Daily Briefing: FATF issues crypto AML guidelines, Chinese banks probed on NK breaches, and more
Tuesday, June 25, 2019
Posted by: Brian Monroe
By Brian Monroe
June 25, 2019
Quote of the Day: “All fixed set patterns are incapable of adaptability or pliability. The truth is outside of all fixed patterns.” – Bruce Lee
In today’s ACFCS Fincrime Briefing, FATF issues long-awaited crypto AML recommendations, Chinese banks resist U.S. sanctions probes, subpoenas, face being locked out of American market, and more.
Please enjoy this unlocked story, part of the many benefits of being an ACFCS member.
Want to talk about industry trends, story ideas or get published? Feel free to reach out to ACFCS Vice President of Content Brian Monroe at the email address above. Now, on to more sweet sweet content!
FATF issues global crypto AML guidelines, requiring same depth, breadth of compliance programs as banks
A global watchdog group has issued the first ever broad international recommendations to cover virtual value with financial crime compliance rules, including stringent requirements to capture and share customer data with related crypto-enabled entities, risk assess customers and businesses for illicit inclinations, monitor for aberrant activity and file reports to law enforcement.
In much-anticipated guidance, the Paris-based Financial Action Task Force (FATF), which sets global anti-money laundering (AML) and counter financing of terror (CFT) standards, issued a framework for how financial crime compliance rules should ensconce crypto exchanges and an individual, entity or company exchanging virtual value to fiat currency and back for others and as a business.
The guidance and related interpretative note to its recommendations covers virtual asset (VA) activities and virtual asset service providers (VASPs) – think formal crypto currency exchanges – and even smaller operations, which could face difficulties in capturing, analyzing and sharing the details of customers and users with other service providers, brick-and-mortar institutions and investigators.
“The threat of criminal and terrorist misuse of virtual assets is serious and urgent,” FATF said in a public statement, adding that the group expects all countries to “take prompt action to implement the FATF Recommendations,” giving countries 12 months to implement and abide by the guidelines, with a review set for June 2020.
FATF released a host of critical updates, including guidance and recommendations related to grafting financial crime compliance obligations to virtual currency and related crypto exchange firms, updated lists of countries that face harsher sanctions for lack of adherence to task force standards and continued focus on regions seen as flouting global best practices, including Iran and North Korea. To read the full plenary update statement, click here.
To read ACFCS coverage of the FATF virtual guidance, click here.
To read ACFCS coverage of statements closing the plenary by U.S. Treasury Secretary Steven Mnuchin, click here.
In the roughly 60 pages of text, FATF has ushered in a new order for the nascent sector, in some ways helping in its search for legitimacy, in other ways making new challenges as firms of all sizes must now create, staff, run, report on and remediate AML programs – and have those programs graded by applicable regional regulatory authorities.
Countries have a short timetable to create regulatory rules, exam programs, oversight teams and penalty regimes. As a result, some crypto firms are likely to fold as they are weeded out, causing the current rollicking sector to constrict.
Conversely, the more established firms that have already crafted AML programs will have a distinct advantage, as they only have to make updates and tweaks to their programs, rather than create one from scratch.
US judge holds three Chinese banks in contempt for refusing to comply with probes into violations of North Korea sanctions, as institutions face ‘death penalty’ of losing access to dollars
A US judge has found three large Chinese banks in contempt for refusing to comply with subpoenas in an investigation into North Korean sanctions violations. The order triggers for the first time a provision that could cut off one of China’s largest banks from the US financial system at the demand of the US attorney general or treasury secretary.
The three banks are not identified, but details in court rulings align with a 2017 civil forfeiture action in which the Justice Department alleged that China’s state-owned Bank of Communications, China Merchants Bank and Shanghai Pudong Development Bank (SPDB) worked with a Hong Kong front company accused of laundering more than US$100 million for North Korea’s sanctioned, state-run Foreign Trade Bank.
The bank at risk of losing access to US dollars, the lifeblood of international finance, appears to be SPDB, China’s ninth-largest bank by assets, whose roughly US$900 billion makes it comparable in size to Goldman Sachs. Matching details include SPDB’s ownership structure, limited US presence and alleged conduct with the other banks.
SPDB has no US branch but maintains accounts here to handle US dollar transactions. The ruling means that Attorney General William Barr or Treasury Secretary Steven Mnuchin can terminate the bank’s US account and ability to process US dollar transactions – a potentially crippling, if not lethal, punishment in global trade.
