“To the mind that is still, the whole universe surrenders.” – Lao Tzu

In today’s briefing, FinCEN echoes calls for corporate beneficial ownership registry, EU AML update crimps some crypto firms, ballyhooed Russian darknet expansion scheme could be secret exit scam, two infographic cyber resources to improve preparation, communication, and more.

Please enjoy this unlocked story, part of the many benefits of being an ACFCS member.

Want to talk about industry trends, story ideas or get published? Feel free to reach out to ACFCS Vice President of Content Brian Monroe at the email address above. Now, on to more sweet sweet content!

FinCEN chief calls for creation of beneficial ownership database to counter ‘dangerous and widening gap’ in country’s AML defenses

The head of the country’s administer of financial crime compliance defenses is joining a chorus of other voices – from Congress and bank lobbying groups to external watchdog bodies – in calling for the U.S. to create a central repository for corporate beneficial ownership information.

That was one of the key ways the country could bolster a critical gap in its anti-money laundering (AML) defenses while at the same time better feeding the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) goal of broadening the data available to its financial intelligence unit (FIU) function, said Director Kenneth Blanco at a compliance conference.

The creation of a beneficial ownership database – something already undertaken or in-process in jurisdictions like the United Kingdom, European Union and others – would also help give U.S. financial institutions a way to double-check information they have been capturing since mid-2018 under upgraded AML obligations referred to as the “Customer Due Diligence” or CDD rule.

The lack of a centralized, accurate and up-to-date corporate ownership registry – created at account opening by company formation agents and updated by the companies themselves – is a “national security issue” that “cannot be understated,” Blanco said at the American Bankers Association conference.

“The lack of a requirement to collect information about who really owns and controls a business and its assets at company formation is a dangerous and widening gap in our national security apparatus,” Blanco said.

“That is because criminals thrive when they have somewhere to hide. And the secrecy behind shell companies—businesses that exist only on paper—is a clear and present danger.”

If beneficial ownership information were required at company formation, it would be “harder and more costly for criminals, kleptocrats, and terrorists to hide their bad acts, and for foreign states to avoid detection and scrutiny,” Blanco said.

The move would better “deter bad actors accessing our financial system in the first place, denying them the ability to profit and benefit from its power while threatening our national security and putting people at risk,” (via FinCEN).

Monroe’s Musings: The article highlights what could be a major change to improve the way the U.S. investigates large, international financial crime syndicates and has the potential to remove a longstanding bastion of criminals worldwide: opaque, anonymous and impenetrable corporate ownership structures.

While FinCEN has “worked to address this gap through the CDD Rule, which strengthened customer due diligence obligations for certain financial institutions to know the people who own, control, and profit from companies, and to verify their identities at account opening, there is more work to be done,” according to Blanco, noting that banks still have no real way to cross-check the ownership information they are being given.  

The next critical step to “closing this national security gap is collecting beneficial ownership information at the corporate formation stage,” he said, echoing similar sentiments in a bevy of widely-supported Congressional bills that have sputtered to mutter out of committee – until recently.  

A bill that would create a registry passed in the House of Representatives in October. Similar legislation has been introduced in the Senate, where Republican Mike Crapo of Idaho, the chairman of the Banking Committee, has indicated he supports more shell-company disclosure, according to the WSJ.

Changes to the U.S.’s AML regime also have received support from the White House, which in October released a statement commending the passage of the House bill.

The main opponents to the legislation have proven to be groups representing small-business owners. The National Federation of Independent Business, for example, has argued that submitting beneficial ownership information will be overly burdensome to small businesses, the WSJ wrote.

Even so, until these moves to omit ownership gaps are made, the U.S. – with all of its investigative cache, world-leading AML penalties against financial institutions and moves to strengthen alliances with foreign governments – will still remain behind regions like the U.K. and EU, and stay a target for fierce criticism from the global watchdog group the Paris-based Financial Action Task Force.

EU AML laws forcing Bottle Pay, other crypto payment processors, to shut or face fines due to ‘impossible’ compliance requirements

Bottle Pay, a cryptocurrency payment processor that helped facilitate Bitcoin transfers via users’ social media accounts, has announced that it will be closing shop due to challenges in implementing updates tied to stronger European financial crime compliance directives.

