InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Texas issues a cease and desist order against a securities firm
On April 22, the Securities Commission of the State of Texas issued an Emergency Cease and Desist Order pursuant to the Texas Securities Act against respondents for allegedly offering investments in a digital gold vault that “purportedly secured physical gold and generates passive income using fintech and blockchain technology,” and are therefore subject to the Securities Act. The Securities Commission alleged that the investments were being “illegally, deceptively and fraudulently offered in Texas” and issued the Emergency Cease and Desist Order to “stop the scheme and protect the public from immediate and irreparable harm.” Respondents were ordered to immediately cease and desist from: (i) offering any security in Texas until the security is properly registered or exempt from registration; (ii) acting as securities dealers, agents, investment advisors, or investment advisor representatives in Texas until they are registered with the Securities Commissioner or exempt from registration; (ii) engaging in any fraud in connection with the offer for sale of any security in Texas; and (iv) offering securities in Texas through an offer containing a statement that is materially misleading or otherwise likely to deceive the public.
FinCEN renews real estate GTOs
On April 17, FinCEN renewed its Geographic Targeting Orders (GTOs) which require title insurance companies to identify the real owners of shell companies involved in cash real estate purchases. This renewal is effective from April 19, through October 15, and applies to specified counties and cities across various states, including California, Florida, New York, and the District of Columbia. The GTOs aim to gather data on potential illicit activities in the housing market and support regulatory initiatives. The minimum property purchase price for reporting remains at $300,000, except in Baltimore, where it is $50,000. FinCEN is also processing feedback from a February proposed rulemaking on anti-money laundering measures for the residential real estate sector.
FinCEN FAQs regarding the GTOs are available here.
FinCEN releases notice on U.S. passport card’s counterfeit use in finance
On April 15, FinCEN, along with the Department of State, released its notice on the apparent rise of counterfeit use of U.S. passport cards at financial institutions. FinCEN urged financial institutions to be “vigilant” in the fight against identity theft and fraud schemes, especially under their BSA practices. Since 2018, the Department of State has identified a “concerning increase” in counterfeit use of U.S. passport cards with apparently over 4,000 victims. FinCEN released this notice to help financial institutions identify and report suspicious activity by promoting three areas: (i) providing an overview of common scenarios and typologies; (ii) highlighting several red flags in areas of concern; and (iii) reminding financial institutions of their BSA obligations.
The notice discussed suspicious behavior, namely how individuals and fraud rings are falsely “making, selling, and using” counterfeit U.S. passport cards to access accounts at financial institutions. FinCEN noted actors prefer using U.S. passport cards since they are a less familiar form of identification and cheaper to counterfeit (compared to passport books). On fraudulent activity, FinCEN stated actors will use counterfeit U.S. passport cards to impersonate the victim at the victim’s “known financial institution branch.” After accessing the account successfully, the Department of State highlighted three types of attempted transactions: (1) asking questions on account balance and withdrawal limits and withdrawing large amounts of cash below the Currency Transaction Reporting (CTR) threshold; (2) cashing stolen or forged checks to obtain funds; and (3) establishing a new joint account with a second illicit actor as a joint owner. FinCEN outlined technical, behavioral, and financial red flags to help financial institutions detect and report suspicious activity. Red flags may include technical issues with a U.S. passport card’s photo, such as lack of raised text, and discrepancies in its holographic seal, among others. Last, FinCEN reminded financial institutions of BSA obligations, including, but not limited to, filing Suspicious Activity Reports (SARs) and CTRs.
DOJ’s Covid-19 Fraud Enforcement reports ongoing civil fraud and consumer protection actions
On April 9, the DOJ released a report on Covid-19 fraud, organizing various federal enforcement agencies and inspectors general, as well as state strike forces, in their collective pursuits against civil fraud on financial remedies under Covid-19. The Department’s Covid-19 Fraud Enforcement Task Force (CFETF) reported over 400 settlements and judgments and seized over $1.4 billion in fraudulently obtained CARES Act funds.
