Fincrime Briefing: Congress scrutinizes Deutsche Bank on AML, fines fuel EU de-risking, malware hijacks crypto blockchain, and more

By Brian Monroe
bmonroe@acfcs.org
September 9, 2019

Quote of the Day: “Let us make our future now, and let us make our dreams tomorrow’s reality.” – Malala Yousafzai

In today’s ACFCS Fincrime Briefing, Congress grills Deutsche Bank on anti-money laundering, counter-corruption controls, flurry of EU bank AML fines prompts new wave of de-risking, virulent malware strain hijacks blockchain to resist attacks, and more. 

Please enjoy this unlocked story, part of the many benefits of being an ACFCS member.

Want to talk about industry trends, story ideas or get published? Feel free to reach out to ACFCS Vice President of Content Brian Monroe at the email address above. Now, on to more sweet sweet content! 

Compliance

 U.S. congressional probe finds possible lapses in Deutsche Bank controls – sources

U.S. congressional investigators have identified possible failures in Deutsche Bank AG’s money laundering controls in its dealings with Russian oligarchs, after the lender handed over a trove of transaction records, emails and other documents, three people familiar with the matter said.

The congressional inquiry found instances where Deutsche Bank staff in the United States and elsewhere flagged concerns about new Russian clients and transactions involving existing ones, but were ignored by managers, two of the people said. 

Lawmakers are also examining whether Deutsche Bank facilitated the funneling of illegal funds into the United States as a correspondent bank, where it processes transactions for others, one of the sources said.

The Democrat-controlled House began examining possible money laundering in U.S. property deals involving President Donald Trump, a Republican, earlier this year. The lawmakers are also looking into whether Trump’s dealings left him subject to the influence of foreign individuals or governments.

Deutsche Bank has been drawn into the inquiry as Trump’s biggest lender and submitted documents to investigators in response to a subpoena.

In 2017, Deutsche Bank agreed to pay regulators in the United States and Britain $630 million in fines for organizing $10 billion in sham trades that could have been used to launder money out of Russia. 

Two of the sources said that the preliminary findings of the congressional investigators may have some overlap with that case but also include lapses unrelated to that matter.

New evidence thrown up by the congressional probe could feed into further investigations by other authorities, regulatory experts said.

If evidence of wrongdoing is found, it could also harm the bank’s efforts to strengthen its relationships with U.S. regulators and deter investors concerned about the possibility of future regulatory sanctions. Deutsche Bank’s shares hit an all-time low last month, (via Reuters).

Monroe’s Musings: This is just the latest report in a string of financial crime compliance issues at Deutsche Bank. 

The bank in recent years has been beset by regulatory and investigative probes related to a host of anti-money laundering (AML) and other failings, with the operation just weeks ago paying the U.S. Securities Exchange Commission more than $16 million for corruption failings. 

It’s vital the bank pull back and take an expansive, aggressive look at all areas of compliance in all areas of the world to look for pockets of non-compliance, even as it raises overall AML, counter-corruption and fraud teams. 

It faces a daunting task of running, reviewing and remediating financial crime compliance programs – all at the same time – without losing focus on the rising array of complex and nuanced risks coming through the day around the world each day. 

Enforcement

Bosnia: Three ex-Sberbank employees nabbed for money laundering

Authorities in Bosnia on Thursday arrested three former employees of Moscow-based Sberbank who are suspected of money laundering and have allegedly deprived the bank of more than one million Konvertible Marks – a failing that casts considerable doubt over the institution’s financial crime compliance program.

The State Investigation and Protection Agency (SIPA) said the three are suspected of “‘abuse of position and authority’ and of laundering BAM 1,094,626.30 (US$617,192.41), a further black mark against Russia’s largest bank, which has previously been accused of illicit dealings and helping corrupt Russian powerbrokers launder questionable funds.

The Sarajevo Cantonal Court and Prosecutor’s office ordered the arrest and the raid of three locations, with SIPA confiscating documents that could help investigators.

