FINANCIAL CRIME WAVE – SEC UNSHEATHES ID THEFT ‘RED FLAGS’ POWERS, GUTTED IRS, AI, HSBC, AND MORE

SEC

In this week’s Financial Crime Wave, the U.S. Securities Exchange Commission finally unsheathes powers many thought would be a compliance game changer with an enforcement case tied to the identity theft “red flags” rule, a timeline of the decline of the once-mighty IRS, HSBC gives AI update, Dutch authorities zero in on crypto, and more.

Securities/identity theft

SEC’s first “Red Flags” enforcement case focuses on board’s role in overseeing breaches that can lead to identity theft

A little-noticed consent decree entered into by the U.S. Securities and Exchange Commission earlier this year should be setting off alarm bells for financial firms and their boards of directors. In a cease and desist order against Voya Financial Advisors, the investment advisory unit of Voya Financial, the SEC – for the first time – enforced its “Identity Theft Red Flags Rule” in punishing the firm for allegedly lackluster data security practices. The SEC charged that hackers were able to access sensitive client information including Social Security Numbers, account balances and even details of client investment accounts.

The commission called out the company’s board of directors for failing to “administer and oversee” compliance with the rule. Five years ago, the SEC adopted the red flags rule. It requires investment firms to pay attention to identity theft by developing and implementing a written program to “detect, prevent and mitigate” identity theft and fraud, and to provide “red flags” or other warning signs when hackers might be trying to steal customer information or customer identities. The rule also requires that a firm’s board of directors or senior leadership administer the program. But until recently, the SEC did not enforce the rule, (via NYU Law School).

Tax evasion

How the IRS Was Gutted: A look at how and why the U.S.’ premier tax agency was defunded and how that means billions less for the government

An eight-year campaign to slash the agency’s budget has left it understaffed, hamstrung and operating with archaic equipment. The result: billions less to fund the government. That’s good news for corporations and the wealthy. Had the billions in budget reductions occurred all at once, with tens of thousands of auditors, collectors and customer service representatives streaming out of government buildings in a single day, the collapse of the IRS might have gotten more attention. But there have been no mass layoffs or dramatic announcements. Instead, it’s taken eight years to bring the agency that funds the government this low. Over time, the IRS has slowly transformed, one employee departure at a time.

The result is a bureaucracy on life support and tens of billions in lost government revenue. ProPublica estimates a toll of at least $18 billion every year, but the true cost could easily run tens of billions of dollars higher. The cuts are depleting the staff members who help ensure that taxpayers pay what they owe. As of last year, the IRS had 9,510 auditors. That’s down a third from 2010. The last time the IRS had fewer than 10,000 revenue agents was 1953, when the economy was a seventh of its current size. And the IRS is still shrinking. Almost a third of its remaining employees will be eligible to retire in the next year, and with morale plummeting, many of them will, (via ProPublica).

AI

HSBC is partnering with Google to improve AML processes, using machine learning to engage in cross-jurisdictional analyses

Banking giant HSBC will launch a new cloud-based system to tackle money laundering, according to Jennifer Calvery, global head of financial crime threat mitigation at HSBC cited by Reuters. The new tool will be launched in partnership with Google Cloud and use machine learning to analyze the financial activities of the bank’s 38 million customers. To launch the system, HSBC has worked closely with regulators and explained the process to them. The prototype has already shown positive results, and the system will be rolled out next year.

The new system will help bring consistency to HSBC’s anti-money laundering (AML) processes. The system will analyze all of the bank’s jurisdictions in the same way, making HSBC’s AML approach consistent across all of its markets. The tech can spot anomalies and suspected criminal activity in a user’s behavior. It then gives customers a financial crime score based on their activity, which can help to detect riskier clients. Additionally, the system provides the bank with better insights into the finances of customers to indicate whether there are crime indicators in their wider network. Currently, all of this is done by humans, which likely makes the process inefficient and prone to error, (via Business Insider).

Virtual currencies

The Dutch Central Bank, De Nederlandsche Bank, wants to regulate crypto companies by requiring them to get licenses in order to operate

The bank claims the measure will deter money laundering and the use of cryptocurrencies to fund terrorism, according to a short brief in Dutch daily newspaper De Telegraaf. To qualify for a license, crypto companies must report “unusual transactions” and know who their customers are. The Dutch Central Bank said the regulation was necessary because the decentralized, anonymous nature of the crypto market makes it a target for money launderers, (via CCN).

Data security

Foreign intelligence clues in Marriott breach could foreshadow future attacks

The types of data unique to the Starwood hack can be used to launch targeted email campaigns and recruit sources in the cloak-and-dagger world of espionage. Intelligence and cybersecurity sources say the data breach that exposed the records of up to 500 million customers at the Marriott-owned Starwood hotel chain shows signs of being the work of a hostile foreign intelligence service.

