InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DOJ seizes $9 million in crypto from criminal scammers
On November 21, the DOJ seized nearly $9 million in stablecoins from cryptocurrency scammers after the criminals exploited over 70 victims. The DOJ seized stablecoins, a certain crypto asset pegged to a central bank’s currency, tied to the U.S. dollar. The scammers employed a long-con technique called “pig butchering” which is a tactic to build and exploit a victim’s trust over time by creating fake romantic enticements meant to swindle victims into handing over money. The criminals targeted and convinced victims to “make cryptocurrency deposits by fraudulently representing that the victims were making investments with trusted firms and cryptocurrency exchanges.”
The DOJ was able to trace the stolen funds based on the funds’ cryptocurrency addresses as part of a money laundering technique known as “chain hopping… used to ‘layer’ the proceeds of criminal activity into new cryptocurrency ecosystems, all to obfuscate the… ownership of those proceeds.” The DOJ worked with the U.S. Secret Service to trace the victim’s deposits, and it was originally alerted from victim reports made on the FBI’s Internet Crime Complaint Center and the FTC’s Consumer Sentinel Network.
FinCEN announces NPRM for new regulation to combat CVC mixing
On October 19, FinCEN announced a notice of proposed rulemaking (NPRM) that identifies international Convertible Virtual Currency mixing (CVC) as a primary money laundering concern. In its NPRM, FinCEN highlighted the prevalence of illicit actors, including Hamas and Palestinian Islamic Jihad, who use CVC mixing to fund their illegal activity, and how increased transparency can combat their efforts. According to FinCEN, CVC mixing is used to conceal the source, destination, or amount involved in transactions. The proposed rule would require covered financial institutions to collect records of, and report suspicious CVC mixing transactions, as defined, to FinCEN within 30 days of initial detection. The proposed rule would not require covered financial institutions to source additional report information from the transactional counterparty, adding that the information required for the report is similar to information already collected by financial institutions. FinCEN also noted this is its first ever use of its authority under Section 311 of the USA PATRIOT Act.
FinCEN invites comments for the proposed rule, including responses to questions addressing the impact of the proposed rule, definitions, reporting, and recordkeeping. Comments must be received by January 22, 2024, and they can be submitted via instructions found in the announcement.
DOJ announces international malware action, recovers $8.6 million in illicit profits
On August 29, the DOJ announced a multinational operation involving the U.S., France, Germany, the Netherlands, the UK, Romania, and Latvia to “disrupt” a malware’s infrastructure called Qakbot. Attorney General Merrick B. Garland stated that, “[t]ogether with our international partners, the Justice Department has hacked Qakbot’s infrastructure, launched an aggressive campaign to uninstall the malware from victim computers in the United States and around the world, and seized $8.6 million in extorted funds. ” The main method by which the Qakbot malware spreads to target computers is via spam emails that contain harmful attachments or links. Upon successfully infecting a target computer, the DOJ mentioned that Qakbot gains the capability to introduce other types of malware, such as ransomware. Over the past few years, many ransomware collectives have used Qakbot as an initial avenue for initiating infections and has caused hundreds of millions of dollars in damages. The DOJ highlighted that “[t]he action represents the largest U.S.-led financial and technical disruption of a botnet infrastructure leveraged by cybercriminals to commit ransomware, financial fraud, and other cyber-enabled criminal activity.”
FDIC releases operational risks in 2023 Risk Review
On August 14, the FDIC released its 2023 Risk Review, summarizing emerging risks in the U.S. banking system observed during 2022 and early 2023 in five broad categories: (i) credit risk; (ii) market risk; (iii) operational risk; (iv) crypto-asset risk; and (v) climate-related financial risk. According to the FDIC, the current risk review adds a new section relating to the FDIC’s approach to understanding and evaluating crypto-asset-related markets and activities. Monitoring these risks is among the agency’s top priorities, the FDIC said, and the “failure of three large banking institutions in March and May highlighted certain risks to the banking sector.” The FDIC stated that weaker economic conditions and higher interest rates in 2022 continued through early 2023, and “financial market conditions tightened considerably starting in 2022 on rising interest rates, high inflations, and concerns over a potential recession.” Overall, the FDIC said that “despite these challenges and the market stress in early 2023, the banking industry demonstrated resilience, but industry performance moderated from 2022.”
