Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • White House orders DOJ and CFPB to better protect citizens’ sensitive personal data

    Privacy, Cyber Risk & Data Security

    On March 1, the White House released Executive Order 14117 (E.O.) titled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern” to issue safeguards against Americans’ private information. The E.O. was preceded by the White House’s Fact Sheet which included provisions to protect Americans’ data on their genomic and biometric information, personal health, geolocation, finances, among others. The E.O. shared how this data can be used by nefarious actors such as foreign intelligence services or companies and could enable privacy violations. Under the E.O., President Biden ordered several agencies to act but primarily called on the DOJ. The president directed the DOJ to issue regulations on protecting Americans’ data from being exploited by certain countries. The White House also directed the DOJ to issue regulations to protect government-related data, specifically citing protections for geolocation information and information about military members. Lastly, the DOJ was directed to work with DHS to prevent certain countries’ access to citizens’ data through commercial means and the CFPB was encouraged to “[take] steps, consistent with CFPB’s existing legal authorities, to protect Americans from data brokers that are illegally assembling and selling extremely sensitive data, including that of U.S. military personnel.”

    A few days before, the DOJ released its fact sheet detailing its proposals to implement the White House’s E.O., focusing on national security risks and data security. The fact sheet highlighted that our current laws leave open lawful access to vast amounts of Americans’ sensitive personal data that may be purchased and accessed through commercial relationships. In response to the E.O., the DOJ plans to release future regulations “addressing transactions that involve [Americans’] bulk sensitive data” that pose a risk of access by countries of concern. The countries of concern include China (including Hong Kong and Macau), Russia, Iran, North Korea, Cuba, and Venezuela. The DOJ will also release its Advance Notice of Proposed Rulemaking (ANPRM) to provide details of the proposal(s) and to solicit comments.

    Privacy, Cyber Risk & Data Security Federal Issues Department of Justice CFPB Executive Order Department of Homeland Security White House Big Data China Russia Iran North Korea Cuba Venezuela

  • FTC reports on efforts to combat cross-border fraud and ransomware attacks

    Federal Issues

    On October 20, the FTC published two reports outlining its efforts to protect consumers against cross-border fraud and ransomware attacks. 

    In the first report, the FTC described the US SAFE Web Act (SAFE WEB), passed in 2006, as an “indispensable” tool to combat cross-border fraud and protect consumers in an increasingly global and digital economy.  For example, the report noted that since SAFE WEB was passed, the FTC has used the law in myriad ways: issuing more than 140 civil investigative demands on behalf of 21 foreign agencies from eight countries; engaging in 148 staff exchanges to build cooperation with foreign counterparts; and sharing confidential information from FTC files with 43 law enforcement agencies in twenty different countries.  The report also indicated that SAFE WEB has allowed the FTC to pursue and stop harmful conduct in the US and defend against challenges to its jurisdictional authority over foreign companies targeting American consumers.  Notably, SAFE WEB helped the FTC (i) shut down a real estate investment scam that took in more than $100 million (the largest such scheme the FTC has ever targeted); (ii) cooperate with privacy authorities in Canada and the United Kingdom to pursue actions against an online dating site that deceived consumers and failed to protect the account and profile information of more than 36 million individuals; (iii) and work with foreign law enforcement agencies to stop fraudulent money transfers to certain money transfer companies located in Spain in connection with a Nigerian email scam.  The FTC recommends that Congress permanently reauthorize SAFE WEB to preserve the agency’s ability to fight cross-border fraud.

