Fincrime Briefing: Former Silk Road narco vendor pleads guilty to laundering, tips to improve SAR quality, North Korea crypto sanctions evasion, and more

By Brian Monroe
bmonroe@acfcs.org
November 12, 2019

Quote of the Day: “Today I choose life. Every morning when I wake up I can choose joy, happiness, negativity, pain…To feel the freedom that comes from being able to continue to make mistakes and choices – today I choose to feel life, not to deny my humanity but embrace it.” – Kevyn Aucoin

In today’s ACFCS Fincrime Briefing, a former illicit narcotics vendor for darknet market Silk Road pleads guilty to laundering nearly $20 million, ABA offers tips to improving SAR filings, U.N. update to North Korea crypto stealing, money laundering machine, and more. 

Please enjoy this unlocked story, part of the many benefits of being an ACFCS member. 

Want to talk about industry trends, story ideas or get published? Feel free to reach out to ACFCS Vice President of Content Brian Monroe at the email address above. Now, on to more sweet sweet content! 

MONEY LAUNDERING

Former Silk Road narcotics seller pleads guilty to laundering nearly $20 million through Bitcoin 

A former narcotics trafficker pled guilty to charges that he laundered more than $19 million in illicit profits through the now defunct darknet marketplace, Silk Road, a reminder of the many financial crime and compliance vulnerabilities tied to illicit online sales and anonymity-challenged virtual currencies.

The U.S. Department of Justice in a just-released missive unveiled the details of a plea deal with Hugh Brian Haney, stating that he was accused of laundering nearly $20 million using the cryptocurrency coin of the realm, Bitcoin, in the beginning months of 2018. 

Silk Road was an online criminal marketplace designed to be outside the reach of law enforcement or governmental regulation.  

All transactions on Silk Road could be completed only through use of the cryptocurrency Bitcoin. 

During its two-and-a-half years in operation, Silk Road was used by several thousand drug dealers and other unlawful vendors to distribute hundreds of kilograms of illegal drugs and other illicit goods and services to well over 100,000 buyers, and to launder hundreds of millions of dollars deriving from these unlawful transactions. 

Silk Road was king among the dark web’s flourishing drug marketplaces and a criminal bastion for vendors selling everything from illegal drugs to ransomware packages – a tactic that used Bitcoin in a bid to mask anonymity – until investigators captured the sites operator, Ross Ulbricht, in October 2013. 

As a result, the site shut down, with Ulbricht eventually getting a harsh punishment: a life sentence on charges of narcotics distribution, computer hacking and conspiracy. 

For this part, Haney was one of the sellers who used the marketplace a “high-ranking member” of a narco operation known as Pharmville – a play on words of the popular Farmville mobile game – allegedly receiving some 4,000 bitcoins from Silk Road-linked accounts through February 2012, trafficking in fentanyl, oxycontin and other narcotic sales.

“Hugh Haney used Silk Road as a means to sell drugs to people all over the world,” U.S. Attorney Geoffrey S. Berman said in a statement. “Then he laundered more than $19 million in profits through cryptocurrency.”

Haney’s fatal flaw was trying to monetize his cryptocurrency haul too quickly. Investigators got a tip when he tried to liquidate $19.1 million through a virtual currency exchange in January and February 2018. 

The crypto exchange – such exchanges are required in the U.S. and other countries to have anti-money laundering (AML) rules, and review and freeze suspicious transactions – flagged the large transaction and froze his account, a move that ultimately led to a search warrant and Haney’s arrest in July.  

While he tried to assuage investigators stating his massive virtual horde came from mining operations, investigators, in partnership with blockchain analysis firms and specialized software, countered, and concretely showed his virtual profits came from Silk Road, (via DOJ).

Monroe’s Musings: This case is one of the remaining tangles still wriggling from the historic takedown of Silk Road. 

But even though this darknet market, various related vendors and co-opted crypto exchanges have been shut down, prosecuted or penalized, more have sprung up in their place in the ever-evolving cat and mouse game between drug peddling criminals, crypto compliance gaps and federal agencies trying to put them out of businesses. 