According to SIPA, from 2016 to March this year, the three used their personal bank accounts to make electronic purchases of foreign currencies according to exchange rates that were not valid on the dates the conversions were made.

Sberbank told OCCRP that the three were former employees of the Global Markets sector and that the bank fired them six months ago when it discovered the scheme and reported it to the authorities, (via the OCCRP).

Monroe’s Musings: The OCCRP has been on fire in recent years with its reporting on the complex, shadowy and shady world of financial crime in all of its tawdry forms, including corruption and fraud-tinged funds from Russia and the armies of professional services firms using every trick in book to keep owners hidden behind impenetrable shell companies. 

The group spearheaded seminal pieces unwrapping formerly opaque beneficial ownership bastions in the “Panama” and “Paradise Papers” pieces and gave vital insight on Russian money laundering schemes in the “Troika Laundromat,” which at its heart was enable by a Russian financial institution. 

So its no surprise OCCRP reporters have prioritized reporting on instances when Russian financial institutions have potential failings of AML compliance, including oversight of insiders using their authority to defraud the bank, customers and others. 

In short, Russia has a long way to go to prove that its financial institutions have brought up both their technical standards and effectiveness when it comes to AML oversight and that even Russian banks doing the best to identify and report in potentially illicit and corrupt entities are not overruled by regional regulators that are themselves firmly clenched in the grip of graft.

Money laundering

Money laundering scandals, uptick in penalties in Europe spark new risk retrenchment 

As Europe’s financial conduct authorities get tougher, banks will be even less likely to support trade between the EU and states that are small and poor – a further expansion on broad bank de-risking away from regions that could present more anti-money laundering risk than they are worth. 

Ever since the 2008 financial crisis, US financial misconduct fines have led the world. 

However, defenders of Europe’s more collegiate approach to tackling banks’ money-laundering shortcomings say US banks also lead the world for de-risking, shunning some of the globe’s poorest countries from access to the dollar system. 

Now a spate of money-laundering scandals is hardening the determination of European regulators to prove they are just as tough as their American equivalents – with recent penalties soaring into the hundreds of millions of dollars. 

And it will have the same effect of turning banks further away from fragile nations, and even charities in their home markets, if the profit is not big enough – particularly if a regulator fines a bank in a given region for not engaging in adequate anti-money laundering (AML) risk mitigation for certain clients, products or jurisdictions.   

“I’m not risking my license for a correspondent banking relationship that brings €100,000 in fees,” as one western European bank chief executive tells me. 

HSBC holds an indication of what is coming. It withdrew from about 20 countries and 100 business lines under Stuart Gulliver’s leadership in the early and mid-2010s, partly because of money-laundering risks, after a $1.3 billion deferred prosecution agreement in the US. 

“The easiest way to avoid financial crime is not to engage in risky business,” comments Colin Bell, HSBC’s chief compliance officer. 

More EU banks getting gun-shy on AML risk

Other European banks are heading the same way. 

Deutsche Bank could be at least five years behind HSBC in terms of its hold on financial crime issues, says one prominent figure in London’s anti-money laundering (AML) community. 

But even as Deutsche becomes more reliant on business such as German trade finance, a €200 billion Danske Bank scandal in Estonia will discourage it from dealings with poorer countries. 

At a European Parliament hearing this year over Deutsche’s role as the main correspondent bank to Danske in Estonia, according to Reuters, its head of anti-financial crime Stephan Wilken said the bank had already cut correspondent banking relationships by 40 percent since 2016 and had entirely shut off Moldova, for example. 

That is only likely to get worse. 

Commodity trade finance shrinking after flurry of fines

Dutch banks, too, gained a bigger share of commodity trade finance, which touches some of the world’s most volatile nations, due to BNP Paribas’s greater circumspection after a $9 billion sanctions-busting fine in 2014. 

Yet Dutch commitment to this product, and others like it, is in greater question after a record €775 million Dutch AML penalty against ING late last year, which has sparked more wariness about the issue at ABN Amro too. 