Each of the three banks say it acted in good faith under Chinese banking customer privacy laws, arguing the Chinese government requires requests for banking records in US criminal inquiries to be made through a legal assistance pact between the two countries, (via the SCMP).
The threat from US investigators probing whether the banks knowingly helped finance North Korea’s nuclear proliferation network comes at a time of spiraling US-China economic relations, when the collapse of trade talks this spring triggered retaliatory tariffs and other measures, so there is clearly a lot at stake and a lot going on behind the scenes, as this piece points out.
There have been several foreign banks, some from Asia, in recent years that have tried to resist U.S. federal regulators in AML actions and investigations in potential sanctions breaches. And the outcome has always been the same: it only made the eventual penalties and enforcement actions worse.
For these banks, it’s a challenging tightrope to walk: if U.S. authorities perceive they are stymying a formal probe, they could face further sanctions, including being designated and locked out of the U.S. market or even get access to U.S. dollars.
Conversely, if the banks comply with the U.S. probe, one or several could accidentally give information China doesn’t like, getting the banks in trouble at home.
It looks like, somehow, authorities in the U.S., banks in China touching this country, and Chinese authorities are going to have to find common ground. China will have to come clean and the U.S. is going to have to give ground – while still penalizing the institutions in a measured, proportionate for both sanctions and compliance violations.
Lloyds Bank freezes offshore accounts in AML compliance, illicit finance crackdown
Lloyds Banking Group Plc has tightened controls in Jersey to meet anti-money-laundering requirements on the island, as offshore financial centers more broadly come under greater scrutiny for being portals for illicit funding, including tax evasion, corruption and laundering.
Lloyds has frozen accounts of some offshore banking customers as part of a crackdown on money laundering, a spokesman said. The Financial Times, which reported the news earlier, said 8,000 accounts were frozen. The bank didn’t confirm the number.
The company started contacting clients three years ago asking them to provide up-to-date details. “Where a customer has not provided us with this necessary information we have had to freeze their account until we get the information,” the bank said in a statement.
The changes come as Jersey, one of the self-governing Channel Islands off the British coast, implemented new rules for money laundering.
Barclays Plc, HSBC Holdings Plc and Royal Bank of Scotland Group Plc have all tightened their rules in Jersey, the FT reported. Barclays and RBS spokespeople declined to comment, while HSBC was not immediately available for comment.
The issue of tackling money laundering has moved up the agenda across Europe as Danske Bank A/S grapples with a scandal over funds that passed through its Estonian branch in the hundreds of billions of dollars, (via Bloomberg).
This is an interesting development from banks that, in recent years, have gone from compliance pariahs, paying hundreds of millions of dollars for AML and sanctions failures, to international leaders in compliance – putting in some ways financial crime risks above revenues.
This move could also have a domino effect because many offshore financial centers are tarrying on bringing their countries’ laws up to global standards, even as they face more pressure from authorities in Europe and the United Kingdom to strengthen AML regulations, implementation, oversight and enforcement – but also break open persisting bastions of opaque beneficial ownership information.
Many offshore financial firms catering to the wealthy and elite are desperate to keep their hoity toity clients happy, but there is something they fear even more: losing access to the international financial system. And, as we all know, fear is a great motivator to improve compliance.
Three ways Facebook must address illicit financing risks, implement AML compliance defenses with its new cryptocurrency
In 2020, Facebook’s new subsidiary, Calibra, will begin operating a blockchain-based marketplace ecosystem, fueled by the new Libra digital token.
The Calibra digital wallet is supposed to enable users around the world to purchase all types of goods and services across borders. Criminals, terrorists, and rogue state governments have also been using social media platforms for years now; they will migrate quickly to the Calibra ecosystem if it proves successful.
Here is what Facebook needs to do to address the Pandora’s box of unintended consequences it is about to open:
Create a Financial Intelligence Unit (FIU) for Calibra. Many large international banks and payment companies have FIUs to investigate financial crime and regulatory violations that may occur through their institution.
FIU staff typically are experts in anti-money laundering, counter-terrorist financing, sanctions, law enforcement, and/or intelligence analysis. If Calibra ends up as the massive global operation Facebook intends, there will need to be teams in multiple time zones addressing suspected illicit finance cases.
FIUs respond to outside inquiries from law enforcement, but they also initiate investigations based on internal analysis of customer transactions. However, unlike such units in banks or credit card companies, the Calibra FIU will need to analyze blockchain transactions.
