“The past cannot be changed. The future is yet in your power.” – Unknown

In today’s briefing, global financial crime compliance fines soar past $8 billion in 2019, a FinCEN staffer accused of leaking SARs takes a plea deal, Elliptic previews where crypto and compliance converge in 2020, court ruling supports banks in sanctions compliance, and more.

Please enjoy this unlocked story, part of the many benefits of being an ACFCS member.

Want to talk about industry trends, story ideas or get published? Feel free to reach out to ACFCS Vice President of Content Brian Monroe at the email address above. Now, on to more sweet sweet content!

More than $8 billion in AML fines handed out in 2019, with USA and UK leading the charge: analysis

Encompass has carried out an analysis of Anti-Money Laundering (AML) related penalties handed down between 1 January and 31 December 2019, revealing that, barring a massive $9 billion penalty in 2014, last year could have been a record at nearly double the overall actions and total penalty figure of the prior year.

Key observations:

• 58 AML penalties handed down globally in 2019, totaling $8.14bn
• This is double the amount, and nearly double the value, of penalties handed out in 2018, when 29 fines of $4.27bn were imposed
• Regulators in the USA were most active, handing out 25 penalties totaling $2.29bn
• UK followed with 12 fines totaling $388.4m
• Largest monetary fine was $5.1bn and originated from France
• Average monetary fine for 2019 was $145.33m
• 2019 was record year, in terms of number of penalties handed out (58), ahead of 2016 (47)
• Under half of penalties given out in 2019 were to banks (28 of 58), compared to two-thirds in 2018 (20 of 29)
• Penalties handed down by regulators across multiple jurisdictions beyond the USA and UK: these were Belgium, Bermuda, France, Germany, Hong Kong, India, Ireland, Latvia, Lithuania, the Netherlands, Norway and Tanzania

2014 still holds the record for the highest total value of fines at $10.89bn, but this includes an anomalously large penalty of $8.9bn. If this were to be removed, 2019 would take the lead.

Since 2015, annual AML penalty figures have been steadily rising each year. Multi-million dollar fines have been commonplace for a while, but we are now seeing more penalties of one billion dollars or over, with two in 2019 alone.

Historically, the majority of these fines have been given to banks, but this year the proportion was less than half, demonstrating that money laundering is now recognised as a general business issue, not just one that is specific to financial services.

Regulators in the gambling/gaming sector were particularly active in 2019, handing out five fines, all of which were well over $1 million and the highest being $7.2 million. Interestingly, four of these were in the UK, demonstrating a crackdown here.

The USA continues to lead the way, having handed out the most penalties this year at 25 – more than twice the amount of the UK, the country in second place.

Given that these two countries have transparent regulatory cultures and active regulatory bodies, we expect we shall continue to see the largest number of fines originate from here, but we are seeing activity from increasing numbers of jurisdictions as time goes on.

For example, in 2019, penalties were handed out by 14 countries, compared to just three a decade ago in 2009.

We are not expecting the spotlight on money laundering to dim.

The continued and increased focus on this area highlights the severity with which it is viewed at a global level, which is not surprising given the negative economic and societal repercussions it can have.

As we head into 2020, we shall continue to monitor and analyse AML penalty data with interest to see how it evolves, (via Encompass).

Monroe’s Musings: This was an interesting piece revealing that the pressure on banks to bolster AML programs or face harsh consequences isn’t going away anytime soon.  

Treasury official pleads guilty to leaking financial documents

A senior Treasury Department official pleaded guilty on Monday to leaking confidential financial reports, after being charged with disclosing information related to Russia and President Donald Trump’s associates.

Natalie Mayflower Sours Edwards, a senior adviser at Treasury’s Financial Crimes Enforcement Network, entered the guilty plea to one count of conspiracy in federal court in Manhattan.

She admitted to leaking suspicious-activity reports, which financial institutions file to flag questionable transactions.

Edwards was arrested in 2018 and accused of providing information for articles in BuzzFeed News, including reports concerning the financial transactions of Trump’s former campaign chairman Paul Manafort. She initially pleaded not guilty to the charges.

Her attorney, Marc Agnifilo, said she had the best of intentions in disclosing the information to BuzzFeed. Other information related to Manafort’s former associate Rick Gates, the Russian Embassy and Maria Butina, the Russian gun rights activist who admitted being an agent for the Kremlin and received an 18-months prison sentence.

“She was of the view that certain critical facts weren’t being handled the right way by the government agencies whose responsibility it was to handle these things,” Agnifilo said of Edwards. “She went to the media and said if I can’t trust the government officials to handle this, I think I can trust the media to handle this and bring this to the attention of the American people.”

Edwards, 41, who lives in Virginia, could face a maximum sentence of up to five years in prison. She agreed in a plea deal not to challenge a sentence of zero to six months. Her attorney said she would argue for no prison time.

She’s scheduled to be sentenced on June 9 by U.S. District Court Judge Gregory Woods.

Edwards declined to say she knew what she did was wrong, and suggested she believed she was acting as a whistleblower. Her statements briefly delayed the plea hearing, until she ultimately said she knew she was not legally allowed to release the information.