Senators ask Treasury, White House for answers on North Korea’s crypo-crime funding
On August 4, Senators Elizabeth Warren (D-MA), Tim Kaine (D-VA), and Chris Van Hollen (D-MD) sent a letter to the White House National Security Advisor and the Treasury Department’s Under Secretary for Terrorism and Financial Intelligence regarding their concerns over North Korea’s use of cyberattacks and cryptocurrency theft to skirt international sanctions and embargos. The letter urges the Treasury to provide details on its plan to stop North Korea from using digital assets to evade sanctions and continue with the development of nuclear weapons and ballistic missiles. The senators noted that a UN report found that in 2016, “North Korea exhibited a ‘clear shift’ to attacking cryptocurrency exchanges for the purposes of ‘generating financial revenue’” that is difficult to trace and subject to less government oversight. The letter highlights the effects of the cyberattacks, including how they have generated about $2 billion, which is then used to fund the North Korean military. The extent of the cybercrime and cryptocurrency thefts show its use is “key” to the regime’s survival, and notes that the regime has a workforce of thousands of IT workers who operate out of many different countries. The senators asked for a response to their five questions by August 16.
FFIEC updates BSA/AML examination manual
On August 2, the Federal Financial Institutions Examination Council (FFIEC) updated its Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual, which provides examiners with instructions for assessing a bank or credit union’s BSA/AML compliance program and adherence to BSA regulatory requirements. The revisions include updates to the following sections:
- Special Information Sharing Procedures to Deter Money Laundering and Terrorist Activity
- Due Diligence Programs for Correspondent Accounts for Foreign Financial Institutions
- Due Diligence Programs for Private Banking Accounts
- Prohibition on Correspondent Accounts for Foreign Shell Banks; Records Concerning Owners of Foreign Banks and Agents for Service of Legal Process
- Summons or Subpoena of Foreign Bank Records; Termination of Correspondent Relationship; Records Concerning Owners of Foreign Banks and Agents for Service of Legal Process
- Reporting Obligations on Foreign Bank Relationships with Iranian-Linked Financial Institutions
The FFIEC noted that the “updates should not be interpreted as new instructions or as a new or increased focus on certain areas,” but rather are intended to “provide information and considerations related to certain customers that may indicate the need for bank policies, procedures, and processes to address potential money laundering, terrorist financing, and other illicit financial activity risks.” In addition, the Manual itself does not establish requirements for financial institutions, which are found in applicable statutes and regulations but rather reinforce the agency’s risk-focused approach to BSA/AML examinations.
EU-U.S. release statement on Joint Financial Regulatory Forum
On July 20, participants in the U.S.-EU Joint Financial Regulatory Forum, including officials from the Treasury Department, Federal Reserve Board, CFTC, FDIC, SEC, and OCC, issued a joint statement regarding the ongoing dialogue that took place from June 27-28, noting that the matters discussed during the forum focused on six themes: “(1) market developments and financial stability risks; (2) regulatory developments in banking and insurance; (3) anti-money laundering and countering the financing of terrorism (AML/CFT); (4) sustainable finance and climate-related financial risks; (5) regulatory and supervisory cooperation in capital markets; and (6) operational resilience and digital finance.”
Participants acknowledged that the financial sector in both the EU and the U.S. is exposed to risk due to ongoing inflationary pressures, uncertainties in the global economic outlook, and geopolitical tensions as a result of Russia’s war on Ukraine. During discussions, participants emphasized the significance of strong bank prudential standards, effective resolution frameworks, and robust supervision practices. They also stressed the importance of international cooperation and continued dialogue to monitor vulnerabilities and strengthen the resilience of the financial system. Participants took note of recent developments relating to, among other things, recent bank failures, digital finance, the crypto-asset market, and the potential adoption of central bank digital currencies.