    In the second report, the FTC discussed its work to target ransomware and other cyber-attacks.  The FTC highlighted its longstanding data security enforcement program, which seeks to ensure that businesses engage in reasonable practices to protect the data of their customers.  Moreover, the RANSOMWARE Act refers specifically to China, Russia, North Korea, and Iran.  The report stated that although the FTC has taken data security-related enforcement actions involving connections to China and Russia, the FTC has had limited interactions with government agencies in China, Russia, North Korea, and Iran.  The report included several recommendations for Congress, including making SAFE WEB permanent, amending a provision in the FTC act which would restore the FTC’s ability to provide refunds to harmed consumers, and enacting privacy and data security legislation which would be enforceable by the FTC.  The FTC also urged businesses to take steps to safeguard customer data, including retaining information only so long as there is a legitimate business need, restricting access to sensitive data, and storing personal information securely and protecting it during transmission.

    Federal Issues FTC Ransomware Fraud

  • Senators ask Treasury, White House for answers on North Korea’s crypo-crime funding

    Financial Crimes

    On August 4, Senators Elizabeth Warren (D-MA), Tim Kaine (D-VA), and Chris Van Hollen (D-MD) sent a letter to the White House National Security Advisor and the Treasury Department’s Under Secretary for Terrorism and Financial Intelligence regarding their concerns over North Korea’s use of cyberattacks and cryptocurrency theft to skirt international sanctions and embargos. The letter urges the Treasury to provide details on its plan to stop North Korea from using digital assets to evade sanctions and continue with the development of nuclear weapons and ballistic missiles. The senators noted that a UN report found that in 2016, “North Korea exhibited a ‘clear shift’ to attacking cryptocurrency exchanges for the purposes of ‘generating financial revenue’” that is difficult to trace and subject to less government oversight. The letter highlights the effects of the cyberattacks, including how they have generated about $2 billion, which is then used to fund the North Korean military.  The extent of the cybercrime and cryptocurrency thefts show its use is “key” to the regime’s survival, and notes that the regime has a workforce of thousands of IT workers who operate out of many different countries. The senators asked for a response to their five questions by August 16.

    Financial Crimes Fintech Cryptocurrency Digital Assets Bank Secrecy Act North Korea Department of Treasury

  • FinCEN updates jurisdictions with AML/CFT/CPF deficiencies

    Financial Crimes

    On June 29, FinCEN announced that the Financial Action Task Force (FATF) issued a public statement updating its lists of jurisdictions with strategic deficiencies in anti-money laundering (AML), countering the financing of terrorism (CFT), and countering the financing of proliferation of weapons of mass destructions (CPF). FATF’s statements include (i) Jurisdictions under Increased Monitoring, “which publicly identifies jurisdictions with strategic deficiencies in their AML/CFT/CPF regimes that have committed to, or are actively working with, the FATF to address those deficiencies in accordance with an agreed upon timeline,” and (ii) High-Risk Jurisdictions Subject to a Call for Action, “which publicly identifies jurisdictions with significant strategic deficiencies in their AML/CFT/CPF regimes and calls on all FATF members to apply enhanced due diligence, and, in the most serious cases, apply counter-measures to protect the international financial system from the money laundering, terrorist financing, and proliferation financing risks emanating from the identified countries.”

    FinCEN’s announcement also informed members that FATF added Cameroon, Croatia, and Vietnam it its list to the list of Jurisdictions Under Increased Monitoring and advised jurisdictions to apply enhanced due diligence proportionate to the risks. FATF did not remove any jurisdictions from the list. Additionally, the announcement suggests that money service businesses refer to FinCEN’s Guidance on compliance obligations to employ adequate measures against money laundering and the financing of terrorism posed by their foreign relationships. Also noted in the announcement is that the list of high-risk jurisdictions subject to a call for action, remains the same. FinCEN reminded in the announcement that U.S. financial institutions are still broadly prohibited from engaging in transactions or dealings with Iran, and they should continue to refer to existing FinCEN and Office of Foreign Assets Control guidance on engaging in financial transactions with Burma. With respect to high-risk jurisdictions subject to a call for action — the Democratic People’s Republic of Korea and Iran — “financial institutions must comply with the extensive U.S. restrictions and prohibitions against opening or maintaining any correspondent accounts, directly or indirectly, for North Korean or Iranian financial institutions,” FinCEN said, adding that “[e]xisting U.S. sanctions and FinCEN regulations already prohibit any such correspondent account relationships.”

