FINANCIAL CRIME WAVE – STANDARD CHARTERED DPA DEADLINE, DOJ CRUSHES IRS SCAMMERS, AND MORE

In this week’s Financial Crime Wave, Standard Chartered works to meet U.S. anti-money laundering deferred prosecution deadline, federal investigators crush massive fraud network posing as IRS tax agents, crypto compliance update, and more.

Enforcement

StanChart hoping to shake off US regulatory shackles related to past AML, sanctions penalties, DPAs as deadline nears

Standard Chartered is hoping this weekend to finally shake off some of the painful and costly US regulatory shackles that have weighed on the British bank for the past six years related to expensive anti-money laundering (AML) and sanctions penalties and agreements and extensive related compliance remediation engagements. Deferred prosecution agreements imposed by the US Department of Justice (DOJ) and New York regulators are due to expire on July 28, after twice being extended following their original implementation in 2012. Standard Chartered was fined $667 million in 2012 by US authorities for breaking sanctions on Iran, Libya and other countries between 2001 to 2007.

The settlement included DPAs with the DOJ and the New York County District Attorney’s Office. In a DPA, a prosecutor grants amnesty in exchange for the defendant agreeing to fulfil certain requirements. If a bank reoffends it could face prosecution and further fines related to the original crimes. The DPAs were last extended on November 9, because the bank had not improved compliance standards to the satisfaction of US authorities. Extra scrutiny from a DPA and having monitors installed can require a bank to have scores more compliance staff and add several hundred million dollars of annual costs, banking sources have previously told IFR, (via IFR).

Fraud

U.S. DOJ breaks up sprawling foreign-based I.R.S. phone scam that defrauded thousands of victims of hundreds of millions of dollars

The U.S. Department of Justice stated it has broken up what appeared to be the nation’s first large-scale, multinational telephone fraud operation, a massive fraudulent vishing scam that bilked thousands of victims out of hundreds of millions of dollars – ironically enough by pretending to be angry agents from the Internal Revenue Service requesting unpaid tax bills. Officials handed down stiff sentences for 21 conspirators last week in the United States and a round of indictments in India. Over four years, more than 15,000 victims in the United States lost “hundreds of millions” of dollars to the sophisticated scam, and more than 50,000 individuals had their personal information misused, the department said Friday.

The money was routed through call centers in India back to the ringleaders in eight states. The fraudulent calls came suddenly and frequently while the scam was active from 2012 to 2016, according to court documents. A person posing as an Internal Revenue Service or immigration official was on the phone, threatening arrest, deportation or other penalties if the victims did not immediately pay their debts with prepaid cards or wire transfers. The calls targeted the most vulnerable Americans, including immigrants and older people, (via the NY Times).

Virtual currencies

U.S. business group urges regulators to regulate ICOs, exhorts them to focus on rules for products, not underlying technology

The world’s largest business group, the US Chamber of Commerce, is demanding clear regulations for cryptocurrencies and any activities related to them, including Initial Coin Offerings (ICOs), moves that would have direct import on related anti-money laundering programs to counter fraud and other financial crimes. Globally, some view virtual currencies as securities, others as assets, and yet others as Monopoly money only used by criminals. The request stemmed as a part of the new FinTech Innovation Initiative of Chamber. The Chamber released its first report last week which outlined eight FinTech principles to be presented to legislators and regulators.

The Chamber urged the Securities and Exchanges Commission (SEC) in its report to continue studying ICOs. The study needs to be done to see how they can be an effective tool for raising capital while protecting investors and meeting all the applicable laws. The Commodity Futures Trading Commission (CFTC) also got recommendations from the Chamber to study how cryptocurrencies are functioning in the futures and commodities market. The group stated: “In both cases, we urge the agencies to regulate the products and services enabled by the technology instead of the technology itself. This approach would alleviate contradictory and overlapping rules and allow institutions to focus on what really matters – reducing consumer risk and preventing fraud,” (via Coin Frenzy).

Transaction monitoring

Rules-based or behavior-centric transaction monitoring systems? A spirited debate!

A dive into the debate about which are the best kinds of AML transaction monitoring systems, and analyses concluding one can cause unintended issues at more diminutive institutions: Should banks adopt behavior-centric AML systems or rules-based systems? That could depend not just on your budget, but the size of your bank, (via Sarah Beth Felix).