Her attorneys said they concluded that her motivations would not provide a viable defense under the law and that it was best to plead guilty.

Edwards plans to speak out about her actions at her sentencing, Agnifilo said.

He said she had been in touch with congressional subcommittees about the information she found before going to the media, but declined to say whether she sought whistleblower status. She was joined in court by her family, including her teenage daughter, (via Politico).

Monroe’s Musings: ACFCS covered the story when it broke in late 2018. Here is what we highlighted.

It was no surprise someone — in this case Edwards — made the connection that if there were incriminating details to be had in the Russia probe, they could be buried somewhere in the terabytes upon terabytes of data housed in FinCEN’s AML database.

FinCEN is the main repository for this information, which allows bureau analysts to engage in proactive investigations to uncover large-scale criminal trends, details then shared with banks and other government agencies with purview over crushing criminal and terror networks and defending the nation against foreign and domestic threats.

Beyond FinCEN sharing the results of its own database analyses, all of the major U.S. federal investigative agencies, and many state and local police forces, have remote access to the FinCEN database directly to query for details to form the foundation of a case or attempt to break new ground in current investigations related to companies, individuals, regions and more.

Moreover, while several government agents in recent years – typically those involved in national security – have been arrested and sentenced for improperly handling classified information, for a FinCEN analyst to be sanctioned for mining the database to allegedly get dirt on political foes, then steal the data itself, possibly targeting even the current U.S. president, is exceedingly rare.

But for those in AML compliance and investigative circles, this situation – along with a few others – was always a “worst case scenario” waiting to happen.

In conferences and conversations, whenever the subject of FinCEN, SARs and CTRs came up, one professional would invariably turn to another and say, “Wow, I wonder what would happen if some analyst or investigator had an agenda or ax to grind, and just decided to ping the database for themselves to find skeletons in the closet of a cross-party adversary, ex-boss or ex-wife.”

The response was always the same: whoever ever did something like that could, and likely would, find confidential information that could seriously tarnish the reputation of a captain of industry or political powerbroker – the information in the FinCEN database is that powerful.

Beyond that, while a terrible breach of trust, the law and shaking of the confidential foundations the whole of the AML compliance world is built on, illicit use of the data by a jaded employee is actually one of the milder of the nightmare scenarios that could befall FinCEN and its coveted database.

What’s worse?

Here are two other situations FinCEN is doing its best to guard against: what would happen if a criminal hacker, through stealing the login credentials of a database user or abusing a software vulnerability, gained access to the database and downloaded all or some of the information?

They could then sell those details to the highest bidder among a cabal of illicit groups so that criminal groups could know what every bank has on them, and potentially every past or current government investigation – crippling who knows how many ongoing cases.

But even as bad as that could be, there is one involving FinCEN that would likely be considered the most feared of all: what if a hacker gained access to the database itself and rather than trying to steal or download it, introduced a virus or other insidious piece of malware that destroyed some or all of the data altogether.

Such move would broadly hamstring many domestic and international, complex financial crime cases, which rely on details in the FinCEN database to initiate and strengthen cases and pull together seemingly disparate sources of information to crack the diffuse, hidden trails of savvy organized criminal groups who are actively trying to mask their touchpoints with the formal financial system.

Elliptic’s AML Predictions For 2020: Crypto Regulation Will Reach New Frontiers With These Five Crypto Trends

2019 was a milestone year for anti-money laundering (AML) regulation in the crypto space. 

From the Financial Action Task Force’s (FATF) crypto guidance to crypto consultations and regulators warning about compliance, 2019 made clear that crypto regulation is here to stay.  

We predict last year was just the start, and that 2020 will see crypto regulation expand to new frontiers.

In this post, we predict five regulatory trends that will dominate the crypto scene in 2020.

1. Regulators Will Demand That Banks Tackle Crypto Risks

While an increasing number of banks are embracing crypto, many have attempted to de-risk the sector.

The FATF’s 2019 guidance made clear that de-risking is not sustainable. As the crypto-sphere grows, avoiding crypto exposure is impractical. The FATF, therefore, called on local regulators to require that banks implement a risk-based approach that allows them to identify, evaluate, and manage crypto-related risks.

In December, Hong Kong issued guidance calling on banks to take a risk-based approach to the crypto sector, while the head of the US Financial Crimes Enforcement Network (FINCEN) said banks need “to ask themselves whether they are reporting [virtual currency-related] suspicious activity. If the answer is no, they need to reevaluate whether their institutions are exposed to cryptocurrency.”

We predict 2020 will see more regulators around the world take steps to address the need for banks to proactively manage crypto risk exposure similar to what we saw in Hong Kong.

Banks that are proactively implementing systems to identify their crypto risk exposure will position themselves to engage with the crypto sector with confidence while addressing regulators’ expectations.

2. The APAC Region Will See Greater Regulatory Clarity, But Also More Enforcement

Across 2018 and 2019, the APAC region was a mix of rapidly evolving and sometimes unclear regulatory requirements.

2020 will see greater regulatory clarity come to the APAC region, as countries implement the FATF’s crypto guidance.