One lesson that should not be lost is that crypto exchanges should be more wary about what individuals and companies they are doing business with to ensure no ties to individuals or vendors working with darknet markets. 

Such a vital effort for crypto exchanges can be emboldened by adopting strong AML procedures in line with industry best practices, guidance recently updated by groups like the Paris-based Financial Action Task Force and U.S. Treasury’s Financial Crimes Enforcement Network. 

COMPLIANCE

SAR Quality: Practical tips to enhance reports for law enforcement, from stronger narratives to helping investigators execute more quickly 

As a financial crime compliance professional, it’s natural to wonder what law enforcement agencies are reading all the suspicious activity reports (SARs) reports produced by banks and other entities subject to anti-money laundering (AML) rules. 

Further, that begs another critically interlinked query: how can banks do a better job and provide richer and timelier intelligence to investigators to enhance SAR quality? The ABA offers key practical tips in this area in a new report, covering: 

  •  Current SAR quality guidance from the Federal Financial Institutions Examination Council and FinCEN
  •  SAR and BSA information dissemination processes, including new data analytics being implemented by Internal Revenue Service Criminal Investigations
  •  SAR writing tactics to make a SAR more attractive to law enforcement and assist in expediting investigations
  •  Functional guidance that may be implemented quickly without overhauling a bank’s SAR process.
  • In order to support the content of this article, law enforcement agents and analysts from the Federal Bureau of Investigations, Homeland Security Investigation, Department of Justice, IRS-CI, and US Border Patrol were contacted and sent survey questionnaires. The questionnaire supplied open-ended questions and required ranking certain attributes.
  •  Additionally, two individuals agreed to provide more in-depth insight during a phone interview: Manny J. Muriel, special agent in charge of the IRS-CI Detroit Field Office, and Pierre Blanchard, former agent with Naval Criminal Investigative Service and IRS-CI, who is now managing director of Risk Point Consulting Group, (via the American Banker Association). 

Monroe’s Musings: I really enjoyed reading this story and agreed heartily with many of the tips to improve SAR analysis, writing, reporting and, very importantly, reviewing internal trends to bolster the entire AML process. 

SARs are not created in a vacuum. They are the finial of a – hopefully – fine-tuned, effective and efficient AML program. But, as this story points out, filing the SAR is not the end of the journey. New information, key details from law enforcement or trends uncovered by internal or external investigators can give new dimensions to SARs, meaning critical updates must be made and sent. 

What I also enjoyed is that several federal law enforcement agencies replied for the story, so this allows AML compliance officers to get a better sense of what investigators want and need on the ground to improve their current compliance transaction monitoring, decision-making and SAR filing procedures. 

AML is a very subjective field, with more pressure than ever put on technology and the accumulated acumen of analysts at all levels, hopefully guided by strong law enforcement partnerships all with the same goal – counter large interconnected organized criminal groups and crush their far-flung financial networks. 

SANCTIONS

UN accuses North Korea of crypto money laundering racket

Heavily blacklisted North Korea has deployed new tactics in its latest attempts to evade sanctions using cryptocurrency and blockchain technology, according to reports this morning from South Korean news outlet Chosun.

An investigation currently underway by the UN Security Council’s Sanctions Committee on North Korea has uncovered a sophisticated plot by North Korean actors to siphon cryptocurrency using a Hong Kong-based company.

The company, which uses a blockchain technology platform, was purposefully established in Hong Kong in April 2019. Allegedly, Mr Julian Kim, also known through his alias Tony Walker, established the shipping and logistics company on behalf of North Korea.

Called ‘Marine China’, it’s suspected that the business was never intended to be legitimate. Instead, Kim appointed a second person as acting head of the company while he retained sole proprietorship of the business.

North Korean actors were allegedly using the firm to launder cryptocurrency, presumably under the guise that it was used to power the platform on which the company operated. Instead, the investigation revealed Kim had tried to withdraw funds on several occasions from banks in Singapore and transfer the cash to North Korea.

It’s unclear at this time how many of Mr Kim’s withdrawals were successful. The UN committee stated that cryptocurrency stolen or laundered by North Korean agents is exchanged for cash using multiple transactions, which makes it incredibly difficult to trace the source of the funds.

