Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On October 10, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13818 against four members of a corruption network in South Africa for alleged corruption violations of the Global Magnitsky Human Rights Accountability Act. According to OFAC, the four individuals “leveraged [their] political connections to engage in widespread corruption and bribery, capture government contracts, and misappropriate state assets.” As a result of the sanctions, all property and interests in property of the designated persons within U.S. jurisdiction must be blocked and reported to OFAC. OFAC notes that its regulations “generally prohibit” U.S. persons from participating in transactions with these individuals and entities.
On October 1, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a settlement of more than $2.7 million with a multinational corporation, on behalf of three subsidiaries, to resolve potential civil liability for 289 alleged violations of the Cuban Assets Control Regulations (CACR). The settlement resolves allegations that between December 2010 and February 2014, the subsidiaries accepted payments on 289 occasions from an entity identified on OFAC’s List of Specially Designated Nationals and Blocked Persons “for goods and services provided to a Canadian customer.” OFAC alleged that although the subsidiaries negotiated and entered into contracts with the Canadian customer—and invoices were sent to the customer—the designated entity was approved as a third-party payer and paid more than 65 percent of the total transactions. OFAC asserted that the subsidiaries failed to undertake sufficient diligence into the activities of the Canadian customer, and noted that the sanctions screening software used by the subsidiaries was set to screen for only one version of the designated entity’s name.
In arriving at the settlement amount, OFAC considered various mitigating factors including that (i) OFAC has not issued a violation against the subsidiaries in the five years preceding the earliest date of the transactions at issue; (ii) the corporation identified the alleged violations by testing and auditing its compliance program, and implemented several remedial measures in response to the alleged violations, which included improvements to its compliance program; and (iii) the corporation entered into, and agreed to extend, multiple statute of limitations tolling agreements.
OFAC also considered various aggravating factors, including that (i) the subsidiaries “failed to take proper or reasonable care with respect to their U.S. economic sanctions obligations”; (ii) the subsidiaries’ actions allowed a large volume of high-value transactions to be conducted with the designated entity, causing “substantial harm” to the CACR objectives; and (iii) the corporation’s submissions to OFAC “leave substantial uncertainty about the totality of the benefits conferred” to the designated entity through the Canadian customer.
On September 30, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced amended Venezuelan General Licenses (GL) 3G, which supersedes and replaces GL 3F, and 9F, which supersedes GL 9E. The amended GLs concern authorized transactions related to the financing and dealings in certain bonds and securities, and extend the authorization wind-down periods to March 31, 2020. As previously covered by InfoBytes, the GLs were issued in conjunction with Executive Order 13884 which, among other things, prevents all property and interest in property of the Government of Venezuela within the U.S. or in the possession of a U.S. person from being transferred, paid, exported, withdrawn, or otherwise dealt in.
At the end of September, the SEC announced three settlements resolving claims related to alleged violations of the FCPA.
On September 27, a UK-based bank holding company agreed to pay over $6 million to settle alleged charges that it violated the FCPA by hiring relatives of government officials and other clients in an attempt to secure business in the Asia Pacific-region. According to the SEC, the bank hired more than 100 people connected to foreign government officials or other clients through the bank’s unofficial intern “work experience program,” or as part of its formal internship program, graduate program, or for permanent positions. Employees then created false books and records that concealed the practices and circumvented internal controls in place to prevent the activities. In the administrative order, the SEC ultimately charged violations of the books and records and internal controls provisions of the FCPA. Without admitting or denying wrongdoing, the bank agreed to pay a $1.5 million civil money penalty (CMP) and more than $4.8 million in disgorgement and interest.
In a second administrative order announced the same day, a Canadian fuel technology company agreed to pay over $4.1 million to settle FCPA bribery charges connected to a Chinese government official. The SEC alleged that the company and its former CEO transferred shares of stock in a Chinese joint venture to a Chinese private equity fund, in which the official had a financial stake, in an attempt to secure business and obtain a $3.5 million dividend payment. The SEC noted that the company concealed the identity of the private equity fund in its books and records, as well as in its public filings, by “falsely identifying a different entity as the counterparty to the transaction,” and that the CEO circumvented and falsely certified the sufficiency of the company’s internal accounting controls put in place to prevent such actions. Without admitting or denying wrongdoing, the company and the CEO consented to a cease and desist order covering violations of the anti-bribery, books and records, and internal controls provisions of the FCPA, and agreed to pay a $1.5 million CMP and $120,000 CMP, respectively, and more than $2.5 million in disgorgement and interest.