From Singapore’s planned launch of its crypto regulatory framework in January, to Japan’s planned spring regulatory update and South Korea’s impending passage of its own measures, 2020 will see greater regulatory clarity across the APAC region that would enable the launch of safe and trusted crypto services to consumers and investors.

However, this clarity brings challenges. As regulatory frameworks emerge across APAC, the crypto industry can expect these to be matched with increased enforcement. Companies that fail to comply will face more frequent and larger fines, penalties, and potential license revocations.

Crypto businesses in the APAC region must take proactive steps now to prepare for the tightening scrutiny ahead.

3. Despite Concerns, Libra and Other Stablecoins Will Gain the Confidence of Regulators

Facebook’s planned Libra project may be the biggest crypto story of 2020. It has certainly caused regulators to voice concerns, and focus attention on stablecoin-related risks more broadly.

Despite these worries, we predict that 2020 will see Libra and other major stablecoin projects gain the confidence of regulators. As regulators learn that the financial crime risks of Libra and other stablecoins can be managed using techniques like blockchain analytics, they will provide clearer guidance to the market on regulatory requirements to ensure that stablecoin projects can be launched in more parts of the world, in a safe and trusted manner.  

This will not mean that crypto compliance teams have a free pass. Rather, crypto businesses will still need to make sure that they have the ability to monitor and assess financial crime risks related to any stablecoins listed on their platforms.

But with greater regulatory comfort and clarity around stablecoins, we expect to see this exciting new asset class grow. Click the link to read the full report, (via Elliptic).

Monroe’s Musings: I really enjoyed reading this outlook and agree with its conclusions about the coming year when it comes to the convergence of crypto and compliance.

With the recent global guidelines by FATF, regulators, particularly those in large regions, will be forced to better understand the crypto exchanges and other virtual asset service providers in and flowing through their borders.

One other area that is an aftershock of this movement will be that large international banks are likely to also feel more pressure to review their formal connections to crypto exchanges and screen their customers for ties to exchanges they didn’t know about.

Rotenberg loses sanctions suit against Nordic banks

Boris Rotenberg, a Russian businessman under U.S. sanctions over the Ukraine conflict due to his close ties with President Vladimir Putin, on Monday lost a discrimination lawsuit he filed in a Finnish court against four Nordic banks.

“Helsinki District Court has rejected Boris Rotenberg’s complaint over the right to banking services and damages for discrimination,” the court said in a statement.

Rotenberg, who also holds Finnish citizenship, accused Nordea, Danske Bank, Handelsbanken and OP Bank of refusing to allow him to make payments and of violating his right to equal treatment as an EU citizen.

The court said Rotenberg had failed to prove he was a person living in the European Economic Area and therefore he was not entitled to basic banking services in Finland.

It also ruled the banks’ concerns of significant financial risks related to Rotenberg’s transactions were not unfounded.

The court ordered Rotenberg to pay the banks’ legal expenses, amounting to around 530,000 euros ($589,360).

U.S. SANCTIONS

Rotenberg is not subject to EU sanctions over Russia’s role in Ukraine but European banks must comply with the U.S. sanctions in order to do business with U.S. banks.

The United States and the EU imposed sanctions on Russia after it annexed Crimea from Ukraine in 2014 and increased them after Moscow backed rebels fighting government troops in eastern Ukraine.

Rotenberg and his brother Arkady are long-time friends of Putin and Washington considers both of them members of the president’s “inner circle”.

In his lawsuit, Rotenberg complained he has been unable to fulfil his legal obligations in Finland after the banks refused to transmit payments of his ordinary invoices, including a traffic tax payment worth just 18.60 euros.

“A systematic choice was made in drafting the EU sanctions lists that no EU citizens would be included in the lists, even if they had been flagged by the U.S. presidential administration on their (…) list,” he wrote in the complaint, which was filed at Helsinki District Court in October 2018.

Nordea in an emailed statement to Reuters said it was complying with all laws and regulations and added: “We appreciate the clarity that the District Court has provided in its thoroughly grounded decision.”

Handelsbanken told Reuters: “The statement of judgment reflects Handelsbanken’s view of the matter and we are pleased with the outcome.:

A bank spokesman said: “Danske Bank takes anti-money laundering and the sanctions related to it very seriously and has taken significant action to ensure our operations comply with regulation.”

Russian oligarchs and companies have tried to challenge sanctions in different courts since they were imposed starting in 2014 following Russia’s annexation of Crimea.

In one of the most prominent cases Russian tycoon Oleg Deripaska sued the United States last year, alleging that it had overstepped its legal bounds in imposing sanctions on him, (via Reuters).

Monroe’s Musings: This case was actually a much bigger deal than many realized, as if the court ruled for Rotenberg, it would have given leverage and legal momentum for others on EU and U.S. sanctions lists to challenge the designations.

It could have also, as in this case, opened up more large, international banks to the risk of lawsuits when they simply decided to either follow a certain sanctions list or choose not to bank an individual or entity due to actual or perceived AML risks.

So, in a sense, many large banks are breathing a bit easier tonight knowing they won’t be placed between the proverbial rock and a hard place: bank someone they really aren’t comfortable banking or say no and get sued.