     

    Financial Crimes Of Interest to Non-US Persons FinCEN Anti-Money Laundering Combating the Financing of Terrorism FATF Combating Weapons of Mass Destruction Proliferation Financing OFAC

  • OFAC sanctions DPRK missile development procurers

    Financial Crimes

    On June 15, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Orders (E.O.) 13382 and 13810, against two individuals involved in the procurement of equipment and materials that support the Democratic People’s Republic of Korea’s (DPRK) ballistic missile program. According to OFAC, the missile program relies on foreign-sourced ballistic missile-related components that it cannot produce domestically. One of the sanctioned persons has collaborated with a number of individuals to purchase and procure items including those known to be used in the production of DPRK ballistic missiles. The individual’s wife is the second sanctioned individual listed as “being a North Korean person, including a North Korean person that has engaged in commercial activity that generates revenue for the Government of North Korea or the Workers’ Party of Korea.”

    As a result of the sanctions, all property and interests in property of the designated persons that are in the U.S., or in the possession or control of U.S. persons, are blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked. OFAC further mentioned, “any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the individuals or entities designated today could be subject to U.S. correspondent or payable-through account sanctions.”

    Financial Crimes Of Interest to Non-US Persons OFAC OFAC Sanctions OFAC Designations Department of Treasury China North Korea SDN List

  • OFAC clarifies impact of sanctions on humanitarian assistance and trade

    Financial Crimes

    On June 14, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued a Fact Sheet for “Provision of Humanitarian Assistance and Trade to Combat COVID-19.” The Fact Sheet, among other things, highlights Treasury’s humanitarian-related or other general licenses (GL) issued to support people impacted by Covid-19 across Iran, Venezuela, North Korea, Syria, Cuba, and Russia. Relatedly, OFAC issued Iran-related GL N-2, Venezuela-related GL 39B, and Syria-related GL 21B to authorize transactions and activities related to the prevention, diagnosis, or treatment of Covid-19, as well as several amended FAQs.

    Financial Crimes Of Interest to Non-US Persons Department of Treasury OFAC OFAC Designations OFAC Sanctions Iran Syria North Korea Cuba Russia Venezuela Covid-19

  • OFAC reaches $508 million settlement with British tobacco company on North Korean transactions

    Financial Crimes

    On April 25, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $508 million settlement with one of the world’s largest tobacco companies to resolve potential civil liabilities stemming from allegations that the company sent more than $250 million in profits from a North Korean joint venture through U.S. financial institutions by relying on designated North Korean banks and several intermediaries. According to OFAC’s web notice, from 2007 to 2016, the London-headquartered company formed a conspiracy to export tobacco and related products to North Korea, and remitted approximately $250 million in payments from the North Korean joint venture. The payments were allegedly remitted through bank accounts controlled by sanctioned North Korean banks to the company’s Singaporean subsidiary via U.S. banks who cleared the transactions. By causing U.S. financial institutions to process wire transfers containing blocked property interests of sanctioned North Korean banks in order to export financial services and facilitate the export of tobacco, the company violated the Weapons of Mass Destruction Proliferators Sanctions Regulations and the North Korea Sanctions Regulations, OFAC said.

    According to OFAC, the settlement is the largest ever reached with a non-financial institution and reflects the statutory maximum penalty due to OFAC’s determination that the company’s conduct was egregious and not voluntarily self-disclosed. In arriving at the settlement amount, OFAC determined, among other things, that the company and its subsidiaries willfully conspired to transfer hundreds of millions of dollars related to North Korea through U.S. financial institutions while being aware that U.S. sanctions regulations prohibited this conduct. The company and its subsidiaries also allegedly “relied on an opaque series of front companies and intermediaries” to conceal their North-Korea-related business, with management having actual knowledge about the alleged conspiracy from the beginning. OFAC also considered various mitigating factors, including that the company has not received a penalty notice from OFAC in the preceding five years, and that the company cooperated with OFAC and agreed to toll the statute of limitations.

