Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On November 9, the Financial Crimes Enforcement Network (FinCEN) held a virtual “FinCEN Exchange” with members of the financial industry and law enforcement “to discuss FinCEN’s analysis of suspicious activity reporting (SAR) with a transactional nexus to Alabama, Florida, Georgia, Mississippi, and South Carolina.” As previously covered by InfoBytes, SAR Stats—formerly called By the Numbers—is an annual compilation of numerical data gathered from SARs filed by financial institutions using FinCEN’s new unified SAR form and e-filing process. According to FinCEN, analysis of certain Bank Secrecy Act filing statistics for SARs and an analysis of SAR filings related to recent FinCEN advisories were among the topics discussed. FinCEN also noted that this FinCEN Exchange “supports one of FinCEN’s highest priorities—to strengthen public-private partnerships to identify and mitigate threats in order to safeguard our national security and protect communities and citizens from harm.”
On November 8, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) published new Syria FAQ 934, which relates to the United Nations and the U.S. government's stabilization and early recovery-related activities and transactions involving Syria. According to OFAC, the Syrian Sanctions Regulations (SySR) § 542.513 permit, under certain conditions, “the United Nations, its Specialized Agencies, Programmes, Funds, and Related Organizations and their employees, contractors, or grantees to engage in all transactions and activities in support of their official business in Syria, including any stabilization and early recovery-related activities and transactions in support of their official business.” This authorization applies to all United Nations employees, grantees, and contractors carrying out the official business of the United Nations, specialized agencies, programmes, funds, and related organizations. This includes nongovernmental organizations and private sector entities that act as grantees or contractors.
FAQ 934 also reiterates advice from FAQ 884 that non-U.S. persons, including nongovernmental organizations and foreign financial institutions “do not risk exposure to U.S. secondary sanctions pursuant to the Caesar Syria Civilian Protection Act of 2019” for activities that would be authorized for U.S. persons under the SySR. (Covered by InfoBytes here.)
Treasury and DOJ announce sanctions and charges in ransomware attacks, FinCEN updates ransomware guidance
On November 8, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13694 as amended against two ransomware operators and a virtual currency exchange network. According to OFAC, the virtual currency exchange, and its associated support network, are being designated for allegedly facilitating financial transactions for ransomware actors. OFAC is also designating two individuals allegedly associated with perpetuating ransomware incidents against the U.S., and who are part of a cybercriminal group that has engaged in ransomware activities and has received over $200 million in ransom payments. As a result of the sanctions, “all property and interests in property of the designated targets that are subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited from engaging in transactions with them” and “any entities 50 percent or more owned by one or more designated persons are also blocked.” According to OFAC, the sanctions are a part of a set of actions focused on disrupting criminal ransomware actors and virtual currency exchanges that launder the proceeds of ransomware, which “advance the Biden Administration’s counter-ransomware efforts to disrupt ransomware infrastructure and actors and address abuse of the virtual currency ecosystem to launder ransom payments.” Additionally, the DOJ announced charges against the sanctioned individuals under OFACs designations, seizing approximately $6.1 million in alleged ransomware payments.
The same day, FinCEN issued an advisory, which updated and replaced its October 1, 2020 Advisory on Ransomware and the Use of the Financial System to Facilitate Ransom Payments (covered by InfoBytes here). The updated advisory is in response to the recent increase in ransomware attacks against critical U.S. infrastructure. The updated advisory also reflects information released by FinCEN in its Financial Trend Analysis Report, which discusses ransomware trends and includes information on current trends and typologies of ransomware and associated payments as well as recent examples of ransomware incidents. Additionally, the updated advisory describes financial red flag indicators of ransomware-related illicit activity to assist financial institutions in identifying and reporting suspicious transactions related to ransomware payments, consistent with obligations under the Bank Secrecy Act.
On November 5, the California attorney general filed an administrative accusation with the California Gambling Control Commission against a California casino for violating the Bank Secrecy Act’s (BSA) anti-money laundering provisions. The action, which follows a federal investigation, alleges that the casino “overlooked, neglected, or was willfully blind to accusations and actions taken against other casinos for violations of the BSA and for failing to maintain adequate Anti Money Laundering (AML) programs.” The casino had previously entered into a Non-Prosecution Agreement with the U.S. Attorney’s Office for the Central District of California, accepted responsibility for “failing to properly file reports for a foreign national who conducted millions of dollars in cash transactions at the casino,” and agreed to pay $500,000 and undergo an increased review of its AML compliance program to prevent future violations, according to a DOJ press release. The California AG now seeks to hold the casino and its owners responsible for state law violations.