Much of the compromised data is typical of corporate breaches, such as names and emails, but other types of data unique to this hack — including where people traveled to and when — can be mined and used to launch targeted email campaigns and recruit sources in the cloak-and-dagger world of espionage, as well as glean insights about their rivals’ interests and operations, (via NBC).

Individual liability

Prosecutors eye former Deutsche Bank AML official for potential failures to file reports of suspicious fincrime activity – report

Frankfurt prosecutors have launched a probe against a former anti-money laundering official of Deutsche Bank on suspicion of money laundering, German public broadcaster Hessischer Rundfunk reported on Monday. The public prosecutor is accusing the former official of failing to report suspicious transactions, despite sufficient indications of money laundering, Hessischer Rundfunk reported, without citing sources.

Last month, Police raided six Deutsche Bank premises in and around Frankfurt over money laundering allegations linked to the Panama Papers. The two-day search included all the offices of Deutsche Bank’s management board. Investigators are looking into the activities of two unnamed Deutsche Bank employees alleged to have helped clients set up offshore firms to launder money, the prosecutor’s office has said. The inquiries focus on events from 2013 to this year, (via Reuters).

United Kingdom

Why the UK is losing its costly battle against money laundering: Poor tech implementation and bad communication means mafiosi and oligarchs use London as a money laundering haven

Analysts and academics argue too much of the money flowing around the UK is the result of crime, corruption and tax dodging. The House of Commons Foreign Affairs Committee has gone further still, calling on the government to make it a “major UK foreign policy priority” to stop the use of London as a base for Russian corruption. And there’s a lot of work to do. “You can walk into the right office in London and set up your British Virgin Islands company, your Panama company, your Guernsey trust,” says Friedrich Lindenberg of the Organised Crime and Corruption Reporting Project (OCCRP). “It’s all handled for you.”

The demand for a silver bullet to solve the money-laundering problem has resulted in a huge numbers of startups entering the so-called “regtech” space. More than 700 people visited the RegTech Expo in London on 20 November, with plenty of startups trying to sell their wares to banks. Experts are uncertain about how effective that’ll be. “You can be loaded with technology to analyze data, but the real problem is we have 25 anti-money laundering regulators in the UK, and altogether 41 regulators dealing with the financial sector,” says Prem Sikka, professor of accounting at Sheffield University, who wrote a book, The Accountants’ Laundromat, warning about the scale of money laundering in the UK. It was published in 1998, (via Wired).

Sanctions

HSBC AML compliance remediation monitor flagged payments linking Huawei with Iran

A monitor assigned to HSBC Holdings Plc told federal prosecutors about suspicious transactions linking Huawei Technologies Co. with Iran, adding evidence to a U.S. investigation that led to the arrest of the Chinese company’s finance chief, according to a person familiar with the matter. The monitor, Exiger, was enlisted by the Justice Department to oversee HSBC’s compliance efforts in 2013 following a $1.9 billion deferred-prosecution agreement with the bank that exposed a range of weaknesses in its internal controls. The London-based lender isn’t under investigation in this matter, another person said.

It’s unclear when Exiger flagged the Huawei transactions. The Justice Department’s deferred-prosecution deal was dismissed in December 2017, and Exiger’s five-year appointment expired a half-year later. But the U.K.’s Financial Conduct Authority and the Federal Reserve each kept the New York-based advisory firm in place. Huawei Chief Financial Officer Wanzhou Meng, the daughter of the company’s founder, was arrested in Vancouver on Saturday pursuant to an extradition request by the Justice Department, (via Bloomberg).

Congress

Congressional hearing Narcos: Transnational Cartels and Border Security

Date: Wednesday, December 12, 2018
Time: 2:30 PM
Place: Dirksen Senate Office Building 226

Speakers included top officials from the DEA, Homeland Security and Customs, and private sector thought leaders and former government officials, such as Celina Realuyo. To listen to a recording of the hearing, click here.

TNOCs

Inside Europe’s most powerful mafia – the ‘Ndrangheta

This week, police in four European countries carried out raids on the ‘Ndrangheta’s sprawling empire of money-laundering and drug-trafficking, arresting 90 people. They described “Operation Pollino” — two years in the making — as a “decisive strike against one of the most powerful Italian criminal networks in the world.”

The group has entrenched its dominance of the cocaine trade, forging links with organized crime groups in Latin America, New York, Turkey and Albania. Mafia watchers estimate its turnover is probably in the range of about $60 billion a year — similar to the GDP of Croatia or Bulgaria. And it may control as much as 80 percent of the cocaine entering Europe, (via CNN).

