Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On December 9, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) published two new Venezuela-related FAQs. FAQ 808 stipulates that a specific license from OFAC is not “ordinarily required” when initiating or continuing U.S. legal proceedings against persons designated or blocked pursuant to OFAC’s Venezuela sanctions programs. Specific licenses are also not required for a U.S. court or court personnel to hear such a case. However, a specific license from OFAC is required in order to enter into a settlement agreement or to enforce a lien, judgment, or other order “through execution, garnishment, or other judicial process purporting to transfer or otherwise alter or affect property or interests in property blocked pursuant to the Venezuela Sanctions Regulations.” OFAC also provides a list of measures where a specific license is required. Additionally, FAQ 809 clarifies when a specific license is required to conduct an auction or other type of sale involving shares of a Venezuelan government entity whose property and interests in property are blocked pursuant to the Venezuela Sanctions Regulations. Additionally, OFAC “urges caution in proceeding with any step in furtherance of measures which might alter or affect blocked property or interests in blocked property.”
Visit here for additional InfoBytes coverage of actions related to Venezuela.
OFAC announces sanctions against Russia-based organization for malware attacks on financial institutions
On December 5, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13694 against a Russia-based cybercriminal organization for allegedly developing and distributing malware that infected financial institutions and resulted in more than $100 million in theft. OFAC’s action targets 17 individuals and seven entities and is “intended to disrupt the massive phishing campaigns orchestrated by [the organization],” Treasury Secretary Steven T. Mnuchin stated. According to OFAC, the organization used the malware to infect computers and harvest login credentials from roughly 300 banks and financial institutions in over 40 countries, resulting in millions of dollars of damage to U.S. and international financial institutions and their customers. As a result of the sanctions, all property and interests in property of these persons subject to U.S. jurisdiction are blocked, along with “any entities 50 percent or more owned by one or more designated persons.” OFAC noted that its regulations “generally prohibit” U.S. persons from participating in transactions with designated persons, and warned that “foreign persons may be subject to secondary sanctions for knowingly facilitating a significant transaction or transactions with these designated persons.”
In a concurrent action announced the same day, the DOJ unsealed criminal charges—including those related to international computer hacking and bank fraud schemes—against two of the organization’s members. In addition, Treasury’s Financial Crimes Enforcement Network and the Cybersecurity and Infrastructure Security Agency released a report providing a technical analysis of the malware and related variants, emphasizing that because the malware continues to target the financial services sector, financial institutions should review and incorporate the report’s techniques, tactics, and procedures into existing network defense capabilities and planning.
On December 6, the DOJ announced that it entered into a deferred prosecution agreement with a Swedish-based telecommunications company, in which the company agreed to pay more than $1 billion in criminal and civil penalties related to alleged violations of the FCPA’s anti-bribery, books and records, and internal control provisions. The company’s Egyptian subsidiary also pleaded guilty in New York federal court to a one-count criminal information that charged it with conspiracy to violate the FCPA’s anti-bribery provisions. The SEC simultaneously announced a resolution with the company. Under the terms of the agreements, the company agreed to pay a criminal fine of more than $520 million to the DOJ, and will cooperate with any ongoing investigations, enhance its compliance program, and be subject to an independent compliance monitor for three years. An additional $540 million in disgorgement and interest will be paid to the SEC. The announcements cited improper payments and accounting practices regarding five countries and various third party agents. The company received partial cooperation credit and a 15 percent criminal fine reduction for (i) “conducting a thorough internal investigation” and “making regular factual presentations to the [D]epartment”; (ii) voluntarily making foreign witnesses available to prosecutors; and (iii) “producing extensive documentation and disclosing some conduct of which the [D]epartment was previously unaware.” Additionally, the DOJ recognized the company’s measures to improve its anti-bribery compliance processes.
On November 25, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $466,912 civil settlement with a California-based technology company to resolve alleged violations of the Foreign Narcotics Kingpin Sanctions Regulations (FNKSR). According to OFAC, the company voluntarily disclosed that it hosted a sanctioned Slovenian software developer on its platform and collected more than $1 million in payments from customers who downloaded the developer’s apps. The company’s actions—which included hosting, selling, and facilitating the transfer of the developer’s software and associated content, as well as processing 47 payments between 2015 and 2017—were in violation of the FNKSR because OFAC’s List of Specially Designated Nationals and Blocked Persons identified the developer as a significant foreign narcotics trafficker (SDNTK).