The pool of professional blockchain analysts in the world is relatively slim, but it appears Facebook is already seeking out this expertise. A month before announcing the Calibra project, Facebook posted a job announcement for a Blockchain Threat Investigator.
The Libra is positioned to become a crypto-asset for the mainstream, more liquid and accessible than any other token thus far. Its deployment could be the rising tide that lifts all crypto boats. However, Calibra and financial authorities should know that some of that rising use may trend toward darknet markets.
The Calibra FIU should take the lead in tracking Libra money laundering even outside the Calibra platform. Facebook might argue that it cannot be held responsible for illicit actors using libras outside the Calibra network or for libras that get exchanged for other tokens later used in illicit transactions.
However, financial authorities are going to view the Libra as Facebook’s “baby.” Although anyone can track the Libra blockchain, Calibra will have the most intimate understanding of the token, so law enforcement will often end up at its door.
Calibra is already registered as a Money Service Business with U.S. regulators, which means it will have to onboard its users through rigorous Anti-Money Laundering (AML) and Know-Your-Customer procedures.
Like major cryptocurrency exchanges, Calibra will have to verify the identity of people using Calibra wallets, which should mitigate some illegal use of the Libra.
The loophole in Calibra’s AML controls is that the Libra will be interoperable with other cryptocurrency wallets. Thus, anyone will be able to send libras to noncustodial wallets that hold other cryptocurrencies.
There will likely be decentralized exchanges that allow people to anonymously trade Libra for privacy coins and vice versa. One can imagine a cottage industry of money launderers who specialize in brokering privacy coins for Libras.
Calibra should embrace a blockchain policing role. While displeasing to many ultra-libertarian crypto idealists, this would actually help maintain the integrity of the cryptocurrency ecosystem. For a long time, I have argued that the private sector needs to build structures to self-police illicit activity on the blockchain. New global regulatory standards will bring more law enforcement scrutiny on money laundering risks arising from cryptocurrencies.
Facebook should set clearer criteria for who will govern its blockchain network. Facebook is creating a Swiss-registered foundation, the Libra Association, to coordinate the various organizations that will run the computer nodes that validate Libra blockchain transactions.
The association will include businesses, nonprofits, universities, and multilateral institutions. At first, running a node will be restricted to selected organizations. But eventually, membership will become “permissionless” and nodes with the most Libra will be eligible to sit on the Libra Association Council. The council will govern the Libra blockchain and manage the reserve of real-world currencies that will back the Libra token. It will make decisions by majority vote.
The Libra’s decentralized and stateless governance model could be exploited by savvy authoritarian regimes seeking leverage in the global economy. While Facebook wants the Libra governance structure to be apolitical and geographically diverse, there currently do not seem to be safeguards to prevent hostile political takeovers of the Libra Association Council.
Legal complications could arise regarding sanctions. Will North Korea, Iran, or other nations under U.S. sanctions run nodes on the Libra network? If the dollar is part of the Libra reserve, the U.S. Treasury Department will try to block anyone on its blacklist from benefiting from it.
Calibra’s blockchain-based marketplace might expand commerce, benefiting newcomers to global finance, as well as incumbents. But blockchain technology does not eliminate criminality, terrorist funding, sanctions evasion, or nation-state authoritarianism.
For Facebook’s blockchain venture to succeed in the long term, customers will need to be confident that their cryptocurrency transactions will not link them to illegal activity. Thus, Calibra must prepare to enter the world of countering illicit finance, (via Bloomberg).
Top officials from the Bank of England and France’s Central Bank have expressed concern about Libra from an anti-money laundering perspective, meaning that Facebook will need to show stringent compliance controls moving in lock step with potential transformative economic and valuation aspirations.
This becomes all the more important, as we noted above, with FATF, the world’s governing AML body, finally releasing its crypto currency financial crime compliance guidance. In short, Facebook will be held to the same standards as brick-and-mortar banks with seasoned AML programs and compliance officer, investigative and systems expertise aplenty.
Moreover, Facebook faces the additional challenge of not just pleasing one regulator or a cadre of regulators in one jurisdiction, like, for instance, FinCEN, the OCC, Federal Reserve and FDIC in the U.S.
This new coin and its internal oversight body will face scrutiny from regulators, and investigators, the world over. So it’s vital as this coin comes into being, the Facebook braintrust must be creative, curious, innovative and aggressive in imagining how criminals, fraudsters, money launderers and sanctions evaders could game the system – and beat them to it.