InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FinCEN penalizes first bitcoin “mixer” $60 million for violating BSA
On October 19, the Financial Crimes Enforcement Network (FinCEN) announced a civil money penalty against an individual exchanger who founded and operated two convertible virtual currency (CVC) platforms known as “mixers” or “tumblers” for allegedly violating the Bank Secrecy Act’s (BSA) registration, program, and reporting requirements. According to FinCEN, the exchanger, among other things, (i) accepted and transmitted CVC through a variety of means, which “contain[ed] the proceeds of various acts of cybercrime”; (ii) conducted over 1,225,000 transactions for customers; and (iii) “is associated with virtual currency wallet addresses that have sent or received over $311 million.” FinCEN also contends that the exchanger advertised his services to customers on the dark web and circumvented BSA’s requirements by disregarding his obligations and operating the platforms as unregistered money service businesses (MSB).
Under FinCEN’s 2013 guidance and 2019 clarification, exchangers and administrators of CVC are money transmitters and therefore subject to BSA regulations, with mixers and tumblers subject to the same rules. (Previously covered by InfoBytes here and here.) According to FinCEN, the exchanger’s activities qualified him as a virtual currency exchanger, MSB, and a financial institution under the BSA. As such, the exchanger was required to register as an MSB with FinCEN, establish and implement an effective written anti-money laundering program, detect and file suspicious activity reports, and report currency transactions, which he failed to do. The order requires the exchanger to pay a $60 million civil money penalty.
Agencies propose codifying that supervisory guidance lacks force of law
On October 20, the Federal Reserve Board, CFPB, FDIC, NCUA, and OCC released a notice of proposed rulemaking (NPRM), which seeks to codify the “Interagency Statement Clarifying the Role of Supervisory Guidance issued by the agencies on September 11, 2018 (2018 Statement).” As previously covered by InfoBytes, the 2018 Statement confirmed that supervisory guidance “does not have the force and effect of law, and [that] the agencies do not take enforcement actions based on supervisory guidance.” The Statement emphasized that the intention of supervisory guidance is to outline agencies’ expectations or priorities and highlighted specific policies and practices the agencies intend to take relating to supervisory guidance to further clarify the proper role of guidance, including: (i) not citing to “violations” of supervisory guidance; (ii) limiting the use of numerical thresholds or other “bright-line” requirements; (iii) limiting multiple issuances of guidance on the same topic; (iv) continuing to emphasize the role of supervisory guidance to examiners and to supervised institutions; and (v) encouraging supervised institutions to discuss supervisory guidance questions with their appropriate agency contact.
In addition to codifying the above elements of the 2018 Statement, the proposal would amend the 2018 Statement by (i) clarifying that references in the Statement limiting agency “criticisms” includes criticizing institutions “through the issuance of [matters requiring attention] MRAs and other supervisory criticisms, including those communicated through matters requiring board attention, documents of resolution, and supervisory recommendations”; and (ii) adding that supervisory criticisms should be “specific as to practices, operations, financial conditions, or other matters that could have a negative effect on the safety and soundness of the financial institution, could cause consumer harm, or could cause violations of laws, regulations, final agency orders, or other legally enforceable conditions.”
Comments are due 60 days after publication in the Federal Register, which has not yet occurred.
OFAC reaches $4.1 million settlement with holding company to resolve Iranian Transactions and Sanctions Regulations violations
On October 20, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a more than $4.1 million settlement with a Nebraska-based multinational conglomerate holding company to resolve 144 apparent violations of the Iranian Transactions and Sanctions Regulations engaged in by its indirectly wholly owned Turkish subsidiary. According to OFAC’s web notice, the Turkish subsidiary, in violation of the company’s compliance policies, allegedly sold goods to two third-party Turkish distributors knowing that the goods “would be shipped to a distributor in Iran for resale to Iranian end-users, including several entities later identified as meeting the definition of the Government of Iran.” The Turkish subsidiary also purchased goods manufactured by other company subsidiaries, and allegedly took measures “to obfuscate its dealings with Iran” and conceal these activities from the company. Employees of certain other company subsidiaries also allegedly received communications revealing that these orders may have been intended for Iranian end users; however only one of these subsidiaries warned the Turkish subsidiary that such transactions were prohibited.
In arriving at the settlement amount, OFAC considered various aggravating factors, including that (i) the Turkish subsidiary’s management “willfully engaged” in prohibited transactions, and certain senior management “intentionally concealed its dealings with Iran”; (ii) certain company subsidiaries had knowledge, or reason to know, that some of the products sent to the Turkish subsidiary were intended for Iran; and (iii) the Turkish subsidiary “demonstrated a pattern of conduct by knowingly engaging in prohibited dealings for approximately three years.”
OFAC also considered various mitigating factors, such as (i) the company voluntarily self-disclosed the apparent violations, and cooperated with the investigation; (ii) the company and its subsidiaries and affiliates signed a tolling agreement; and (iii) the company has undertaken remedial measures, including enhancing its compliance procedures for foreign subsidiaries, to minimize the risk of similar violations from occurring in the future.