In arriving at the settlement amount, OFAC considered various mitigating factors, including that (i) the company voluntarily disclosed the violations and continued to cooperate by promptly responding to information requests; (ii) the volume and payment amounts were not significant when compared to the company’s annual total volume of transactions; (iii) OFAC has not issued a violation against the company in the five years preceding the earliest date of the transactions at issue; and (iv) the company has strengthened its compliance program to minimize the risk of recurrence.
OFAC also considered various aggravating factors, including that (i) the alleged conduct demonstrated a “reckless disregard for U.S. sanctions requirements”; (ii) the company’s processing of payments conferred a significant economic benefit to the developer; and (iii) the company failed to timely take corrective actions after identifying the developer as a SDNTK and continued to process payments.
On December 3, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced additions to the Specially Designated Nationals List (SDN List) pursuant to Executive Order 13884, which blocks the property of the Venezuelan government. OFAC identified six tankers of Venezuela’s state-owned oil company as property of the Venezuelan Government and therefore as blocked property, after all the vessels recently transported petroleum to Cuba. A seventh tanker also was identified as a blocked property, pursuant to Executive Order 13850 for operating in the oil sector of the Venezuelan economy, after delivering Venezuelan petroleum to Cuba. According to the press release, the vessel’s name had been changed to circumvent sanctions as it moved Venezuelan oil to Cuba. The SDN List was updated to link the new name of the vessel to its former name. OFAC reiterated that its “regulations generally prohibit all transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of blocked or designated persons.”
On November 27, the U.S. Treasury Department's of Foreign Assets Control (OFAC) updated two existing Iran-related FAQs: FAQ 303, which discusses insurance, reinsurance, and underwriting activities; and FAQ 804, which discusses whether sanctions on certain shipping tankers apply to their corporate parent and affiliates. Additionally, OFAC issued three new Iran-related FAQs (FAQ 805-807) covering the sanctions exposure of non-U.S. persons, the types of activities considered “maintenance” in General License K, and the processing of transactions involving a specific shipping tanker under General License K.
On November 22, the DOJ announced that it entered into a deferred prosecution agreement with a South Korean engineering company, in which the company agreed to pay more than $75 million in criminal penalties to resolve an investigation into alleged violations of the FCPA’s anti-bribery provisions. Half of the penalty amount will be paid to the DOJ, and the remaining half will be paid either to Brazilian authorities or also to the United States. According to the DOJ announcement, between 2007 and 2013, the company allegedly paid approximately $20 million in commissions to a Brazilian intermediary, “knowing that portions of the money would be paid as bribes to officials” at Brazil’s state-owned and controlled oil and energy firm. The bribes were allegedly intended to ensure that the state-owned entity entered into a contract to charter a drill ship from a separate Houston-based offshore oil drilling company, which would then be able to purchase that vessel from the Korean company.
As part of the deferred prosecution agreement, the company agreed to cooperate with the DOJ’s ongoing investigations and prosecutions, to improve its compliance program, and to report to the DOJ on those improvements. The company received partial credit for cooperating with the investigation and taking remedial measures, including (i) enhancing its compliance program; (ii) hiring additional compliance staff; (iii) “implementing enhanced anti-corruption policies and heightened due diligence controls over third party vendors”; (iv) instituting mandatory anti-corruption training; and (v) improving its whistleblower policies.
On November 21, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced that the Venezuela Sanctions Regulations (Regulations) have been amended to incorporate additional Executive Orders (E.O.s), a new general license, and a new interpretive provision. Specifically, since the Regulations were published in July 2015, six E.O.s have been issued pursuant to E.O. 13692, “Blocking Property and Suspending Entry of Certain Persons Contributing to the Situation in Venezuela.” OFAC is amending the Regulations to specify that the prohibitions include all transactions prohibited by E.O. 13692 or any further E.O issued pursuant to the national emergency declared in E.O. 13692. Moreover, OFAC is amending the Regulations to incorporate a general license, which authorizes the U.S. Government to engage in certain activities related to Venezuela (see previous InfoBytes coverage on actions related to Venezuela, including general licenses here). Lastly, an interpretive provision has been added to clarify that “the entry into a settlement agreement or the enforcement of any lien, judgment, arbitral award, decree, or other order through execution, garnishment, or other judicial process purporting to transfer or otherwise alter or affect property or interests in property blocked pursuant to [the Regulations] is prohibited unless authorized pursuant to a specific license issued by OFAC pursuant to this part.” The amendments were effective November 22.