In France, after BNP Paribas, Société Générale – another big commodity trade finance bank – is facing more questions from jittery investors about its commercial banking network in eastern Europe and Africa. These are some of SocGen’s most profitable and fastest-growing businesses. 

During the past year, SocGen has exited all but the biggest Balkans except Romania. The choice of buyer, Hungary’s OTP, in part reflects money-laundering concerns at bigger western European banks. 

The new trend is most obvious in Scandinavia. 

Earlier this year, after the full scale of suspicious flows through Danske’s Estonian branch became clear, the bank said it was exiting operations across the Baltics and Russia, and not just in Estonia, as the local supervisor demanded. 

Nordea has made a similar move, again largely out of money-laundering concerns. During the past weeks, Danske has been reviewing its correspondent network, with a view to de-risk, (via Euromoney).

Monroe’s Musings: This is a story I knew was coming to come out at some point – it was just a matter of time. 

In recent years, any time U.S. regulators and investigators heavily sanctioned a large domestic or foreign bank for AML failings – whether they are tied to certain countries, customers or products, like correspondent banking – these operations did some major soul-searching. 

In short, they engaged in a major recalibration of AML risk in a bid to prove to regulators they have both strengthened overall financial crime compliance defenses while at the same time pulling away from the riskiest regions or entities. 

In essence, they are reducing the throughput of higher risk funds to give a buffer to devote more resources to current customers and regions while remediating and rooting out past failings. 

The problem is that these jurisdictions will still want to move money and may turn to money remitters with weaker AML standards – or even enlisting the criminal element. 

That means millions or even billions of dollars may move around the globe without being scrutinized by banks and reported to authorities in customer transactions or suspicious activity reports. It also means a black hole of missed investigative intelligence. 

One of the most challenging current dynamics in the global AML game is finding the right balance between regulatory oversight and enforcement and bank fincrime compliance programs and effectiveness. 

At issue is examiners properly nudging profit-focused financial institutions with the right amount of force to create timely, rich and relevant intelligence for law enforcement – rather than just going through the motions to check boxes – while these selfsame investigative agencies close the validation loop by providing detailed feedback to banks on what they are doing right to close cases and what criminals are doing to game the system. 

Cybersecurity/Cryptocurrency

Security researchers issue warning after malware hijacks Bitcoin Blockchain

A new strain of the Glupteba malware has hijacked Bitcoin’s blockchain, using the network to resist attacks, cyber security researchers have warned, a further stark example of the creativity of criminal groups and overlaying of multiple attack tactics – a trend requiring an equally aggressive, convergent holistic response.

The malware uses the bitcoin blockchain to update, meaning it can continue running even if a device’s antivirus software blocks its connection to servers run by the hackers, security intelligence blog Trend Micro reported.

The Glupteba malware, first discovered in December 2018, is distributed through advertising designed to spread viruses through script and can steal an infected devices’ browsing history, website cookies, and account names and passwords with this particular variant found to be targeting file-sharing websites.

However, according to researchers, the new version of the malware can also mine the privacy-specialized monero cryptocurrency and threaten the security of Instagram users’ accounts.

The malware uses the Electrum bitcoin wallet to send bitcoin transactions that the attackers use to gain access to systems.

“This technique makes it more convenient for the threat actor to replace command and control servers,” Trend Micro researchers wrote. A command and control server is the centralized computer that issues commands to an infected network of devices.

“If they lose control of a command and control server for any reason, they simply need to add a new bitcoin script and the infected machines obtain a new command and control server by decrypting the script data and reconnecting,” (via Forbes).

Monroe’s Musings: This is yet another story showing the creativity and criminals and melding of several illicit tactics to puncture systems and pilfer anything of value, with this group weaving together cyber attacking, hacking, targeting and stealing crypto coin details or purloining mining resources and further attempting to ride the rails of the immutable blockchain. 

This should be a further clarion call for banks and corporates to similarly create compliance and cyber defenses that are convergent, holistic and teach teams in the AML function and rank and file employees outside of it to be as aggressive with cyber hygiene as with scrutinizing and reporting on the broader landscape of ever-ebbing and flowing fincrime risks.