India

In India, corruption crackdown to snare givers, and receivers

India is updating laws to counter corruption, strengthening penalties so that bribe givers are just as liable to face harsh punishments as bribe takers, (via the Times of India).

India choosing crypto rules, rather than restrictions

India seeking to have expansive crypto regulations in place by September, as country choosing rulemaking rather than outright sector ban, (via Finance Magnates).

G20

G20 eyeing October deadline to craft crypto AML standards, tapping FATF to best graft current fincrime compliance paradigms

G20 member countries are now looking at an October deadline for reviewing a global anti-money laundering (AML) standard on cryptocurrency, as influential countries and a global financial crime compliance watchdog converge to create bright line boundaries for virtual value, a document shows. According to a statement issued on Sunday, finance ministers and central bank governors of the G20 member countries hosted a meeting during the weekend and reiterated their position on a plan for “vigilant” monitoring of cryptocurrencies.

The member countries further called on the Financial Action Task Force (FATF) – an intergovernmental body formed to fight money laundering and terrorist financing – to clarify how its existing AML standards can apply to cryptocurrency within three months, though, overall, the group states virtual currencies don’t pose a risk to global financial stability. The G20 initially asked for an AML standard on cryptocurrency from the FATF in March, as part of its wider push for global regulatory recommendations on the issue, with reports that the global arbiter of AML rules is in the process of creating binding crypto compliance rules, (via Coin Desk).

Real estate

U.K. seeking to strengthen laws against real estate money launderers, proposing prison terms

Criminals using the U.K. property market to launder money face prison time under proposed legislation, along with heftier fines and bans on selling or leasing property, according to the proposed legislation. Foreign companies owning U.K. real estate will have to reveal their true, or “beneficial” owners. Failing to do so could lead to up to five years in prison, according to the bill. The owners’ names will appear on a corporate registry, making it easier for law enforcement to seize assets linked to criminals.

The U.K. bill defines a beneficial owner as someone who holds more than 25% of the shares of an entity; controls more than 25% of the entity’s voting rights; can appoint or remove the entity’s directors; or exerts “significant influence or control” over the entity. The move is part of a wider crackdown on dirty money flowing into the U.K. The proposal for the property-ownership registry was in the works since April, following implementation of the Criminal Finances Act. That law created new authorities, including unexplained wealth orders, for the U.K. to seek proof of income from politically exposed people, (via the WSJ).

Casinos

Alleged partnership of Canadian casino company with gambling tycoon could trigger new investigation of possible money laundering

A Hong Kong tycoon suspected of links to organized crime in Macau casinos was allegedly a partner with B.C.-based Great Canadian Gaming in a casino ship venture in the South China Sea, a Global News investigation shows. The revelations are yet another black mark to Canada’s casino gaming industry, which has been skewered of late for lax counter crime procedures and feting powerful Asian businesses – and organized criminals. This new information could lead to an investigation by B.C.’s gaming enforcement branch, Attorney General David Eby said. Global’s investigation — based on extensive interviews with former Great Canadian employees and review of hundreds of pages of legal and corporate documents — reveals that Cheng Yu Tung, who was Hong Kong’s third-richest man before his death in 2016, was allegedly a key backer for the casino ship known as the China Sea Discovery.

Eby’s ministry confirmed that Cheng Yu Tung has not been registered to participate in B.C.-based gambling businesses. Reviewer Peter German, a former high-ranking RCMP officer, filed a scathing report confirming that Chinese organized crime networks with roots in Guangdong, Macau and Hong Kong, laundered at least $100 million through loan sharks and VIP gamblers in B.C. Lottery casinos. German concluded casinos “unwittingly” allowed organized crime to launder money. And German called River Rock Casino the “epi-centre” of the activity, (via Global News).

Sanctions

OFAC warns on North Korean appetite for goods, foreign use of human capital to support regime

The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), the country’s chief sanctions arm, recently emphasized two primary areas of risk for businesses involving North Korea: unintentionally sourcing services, goods or technology from North Korea, and having North Korean citizens or nationals, whose labor produces revenue for the North Korean government, in a company’s supply chains. To read the full guidance, click here. To read a companion piece of guidance from November by the U.S. Treasury’s Financial Crimes Enforcement Network, click here.

AML Fifth Directive

UK aligns with EU AML objectives

UK to adopt EU laws on combating terrorism and money laundering as letter confirms decision to align with bloc’s Fifth AML Directive, (via The Guardian).

