Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Broker-dealer settles AML allegations with FINRA

    Financial Crimes

    On February 12, FINRA settled allegations with a Florida-based broker-dealer for failing to implement reasonable procedures requiring escalation of potentially suspicious trading activity. Closely following the SEC and DFPI’s recent enforcement action (covered by InfoBytes here), the company, without admitting or denying the allegations, agreed to pay a $700,000 fine to settle claims regarding its failure to effectively implement anti-money laundering (AML) programs. FINRA claimed that the company did not adequately equip its analysts to review and address trading alerts related to suspicious activities by customers, which could total up to 100 alerts per trading day. Additionally, the company allegedly lacked proper written procedures in connection with the acceptance and resale of low-priced securities as required to comply with Section 5 of the Securities Act of 1933 in violation of FINRA Rules. FINRA also noted that, despite being aware that improvements to the AML program were necessary as early as 2016, the company did not fully implement recommended improvements until March 2022. In issuing the fine, FINRA highlighted that the company was fined for similar AML violations back in 2011 and emphasized instances where the company’s analysts failed to escalate suspicious activity to the AML department in a timely manner, leading to regulatory inquiries and subpoenas regarding certain customers’ practices.

    Financial Crimes Broker-Dealer FINRA Anti-Money Laundering Enforcement

  • SEC charges alleged hedge fund with defrauding $1.2 million from investors

    Financial Crimes

    On February 2, the SEC issued a complaint which charged a company for allegedly raising $1.2 million from 15 investors through an offer and sale of fraudulent securities for a hedge fund. The company raised this money from 2017-2018 and offered securities that would be used to form a hedge fund and invest in crypto-assets using “specific” investment strategies. (The company ostensibly managed the hedge fund, but the hedge fund never appeared to be created.) 

    The company made several misrepresentations which the SEC claimed violated Section 17(a) of the Securities Act of 1933 and Section 10(b) and Rule 10b-5 of the Securities Exchange Act of 1934. These alleged misrepresentations included the founder’s background and education, the demand for and size of the proposed hedge fund, and the investment scheme to grow a return for investors. The investors were given an investor pitch deck that put forth the hedge fund’s terms, investment strategy, and management team. Then, the investors gave a minimum investment of $1 million; however, the hedge fund investors were offered the opportunity to invest for less than $1 million through a separate entity.  

    Through this, the SEC alleged that the company violated the federal securities law and put forth two claims for relief. The SEC permanently enjoins the company from issuing, buying, offering, or selling any security, including crypto-assets. No civil monetary judgment has been offered. 

    Financial Crimes SEC Securities Cryptocurrency Enforcement

  • Securities regulators issue guidance and an RFC on AI trading scams

    Financial Crimes

    On January 25, FINRA and the CFTC released advisory guidance on artificial intelligence (AI) fraud, with the latter putting out a formal request for comment. FINRA released an advisory titled “Artificial Intelligence (AI) and Investment Fraud” to make investors aware of the growing popularity of scammers committing investment fraud using AI and other emerging technologies, posting the popular scam tactics, and then offering protective steps. The CFTC released a customer advisory called “AI Won’t Turn Trading Bots into Money Machines,” which focused on trading platforms that claim AI-created algorithms can guarantee huge returns.

    Specifically in FINRA’s notice, the regulator stated that registration is a good indicator of sound investment advice, and offers the Investor.gov tool as a means to check; however, even registered firms and professionals can offer claims that sound too good to be true, so “be wary.” FINRA also warned about investing in companies involved in AI, often using catchy buzzwords or making claims to “guarantee huge gains.” Some companies may engage in pump-and-dump schemes where promoters “pump” up a stock price by spreading false information, then “dump” their own shares before the stock’s value drops. FINRA’s guidance additionally discussed the use of celebrity endorsements to promote an investment using social media; FINRA states that social media has become “more saturated with financial content than ever before” leading to the rise of “finfluencers.” Finally, FINRA mentioned how AI-enabled technology allows scammers to create “deepfake” videos and audio recordings to spread false information. Scammers have been using AI to impersonate a victim’s family members, a CEO announcing false news to manipulate a stock’s price, or how it can create realistic marketing materials.

    The CFTC’s advisory highlighted how scammers use AI to create algorithmic trading platforms using “bots” that automatically buy and sell. In one case cited by the CFTC, a scammer defrauded customers into selling him nearly 30,000 bitcoins, worth over $1.7 billion at the time. The CFTC posted a Request for Comment on the Use of Artificial Intelligence in CFTC-Regulated Markets. The Request listed eight questions addressing current and potential uses of AI by regulated entities, and several more addressing concerns regarding the use of AI in regulated markets and entities for the public to respond to.

    Financial Crimes FINRA Artificial Intelligence CFTC Securities Exchange Commission Fraud Securities

  • NYDFS and Fed order bank to pay fines for BSA/AML non-compliance

    Financial Crimes

    On January 19, the Federal Reserve Board and NYDFS each issued separate enforcement actions against one of the largest banks in the world for alleged compliance deficiencies and violations under BSA/AML. The Fed issued its cease and desist order and ordered the bank to pay a civil money penalty of $2.4 million. The NYDFS also issued a similar consent order with a monetary penalty of $30 million.