    Providing context for the settlement, OFAC said that this action demonstrates that “creating the illusion of distance between a firm and apparently violative conduct does not shield that firm from liability.” Moreover, “[s]enior management decisions to approve or otherwise support arrangements that obscure dealings with sanctioned countries and parties can be reflected throughout an organization, compounding sanctions risks and increasing the likelihood of committing potential violations.”

    Concurrently, the DOJ announced that the company and one of its subsidiaries have agreed to pay combined penalties of more than $629 million to resolve bank fraud and sanctions violations charges stemming from the aforementioned conduct. According to the DOJ, the subsidiary pleaded guilty to a criminal information charging both entities with conspiracy to commit bank fraud and conspiracy to violate the International Emergency Economic Powers Act. The company entered into a deferred prosecution agreement related to these charges.

    Financial Crimes Of Interest to Non-US Persons OFAC Department of Treasury OFAC Sanctions OFAC Designations Enforcement Settlement North Korea DOJ

  • OFAC sanctions arms facilitator for attempted North Korea-Russia deals

    Financial Crimes

    On March 30, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 13551, against a Slovakian national for attempting to facilitate arms deals between Russia and the Democratic People’s Republic of Korea (DPRK) to aid Russia’s war against Ukraine. “Schemes like the arms deal pursued by this individual show that Putin is turning to suppliers of last resort like Iran and the DPRK,” Secretary of the Treasury Janet L. Yellen said. “We remain committed to degrading Russia’s military-industrial capabilities, as well as exposing and countering Russian attempts to evade sanctions and obtain military equipment from the DPRK or any other state that is prepared to support its war in Ukraine.”

    As a result of the sanctions, all property and interests in property of the sanctioned individual that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC, as well as “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons.” Persons that engage in certain transactions with the designated individual may themselves be exposed to sanctions, and “any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for the individual designated today could be subject to U.S. correspondent or payable-through account sanctions.”

    Financial Crimes Of Interest to Non-US Persons OFAC Department of Treasury OFAC Sanctions OFAC Designations SDN List Russia Ukraine Ukraine Invasion

  • FinCEN comments on Russia’s suspended FATF membership; issues statements on jurisdictions with AML/CFT/CPF deficiencies

    Financial Crimes

    On March 9, FinCEN informed U.S. financial institutions that last month the Financial Action Task Force (FATF) suspended the Russian Federation’s membership after determining that the country’s “actions unacceptably run counter to the FATF core principles aiming to promote security, safety, and the integrity of the global financial system.” (Covered by InfoBytes here.) FATF also urged jurisdictions to monitor for and mitigate emerging risks resulting “from the circumvention of measures taken in order to protect the international financial system.”

    Additionally, FinCEN noted that at the end of February, FATF issued public statements updating its lists of jurisdictions with strategic deficiencies in anti-money laundering (AML), countering the financing of terrorism (CFT), and countering the financing of proliferation of weapons of mass destructions (CPF) regimes. These include (i) Jurisdictions under Increased Monitoring, “which publicly identifies jurisdictions with strategic deficiencies in their AML/CFT/CPF regimes that have committed to, or are actively working with, the FATF to address those deficiencies in accordance with an agreed upon timeline,” and (ii) High-Risk Jurisdictions Subject to a Call for Action, “which publicly identifies jurisdictions with significant strategic deficiencies in their AML/CFT/CPF regimes and calls on all FATF members to apply enhanced due diligence, and, in the most serious cases, apply counter-measures to protect the international financial system from the money laundering, terrorist financing, and proliferation financing risks emanating from the identified countries.”

