S. Treasury has released a FAQ update related to new beneficial ownership obligations for financial institutions coming online next month, (via FinCEN).

Russia

Countering Russian election interference, influence peddling will take multipronged approach: report

The Hudson Institute tackles how best to counter Russian kleptocracy, and, no surprise, critical to countering grand corruption is evaporating the offshore secrecy jurisdictions and anonymous shell companies that oily oligarchs are hiding behind and using to move and legitimize graft-gilt assets, (via Hudson).

Investigations

Outgoing Europol head tells tall tales of countering criminal terror groups, wooing reluctant U.S. agencies to the cooperation, communication fold

Europol, once given cold shoulder by U.S. federal investigative agencies, now the Google of counter-terrorism, (via Bloomberg).

Securities

Brokers large and small must tweak AML procedures as new beneficial ownership rules come into force

Finra updates its AML template for small broker-dealers in light of FinCEN’s new beneficial ownership rules, (via Think Advisor).

Fraud

Barclays to pay U.S. authorities $2 billion in civil penalties tied to fraudulent sales of toxic RMBS deals

The U.S. Department of Justice (DOJ) has reached a $2 billion agreement with Barclays Capital, Inc. and to settle a civil action filed in December 2016 for alleged conduct related to the British bank’s underwriting and issuance of residential mortgage-backed securities (RMBS) between 2005 and 2007.  Authorities also individually penalized two former Barclays executives $2 million. Following a three-year investigation, the complaint alleged that Barclays caused billions of dollars in losses to investors by engaging in a fraudulent scheme to sell 36 RMBS deals, and that it misled investors about the quality of the mortgage loans backing those deals, violating federal laws, including mail fraud, wire fraud, bank fraud, and other misconduct.

The scheme alleged in the complaint involved 36 RMBS deals in which over $31 billion worth of subprime and Alt-A mortgage loans were securitized, more than half of which loans defaulted. The complaint alleged that in publicly filed offering documents and in direct communications with investors and rating agencies, Barclays systematically and intentionally misrepresented key characteristics of the loans it included in these RMBS deals, (via DOJ).

Whether they are crooked contractors or inveterate investment fraudsters, Ponzi purveyors or still a-schemin’ in March: blog watchdog

In March 2018, media and other sources reported on at least 10 new Ponzi schemes worldwide; over 16 years of newly imposed sentences for people involved in Ponzi schemes; 7 guilty pleas or convictions, and an average age of approximately 46 for the alleged Ponzi schemers. The vignettes are cautionary tales for unwary consumers and vital lessons for financial crime compliance officers who are holding accounts for these Ponzi-prone charlatans.

In one case a contractor took money to do work, dabbled a tad, then took the money and ran, leaving customers and sub-contractors in the lurch. In a second case, a supposed investment advisor took money to buy a house, and then bought the place for himself. In a third, a company got shut down by authorities and their assets frozen for attempting to tap into the fervor, froth and frenzy related to virtual currency initial coin offerings – even though the group really had no business plan, assets or experience in the Bitcoin space, (via the Ponzi Scheme Blog).

Sanctions

Watchdog dings OFAC on oversight, application of licensing programs

Treasury watchdog finds gaps, areas for improvement related to OFAC’s licensing program, (via the TOIG).

Money laundering

Even with broad improvements, EU, like rest of world, is losing fight against money laundering: Outgoing head of Europol

Banks in Europe are spending tens of billions of dollars each year to craft, staff and run financial crime compliance programs to uncover, monitor and report suspicious transactions that could be tied to organized criminals, corrupt political powerbrokers and terror groups – but law enforcement is seizing less than one percent of criminal assets.  That is the frustrating dichotomy that must change because, currently, that means that the European Union is broadly losing the fight against money laundering, particularly when measuring the money spent on compliance versus actual effectiveness and results, said Rob Wainwright, the outgoing head of Europol.

He noted that as Europe was hit by a series of terror attacks — from Paris to Brussels, from Nice to Berlin — the profile of the EU law enforcement agency increased and so did the amount of information on terrorism that national governments fed into its databases, a critical component to successful crime fighting – information sharing and international cooperation. However, the same progress has not been made in the fight against financial crime. “Professional money launderers — and we have identified 400 at the top, top level in Europe — are running billions of illegal drug and other criminal profits through the banking system with a 99 percent success rate,” he said. “The banks are spending $20 billion a year to run the compliance regime … and we are seizing 1 percent of criminal assets every year in Europe,” (via Politico).

Poaching

Can stronger, better AML defenses, training at banks make a dent in the lucrative global animal poaching trade?

Just a few years ago, some experts estimated illegally-traded rhino horn to be of higher value by weight than either gold or cocaine at $65,000 per kilogram in consumer markets. And behind these wildly expensive poached products is a network of illicit groups capturing, moving and legitimizing the incredible sums involved.  Behind the poachers on the ground are international profit-making networks that threaten African wildlife and murder anyone who gets in the way.

Convicting the leaders who run the networks is still rare which is where financial measures and investigations need to be used more systematically, just as they are used to tackle the funding of al Shabaab, drugs, human trafficking and other organized crime. Anti-money laundering measures and financial investigation that trace the money can help to identify the accomplices and ringleaders of those who are caught red-handed; identify and seize laundered assets and property; track the movement of individuals; link suspects to criminality and has played a critical role in successful convictions, (via Business Daily Africa).

