InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Federal Judge Sentences Hacker to Eight Years for Cyber Heists that Caused More than $55 Million in Losses
On February 10, the United States Attorney for the Eastern District of New York announced that the Honorable Kiyo A. Matsumoto levied an eight year prison sentence against a Turkish citizen charged with organizing and carrying out three cyber-attacks on global financial institutions between 2011 and 2013 which resulted in more than $55 million in losses. Last March, the defendant pleaded guilty to “computer intrusion conspiracy, access device fraud conspiracy, and effecting transactions with unauthorized access devices.” Specifically, the defendant and his associates were alleged to have repeatedly hacked into debit card processing systems, manipulated account balances, stole customers’ PINs, and transferred that information to associates who then encoded debit cards with the stolen data in order to make fraudulent ATM withdrawals. The DOJ further alleged that the hackers targeted databases companies maintained for prepaid debit cards and effectively eliminated the card accounts’ withdrawal limits in what are called “unlimited operations.” The defendant was also ordered to pay $55,080,226.14 in restitution as part of his sentence.
Law Firm Raided, Founders Arrested, Tied to Bribery Investigation
On February 8, authorities in Panama raided the offices of a law firm at the center of the sprawling Panama Papers scandal, and arrested the firm’s founders. Reuters reports that Panama’s Attorney General announced on Twitter that the raid and arrests were tied to the investigation of the Brazilian construction company that in December reached a $3.5 billion combined global settlement with U.S., Brazilian, and Swiss authorities to resolve FCPA allegations. Until now, the investigations spawned by the 2016 release of millions of documents stolen from the law firm were focused on money laundering and tax evasion. The tie to the company’s investigation brings anti-bribery investigations into the mix.
CEO Questioned by UK SFO in Bribery Investigation
Less than a month ago, as previously reported on FCPA Scorecard, a UK-based manufacturer and global distributor for the civil aerospace, defense aerospace, marine, and energy sectors, entered into deferred prosecution agreements with the DOJ and UK SFO to resolve allegations that the company conspired to violate anti-bribery laws around the world. Now, Reuters reports that the company’s CEO has been questioned by the SFO regarding bribery allegations. According to the article, the SFO refused to comment on the report, citing concerns about an ongoing investigation.
Both the DOJ and SFO have repeatedly stated that they intend to pursue bribery cases against individuals. But there is so far no indication that the DOJ is also investigating the company’s CEO. Although DOJ could pursue such an investigation in the future, the agency may also defer to the SFO to handle the matter.
Former Hungarian Telecommunications Executive Settles with SEC
On February 8th, a former executive of a Hungarian telecommunications company settled a 2011 civil complaint filed by the SEC. The trial of the remaining co-defendants is scheduled for May 8. As part of the settlement, the former executive agreed to pay a $60,000 civil penalty and did not admit or deny the SEC’s allegations. The former executive also admitted that U.S. courts had jurisdiction over the case. The issue of jurisdiction had been contested; in 2013, the court denied the defendants’ motion to dismiss for lack of personal jurisdiction.
The SEC’s complaint alleged that the former executive, along with two other co-defendants, authorized bribes to Macedonian government officials and others. In 2014, the SEC dropped allegations regarding payments to government officials in Montenegro, substantially narrowing the allegations in the case. The company and its parent settled allegations regarding payments to government officials in Macedonia and Montenegro with the SEC and DOJ in 2011. Prior Scorecard coverage of the company’s investigation can be found here.
This outcome of this lengthy case illustrates that individual defendants can still achieve relatively favorable outcomes when they choose to litigate FCPA cases, even after the corporate defendants have reached a resolution.
NYDFS Fines German Bank $425 Million for Deficient Money Laundering Controls
On January 30, the New York Department of Financial Services (NYDFS) announced that it had assessed a $425 million fine against a German bank as part of a consent order addressing allegations that the bank allowed $10 billion in “mirror trades” involving Russian investors by failing to properly enforce protections against money laundering. According to the press release, the bank and several of its senior managers allegedly “missed key opportunities to detect, intercept and investigate a long-running mirror-trading scheme facilitated by its Moscow branch and involving New York and London branches.” Specifically, the consent order claims the bank (i) conducted its business in an unsafe and unsound matter; (ii) implemented weak “Know Your Customer” processes; (iii) failed to accurately rate its country and client risks for money laundering throughout the relevant time period and lacked a global policy benchmarking its risk appetite; (iv) maintained ineffective, understaffed anti-financial crime, AML, and compliance units; and (v) had a flawed corporate structure and organization.
In addition to the $425 million monetary penalty, the bank must, within 60 days of the consent order, engage an independent monitor to “conduct a comprehensive review of the [b]ank’s existing BSA/AML compliance programs, policies and procedures.” Furthermore, the bank must submit in writing for NYDFS review an action plan outlining enhancements to its current BSA/AML compliance programs.
Major Regional Bank Agrees to Fix Anti-Money Laundering Controls in Fed/FDIC Orders
On January 27, the Federal Reserve publicly released a cease-and-desist order against a regional bank concerning its anti-money laundering (AML) program. The order, which is dated January 25, requires the bank to address certain deficiencies identified in a review of the bank’s AML compliance program by the Federal Reserve Bank of Richmond and develop a firm-wide compliance risk management program addressing the AML requirements. The order follows a recent Stipulated Order with the FDIC against the same bank concerning similar allegations and calling for, among other things, corrective actions and enhancements to address certain internal control deficiencies.