On September 26, a Wisconsin-based marketing provider agreed to pay nearly $10 million to settle FCPA charges related to bribery schemes in Peru and China. The alleged misconduct included the company’s Peruvian subsidiary paying or promising bribes to Peruvian government officials from at least 2011 to January 2016 in an attempt to secure sales contracts and avoid penalties, while also creating false records to conceal certain transactions with a sanctioned Cuban telecommunications company. The SEC stated that the company’s China-based subsidiary also made improper payments to employees of state owned entities and private customers through sham sales agents. According to the administrative order, the company violated the anti-bribery provisions of the FCPA as well as the books and records and internal controls provisions, including by failing to ensure that its internal accounting controls were sufficient to prevent the alleged bribery schemes in Peru and China. Without admitting or denying wrongdoing, the company consented to a cease and desist order, agreed to pay a $2 million CMP and over $7.8 million in disgorgement and interest, and will, for a one-year period, self-report on its compliance program.
On September 24, Financial Crimes Enforcement Network (FinCEN) Director Kenneth Blanco spoke at the Federal Identity (FedID) Forum and Exposition, discussing the role of FinCEN in combatting fraud and cybercrime and highlighting concerns regarding identity crimes. Blanco noted that FinCEN sees approximately 5,000 account takeover reports each month, a crime that “involves the targeting of financial institution customer accounts to gain unauthorized access to funds.” Moreover, FinCEN sees a high amount of fraud through account takeovers via fintech platforms, where cybercriminals use fintech data aggregators to facilitate account takeovers and fraudulent wires. Blanco stated that cybercriminals create fraudulent accounts and are able to “exploit the platforms’ integration with various financial services to initiate seemingly legitimate financial activity while creating a degree of separation from traditional fraud detection efforts.”
Additionally, Blanco discussed how cybercriminals use business email compromise (BEC) fraud schemes to target financial institutions and relayed FinCEN’s efforts to combat these schemes. As previously covered by InfoBytes, in July, FinCEN issued an updated advisory, describing general trends in BEC schemes, information concerning the targeting of non-business entities, and risks associated with the targeting of vulnerable business processes. Blanco also discussed (i) FinCEN’s final rule titled the “Customer Due Diligence Requirements for Financial Institutions,” (the CDD Rule) (prior coverage by InfoBytes here); and (ii) FinCEN’s December 2018 joint statement with federal banking agencies encouraging innovative approaches to combatting money laundering, terrorist financing, and other illicit financial threats when safeguarding the financial system (previously covered by InfoBytes here).
On September 24, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13850 against four entities for their alleged involvement in the transportation of oil from Venezuela to Cuba. According to OFAC, the entities’ actions offer support to the Maduro regime and “enable its repressive security and intelligence apparatus.” In addition, OFAC identified four vessels as blocked property owned by the identified entities. As a result of the sanctions, “all property and interests in property of these entities, and of any entities that are owned, directly or indirectly, 50 percent or more by the designated entities, that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC.” OFAC notes that its regulations “generally prohibit” U.S. persons from participating in transactions with blocked or designated persons.
Additionally, the announcement notes that OFAC is delisting two entities in recognition of their actions to ensure that their vessels are not complicit in supporting the Maduro regime. As a result of the delisting, all property and interest of the entities are now unblocked and lawful transactions involving U.S. persons are no longer prohibited.
Since OFAC’s designation of Venezuela’s state-owned oil company last January, the department has sanctioned several entities and individuals connected to Venezuela’s oil sector. Continuing InfoBytes coverage on these actions can be found here.
On September 20, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13224 against Iran’s central bank, the country’s national development fund, and an Iran-based company for providing financial support to the Islamic Revolutionary Guards Corps, its Qods Force (IRGC-QF), and Hizballah, the regime’s terrorist proxy. OFAC designated the bank for purportedly providing billions of dollars to these entities, and alleged that the national development fund “has been a major source of foreign currency and funding” for both the IRGC-QF and Iran’s Ministry of Defense and Armed Forces Logistics (MODAFL). Sanctions were brought against the Iran-based company for concealing financial transfers for MODAFL’s military purchases, including those originating from the national development fund. As a result of the sanctions, “all property and interests in property of these entities that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC.” OFAC noted that its regulations “generally prohibit” U.S. persons from participating in transactions with the designated persons, and warned foreign financial institutions that if they knowingly facilitate significant transactions for any of the designated entities, they may be subject to U.S. correspondent account or payable-through account sanctions.
On September 17, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $4,000,000 settlement with a London-based commercial bank for 72 alleged violations of the Sudanese Sanctions Regulations (SSR). The settlement resolves allegations that between September 2010 and August 2014, the bank processed 72 bulk funding payments totaling $190,700,000 related to Sudan, which involved transactions processed to or through U.S. financial institutions in apparent violation of the SSR, which prohibits U.S. persons, including U.S. financial institutions, from processing such transactions. OFAC notes that it lowered the penalty to $4,000,000 from the proposed $228,840,000, in light of the bank’s operating capacity and the fact that it represented that it ceased the conduct at issue.
