In this week’s Financial Crime Wave, Switzerland and the United States get high overall rankings by the Paris-based Financial Action Task Force, which sets global financial crime standards, South Korea and Taiwan also improve anti-money laundering frameworks, global law enforcement bodies come falling down on “Avalanche” cyber gang, and more.


Switzerland, a historic bastion of bank secrecy, starting to shed image, improves countermeasures, according to FATF report

Switzerland, long the home of the secret bank account, has strengthened its legal and regulatory framework for fighting money laundering, according to a report from an international standards body. The Financial Action Task Force, which assesses countries on their legal frameworks and issues standards on anti-money laundering and terrorism financing, said Wednesday that Switzerland “has made a number of steps forward” since its last evaluation in 2005, including rounds of legal reforms, awareness campaigns and enhanced enforcement. There is political will to promote and protect the integrity of its financial center in response to its reputation as the stash house for illicit funds from around the world, the FATF said. Swiss authorities have a good understanding of the country’s money-laundering risks, especially when it comes to the banking sector, which has historically been abused by people in power hiding illicit assets derived from offenses committed outside the country, the FATF said. Between 2013 and 2015, the FATF report said, about half of securities deposited in Swiss banks belonged to foreign customers. As such, Switzerland has been actively involved in fighting cross-border tax evasion over the last several years, joining international tax-exchange standards and working with countries, such as the U.S., to resolve disputes involving assets hidden by tax-evaders based in the origin country, (via the Wall Street Journal).

Under new effectiveness standard, FATF dings US on beneficial ownership, AML oversight of real estate, law firms

The United States received failing scores for its efforts to prevent the laundering of criminal proceeds by shell companies, accountants and real estate agents, the Financial Action Task Force (FATF) said in a report released Thursday. Overall, the United States had “robust” anti-money laundering efforts, scoring as highly effective at countering terrorism financing, said FATF, an international organization that sets global standards for fighting illicit finance. But the United States did not do enough to rein in corporate secrecy, presenting “serious gaps” in law enforcement efforts that leave the financial system “vulnerable” to dirty money, the report said. In its first evaluation of the United States in ten years, FATF scored Washington non-compliant – the lowest possible score – on its ability to determine the true owners of shell companies, sometimes used by money launderers to hide illegal proceeds. FATF also gave Washington a failing score for its minimal monitoring of non-financial industries sometimes used in money laundering, such as law firms and realtors, (via Reuters).


As 2016 comes to a close, Finra followed through on promises to increase AML focus, enforcement

Staying true to its Chairman’s message regarding its focus in 2016 on anti-money-laundering (“AML”) compliance, the Financial Industry Regulatory Authority (FINRA) just settled claims of inadequate AML controls with the investment arm of a major global bank for US$16.5 million.  This amount is over 17% of the entire amount FINRA assessed in fines in all 1,512 disciplinary actions in 2015 and reflects a remarkable trend of increasing penalties in this space.  As we wrote in April 2016 when noting the increased enforcement risks — particularly in the microcap trading arena — a similar AML case in April 2015 was settled for US$950,000, with another similar case in December 2015 settling for US$7.3 million. For updates and the lessons learned from this most recent case, please keep reading. The upward trend of the settlement amounts reflects the tendency for enforcement actions to become harsher as regulatory expectations become more clearly established.  Broker-dealers and other financial companies that fail to routinely maintain, audit, and upgrade their AML programs to address evolving high-risk threats — particularly when those threats are outlined in prior enforcement actions against other companies in the same line of business — are more likely to be the subject of significant enforcement actions with larger monetary penalties, (via the National Law Review).


As India deals with aftershocks of dropping, reintroducing big bills, authorities swarm dozens of banks on financial crime fears

Stepping up action to check financial crimes post demonetization, the ED today launched an “enquiry of records” operation at over 50 bank branches across the country to detect money laundering and hawala dealing instances through these channels. Officials said multiple teams of the Enforcement Directorate (ED) swooped early morning at over 50 branches of at least ten banks, both in the private and public sector, along with banking auditors to “scrutinize” transaction records and account statements, armed with vital inputs gathered from financial snoop agencies. They said ED teams have launched the operations at branches located in major cities like Delhi, Mumbai, Bengaluru, Hyderabad, Kolkata, Chennai and others based on records of transaction of these branches where the maximum amount of old notes have been deposited or huge cash has been deposited in bank accounts in one go or in a staggered fashion giving rise to suspicion of suspect deposits, (The Press Trust of India, via the Business Standard).


Europol mock cyberattack helps retailers, merchants and banks react, respond and recover from hacks, denial of service disasters

On December 1, 2016, Europol’s European Cybercrime Centre (EC3) hosted a Mock Retail Cyber Hack exercise in cooperation with MasterCard, intended to simulate a cyber-attack on European merchants. Held at Europol’s headquarters in The Hague, the event focused on providing first-hand experience to merchant customers and their acquirers in order to understand the steps to follow in case of a cyber-attack and to raise awareness of the issue and proffer best practices to the sector writ large.  The initiative brought together representatives from law enforcement, the retail industry, banking sector, forensic investigation field, Dutch Electronic Crimes Task Force (ECTF) and Dutch Computer Emergency Response Team (CERT). Through this training, participants learned what their particular role is and who can provide assistance and advice in case a cyber hack occurs. In addition, the simulation revealed how to deal with threats such as infiltration to the payment system or denial of service (DoS) attacks. Since cybercriminals are increasingly targeting European merchants, thus triggering significant financial losses to the industry, Europol’s EC3 group initiated the exercise to aid in familiarizing the affected parties with all the actors involved at each step of the investigation, both preventative, reactive and restorative measures to prevent a total digital collapse of the e-commerce environment, (via Europol).

Law enforcement from 40 countries come crashing down on “Avalanche” cyber gang

An operation by 40 countries shut down a cybercrime network that used malware to steal hundreds of millions of dollars from email users around the world, law enforcement agencies announced Thursday. The network, known as Avalanche, had since at least 2010 bombarded users in over 180 countries with emails that contained malicious attachments and links. The operation involved the arrest on Wednesday of five people and searches on 37 locations. At least 39 servers involved in the network were seized and over 800,000 domains were seized, blocked or “sinkholed” – meaning that traffic was redirected to law enforcement servers. Wednesday’s coordinated shutdown follows a four-year investigation started in Germany. The network used as many as 500,000 infected computers per day in its botnet, in which computers are under the control of malware, (via the OCCRP).

Corporate transparency

Divorce battle with wealthy husband yields insight into vast offshore financial system

When a wealthy businessman set out to divorce his wife, their fortune vanished. The quest to find it would reveal the depths of an offshore financial system bigger than the U.S. economy. A few weeks after she realized her husband was finally leaving her, Sarah Pursglove flew down to the Bahamas to figure out how much money he really had. Like many women married to very wealthy men, she didn’t know much about the family accounts. Her husband, a Finnish entrepreneur named Robert Oesterlund, had sworn to a Canadian court that his immediately calculable “net family property” totaled just a few million dollars. Pursglove was skeptical. She could come up with several family purchases worth more than that off the top of her head. There was the 165-foot yacht, Déjà Vu — that cost a few million dollars a year just to keep on the water. There was the $30 million penthouse at the Toronto Four Seasons, which was still being renovated. It wasn’t their only home. The Déjà Vu wasn’t even their only yacht. She ended up finding accounting statements saying her soon to be ex was worth some $300 million, but the funds were strewn through a maze of offshore shell companies with nebulous ownership structures that she believed her husband controlled, but had few ways to prove it, (via The New York Times).


Few large multinationals screen for corruption risks tied to third-parties, contractors, says new report

Using third parties is one of the biggest bribery and corruption risks facing compliance teams today. As companies continue to increase their use of third parties year on year, regulators and enforcement agencies have sharpened their focus on the duties of corporations to prevent bribery and corruption by their third parties. In fact, the vast majority of the top ten Foreign Corrupt Practices Act enforcement actions in the U.S. have involved bribery by a third party, according to a new report, noting that nearly 50 percent of multinationals surveyed have failed to carry out basic corruption checks on third-party contractors before engaging in jobs with these individuals and operations. This is the second in a series of reports looking into bribery and corruption trends arising from interviews with over 600 chief compliance officers, heads of legal and equivalent at the world’s largest organizations with revenues of more than $350 million, (via Hogan Lovells).

Credit Unions

Fears of de-risked entities filtering down to smaller banks, credit unions drive US Treasury AML push

The end-of-summer proposal by FinCEN to remove the anti-money laundering exemption for smaller financial institutions, including privately insured credit unions, private banks and certain trust companies, first begs the question: Why are regulators proposing to include all banks, without exceptions, despite the obvious regulatory burden? While midsize and small institutions are important to any regional or local economy, the level of risk exposure on a macro level, when it comes to money laundering and terrorist financing, has not been considered as high as that of the larger banks. Recently, though, regulators have been seeing that through the large scale de-risking activities that large banks have been conducting, some customers of these institutions—who either are high-risk or lack a proper way for banks to assess their risk—were ousted from these bigger institutions, pushing them downstream to smaller institutions, which have not yet made the investment necessary to give them the level of controls that large institutions have already adopted. I believe this is the source of these recent proposals, (via Credit Union Journal).


South Korea, Taiwan beef up AML rules, hoping to appease finicky FATF

Taiwan and South Korea are beefing up their anti-money-laundering legal regimes ahead of expected evaluations by an international standards-setting body, experts say. Both Taiwan and South Korea said last week they planned to update their rules in line with recommendations issued by the Financial Action Task Force, a Paris-based body that assesses countries on their legal frameworks and issues standards on anti-money laundering and terrorism financing. Countries that fail to implement FATF’s standards run the risk of being labeled as high-risk or uncooperative jurisdictions, making it more costly and difficult for them to transact with the banking systems of FATF member states. Among other things, banks in Taiwan will have to establish, as of April next year, their own anti-money-laundering departments, according to a local media report. South Korea, for its part, will require lawyers, accountants, real-estate brokers and other non-financial professionals to comply with the existing national anti-money-laundering regime, local media reported last week, (via the Wall Street Journal).


In US fintech first, OCC to start granting licenses to financial technology companies, but firms can’t shirk brick-and-mortar banking laws

Firms offering online loans, smartphone payments and other financial-technology products would get new flexibility to expand and further shake up the U.S. banking industry under a proposed new federal policy. A top regulator said Friday that his agency would for the first time start granting banking licenses to “fintech” firms, giving them greater freedom to operate across the country without seeking state-by-state permission or joining with brick-and-mortar banks. The move could open the door to more competition between the old and new financial firms, and provide a bigger opening for some large tech companies to consider new ways to offer digital payments or other services. The announcement by Thomas Curry, head of the Office of the Comptroller of the Currency, was a significant move by regulators struggling to strike a balance between encouraging innovation while extending traditional protections to new financial products that have boomed since the financial crisis, (via the Wall Street Journal).


Finra hits Credit Suisse U.S. securities unit with $16.5 million AML penalty for lax systems, missing data

The Financial Industry Regulatory Authority said on Monday it has fined Credit Suisse’s U.S.-based securities business $16.5 million for ineffective anti-money laundering programs. Finra, the securities industry self-regulator, found that Credit Suisse Securities (USA) LLC relied on its brokers to identify and report suspicious trading, which did not always happen. Finra also found the effectiveness of its automated system used to monitor suspicious transactions was impeded because many of the data feeds were missing information. Finra was careful to say it did not find that Credit Suisse or any employees committed fraud or deceptive acts, (via Reuters).