Cybersecurity

Russian hacker behind theft of data tied to major sites, 100 million users, faces U.S. justice

A Russian national investigators have accused of hacking LinkedIn, Dropbox, and Formspring in 2012, possibly compromising the personal details of more than 100 million users, has pleaded not guilty in a U.S. federal court after being extradited from the Czech Republic, a rare offensive move by a country that has been hammered by a wide array of cyberattacks and has made crafting better cyber defenses a greater priority, (via the Hacker News).

Apple operating has bug that could allow theft of passwords, external drives

A severe programming bug has been found in a file system for macOS High Sierra operating system that has the potential to expose passwords of encrypted external drives in plain text, another glaring vulnerability in a long line of both household name hardware and software makes that have released products that, later, are found to have crippling virtual backdoors left open, (via the Hacker News).

Google cracks down on cryptojacking extensions slyly using sites to mine virtual currencies

Wary of virtual currency-obsessed hacker groups, and cognizant of their increasing creativity, Google is engaging in an effort to prevent cryptojacking by extensions that maliciously mine digital currencies without users’ awareness, implementing a new Web Store policy that bans any Chrome extensions submitted to the Web Store that mine cryptocurrency. Over the past few months, we have seen a sudden rise in malicious extensions that appear to offer useful functionality, while embedding hidden cryptocurrency mining scripts that run in the background without the user’s knowledge, (via the Hacker News).

In cyber software circles, don’t let RATs infiltrate, steal more than your cheese

Security researchers at Cisco Talos have uncovered variants of a new Android Trojan that are being distributed in the wild disguised as a fake anti-virus application, dubbed “Naver Defender,” which is attempting to victimize vulnerable mobile devices. Dubbed KevDroid, the malware is a remote administration tool (RAT) designed to steal sensitive information from compromised Android devices, as well as capable of recording phone calls, (via the Hacker News).

Hacking group pilfers millions of payment cards from Saks, Lord & Taylor stores, trickling them out on dark net

In yet another major cyber breach of a household name retailer, Gemini Advisory has discovered that a JokerStash online crime syndicate, Fin7, is planning to sell more than five million payment cards stolen from the databases of 83 Saks Fifth Avenue stores in New York and the entire network of Lord & Taylor. The crooks are currently “only” selling 125,000 of the cards on the Dark Web, but the rest are expected to reach the black market in the coming months ahead. The breaches reportedly started in May 2017 and could be ongoing.

The parent of both retail brands, Canada’s Hudson’s Bay Company, confirmed the breaches and said it had “taken steps to contain” the hacks. Customers would get free credit monitoring and other identity protection services once there was “more clarity around the facts,” HBC said. JokerStash, however, is well-known. The hacker outfit has been connected to a string of data breaches including Chipotle, Omni Hotels and Whole Foods. It has a pattern of dribbling out cards to both maximize their sale potential and to avoid tipping off bank investigators trying to pinpoint the source of a given breach, (via Engadget).

Enforcement

UAE regulator chastises money exchange houses, orders firms to raise standards to fight financial crime

The central bank of the United Arab Emirates has ordered currency exchange houses to raise financial crime compliance standards in the wake of several major international banks cutting ties with them due to concerns about the risk of illicit financial flows. The United Arab Emirates’ huge expatriate workforce and growing business and tourism sectors have made it a global center for exchanging foreign currencies and transferring money to and from the Middle East, Asia, Africa and parts of Europe. But some of the roughly 125 exchange houses in operation have struggled in recent years as a growing number of U.S. dollar correspondent banks, relied upon to clear dollar trade, and local lenders cut ties with them. The banks have often cited the prohibitive compliance costs they must have in place to ensure they’re not doing business with exchange houses laundering money or financing terror – a piece of a larger global compliance trend dubbed “de-risking.”

In an effort to improve the industry’s fortunes, the central bank earlier this month published a 150-page document laying out standards that exchange houses must comply with by January 2019 or risk fines and, in the most extreme case, having their licenses revoked. The rules include requiring exchange houses to appoint a compliance officer and to check and record the identification of the senders and receivers of all money transfers, said sources familiar with the matter. Currently, exchange houses are only required to do so on transactions of more than 2,000 dirhams ($545). Money transfers between exchange houses in the UAE will also have to be made via the central bank’s electronic transfer system, rather than in cash, the sources said, (via Reuters).

Austrian regulator flexes enforcement muscle in largest AML fine against bank, fueled by historic leak

Austrian regulators smacked Raiffeisenbank International with a nearly three million euro fine related to charges that the bank failed to impose adequate anti-money laundering and terrorist financing controls. The fine is the biggest in Austrian history and comes nearly two years to the day after documents exposed in the April 2016 Panama Papers leak revealed a series of loans going from the bank to companies affiliated with Ukrainian President Petro Poroshenko, (via the Kyiv Post).

DTOs

DEA states Afghan smuggling network is DOA after braggadocio leader bagged, tagged

The U.S. DEA has crushed a multi-million dollar Afghanistan heroin smuggling ring tied to defendant who bragged about this Taliban ties and violent tendencies, (via the Mercury News).

Audit

Big four audit firm faces harsh battle in Hong Kong, with major financial exposure a possibility

Hong Kong’s high court has dealt global accounting firm KPMG a major setback in its battle against liquidators of former U.S.-listed healthcare firm China Medical Technologies Inc, whose executives have been charged in the U.S. with defrauding investors out of over $400 million, (via Reuters).

Tax evasion

U.S. must be careful, tactical when lying certain tax charges after high court interpretation

In wake of U.S. high court decision in Marinello, prosecutors should be careful when levying broad criminal tax obstruction charges, (via Law 360).

NGOs

Criminals find weak links, entre to financial system in NGOs

In Malta, NGOs vulnerable to money laundering as counter crime gaps continue to not be addressed, (via the Times of Malta).