    According to the Fed’s order, an investigation into the bank’s practices determined that the New York branch lacked any formal policies or training on confidential supervisory information (CSI). Additionally, the order required the bank to submit a written plan to enhance internal compliance controls to the Fed, including designation of a CSI officer, among other requirements. According to NYDFS’s order, the bank previously entered into a 2018 cease and desist order with the Fed to address “significant deficiencies” in its compliance with BSA/AML requirements and OFAC regulations. NYDFS conducted an examination in 2022 and found that deficiencies cited in the 2018 order persisted for several more years. A subsequent examination in 2023 found that the bank had made significant efforts toward enhancing its compliance programs and successfully remediated prior deficiencies. Per this most recent order, NYDFS found that the bank’s BSA/AML program was not in compliance for several years; the bank failed to maintain appropriate accounting records; and the bank failed to submit a report after discovering the occurrence of “embezzlement, misapplication, larceny, forgery, fraud, [or] dishonesty[.]” The consent order stipulated several remediation requirements, including a status report to NYDFS on the bank’s BSA/AML compliance.

    Financial Crimes New York NYDFS Bank Secrecy Act Federal Reserve Bank of New York Compliance

  • FinCEN report on identity fraud in 2021 outlines statistics and processes

    Financial Crimes

    On January 9, FinCEN published a report titled “Identity-Related Suspicious Activity: 2021 Threats and Trends” which focuses on patterns in reported Bank Secrecy Act (BSA) data linked to suspicious activity from 2021. The report is part of a broader set of financial trend analyses conducted by FinCEN under section 6206 of the Anti-Money Laundering Act of 2020. During 2021, about 1.6 million of all BSA reports (or 42 percent) on suspicious activity were related to identity, equaling $212 billion in suspicious activity.

    Key findings in the report included: (i) 69 percent of identity-related BSA reports indicate attackers have impersonated others; (ii) depository institutions have filed the most BSA reports at 54 percent, with the next highest being money services businesses at 21 percent; (iii) general fraud was the most reported typology with 1.2 million BSA reports totaling $149 billion in suspicious amounts, with the next two being false records and identity theft, respectively; and (iv) there were a significant number of identity-related exploitations based on BSA report volumes and dollar values. FinCEN reported three identity-related exploitations, including how attackers (a) impersonate others; (b) dodge or exploit verification processes; and (c) use compromised credentials. A model on page six of the report provides further clarity on how attackers undermine identity processes, such as through bust out schemes (attackers open credit card accounts then max out the cards), check fraud, credit and debit card fraud, and Covid-19 fraud.

    Financial Crimes FinCEN Bank Secrecy Act Anti-Money Laundering Act of 2020 Identity Theft Fraud Credit Cards

  • INTERPOL seizes $300 million in international financial crime operation

    Financial Crimes

    On December 19, INTERPOL announced the conclusion of a transcontinental police operation against online financial crime called HAECHI IV. The operation ended with around 3,500 arrests and seizures of $300 million USD worth of assets across 34 countries. Of the $300 million, about two-thirds of was hard currency and one-third was virtual assets. HAECHI IV targeted seven types of cyber scams, including voice phishing, romance scams, online sextortion, investment fraud, and money laundering associated with illegal online gambling, among others. Through INTERPOL’s stop-payment mechanism to block criminal proceeds, authorities blocked 82,112 “suspicious” bank accounts. Next on INTERPOL’s radar is a new scam in Korea that involves the sale of non-fungible tokens (NFTs) that are a “rug pull,” a crypto scam where developers abandon a project and investors lose their money. Interestingly, the UK team of the operation reported on how scammers used artificial intelligence to create synthetic content, which criminals primarily used for impersonation scams.

    Financial Crimes Fraud UK Of Interest to Non-US Persons

  • DOJ announces crackdown on fraud networks targeting consumer accounts

    Financial Crimes

    On December 15, in conjunction with the DOJ’s Consumer Protection Branch efforts to crack down on fraud, the DOJ unsealed two cases against groups that allegedly stole money from consumer accounts with financial institutions. According to the DOJ, the groups used “deceptive tactics” to cover the fraud, and in the two cases, the Department is seeking “temporary restraining orders and the appointment of receivers to stop defendants from dissipating assets.”

    The first case (in the U.S. District Court for the Southern District of Florida) involves a group that allegedly committed bank and wire fraud and stole millions from consumers and small businesses by repeatedly creating sham companies. According to the complaint, since at least 2017, the defendants operated fraud schemes disguised as legitimate online marketing service providers by fabricating websites, forging consumer authorizations for charges, and establishing a “customer service” call center to handle complaints. The defendants allegedly obtained bank account information from individuals and small businesses without permission and utilized payment processors to make unauthorized debits to accounts. The DOJ claims that, to carry out the fraud, the defendants used remotely created checks, which are created remotely by a payee using the account holder’s information but without their signature. The second case (in the U.S. District Court for the Eastern District of California) bears many similarities to the first case, including the type of alleged fraud scheme. Both cases also involve the use of “microtransactions,” which are low-dollar fake transactions designed to artificially lower the apparent rate of return or rejected transactions. The defendants in the second case in particular allegedly gathered large deposits from their merchant clients and used those funds to initiate microtransactions that appeared as if they were payments for the merchants’ goods and services. Essentially, according to the Department’s complaint, the merchants paid themselves: the funds initially paid to the defendants were returned to the merchants as microtransactions, while the defendants allegedly collected a percentage of the transactions as service fees. 