    With respect to jurisdictions under increased monitoring, FinCEN’s announcement reminded U.S. covered financial institutions of their due diligence obligations for foreign financial institutions (including correspondent accounts maintained for foreign banks), and instructed them to ensure that they implement “appropriate, specific, risk-based, and, where necessary, enhanced policies, procedures, and controls that are reasonably designed to detect and report known or suspected money laundering activity conducted through or involving any correspondent account established, maintained, administered, or managed in the United States.” Money services business are reminded of parallel requirements with respect to foreign agents or counterparties. Members were informed that FATF removed Cambodia and Morocco from its list of Jurisdictions under Increased Monitoring but added Nigeria and South Africa to the list.

    FinCEN’s announcement also informed members that Burma remains on the list of High-Risk Jurisdictions Subject to a Call for Action, and advised U.S. financial institutions to apply enhanced due diligence. Moreover, U.S. financial institutions should continue to refer to existing FinCEN and OFAC guidance on engaging in financial transactions with Burma. With respect to the Democratic People’s Republic of Korea and Iran, “financial institutions must comply with the extensive U.S. restrictions and prohibitions against opening or maintaining any correspondent accounts, directly or indirectly, for North Korean or Iranian financial institutions,” FinCEN said, adding that “[e]xisting U.S. sanctions and FinCEN regulations already prohibit any such correspondent account relationships.”

    Financial Crimes Of Interest to Non-US Persons FATF Russia Anti-Money Laundering Combating the Financing of Terrorism FinCEN OFAC

  • OFAC settles with Indian tobacco company on North Korean transactions

    Financial Crimes

    On March 1, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $332,500 settlement with an India-registered tobacco company to resolve allegations that it “requested payment in U.S. dollars for its indirect exportation of tobacco to the Democratic People’s Republic of Korea [(DPRK)].” According to OFAC’s web notice, in late 2016, an assistant manager at the company and a representative from a Thai intermediary began communicating about a prospective order of tobacco from a DPRK customer. A decision was eventually made not to include the DPRK customer or to list the DPRK in trade documents for the order. Rather, the order listed the Thai intermediary as the customer and China as the destination. OFAC maintained that the company issued three invoices to the Thai intermediary for its tobacco orders, and asked that payments be sent in USD to either the company’s bank account at a non-U.S. bank in India or to the India-branch of a U.S. bank. Between July and August 2017, four Hong Kong-organized intermediaries remitted funds to the company for these shipments and made five payments totaling approximately $369,228. Four of the five USD payments were sent to the non-U.S. bank, causing three U.S. financial institutions to clear the payments. The fifth payment was sent to the India-branch of a U.S. bank. By directing the Hong Kong intermediaries to remit payments in USD, OFAC claimed the company “caused U.S. correspondent banks that processed the payments, as well as the foreign branch of a U.S. bank, to export financial services to or otherwise facilitate the exportation of tobacco to the DPRK” in violation of the North Korea Sanctions Regulations.

    In arriving at the settlement amount, OFAC determined, among other things, that several managers had actual knowledge of the alleged conduct at issue, and that the company “acted recklessly” by “fail[ing] to exercise a minimal degree of caution or care for U.S. sanctions laws and regulations and caus[ing] U.S. financial institutions to export financial services or otherwise facilitate the exportation of tobacco to the DPRK.”

    OFAC also considered various mitigating factors, including that the company has not received a penalty notice from OFAC in the preceding five years. Additionally, the company undertook remedial measures upon learning of the alleged violations, cooperated with OFAC throughout the investigation, and agreed to toll the statute of limitations, the notice said.

    Providing context for the settlement, OFAC said that this action “highlights the deceptive practices DPRK entities use to evade U.S. and international sanctions and acquire revenue-generating goods, such as by employing intermediaries in various countries to coordinate shipping and make payments.”

    Financial Crimes Of Interest to Non-US Persons Department of Treasury OFAC OFAC Sanctions OFAC Designations Settlement North Korea Enforcement

Pages

Upcoming Events