FATF

FATF Update: U.K., Israel given high overall marks in fighting fincrime as Israel becomes full member, but countries must strengthen supervision, intelligence resources

The Paris-based Financial Action Task Force, which sets global anti-money laundering (AML) standards, has given rare high marks to the United Kingdom for its fight against financial crime, using words like “robust” regulations and enforcement, that the country is a “leader” in this arena that “proactively” and “aggressively” tackles complex cases and works well with international partners. Still, the country must bolster its oversight and enforcement methods to better uncover entities with lax compliance programs and hand down statement-making penalties.

Israel, just as it reaches full member status, is achieving good results in identifying and responding to its money-laundering and terrorist financing risks, but needs more focus on supervision and preventive measures, according to FATF, in detailing a critical U.S. ally in propinquity to many of the world’s most dangerous terror and national security threats, (via FATF).

Securities/whistleblowers

Bernie Madoff’s Legacy: Whistleblower Inc.

A decade after Madoff’s arrest, an industry of bounty-hunting tipsters aims to cash in on the next big fraud. Ten years ago, Bernard Madoff’s multibillion-dollar Ponzi scheme, the biggest fraud in U.S. history, shocked the financial world. It soon emerged that a forensic accountant, Harry Markopolos, had been alerting regulators for years to Madoff’s fraud, but no one had listened.

At Markopolos’s urging, the Securities and Exchange Commission created a cash-for-tips program, designed to encourage reports of financial wrongdoing and prevent the lapses in oversight that gave Madoff free rein. Today, an entire industry is devoted to surfacing tips from company insiders and expert analysts who scrutinize corporate filings. Whistleblower Inc. is the most tangible consequence of the Madoff scandal a decade after the money manager’s Dec. 11, 2008 arrest.

At the center of this new ecosystem stands the Securities and Exchange Commission’s Office of the Whistleblower, which has paid more than $326 million to 59 whistleblowers in seven years. The potential for sharing in such a huge payday has attracted plaintiffs’ lawyers, forensic accountants and former FBI agents to this government-sanctioned fraud hunt. Critics say the deluge of those seeking rewards is now overwhelming the system.

More than 5,200 tips have been filed this year, compared to 3,000 in 2012. Requests from undeserving reward seekers have slowed the pace of payments, potentially discouraging future tipsters. Two individuals filed so many frivolous reward requests—one person has filed 143—that they were banned from making future requests, according to agency records, (via the WSJ).

Ireland

Ireland central bank closes ‘penny banks’ due to financial crime fears as certain young savers appeared to have too much money

The Central Bank has been accused of “using a sledgehammer to crack a nut” as penny banks are being forced to close over money laundering fears. Concerns were raised over “some kids who had a lot of money” saved up over the space of a year, a senior source said. This Christmas will see the end of many penny banks which helped rural community members save hundreds of thousands of euros from January until mid-November every year.

A voluntary-run organisation, local people gave their time to collect savings from people on a weekly basis and an annual cheque was then issued to all members before Christmas. However, the penny bank has now become a victim of its own success as it drew the attention of the financial watchdog. Councilors have described the closures as “devastating”, particularly for elderly people who used the savings club as a means of putting money away for grandkids, (via the Irish Independent).

Securities

Finra, the U.S. securities sector’s chief self-regulatory body, released is annual report of exam findings, including touching on challenges firms faced in the AML arena, including:

·       Questionable Ownership Status of Foreign Legal Entity Accounts – Finra has observed increased trading by foreign legal entity accounts in similar low-float and low-priced securities. In some instances, firms considered these accounts unrelated, but uncovered shared commonalities, which raised concerns about potential ownership or control by similar beneficial owners. Examples of these commonalities included trading directed from the same Internet Protocol locations, account funds sent from the same branches of a specific bank, accounts with the same authorized traders, and accounts established with the same mailing address.

·       No Documentation of Investigations of Potentially Suspicious Activity – Some firms that use exception reports did not document initial reviews and investigations into potentially suspicious activity identified by the reports. This was particularly troubling where those firms failed to establish and implement a formal investigation management process or document how they decided whether to file or not file Suspicious Activity Reports (SARs).

·       Irregular and Undocumented 314(a) Searches – FINRA has found that some firms failed to comply with Section 314(a) of the USA PATRIOT Act, and did not conduct reviews of FinCEN’s Secure Information Sharing System (SISS) on a bi-weekly basis or did not document their reviews after the searches were complete, (via Finra).

Compliance

Chief Compliance Officer v. General Counsel – Should They Be Separate?

A look at some of the similarities and differences related to these top positions, with key lessons for bank financial crime compliance departments to consider, (via Board and Fraud).