Investigations

While some say Bitcoin, and virtual currencies overall, are great for criminals, they can also be even better for law enforcement

In the aftermath of the U.S. indicting 12 Russian intelligence officers for hacking Democratic National Committee servers, one major detail galled counter-crypto pundits – they paid for their puncturing with virtual currencies, in this case, Bitcoin. Congressman Emanuel Cleaver II wasted no time in castigating the “crypto industry” for its role in the DNC hack. The tie to virtual value seemingly overshadowed other failures, like the inability of Democrats to detect basic phishing attempts, or of DNC admins to detect the X-Agent malware that was installed. No, the biggest takeaway from all this was that bitcoin had facilitated one of the gravest nation state-orchestrated crimes in years.

But there’s more to the story. As the detailed indictment against the Russian dozen reveals, however, bitcoin didn’t exactly enable the accused to cover their tracks. In fact, despite the extraordinary lengths they had gone to, bitcoin left an indelible trail that led right back to Russia, which the blockchain had gift-wrapped and handed to US investigators. The dozen accused purchased BTC on P2P exchanges, as well as mining the cryptocurrency themselves to pay for web hosting of dcleaks.com, and a VPN with which to operate the Guccifer 2.0 Twitter account. But this didn’t stop US officials from reconstructing the attackers’ every move, aided by the permanent record that the blockchain provides, (via Bitcoin.com).

Mobile money laundering

Mobile games, such as ‘Clash of Clans,’ and others that allow the use of real money to buy virtual items, are being used by criminals to monetize stolen credit card data, launder money, say analysts

A fun time-killer for some, popular mobile games like “Clash of Clans” are being used to launder stolen credit card money by tech-savvy thieves, according to a report from German cybersecurity company Kromtech. In the report, initially noted on Gamasutra, it was found that over 20,000 stolen credit cards were used in games like “Clash of Clans,” “Clash Royale,” and “Marvel Contest of Champions.” The thieves can make purchases and then resell the accounts with the purchases to a third-party, wiping their hands of any connection to the stolen credit card information.

It’s a relatively easy process, as Apple IDs, which are required to make purchases on the App Store, only need a password, date of birth, some security questions, and then an email address— and a dummy email address is easy enough to make that it’s not really a hindrance. Especially for the thieves, who were reportedly automating the account making process, which in turn automated the money laundering process. Kromtech traced the stolen data being used in “Clash of Clans” back to hacked MongoDB databases, one of which stored information of more than a hundred thousand credit cards. In the report, Kromtech is advising developers to secure the process by which users can make new accounts, to guard against those who might make an automated tool to generate mass accounts, (via Variety).

Digital banks

Digital financial institution Revolut reports suspected money laundering to UK authorities, as pundits pontificate if digital quasi-banks can grow controls in parallel with swelling users

Digital bank Revolut has reported suspected money laundering activities on its network to British law enforcement and regulatory agencies, the company stated recently, adding that the sums of money involved were not significant. The quasi-bank had flagged a spate of suspected money laundering several months ago to both the Financial Conduct Authority (FCA) and the National Crime Agency (NCA). Revolut has signed up 2.25 million users since its launch in July 2015, making it the largest and fastest growing of a set of new app-only financial services firms that have sprung up in Britain. Like other financial technology firms, these upstart banks have faced questions over whether their compliance capabilities and resources can keep pace with rapid user growth, or if they can provide the same safeguards as mainstream banks.

Revolut does not currently have a banking license, which would allow it to offer more services such as loans. It is now in the process of applying for a European banking license in Lithuania rather than in Britain. Lithuania has been trying to attract fintech firms since 2016, hoping UK-based finance companies might apply for licenses in the country to maintain access to the European Union after Brexit. Revolut customers can currently open an account, have a debit card and other money management tools via its smartphone app. It also offers foreign exchange services, as well as allowing customers to spend abroad without charges and hold, buy and sell cryptocurrencies like bitcoin via the app. Revolut’s spokesman said the firm’s controls would make large-scale money laundering difficult, (via 4-Traders).

RBA: Risk-based (annoyance) approach

Confessions of a compliance officer: Risky business?

Or, a look at the potential madness that can come when the historically infuriating and perennially ill-defined anti-money laundering risk-based approach goes awry, (via KYC 360).

OSINT

Little Reddit riding hood gives insight into dark net wolves

A look at how investigators can and should be using Reddit in their online research and due diligence work, with a phrases to pique your interest, “kittens and the Dark Web,” (via the Hetherington Group).