The news follows allegations that North Korea’s intelligence agency has been grooming cyber-hackers since childhood to train them in siphoning off cryptocurrency funds. Whilst much is unknown about the insular state’s cyber practices, this scheme is the latest in a long history of cryptocurrency manipulation.

Coin Rivet reported in August on the UN’s claims that North Korea was involved in the theft of several billion dollars worth of cryptocurrency, perpetrated through cyberattacks on Russian cryptocurrency exchanges and digital asset banks, (via Coin Rivet).

Monroe’s Musings: This story about North Korea and its sanctions busting tactics, along with many others, is a further reminder for banks to be ultra-cautious when dealing with certain entities with a propinquity to the ever-recalcitrant regime. 

Moreover, money typically can’t move out of breached crypto accounts without the involvement of virtual currency exchanges, operations which – in the United States and many other countries – are subject to formal anti-money laundering and sanctions rules. 

The creativity of North Korean hackers and cyber thieves should not be underestimated. 

In short, this means that brick-and-mortar banks operating in China, Hong Kong, South Korea and other nearby environs, along with crypto exchanges transacting with individuals, companies and entities in similar locales, must be ever more vigilant and even consider working more tightly together to put together all of the illicit pieces in the real and virtual worlds. 

FRAUD

Lawyer made millions of dollars allegedly laundering hundreds of millions in crypto scam, prosecutors say

Mark Scott got a nice bump when he left his partnership at a big law firm and took up money laundering for a multibillion-dollar international pyramid scheme based on the fake cryptocurrency OneCoin, federal prosecutors say. 

Scott, who has pleaded not guilty, is accused of using a network of shell companies, offshore bank accounts and phony investment funds to hide the origin of $400 million in illegal proceeds. 

For his services, he made millions of dollars, which he used to buy a 57-foot yacht, multimillion-dollar homes in Cape Cod, Massachusetts, and luxury cars, including three Porsches, Assistant U.S. Attorney Julieta Lozano told jurors on Tuesday in her opening statement in Scott’s criminal trial in Manhattan.

“The scheme raked in billions of dollars in dirty money,” Lozano said. “It was the defendant’s job to clean that money.”

OneCoin generated 3.4 billion euros ($3.8 billion) in revenue from the fourth quarter of 2014 to the third quarter of 2016, according to the government, but had no real value and couldn’t be used to buy anything.

The company that allegedly ran the scheme, OneCoin Ltd., claimed to have more than three million members worldwide. It operated as a multilevel marketing network that paid commissions to members for recruiting others to buy OneCoin packages, prosecutors say.

Scott, 51, is a former partner with Locke Lord LLP, a U.S.-based law firm with 21 offices including Houston, Dallas and Chicago. 

Authorities arrested him in September 2018 in Barnstable, Massachusetts. He’s charged with one count each of money-laundering conspiracy and bank-fraud conspiracy and could spend years in prison if convicted.

Also charged in the case are Ruja Ignatova, one of two people who founded OneCoin in 2014 in Sofia, Bulgaria, and her younger brother Konstantin Ignatov. 

Ignatova, known at OneCoin’s peak as the “cryptoqueen,” disappeared in 2017 as OneCoin came under suspicion. Ignatov was arrested at Los Angeles International Airport in March and is in custody. He’s testifying as a witness for the government.

On Tuesday, Scott’s lawyer told jurors his client didn’t realize OneCoin was based on a worthless electronic currency. Scott believed he was running his own legitimate investment fund with money from his client, Ignatova, who is to blame for the fraud, he said.

The case is U.S. v. Scott, 17-cr-630, U.S. District Court, Southern District of New York, (via Bloomberg).

Monroe’s Musings: This case is littered with high risk entities and red flags for money laundering, including pyramid schemes, an avenue ripe for fraudsters, crypto coins and foreign and flimsy owners.  

But these major money movements could not have happened without brick-and-mortar banks, so any institutions that did business with any of these entities named better prepare to have their compliance decisions questions and review if they have any missed suspicious activity reports to be filed.