In arriving at the settlement amount, OFAC considered various mitigating factors including that (i) OFAC has not issued a violation against the bank in the five years preceding the earliest date of the transactions at issue; (ii) the bank fully cooperated with the investigation into the alleged violations, including by entering into a statute of limitations tolling agreement and agreeing to extend the agreement; (iii) the bank provided significant investigative leads regarding a foreign financial institution that hosted an account involved in processing the transactions; and (iv) the bank undertook several remedial measures in response to the alleged violations, such as exiting the Sudanese market in 2014, hiring new senior management, and implementing improvements to its compliance program.
OFAC also considered various aggravating factors, including that (i) the bank exhibited “reckless disregard for U.S. sanctions regulations when it entered the Sudanese market; (ii) the bank ignored warning signs that it may have been violating U.S. law; and (iii) several of the bank’s senior managers were aware of and involved in the conduct giving rise to the alleged violations.
On September 17, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13850 against three individuals and 16 entities connected to two previously sanctioned Colombian nationals (covered by InfoBytes here) for enabling the Maduro regime “to corruptly profit from imports of food aid and distribution in Venezuela.” According to OFAC, the designated individuals are immediate family members with business connections to the sanctioned Colombian nationals “who are responsible for or complicit in, or have directly or indirectly engaged in, any deceptive or corrupt transaction or series of transactions with the Government of Venezuela or projects or programs administered by the Government of Venezuela.” The 16 designated entities, OFAC noted, are either owned or controlled by the designated individuals or one of the sanctioned Colombian nationals. As a result of the sanctions, “all property and interests in property of the individuals and entities designated today, and of any entities that are owned, directly or indirectly, 50 percent or more by those individuals or entities, that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC.” OFAC noted that its regulations “generally prohibit” U.S. persons from participating in transactions with the designated entities and individuals. OFAC also referred financial institutions to Financial Crimes Enforcement Network advisories FIN-2019-A002, FIN-2017-A006, FIN-2017-A003, and FIN-2018-A003 for further information concerning the efforts of Venezuelan government agencies and individuals to use the U.S. financial system and real estate market to launder corrupt proceeds, as well as human rights abuses connected to corrupt foreign political figures and their financial facilitators.
On September 13, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order (E.O.) 13722 against three North Korean state-sponsored cyber groups allegedly responsible for North Korea’s malicious cyber activity on critical infrastructure around the world. OFAC cited cyber attacks using phishing and backdoor intrusions, targeting a range of organizations that included financial institutions. In addition to malicious cyber activities on conventional financial institutions and major companies, North Korea’s cyber operations also targeted Virtual Asset Providers and cryptocurrency exchanges “to possibly assist in obfuscating revenue streams and cyber-enabled thefts that also potentially fund North Korea’s WMD and ballistic missile programs.” As a result of the sanctions, “all property and interests in property of these individuals and entities that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC.” OFAC noted that its regulations “generally prohibit” U.S. persons from participating in transactions with the designated persons, and warned foreign financial institutions that if they knowingly facilitate significant transactions for any of the designated individuals, they may be subject to U.S. correspondent account or payable-through account sanctions.
- Daniel P. Stipano to discuss "BSA/AML culture of compliance roundtable" at the FiSCA Annual Conference
- Daniel P. Stipano to discuss "Is there a better way to fight money laundering" at the FiSCA Annual Conference
- Michelle L. Rogers to discuss "What's trending in enforcement" at the Mortgage Bankers Association Annual Convention & Expo
- Kathryn L. Ryan and Moorari K. Shah to discuss "Today's regulatory environment - Are you in the know?" at the Equipment Leasing and Finance Association Annual Convention
- Buckley Webcast: Smoke and mirrors: Navigating the regulatory landscape in banking the marijuana industry
- H Joshua Kotin to discuss "CMS - Components of a successful monitoring program" at the RegList Annual Workshop
- Tim Lange to discuss "Temporary authority to operate - Are you prepared? Hear what the states are doing" at the RegList Annual Workshop
- Sherry-Maria Safchuk to discuss "Cybersecurity" at the RegList Annual Workshop
- Jeffrey P. Naimon to discuss "Hot topics in mortgage origination" at the Conference on Consumer Finance Law Annual Consumer Financial Services Conference
- Sherry-Maria Safchuk to discuss "CCPA: Countdown to compliance – A discussion of common questions and what is next on the CA privacy horizon" at the Conference on Consumer Finance Law Annual Consumer Financial Services Conference
- Jonice Gray Tucker to discuss "Fintech regulatory developments, crypto-assets, blockchain and digital banking, and consumer issues" at the Practising Law Institute Banking Law Institute
- Daniel P. Stipano to discuss "Adapting to the rapidly changing compliance landscape involving marijuana and marijuana-related businesses" on an ACAMS webinar
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference