Back to All Articles

Fincrime Briefing: FATF update – Laundering risks from ‘stablecoins,’ more AML pressure on Brazil, McKinsey tackles cyberrisk, Stanford Ponzi settlement, and more

The skinny:

In today’s ACFCS Fincrime Briefing, FATF details global money laundering risks from crypto ‘stablecoins,’ as watchdog puts more AML pressure on Brazil after fintel court debacle, McKinsey whitepaper tackles cyberrisk, Greenberg Traurig to pay $65 million in Stanford Ponzi settlement, and more.

Please enjoy this unlocked story, part of the many benefits of being an ACFCS member.

Want to talk about industry trends, story ideas or get published? Feel free to reach out to ACFCS Vice President of Content Brian Monroe at the email address above. Now, on to more sweet sweet content!

Lock Graphics


FATF Plenary Update: Potential money laundering risks from ‘stablecoins,’ more AML pressure on Brazil after court decision, Iceland subject to stronger monitoring, and more

The Paris-based Financial Action Task Force (FATF) released a slew of broad updates Friday after its latest plenary, including updated warnings tied to supposedly more stable cryptocurrencies, fresh criticism against Brazil’s counter-crime compliance initiatives after a judge made it harder to capture and share financial intelligence with law enforcement and teeing up Iceland for enhanced fincrime monitoring.

The plenary is the first under FATF President Xiangmin Liu of the People’s Republic of China. During this three-day meeting, more than 800 delegates representing 205 jurisdictions and international organizations analyzing some of the biggest challenges for stakeholders in the field, including compliance officers, regulators, investigators and watchdog groups.  

Here are some of the key updates:

Major Strategic Initiatives

  • Money laundering risk from “stablecoins” and other emerging assets: Emerging assets such as so-called “stablecoins,” and their proposed global networks and platforms, could potentially cause a shift in the virtual asset ecosystem and have implications for money laundering and terrorist financing risks.
  • Stable or not, subject to AML rules: In general terms, both “stablecoins” and their service providers would be subject to the FATF standards either as virtual assets and virtual asset service providers or as traditional financial assets and their service providers, thus tripping anti-money laundering (AML) and related travel rules.

Mutual Evaluations and Follow-up:

  • Mutual evaluation of the Russian Federation and Turkey
  • Follow-up assessments of Norway and Spain: Both countries achieved effectiveness re-ratings: Norway has strengthened its understanding of the money laundering and terrorist financing risks it faces and developed a strategy to effectively address these risks. Norway is making better use of financial intelligence and has improved its ability to freeze assets linked to the financing of weapons of mass destruction.
  • Spain improves on money transmitter oversight, WMDs: Spain has taken action to ensure that money value transfer services and trusts are implementing measures to prevent their misuse for crime and terror financing and has established a more effective coordination mechanism to ensure that assets linked to proliferation of weapons of mass destruction are frozen.
  • Follow-up reports for the mutual evaluations of Denmark, Ireland and Singapore in which all countries achieved technical compliance re-ratings: Ireland moved from enhanced to regular follow-up process.
  • Brazilian fintel court setback: Brazil’s actions addressing the deficiencies identified in its 2010 mutual evaluation report and FATF concerns about a recent court decision regarding the use of financial intelligence: FATF expresses its serious concerns regarding Brazil’s ability to comply with international AML standards resulting from the limitation placed by a recent provisional injunction issued by one judge of the Brazilian Supreme Court on the use of financial intelligence in criminal investigations. The FATF is also concerned that the court decision is impacting Brazil’s FIU to share information with law enforcement authorities.

Identifying jurisdictions with strategic AML/CFT deficiencies:

o Jurisdictions no longer subject to monitoring: Ethiopia, Sri Lanka and Tunisia
o New jurisdictions subject to monitoring: Iceland, Mongolia and Zimbabwe


  • o Pakistan’s actions in addressing deficiencies in its AML/CFT system: To date, Pakistan has only largely addressed five of 27 action items, with varying levels of progress made on the rest of the action plan. The FATF strongly urges Pakistan to swiftly complete its full action plan by February 2020.
  • o Harsher blacklisting ahead? Otherwise, should significant and sustainable progress not be made across the full range of its action plan by the next Plenary, the FATF will take action, which could include the FATF calling on its members and urging all jurisdictions to advise their FIs to give special attention to business relations and transactions with Pakistan


o Monitoring Iran’s actions to address deficiencies in its AML/CFT system: If before February 2020, Iran does not enact the Palermo and Terrorist Financing Conventions in line with the FATF Standards, then the FATF will fully lift the suspension of counter-measures and call on its members and urge all jurisdictions to apply effective counter-measures, in line with recommendation 19, (via FATF).


The risk-based approach to cybersecurity: As regulators challenge companies on cyber resilience, firms must identify biggest gaps, overlay defenses, overcome human error

Top managers at most companies recognize cyberrisk as an essential topic on their agendas. Worldwide, boards and executive leaders want to know how well cyberrisk is being managed in their organizations – but adequately and accurately identifying cyber risks, threats, defenses, resilience and recovery efforts and implementing them in terms of systems, humans and processes is easier said than done.

In more advanced regions and sectors, leaders demand, given years of significant cybersecurity investment, that programs also prove their value in risk-reducing terms.

Regulators are challenging the levels of enterprise resilience that companies claim to have attained. And nearly everyone—business executives, regulators, customers, and the general public—agrees that cyberrisk is serious and calls for constant attention.

In short, that to decrease enterprise risk, leaders must identify and focus on the elements of cyberrisk to target.

More specifically, the many components of cyberrisk must be understood and prioritized for enterprise cybersecurity efforts. While this approach to cybersecurity is complex, best practices for achieving it are emerging.

To understand the approach, a few definitions are in order. First, our perspective is that cyberrisk is “only” another kind of operational risk.

That is, cyberrisk refers to the potential for business losses of all kinds—financial, reputational, operational, productivity related, and regulatory related—in the digital domain. Cyberrisk can also cause losses in the physical domain, such as damage to operational equipment. But it is important to stress that cyberrisk is a form of business risk.

Furthermore, cyberrisks are not the same as cyberthreats, which are the particular dangers that create the potential for cyberrisk. Threats include privilege escalation, vulnerability exploitation, or phishing.

Cyberthreats exist in the context of enterprise cyberrisk as potential avenues for loss of confidentiality, integrity, and availability of digital assets. By extension, the risk impact of cyberthreats includes fraud, financial crime, data loss, or loss of system availability, (via McKinsey).

Monroe’s Musings: McKinsey, not surprising due to its thought leadership cache in so many nuanced corporate and financial risk areas, has been killing it lately with whitepapers in the area of financial crime, with a recent piece touting the virtues of AML, fraud and cyber convergence – interestingly the very mission ACFCS is founded.

This whitepaper on cyber risk is powerful, precise and polished piece that cuts through the jargon of the cyber attack and defense realms to yield what could be a truly transformative way to more effectively and holistically surveil the full landscape of virtual risks at an institution and systematically shore up those vulnerabilities in the real and digital worlds.

Money laundering

DOJ indicts three in novel new money laundering method using CUBS – Chinese Underground Banking System, pairing Mexican traffickers, Chinese nationals

The U.S. Department of Justice (DOJ) for the District of Oregon has indicted three people for their roles in a complex scheme to launder nearly $30 million in illicit drug proceeds by transferring bulk cash from Mexican drug trafficking organizations to Chinese nationals residing in the U.S. – an underground banking system that should be on the radar of fincrime compliance professionals.

Shefeng Su, 39, Xinhua Li Yan, 39, and Xiancong Su, 46, are each charged with conspiracy to commit money laundering. Shefeng Su and Li Yan were residents of Portland during the timeframe alleged in the indictment. The group allegedly laundered roughly $29 million between October 2015 and March 2018.

According to the indictment, the defendants’ money laundering scheme was designed to remedy two separate problems: drug trafficking organizations’ inability to repatriate drug proceeds into the Mexican banking system and wealthy Chinese nationals restricted by China’s capital flight laws from transferring large sums of money held in Chinese bank accounts for use abroad.

The first group, drug traffickers, are challenged by their inability to transport U.S. currency acquired from the sale of illegal narcotics in the U.S. to Mexico while avoiding detection by law enforcement and Mexican banking regulators.

Mexico’s anti-money laundering (AML) regulations limit the amount of cash deposits of U.S. dollars that Mexican financial institutions can receive.

As a result, drug trafficking organizations work with professional money launderers to bundle and sell bulk U.S. dollars in order to convert them to pesos, a more readily depositable currency in Mexico.

The second group, Chinese nationals living outside China, are challenged by China’s limit on the amount of personal funds that can be transferred out of Chinese bank accounts for use in a foreign country. Currently, China limits these transfers to $50,000 per year. As a result, some Chinese nationals have a need to acquire large quantities of U.S. dollars via other means.

The defendants’ scheme facilitated the transfer of cash between these two groups. Their money laundering organization would facilitate the transfer of funds from the buyer’s Chinese bank account to another Chinese bank account held by the money laundering organization.

Once the Chinese renminbi (RMB) were transferred between these bank accounts, the funds were repatriated back to Mexico and converted to pesos to complete the money laundering cycle. This scheme has been described by some as the “Chinese Underground Banking System,” (via DOJ).

Monroe’s Musings: Going to borrow some insight from AML’s modern day muse and prophet, Jim Richards, in a LinkedIn posting you can read here.

And thus he spaketh: US – 1, CUBS – 0. A new era in cross border money laundering!

This is a fascinating case: professional money launderers have gone from solving one problem (repatriating drug proceeds) between two countries (the US and Mexico) using the traditional BMPE (Black Market Peso Exchange), to solving two problems (evading Chinese currency restrictions and repatriating drug proceeds) across three borders (US, Mexico, and China) using what the US Attorney in Oregon is calling CUBS (Chinese Underground Banking System).

The indictment provides some great details. See US v Shefeng Su et al, DC Oregon, 19CR00190. Kudos to the DEA and IRS-CI, along with the Oregon US Attorney’s Office, for unraveling and indicting a complex case.


Greenberg Traurig agrees to pay $65 million to settle Stanford receiver Ponzi lawsuit

Greenberg Traurig has agreed to pay $65 million to victims of an estimated $7 billion Ponzi scheme who said the law firm helped the now-convicted swindler Allen Stanford perpetrate his fraud, a surprise settlement after recent legal wins had favored the storied law firm.

The court-appointed receiver, the Official Stanford Investors Committee, and individual investors who purchased fraudulent certificates of deposit issued by Stanford asked in a filing late Thursday for a federal court in Dallas, Texas to approve the settlement.

In February of this year, history hit an ignoble monetary moment: It was 10 years after the second biggest investor fraud in U.S. history. And worse, victims of the $8 billion Ponzi scheme run by disgraced financier R. Allen Stanford had recovered practically nothing, court records show.

That’s in stark contrast to the substantial recoveries on behalf of victims of the Bernard Madoff scam, which became public two months earlier, who have received billions of dollars clawed back from public and private efforts.

The difference has enraged Stanford’s victims — many of whom were retirees who had been sold “safe” investments — and has some lawmakers still calling for reforms.

One of the major court battles has been in Texas, where judges have ruled in some cases against the receiver, who had argued that Greenberg actively participated in Stanford’s fraud and should be on the hook for potentially billions in repayment to victims.

In one of the most recent rulings before this reported settlement, a federal appeals court ruled in April that Greenberg Traurig is immune from liability in the lawsuit by investors who lost money in the Ponzi scheme perpetrated by Stanford, a Greenberg client.

The 5th U.S. Circuit Court of Appeals at New Orleans ruled that the law firm is immune under Texas law for its former lawyer’s representation of Texas billionaire R. Allen Stanford, according to the American Lawyer.

Under Texas law, a lawyer is immune from civil suits brought by nonclients for conduct that happened within the scope of the attorney’s representation of a client, the 5th Circuit said, (via Reuters) and (CNBC) and (ABA Journal).

Monroe’s Musings: These Ponzi schemes, while horrendous for victims, also came with financial crime compliance tethers for many of the banks involved, which in some cases faced direct investor lawsuits and regulatory enforcement actions and penalties based on what their AML programs missed related to these historic and other smaller frauds.

In a story I covered on this subject related to the South Florida Scott Rothstein $1.2 billion Ponzi scheme, he deliberately attempted to evade an AML compliance officer who was pressuring a bank officer he was bribing.

In court depositions later, when he was singing like a canary, he stated the AML officer was a “bulldog” and she wouldn’t let him skate on weak details and due diligence about his soon to fall house of cards.

This heroic figure of fincrime lore was one of the unassailable forces for good that eventually led to the crafty criminal’s downfall. And some people wonder if fincrime compliance officers have an important job. Your answer is now as it always will be: Soundly, resoundingly, yes.

See What Certified Financial Crime Specialists Are Saying

"The CFCS tests the skills necessary to fight financial crime. It's comprehensive. Passing it should be considered a mark of high achievement, distinguishing qualified experts in this growing specialty area."


(JD, Washington)

"It's a vigorous exam. Anyone passing it should have a great sense of achievement."


(CFCS, Official Superior

de Cumplimiento Cidel

Bank & Trust Inc. Nueva York)

"The exam tests one's ability to apply concepts in practical scenarios. Passing it can be a great asset for professionals in the converging disciplines of financial crime."


(CFCS, Royal Band of

Canada, Montreal)

"The Exam is far-reaching. I love that the questions are scenario based. I recommend it to anyone in the financial crime detection and prevention profession."


(CFCS, CAMS Lead Compliance

Trainer, FINRA, Member Regulation

Training, Washington, DC)

"This certification comes at a very ripe time. Professionals can no longer get away with having siloed knowledge. Compliance is all-encompassing and enterprise-driven."

Director, Global Risk
& Investigation Practice
FTI Consulting, Los Angeles