SEC issues $800,000 whistleblower award after reconsideration
On October 15, the SEC announced a more than $800,000 award to a whistleblower in connection with two successful agency enforcement actions, after a request for reconsideration. According to the redacted order, the whistleblower contested a preliminary denial and after review, the SEC determined the whistleblower satisfied the program requirements by “author[ing] information containing a detailed analysis that alerted Commission staff to the underlying securities violations.” The order notes that the whistleblower did not provide any further assistance beyond the initial tips.
The SEC has now paid a total of $562 million to 107 individuals since the inception of the program.
FTC temporarily halts unlawful debt collection operation
On October 15, the FTC announced that the U.S. District Court for the Northern District of Georgia granted a temporary restraining order against a debt collection operation for allegedly engaging in fraudulent debt collection practices. According to the FTC’s complaint, the operation violated the FTC Act and the FDCPA by, among other things, (i) posing as law enforcement officers, prosecutors, attorneys, mediators, investigators, or process servers when calling consumers to collect debts; (ii) using profane language and threatening consumers with arrest or serious legal consequences if debts were not immediately paid; (iii) threatening to garnish wages, suspend Social Security payments, revoke drivers’ licenses, or lower credit scores; (iv) attempting to collect debts that were either never owed or were no longer owed; (v) unlawfully contacting third parties, such as family members or employers; and (vi) adding unauthorized or impermissible charges or fees to consumers’ debts. The complaint asserts that the operation also refused to provide written verification about the alleged debts as required by the FDCPA. Beyond the temporary restraining order, the FTC is seeking a permanent injunction, contract rescission or reformation, restitution, disgorgement, the appointment of a receiver, immediate access to business premises, an asset freeze, and other equitable relief.
The action is part of the FTC’s “Operation Corrupt Collector”—a nationwide enforcement and outreach effort established last month by the FTC, CFPB, and more than 50 federal and state law enforcement partners to address illegal debt collection practices. (Covered by InfoBytes here.)
Global financial institution pays $2.9 billion to settle Malaysian FCPA conspiracy and bribery charges
On October 22, the DOJ announced that it entered into a deferred prosecution agreement with a global financial institution headquartered in New York (the company), in which the company agreed to pay a criminal fine of over $2.9 billion related to violations of the FCPA’s anti-bribery provisions. The company’s Malaysian subsidiary also pleaded guilty to one count of conspiracy to violate the anti-bribery provisions of the FCPA.
According to the DOJ, between 2009 and 2014, the company participated in a scheme to pay over $1.6 billion in bribes, directly and indirectly, to Malaysian and Abu Dhabi officials to obtain business, including a role in underwriting approximately $6.5 billion in three bond deals for a Malaysian sovereign wealth fund regarding energy development (previous InfoBytes coverage on the charges available here). The DOJ stated that the company admitted to engaging in the scheme through certain employees and agents, including (i) the company’s former Southeast Asia Chairman and managing director, who pleaded guilty in 2018 to conspiring to launder money and to violate the FCPA (covered by InfoBytes here); (ii) a former managing director and head of investment banking for the company’s Malaysian subsidiary, who was charged and subsequently extradited to the U.S. in 2019 and is scheduled to stand trial in March 2021 for conspiring to launder money and to violate the FCPA (covered by InfoBytes here); and (iii) a former executive who held leadership positions in Asia. The company admitted that their former employees and agents conspired with a Malaysian financier (who was indicted in 2018, covered by InfoBytes here) to bribe officials involved in the strategic development initiative by using funds diverted and misappropriated from bond offerings underwritten by the company. The employees and financer also retained a portion of the diverted funds for themselves. The company admitted that it did not take significant steps to ensure the Malaysian financier was not involved in the bond transactions even though they were aware his involvement posed “significant risk,” and the company ignored or nominally addressed the “significant red flags” raised during the due diligence process. The company received approximately $606 million in fees and revenue as a result of the scheme.
The company’s $2.9 billion criminal penalty and disgorgement includes $1.6 billion in payments with respect to separate resolutions with foreign authorities in the United Kingdom, Singapore, Malaysia, and other domestic authorities in the U.S., including $154 million to the Federal Reserve, over $400 million to the SEC, and $150 million to the New York Department of Financial Services.
Issuer pays $5 million penalty for unregistered digital offering
On October 21, the SEC announced the U.S. District Court for the Southern District of New York entered a final judgment against a tech company issuer that raised approximately $100 million through an unregistered initial coin offering. As previously covered by InfoBytes, the SEC filed an action alleging the issuer failed to provide required disclosures to investors and did not register the offer or sale of its digital tokens with the SEC, as required by Section 5 of the Securities Act of 1933 (the Act). The SEC argued that the issuer marketed the digital tokens as an investment opportunity and told investors that they could earn future profits from the issuer’s efforts to create, develop, and support a digital “ecosystem.”