The report noted that the Civil Fraud Section continues to investigate fraudulent claims under the False Claims Act (FCA) and FIRREA, including with respect to grant recipients, PPE procurement, and payment advances. As two notable examples, a Florida management company paid $9 million for knowingly violating the FCA to obtain PPP loan forgiveness, and a New Jersey public relations firm paid $2.24 million for similar violations where it was found ineligible for the loan since it was registered under the Foreign Agent Registration Act. The DOJ also acted against purveyors of faulty PPE, individuals who tampered with Covid-19 vaccines, and those who sold fraudulent covid products online—filing under the Covid-19 Consumer Protection Act. The DOJ touted its $1 million judgment against a company that marketed vitamins that allegedly protected against Covid-19. Further, the National Unemployment Insurance Fraud Tax Force found hundreds of pandemic fraud leads and has seized over $3.3 billion in suspected pandemic fraud.
Broker-dealer settles AML allegations with FINRA
On February 12, FINRA settled allegations with a Florida-based broker-dealer for failing to implement reasonable procedures requiring escalation of potentially suspicious trading activity. Closely following the SEC and DFPI’s recent enforcement action (covered by InfoBytes here), the company, without admitting or denying the allegations, agreed to pay a $700,000 fine to settle claims regarding its failure to effectively implement anti-money laundering (AML) programs. FINRA claimed that the company did not adequately equip its analysts to review and address trading alerts related to suspicious activities by customers, which could total up to 100 alerts per trading day. Additionally, the company allegedly lacked proper written procedures in connection with the acceptance and resale of low-priced securities as required to comply with Section 5 of the Securities Act of 1933 in violation of FINRA Rules. FINRA also noted that, despite being aware that improvements to the AML program were necessary as early as 2016, the company did not fully implement recommended improvements until March 2022. In issuing the fine, FINRA highlighted that the company was fined for similar AML violations back in 2011 and emphasized instances where the company’s analysts failed to escalate suspicious activity to the AML department in a timely manner, leading to regulatory inquiries and subpoenas regarding certain customers’ practices.
SEC charges alleged hedge fund with defrauding $1.2 million from investors
On February 2, the SEC issued a complaint which charged a company for allegedly raising $1.2 million from 15 investors through an offer and sale of fraudulent securities for a hedge fund. The company raised this money from 2017-2018 and offered securities that would be used to form a hedge fund and invest in crypto-assets using “specific” investment strategies. (The company ostensibly managed the hedge fund, but the hedge fund never appeared to be created.)
The company made several misrepresentations which the SEC claimed violated Section 17(a) of the Securities Act of 1933 and Section 10(b) and Rule 10b-5 of the Securities Exchange Act of 1934. These alleged misrepresentations included the founder’s background and education, the demand for and size of the proposed hedge fund, and the investment scheme to grow a return for investors. The investors were given an investor pitch deck that put forth the hedge fund’s terms, investment strategy, and management team. Then, the investors gave a minimum investment of $1 million; however, the hedge fund investors were offered the opportunity to invest for less than $1 million through a separate entity.
Through this, the SEC alleged that the company violated the federal securities law and put forth two claims for relief. The SEC permanently enjoins the company from issuing, buying, offering, or selling any security, including crypto-assets. No civil monetary judgment has been offered.
Securities regulators issue guidance and an RFC on AI trading scams
On January 25, FINRA and the CFTC released advisory guidance on artificial intelligence (AI) fraud, with the latter putting out a formal request for comment. FINRA released an advisory titled “Artificial Intelligence (AI) and Investment Fraud” to make investors aware of the growing popularity of scammers committing investment fraud using AI and other emerging technologies, posting the popular scam tactics, and then offering protective steps. The CFTC released a customer advisory called “AI Won’t Turn Trading Bots into Money Machines,” which focused on trading platforms that claim AI-created algorithms can guarantee huge returns.
Specifically in FINRA’s notice, the regulator stated that registration is a good indicator of sound investment advice, and offers the Investor.gov tool as a means to check; however, even registered firms and professionals can offer claims that sound too good to be true, so “be wary.” FINRA also warned about investing in companies involved in AI, often using catchy buzzwords or making claims to “guarantee huge gains.” Some companies may engage in pump-and-dump schemes where promoters “pump” up a stock price by spreading false information, then “dump” their own shares before the stock’s value drops. FINRA’s guidance additionally discussed the use of celebrity endorsements to promote an investment using social media; FINRA states that social media has become “more saturated with financial content than ever before” leading to the rise of “finfluencers.” Finally, FINRA mentioned how AI-enabled technology allows scammers to create “deepfake” videos and audio recordings to spread false information. Scammers have been using AI to impersonate a victim’s family members, a CEO announcing false news to manipulate a stock’s price, or how it can create realistic marketing materials.