OFAC Authorizes Belarus-Related General License
On October 18, OFAC granted General License No. 2B renewing the authorization regarding nine Belarusian entities to enter into transactions otherwise prohibited by Executive Order 13405. General License No. 2B replaces and supersedes in its entirety General License No. 2A, which was set to expire later this month, and authorizes transactions with any entities that are owned 50 percent or more by the nine named entities. All property and interests in property of these entities, if blocked, remain blocked. U.S. persons must report authorized transactions or any series of transactions exceeding $50,000 to the U.S. Department of State no later than 30 days after execution. The authorization expires on April 30, 2017, unless otherwise extended or revoked.
FinCEN Withdraws Findings and Proposed Rulemakings
On February 19, FinCEN withdrew three findings and proposed rulemakings under Section 311 of the USA PATRIOT Act. FinCEN determined that the three entities subject to the proposed rulemakings “no longer pose a money laundering threat to the U.S. financial system.” FinCEN withdrew its findings and proposed rulemakings against (i) a Costa Rica-based financial institution; (ii) a Belarus-based financial institution; and (iii) an Andorra-based financial institution. Regarding the Costa Rica-based institution, FinCEN noted that the DOJ “seized [its] accounts and Internet domain names and charged seven of its principals and employees with money laundering;” the institution stopped functioning after such actions were taken. According to FinCEN, the Belarus-based entity, along with its successor, no longer operates as a foreign financial institution and does not operate in a way that poses a threat to the U.S. financial system. Finally, concerning the third entity, FinCEN noted that Andorran authorities assumed control of the management and operations of the entity, arrested its chief executive officer on money laundering charges, and “are in the final stages of implementing a resolution plan that is isolating the assets, liabilities, and clients of [the entity] that raise money laundering concerns.”
District Court Denies Motion to Dismiss, Rules Compliance Officers Responsible for AML Program Failures
On January 8, the U.S. District Court of Minnesota ruled that individual officers of financial institutions may be held responsible for ensuring compliance with anti-money laundering laws under the Bank Secrecy Act (BSA). U.S. Dep’t of Treasury v. Haider, No. 15-cv-01518, WL 107940 (Dist. Ct. Minn. Jan. 8, 2016). In May 2015, the defendant filed a motion to dismiss the U.S. Department of the Treasury’s December 2014 complaint against him. The Treasury’s complaint alleged that the defendant failed in his responsibility as the Chief Compliance Officer for an international money transfer company to ensure that “the Company implemented and maintained an effective AML program and complied with its SAR-filing obligations.” The complaint sought a $1 million judgment against the defendant and enjoined him from working for, either directly or indirectly, any “financial institution” as defined in the BSA. In his motion to dismiss, the defendant contended that the Treasury’s complaint should be dismissed because, among other reasons, 31 U.S.C. § 5318(a) permits the imposition of a penalty for AML program failures against an entity, not an individual. However, the District Court of Minnesota dismissed the motion, ruling that the BSA’s more general civil penalty provision, § 5321(a)(1), could subject a partner, director, officer, or employee of a domestic financial institution to civil penalties for violations “of any provision of the BSA or its regulations, excluding the specifically excepted provisions.” Judge David Doty further opined, “Because § 5318(h) is not listed as one of those exceptions, the plain language of the statute provides that a civil penalty may be imposed on corporate officers and employees like [the defendant], who was responsible for designing and overseeing [the company's] AML program.” The defendant also challenged the Treasury’s complaint on the bases that (i) the request for injunctive relief was time barred by the applicable statute of limitations; (ii) FinCEN should not have been permitted to receive and publicly use grand jury information; and (iii) FinCEN violated his due process rights. For various reasons, the District Court declined to decide on such issues or to dismiss materials based on the arguments presented.
Deputy Attorney General Yates Expands on DOJ's White-Collar Prosecution Policy
On November 16, the DOJ’s Deputy AG Sally Yates delivered remarks at the American Bankers Association and American Bar Association Money Laundering Enforcement Conference. Yates focused her remarks on recent revisions – originally outlined in a September 9 policy memorandum – to the United States Attorney’s Manual (USAM), as follows: (i) updating the corporate criminal cases section, specifically the “Principles of Federal Prosecution of Business Organizations” chapter, or the “Filip factors”; (ii) implementing an entirely new section to the civil cases chapter on enforcing claims against individuals in corporate matters; and (iii) updating its policy on parallel proceedings. First, the DOJ updated the Filip factors and the written guidance accompanying the factors to emphasize individual accountability in corporate cases and company cooperation in the DOJ’s investigation of individual wrongdoing. Yates highlighted the following policy change: “In the past, cooperation credit was a sliding scale of sorts and companies could still receive at least some credit for cooperation, even if they failed to fully disclose all facts about individuals. That’s changed now… providing complete information about individuals’ involvement in wrongdoing is a threshold hurdle that must be crossed before [the DOJ will] consider any cooperation credit.” Yates further noted that the new policy does not change the meaning of attorney-client privilege, but requires companies to turn over all relevant non-privileged information with the expectation that the companies respect the boundaries of attorney-client privilege. The USAM’s new chapter on civil cases mimics the individual accountability policies outlined in the Filip factors revisions, with the DOJ instructing its civil attorneys to abide by the same principles that guide criminal prosecutors’ efforts. Finally, revisions to the USAM’s parallel proceedings policy stress the importance of routine communication between criminal prosecutors and civil attorneys handling white collar matters to ensure a “resolution for both the individual and the corporation that is in the best interest of the public.”