    Financial Crimes DOJ Fraud Consumer Protection Enforcement

  • EU-U.S. releases statement from Joint Financial Regulatory Forum

    Federal Issues

    On December 8, participants in the EU-U.S. Joint Financial Regulatory Forum met, including officials from the Treasury Department, Fed, CFTC, FDIC, SEC, and OCC, and issued a joint statement. The statement regarded ongoing dialogues from December 4-5 and focused on six themes: “(1) market developments and financial stability; (2) regulatory developments in banking and insurance; (3) anti-money laundering and countering the financing of terrorism…; (4) sustainable finance; (5) regulatory and supervisory cooperation in capital markets; and (6) operational resilience and digital finance.”

    The joint statement acknowledged how risks to the EU and U.S. financial sectors have been mitigated in recent months, e.g., inflation risks, although lingering concerns remain regarding the impact of increased interest rates, high levels of private and public sector debt, and the ongoing geopolitical situations. Participants reaffirmed the significance of strong prudential standards for banks, effective resolution frameworks—particularly across borders—and robust supervisory practices, along with effective macroprudential policies. Finally, the conversations covered recent cryptoasset market changes and updates on regulatory and enforcement initiatives in the U.S.

    Federal Issues EU Of Interest to Non-US Persons Financial Crimes Department of Treasury

  • FinCEN, IRS issue alert on Covid-19 employee retention credit fraud schemes

    Financial Crimes

    On November 22, FinCEN and the IRS issued an alert to financial institutions regarding Covid-19 Employee Retention Credit (ERC)-related fraud schemes. Authorized by the CARES Act, the ERC is a tax credit aimed at incentivizing businesses to retain employees on payroll during the Covid-19 pandemic, through which fraud and scams have been carried out, FinCEN explained. The alert offers insights into typologies linked to ERC fraud and scams, emphasizes specific warning signs to aid financial institutions in detecting and reporting suspicious activities, and reinforces these institutions' obligations to report under the Bank Secrecy Act (BSA).

    According to the alert, “[d]uring the 2023 tax season, the IRS noted various scammers appeared throughout the [U.S.] using the false pretense of being tax credit experts to convince businesses to file for the ERC.” Third-party ERC promoters misled taxpayers about eligibility, aiming to profit from filing ERC claims without verifying qualifications, FinCEN added. As a result, the alert mentioned that victims risk claim denial or repayment, while scammers profit regardless of the claim's outcome, involving both willing and unaware businesses in these schemes. FinCEN added that businesses must meet specific ERC requirements, and those who received PPP loans cannot use the same wages counted in the PPP loan for the ERC application. Despite this, some may file amended tax returns misrepresenting their eligibility for the ERC by falsifying staff wages or claiming their operations were partially or fully suspended during the pandemic. FinCEN listed “red flags” indicative of ERC fraud that financial institutions should be cognizant of, including, among others, (i) a business account that receives multiple ERC check deposits over several days; (ii) small business accounts that receive ERC check deposits disproportionate to their size, employee count, and transaction volume; and (iii) a new account for an established business that only receives ERC deposits, suggesting possible identity theft using the business as a front for fraudulent claims. The alert also reminds financial institutions of their obligation to file suspicious activity reports and to keep a copy of the reports for five years from the date of the filing. 

    Financial Crimes FinCEN PPP Consumer Finance Loans CARES Act Patriot Act Bank Secrecy Act IRS Covid-19

  • DOJ seizes $9 million in crypto from criminal scammers

    Financial Crimes

    On November 21, the DOJ seized nearly $9 million in stablecoins from cryptocurrency scammers after the criminals exploited over 70 victims. The DOJ seized stablecoins, a certain crypto asset pegged to a central bank’s currency, tied to the U.S. dollar. The scammers employed a long-con technique called “pig butchering” which is a tactic to build and exploit a victim’s trust over time by creating fake romantic enticements meant to swindle victims into handing over money. The criminals targeted and convinced victims to “make cryptocurrency deposits by fraudulently representing that the victims were making investments with trusted firms and cryptocurrency exchanges.”

    The DOJ was able to trace the stolen funds based on the funds’ cryptocurrency addresses as part of a money laundering technique known as “chain hopping… used to ‘layer’ the proceeds of criminal activity into new cryptocurrency ecosystems, all to obfuscate the… ownership of those proceeds.” The DOJ worked with the U.S. Secret Service to trace the victim’s deposits, and it was originally alerted from victim reports made on the FBI’s Internet Crime Complaint Center and the FTC’s Consumer Sentinel Network.

    Financial Crimes DOJ Cryptocurrency Stablecoins Enforcement Money Laundering

Pages

Upcoming Events