The CFTC’s advisory highlighted how scammers use AI to create algorithmic trading platforms using “bots” that automatically buy and sell. In one case cited by the CFTC, a scammer defrauded customers into selling him nearly 30,000 bitcoins, worth over $1.7 billion at the time. The CFTC posted a Request for Comment on the Use of Artificial Intelligence in CFTC-Regulated Markets. The Request listed eight questions addressing current and potential uses of AI by regulated entities, and several more addressing concerns regarding the use of AI in regulated markets and entities for the public to respond to.
NYDFS and Fed order bank to pay fines for BSA/AML non-compliance
On January 19, the Federal Reserve Board and NYDFS each issued separate enforcement actions against one of the largest banks in the world for alleged compliance deficiencies and violations under BSA/AML. The Fed issued its cease and desist order and ordered the bank to pay a civil money penalty of $2.4 million. The NYDFS also issued a similar consent order with a monetary penalty of $30 million.
According to the Fed’s order, an investigation into the bank’s practices determined that the New York branch lacked any formal policies or training on confidential supervisory information (CSI). Additionally, the order required the bank to submit a written plan to enhance internal compliance controls to the Fed, including designation of a CSI officer, among other requirements. According to NYDFS’s order, the bank previously entered into a 2018 cease and desist order with the Fed to address “significant deficiencies” in its compliance with BSA/AML requirements and OFAC regulations. NYDFS conducted an examination in 2022 and found that deficiencies cited in the 2018 order persisted for several more years. A subsequent examination in 2023 found that the bank had made significant efforts toward enhancing its compliance programs and successfully remediated prior deficiencies. Per this most recent order, NYDFS found that the bank’s BSA/AML program was not in compliance for several years; the bank failed to maintain appropriate accounting records; and the bank failed to submit a report after discovering the occurrence of “embezzlement, misapplication, larceny, forgery, fraud, [or] dishonesty[.]” The consent order stipulated several remediation requirements, including a status report to NYDFS on the bank’s BSA/AML compliance.
FinCEN report on identity fraud in 2021 outlines statistics and processes
On January 9, FinCEN published a report titled “Identity-Related Suspicious Activity: 2021 Threats and Trends” which focuses on patterns in reported Bank Secrecy Act (BSA) data linked to suspicious activity from 2021. The report is part of a broader set of financial trend analyses conducted by FinCEN under section 6206 of the Anti-Money Laundering Act of 2020. During 2021, about 1.6 million of all BSA reports (or 42 percent) on suspicious activity were related to identity, equaling $212 billion in suspicious activity.
Key findings in the report included: (i) 69 percent of identity-related BSA reports indicate attackers have impersonated others; (ii) depository institutions have filed the most BSA reports at 54 percent, with the next highest being money services businesses at 21 percent; (iii) general fraud was the most reported typology with 1.2 million BSA reports totaling $149 billion in suspicious amounts, with the next two being false records and identity theft, respectively; and (iv) there were a significant number of identity-related exploitations based on BSA report volumes and dollar values. FinCEN reported three identity-related exploitations, including how attackers (a) impersonate others; (b) dodge or exploit verification processes; and (c) use compromised credentials. A model on page six of the report provides further clarity on how attackers undermine identity processes, such as through bust out schemes (attackers open credit card accounts then max out the cards), check fraud, credit and debit card fraud, and Covid-19 fraud.
INTERPOL seizes $300 million in international financial crime operation
On December 19, INTERPOL announced the conclusion of a transcontinental police operation against online financial crime called HAECHI IV. The operation ended with around 3,500 arrests and seizures of $300 million USD worth of assets across 34 countries. Of the $300 million, about two-thirds of was hard currency and one-third was virtual assets. HAECHI IV targeted seven types of cyber scams, including voice phishing, romance scams, online sextortion, investment fraud, and money laundering associated with illegal online gambling, among others. Through INTERPOL’s stop-payment mechanism to block criminal proceeds, authorities blocked 82,112 “suspicious” bank accounts. Next on INTERPOL’s radar is a new scam in Korea that involves the sale of non-fungible tokens (NFTs) that are a “rug pull,” a crypto scam where developers abandon a project and investors lose their money. Interestingly, the UK team of the operation reported on how scammers used artificial intelligence to create synthetic content, which criminals primarily used for impersonation scams.