In an official announcement published on December 13, the company dropped the bombshell, explaining that it will be shutting its service down and returning all available funds immediately.

“More companies will have to face the choice to shut down or face unknown consequences due to 5AMLD – it’s impossible to implement effectively, and the risk is too high,” according to one crypto enthusiast and commentator.

The British payment processor was an innovative cryptocurrency solution, as it allowed people to make payments to their social media contacts regardless of whether the recipients had accounts on the platform or not. However, as cited in its closing announcement, it will now be forced to end its service, as Anti-Money Laundering (AML) laws across the continent have made it impossible to continue operating.

Problems with AMLD5

The company is registered as a custodial Bitcoin wallet service provider in the United Kingdom, meaning that it will be forced to comply with the 5thth Anti-Money Laundering Directive (AMLD5) regulation from the European Union.

The regulations have been a hot-button issue in the crypto space, as several companies have expressed their skepticism over how they would be able to implement it before the January 10, 2020 deadline.

The AMLD5 requires that crypto firms should pay for their own supervision costs and register with authorities in any EU country that they wish to operate.

However, the crypto firms only see this as a means of illegal licensing, pointing out that this part of the guidelines was taken out of different legislations enacted to help fill regulatory loopholes that contributed to the 2008 global financial crisis.

In the press release, Block Matrix- the U.K. firm that acts as Bottle Pay’s parent company- explained that the user information that they would need to provide to stay compliant with AMLD5 would “alter the current user experience so radically, and so negatively, that we are not willing to force this onto our community.” Seeing no other forward, they’ve now decided to shut the entire service down.

Currently, all new signups, deposits, and bots on social media related to the platform have been put offline.

The company also assured that any funds sent won’t be claimed, and will be returned to them within the next week. All withdrawal functions will be stopped, and the company will close all wallets at 13:00 GMT on December 31, 2019. Al funds remaining after that point, the release notes, will be donated to The Human Rights Foundation, (via Inside Bitcoins).

Monroe’s Musings: With FATF releasing its long-awaited global recommendations for how AML rules should be bolted onto crypto exchanges in June, the world has been wondering and waiting to see how the industry responds, particularly the dreaded “travel rule,” where customer details must be captured and passed on for transactions breaching $1,000.

And it’s clear the answer for some crypto-enabled companies will be oblivion. While yes, some large crypto firms and thought leaders have offered potential solutions for the “Travel Rule,” something brick-and-mortar banks have had since the mid-1990s, the culling and bloodletting many prognosticators feared for some crypto exchanges and firms is already underway.

In short, the updated rules being proposed by the EU to comply and implement fincrime compliance in line with FATF recommendations are seen to be too burdensome and expensive for many smaller crypto firms and, even if they decided to create a full-fledged AML program, in the process alienating and even enraging customers, the penalty exposure for compliance failures is just too high.

Expect to see more of these closures as the crypto sector fractures and bifurcates, taking a hard fork between those that are in compliance – and those that are gone.

Darknet site in Russia selling illicit substances, plans nearly $150 million faux-ICO in preparation for global expansion – or exit scam

Russia’s largest darknet marketplace is looking to raise $146 million in a token offering that would allow it to go global, a twisted version of how some crypto-fueled companies raise capital – and something that will raise the ire of U.S. investigators while at the same time putting more pressure on global bank compliance teams.

As Forklog reported on Dec. 11, the token sale is almost certainly illegal — in this case not merely for flouting securities laws or other financial regulations.

The operators of the marketplace, known as “Hydra,” have ambitions to roll out their model of anonymized, rogue trading for illicit substances at a massive scale. An investment memorandum, accessible only via dark web browsers like Tor, claims the platform’s global expansion “will start a new era in the West” at a scale that is “hard to imagine.”

Hydra provides an anonymous service, whereby couriers disperse purchased goods to designated, concealed spots in public spaces, later to be collected by the client. Neither buyer, seller nor courier ever cross paths in person.