The court granted summary judgment in favor of the SEC at the end of September, concluding, among other things, that the issuer violated Section 5 of the Act when it conducted an unregistered offering of securities that did not qualify for any exemption from registration requirements. The final judgment (i) requires the issuer to pay $5 million in a civil penalty; (ii) permanently enjoins the issuer from violating Section 5 of the Act; and (iii) requires the issuer, for a period of three years, to provide notice to the SEC before engaging in any “issuance, offer, sale or transfer” of specified assets.
CFPB settles with auto servicer over deceptive practices
On October 13, the CFPB announced a settlement with the Texas-based auto-financing subsidiary of a Japanese automobile manufacturer to resolve allegations that the servicer violated the Consumer Financial Protection Act by engaging in illegal repossession and collection practices. The CFPB alleged that the servicer engaged in unfair and deceptive practices by (i) wrongfully repossessing vehicles even though customers made payments to decrease their delinquency to less than 60 days past due or kept a promise to pay; (ii) limiting the ability of borrowers who pay over the phone to select payment options with significantly lower fees; (iii) making false statements in loan extension agreements, which “created the net impression that consumers could not file for bankruptcy”; and (iv) knowing its repossession agents were charging customers upfront storage fees before returning personal property left inside repossessed cars.
Under the terms of the consent order, the servicer must pay a $4 million civil money penalty, as well as up to $1 million in consumer redress. The servicer must also credit any outstanding fees stemming from the repossession and pay consumers redress for each day it wrongfully held their vehicles. The servicer is also ordered to, among other things, (i) cease using language that creates the impression that customers may not file for bankruptcy; (ii) conduct a quarterly review to identify and remediate any future wrongful repossessions; (iii) adopt policies and procedures to correct its repossession practices; (iv) prohibit its repossession agents from charging fees to get personal property returned; and (v) clearly disclose phone payment fees to consumers.
Debt collector settles with CFPB for $15 million
On October 15, the CFPB announced a proposed settlement with the largest U.S. debt collector and debt buyer and its subsidiaries (collectively, “defendants”), resolving allegations that the defendants violated the terms of a 2015 consent order related to their debt collection practices. As previously covered by InfoBytes, the Bureau filed an action against the defendants in September alleging that they collected more than $300 million from consumers by violating the terms of the 2015 consent order—and again violating the FDCPA and CFPA—by, among other things, (i) filing lawsuits without possessing certain original account-level documentation (OALD) or first providing the required disclosures; (ii) failing to provide debtors with OALD within 30 days of the debtor’s request; (iii) filing lawsuits to collect on time-barred debt; and (iv) failing to disclose that debtors may incur international-transaction fees when making payments to foreign countries, which “effectively den[ied] consumers the opportunity to make informed choices of their preferred payment methods.”
The stipulated final judgment, if entered by the court, would require the defendants to pay nearly $80,000 in consumer redress and a $15 million civil money penalty. Moreover, among other things, the defendants are subject to a five-year extension of certain conduct provisions of the 2015 consent order and must disclose to consumers the potential for international-transaction fees and that the fees can be avoided by using alternative payment methods.
DOJ Cyber-Digital Task Force releases cryptocurrency enforcement framework
On October 8, U.S. Attorney General William P. Barr released his Cyber-Digital Task Force’s comprehensive overview of emerging threats and enforcement challenges associated with the increased use of cryptocurrencies. The report, titled Cryptocurrency: An Enforcement Framework, is divided into three parts and details the relationships that the DOJ has built with U.S. and foreign regulatory and enforcement partners, and summarizes the Department’s response strategies.
- Part I: Threat Overview. This section illustrates how malicious actors misuse cryptocurrency technology to harm users and commit crimes. The task force catalogs most illicit uses of cryptocurrency into the following three broad categories: (i) “financial transactions associated with the commission of crimes,” including soliciting funds to support terrorist activities; (ii) money laundering and the shielding of otherwise legitimate activity from tax, reporting, or other legal requirements; or (iii) crimes that directly implicate the cryptocurrency marketplace itself, such as stealing cryptocurrency or promising cryptocurrency to defraud investors.
- Part II: Law and Regulations. This section explores the various legal and regulatory authorities that the DOJ has used to bring cryptocurrency enforcement actions, and highlights its partnerships with other U.S. federal and state authorities and foreign enforcement agencies to prevent crime and provide investigatory assistance.
- Part III: Ongoing Challenges and Future Strategies. This section discusses the ongoing challenges presented by the misuse of cryptocurrency, as well as ongoing strategies to combat emerging threats. This includes an examination of certain business models and activities employed by cryptocurrency exchanges, including money service businesses, virtual asset and peer-to-peer exchanges and platforms, kiosk operators, and casinos.
This is the task force’s second report. The first report, published in 2018, provides a more general overview of cyber threats.