FinCEN updates jurisdictions with AML/CFT/CPF deficiencies
On June 29, FinCEN announced that the Financial Action Task Force (FATF) issued a public statement updating its lists of jurisdictions with strategic deficiencies in anti-money laundering (AML), countering the financing of terrorism (CFT), and countering the financing of proliferation of weapons of mass destructions (CPF). FATF’s statements include (i) Jurisdictions under Increased Monitoring, “which publicly identifies jurisdictions with strategic deficiencies in their AML/CFT/CPF regimes that have committed to, or are actively working with, the FATF to address those deficiencies in accordance with an agreed upon timeline,” and (ii) High-Risk Jurisdictions Subject to a Call for Action, “which publicly identifies jurisdictions with significant strategic deficiencies in their AML/CFT/CPF regimes and calls on all FATF members to apply enhanced due diligence, and, in the most serious cases, apply counter-measures to protect the international financial system from the money laundering, terrorist financing, and proliferation financing risks emanating from the identified countries.”
FinCEN’s announcement also informed members that FATF added Cameroon, Croatia, and Vietnam it its list to the list of Jurisdictions Under Increased Monitoring and advised jurisdictions to apply enhanced due diligence proportionate to the risks. FATF did not remove any jurisdictions from the list. Additionally, the announcement suggests that money service businesses refer to FinCEN’s Guidance on compliance obligations to employ adequate measures against money laundering and the financing of terrorism posed by their foreign relationships. Also noted in the announcement is that the list of high-risk jurisdictions subject to a call for action, remains the same. FinCEN reminded in the announcement that U.S. financial institutions are still broadly prohibited from engaging in transactions or dealings with Iran, and they should continue to refer to existing FinCEN and Office of Foreign Assets Control guidance on engaging in financial transactions with Burma. With respect to high-risk jurisdictions subject to a call for action — the Democratic People’s Republic of Korea and Iran — “financial institutions must comply with the extensive U.S. restrictions and prohibitions against opening or maintaining any correspondent accounts, directly or indirectly, for North Korean or Iranian financial institutions,” FinCEN said, adding that “[e]xisting U.S. sanctions and FinCEN regulations already prohibit any such correspondent account relationships.”
OFAC sanctions Mexico-based human smuggling organization
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) recently announced sanctions pursuant to Executive Order 13581 against a human smuggling organization, and several individuals and entities in its support network. OFAC claimed the Mexico-based organization, Hernandez Salas transnational criminal organization (TCO), earns billions of dollars per year smuggling and creating false documentation for migrants. The leader of the TCO has been sanctioned, among four other supporters. OFAC reported that the individuals are currently incarcerated in Mexico and awaiting extradition to the U.S. for trial before a federal grand jury. Also sanctioned are two Mexican hotels that have taken part in the TCO’s smuggling operations. OFAC noted that the sanctions were pursued in close collaboration with Mexico’s Financial Intelligence Unit.
As a result of the sanctions, all property and interests in property belonging to the sanctioned persons subject to U.S. jurisdiction are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are also generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons.
OFAC sanctions Burma Ministry of Defense and supporting financial institutions
On June 21, pursuant to Executive Order 14014, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions against Burma’s Ministry of Defense and two regime-controlled financial institutions. In announcing the sanctions, OFAC explained that the Burmese military, which overthrew the country’s democratic government in February 2021, has increased its reliance on air strikes in civilian populated areas, resulting in the death of more than 3,600 civilians and displacing nearly than 1.5 million people, and that Burma’s Ministry of Defense has imported goods from sanctioned entities in Russia to support the Burmese military. OFAC detailed that the two sanctioned financial institutions, which primarily function as foreign currency exchanges, “enable Burma’s Ministry of Defense and other sanctioned military entities to purchase arms and other materials from foreign sources.” As a result of the sanctions, all property and interests in property belonging to the sanctioned persons that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless authorized by a general or specific OFAC license, or if otherwise exempt.
In conjunction with the sanctions, OFAC issued a Burma-related special license (See General License 5).