On November 15, Financial Crimes Enforcement Network (FinCEN) Director Kenneth Blanco delivered remarks at the Chainalysis Blockchain Symposium to discuss, among other things, the agency’s focus on convertible virtual currency (CVC) and remind attendees—particularly financial institutions—of their compliance obligations. Specifically, Blanco emphasized that FinCEN applies a “technology-neutral regulatory framework to any activity that provides the same functionality at the same level of risk, regardless of its label.” As such, money transmissions denominated in CVC, Blanco stated, are money transmissions. Blanco discussed guidance issued by FinCEN in May (previously covered by InfoBytes here) that reminded persons subject to the Bank Secrecy Act (BSA) how FinCEN regulations relating to money services businesses apply to certain business models involving money transmissions denominated in CVC. Blanco also highlighted the agency’s recent collaboration with the CFTC and the SEC to issue joint guidance on digital asset compliance obligations. (Previous InfoBytes coverage here.) Highlights of Blanco’s remarks include (i) suspicious activity reporting related to CVC has increased, including “filings from exchanges identifying potential unregistered, foreign-located money services businesses”; (ii) compliance with the “Funds Travel Rule” is mandatory and applies to CVC; (iii) for anti-money laundering/combating the funding of terrorism purposes, accepting and transmitting activity denominated in stablecoins falls within FinCEN's definition of “money transmission services” under the BSA; and (iv) administrators of stablecoins must register as money services businesses with FinCEN.
On November 18, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13224 against two Islamic State of Iraq and Syria (ISIS) procurement agents based in Turkey and four ISIS-linked entities operating in Syria, Turkey, and across the Gulf and Europe for allegedly providing financial and logistical support to ISIS. OFAC also took action against an Afghanistan-based organization, as well as two affiliated senior officials, for “using false charitable pretenses as a cover to facilitate the transfer of funds and support the activities of the terrorist group’s branch in Afghanistan, ISIS – Khorasan.” OFAC noted that these sanctions coincide with the twelfth meeting of the Counter ISIS Finance Group, which coordinates efforts to isolate ISIS from the international financial system and eliminate revenue sources. As a result of the sanctions, all property and interests in property of the designated entities and individuals within U.S. jurisdiction are blocked and must be reported to OFAC. OFAC further noted that its regulations “generally prohibit” U.S. persons from participating in transactions with the designated persons, and warned foreign financial institutions that if they knowingly facilitate significant transactions for any Specially Designated Global Terrorists, they may be subject to U.S. correspondent account or payable-through account sanctions.
- Kathryn L. Ryan to discuss "Industry open forum session on NMLS usage" at the NMLS Annual Conference & Training
- Tim Lange to discuss "State legislative update - MSBs and consumer finance" at the NMLS Annual Conference & Training
- Kathryn L. Ryan to discuss "Regulating innovative consumer lending products" at the NMLS Annual Conference & Training
- Daniel P. Stipano to moderate "Washington update" at the Puerto Rican Symposium of Anti Money Laundering
- Melissa Klimkiewicz to discuss "Private flood insurance updates" at the Mortgage Bankers Association Servicing Solutions Conference & Expo
- Jonice Gray Tucker and H Joshua Kotin to discuss regulatory compliance issues in the fintech industry at Protiviti's Risk & Compliance Innovation Roundtable
- APPROVED Checkpoint Webcast: CFL overview
- Amanda R. Lawrence and Sherry-Maria Safchuk to discuss "California privacy rule" on an NAFCU webinar
- Sasha Leonhardt to discuss "MLA & SCRA" on a NAFCU webinar
- Daniel P. Stipano to discuss "Pathway of the SARs: Tracking trajectories of suspicious activity reports from alerts to prosecution" at the ACAMS International AML & Financial Crime Conference
- Daniel P. Stipano to discuss "Which bud’s for you? A deep-dive into evolving marijuana laws" at the ACAMS International AML & Financial Crime Conference
- John P. Kromer to discuss "Navigating the multi-state fintech regulatory regime" at the American Conference Institute Legal, Regulatory and Compliance Forum on Fintech & Emerging Payment Systems