The operators plan to use the funds to build out a new service “Eternos” — combining encrypted messaging services, a privacy-focused browser, automated dispute resolution and an over-the-counter marketplace and crypto exchange.  

Scheduled for Dec. 16, the token sale will offer investors bundles of 100 tokens, conferring rights to a 0.003% share of company profits. The tokens are valued at $100 apiece, payable in Bitcoin (BTC).

Issuance is set at 1,470,000 tokens, accounting for 49% of Eternos’ value and pledging $500 in monthly dividends for those purchasing more than 100 tokens. Forklog has warned readers the project may turn out to be an exit-scam.

The numbers are based on a forecast of $15 million monthly revenue, which the operators justify citing their current growth metrics.

Hydra claims it has a user base of over 3 million, processing over 100,000 transactions daily for illicit substances, hacking services, forged documents, stolen data and cash.

As of June 2019, Russian investigative site Proekt confirmed that Hydra had 2.5 million registered accounts, 393,000 of which had made at least one purchase, (via Coin Telegraph).

Monroe’s Musings: The story notes that the crypto industry’s most infamous darknet marketplace remains Silk Road, which launched in February 2011 before being shut down by the authorities in October 2013.

Its founder Ross Ulbricht — aka “Dread Pirate Roberts” — was arrested and sentenced to life in prison in 2015, convicted of money laundering and aiding in the distribution of drugs, computer hacking and fraud, among other charges.

In 2017, U.S. authorities shuttered the major darkweb marketplace Alphabay, through which vendors had purportedly hawked fentanyl, heroin, weapons, malware and a series of Bitcoin-related heists.

A decade ago, a criminal jumping borders into the real or virtual worlds could stymie investigators, who saw authority or ability wane in these scenarios.

But groups within the U.S. Department of Justice, IRS-Criminal Investigations Division and other federal investigative agencies have cut their teeth building knowledge and capacity to better investigate darknet sites, virtual exchanges and uncover the flesh-and-blood identities or seemingly invincible virtual avatars – as was evidenced by the recent takedowns of goliath darknet sites.

And pretty much everything related to the U.S. and Russia right now is a flashpoint issue, so the U.S. and its allies in Europe will not take this mockery of a crypto initial coin offering laying down.

One thing this darknet site should remember is that once it gets out of the secure environs of Russia, where corruption reigns and the rule of law evaporates, it opens itself up to new foreign investigative vulnerabilities just as it throws its digital doors open for new revenue opportunities.

This also puts more pressure on brick-and-mortar banks in Russia, near its borders or, if this expansion happens, even in the West, because these institutions are the physical nexus where users must deposit or take out money going or coming through cryptocurrency exchanges potentially working on behalf of the Russian darknet market.

This story, shared by longtime AML compliance expert Brandi Reynolds, also started a dialogue among compliance and crypto professionals you can check out here.

One other possibility: There will be no ICO at all – the whole move is an “exit scam” to get gullible supporters to send money to the site, where they will shut down, pocket it all and disappear.

CSH offers two new infographics to bolster cybersecurity capabilities with a 10-step process, better communicate gaps with glossary of defense tactics, threat vectors  

The professionals at the Cyber Security Hub (CSH) have created two great and easy to access resources to strengthen your cyber systems before, during and after an attack and broaden your cyber vocabulary to better assess and communicate those threats throughout an operation.

The London-based group is prolific in capturing and delivering relevant information on cyber attack tactics, virtual defense formations and offering insightful details on trends and typically complex insider cyber baseball in easily-digestible graphics to get messages across quickly.  

One resource we are highlighting today is a graphic on a cybersecurity glossary of terms, courtesy of the United Kingdom’s National Cyber Security Centre, including the kinds of authentication and the names of certain attacks and how they work, (via the Cyber Security Hub).

Enjoy!

The other graphic lays out 10 steps to improve cybersecurity and communicate needs upstream to the board and threats downstream to the company staffers themselves to not as easily fall prey to historical and emerging scams and vulnerabilities, including preventing malware and restricting user privileges to hamper hackers.