On October 28, the Financial Action Task Force (FATF) updated pre-existing guidance on its risk-based approach to virtual assets (VAs) and virtual asset service providers (VASPs). The updated guidance revises guidance originally released in 2019. According to FATF standards, countries are required to “assess and mitigate their risks associated with virtual asset financial activities and providers; license or register providers and subject them to supervision or monitoring by competent national authorities.” The guidance includes updates on certain key areas, such as: (i) expanding the definitions of VAs and VASPs; (ii) applying FAFT standards to stablecoins; (iii) adding guidance regarding the risks and the tools available to countries for the purpose of addressing money laundering and terrorist financing risks for peer-to-peer transactions; (iv) revising VASP licensing and registration guidance; (v) adding guidance for the public and private sectors on the implementation of the “travel rule”; and (vi) adding a section for principles of information-sharing and co-operation amongst VASP Supervisors. FATF also noted that the “guidance addresses the areas identified in the FATF’s 12-Month Review of the Revised FATF Standards on virtual assets and VASPs requiring further clarification and also reflects input from a public consultation in March - April 2021.”
On October 29, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order (E.O.) 13224, as amended, as well as E.O. 13382, against members of a network of companies and individuals that supported Iran’s Islamic Revolutionary Guard Corps (IRGC) and its expeditionary unit, the IRGC Qods Force (IRGC-QF). The IRGC-QF used and proliferated lethal Unmanned Aerial Vehicles (UAVs) for use by Iran-supported terrorist groups, and to Ethiopia, where a crisis threatens to destabilize the region. Additionally, deadly UAVs were utilized in attacks on international shipping and on the U.S. OFAC also announced sanctions against the commander of the IRGC Aerospace Force (IRGC ASF) UAV Command who allegedly directs the planning, equipment, and training for IRGC ASF UAV operations. As a result of the sanctions, all property and interests in property belonging to the sanctioned individual subject to U.S. jurisdiction are blocked. U.S. persons are also generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons.
On October 28, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13441 against two Lebanese businessmen and a member of Parliament. According to OFAC, the sanctioned individuals contributed to the breakdown of good governance and the rule of law in Lebanon by profiting from the pervasive corruption and cronyism in Lebanon. As a result of the sanctions, all transactions by U.S. persons or in the U.S. that involve any property or interests in property of designated or otherwise blocked persons are generally prohibited. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons.
On October 29, the Financial Crimes Enforcement Network (FinCEN) reissued the renewal of its Geographic Targeting Orders (GTOs). The GTOs require U.S. title insurance companies to identify the natural persons behind shell companies that pay “all cash” (i.e., the transaction does not involve external financing) for residential real estate in the 12 major metropolitan areas covered by the orders. The renewed GTOs are identical to the April 2021 GTOs (covered by InfoBytes here). The purchase amount threshold for the beneficial ownership reporting requirement remains set at $300,000 for residential real estate purchased in the covered areas. The renewed GTOs take effect November 1 and end April 29, 2022, and cover certain counties within the following areas: Boston, Chicago, Dallas-Fort Worth, Honolulu, Las Vegas, Los Angeles, Miami, New York City, San Antonio, San Diego, San Francisco, and Seattle.
FinCEN FAQs regarding GTOs are available here.
On October 26, the Financial Crimes Enforcement Network (FinCEN) announced updates to the Financial Action Task Force (FATF) statements concerning jurisdictions with strategic anti-money laundering, countering the financing of terrorism, and combating weapons of mass destruction proliferation financing (AML/CFT/CPF) deficiencies. Specifically, to ensure compliance with international standards, the FAFT updated the following two statements: (i) Jurisdictions under Increased Monitoring, which identifies jurisdictions with strategic deficiencies in their AML/CFT/CPF regimes that have committed to, or are actively working with, the FATF to address those deficiencies in accordance with an agreed upon timeline and; (ii) High-Risk Jurisdictions Subject to a Call for Action, which identifies jurisdictions with significant strategic deficiencies in their AML/CFT/CPF regimes and instructs FATF members to apply enhanced due diligence, and in the most serious cases, apply counter-measures to protect the international financial system from such risks. Notably, Jordan, Mali, and Turkey have been added to the Jurisdictions under Increased Monitoring, while Botswana and Mauritius have been removed from the list. Among other things, through the announcement, FinCEN further instructed financial institutions to comply with U.S. prohibitions against the opening or maintaining of any correspondent accounts, whether directly or indirectly, for North Korean or Iranian financial institutions, which are already prohibited under existing U.S. sanctions and FinCEN regulations. As previously covered by InfoBytes, FinCEN last announced updates to the FATF statements in July.
On October 22, the U.S. Court of Appeals for the Second Circuit upheld a district court’s ruling against a Turkish state-owned commercial bank (defendant) denying its bid for immunity based on its characterization of an “instrumentality” of a foreign service, which is not entitled to immunity from criminal prosecution at common law. The U.S. government alleged that the bank converted Iranian oil money into gold and hid the transactions as purchases of goods to avoid conflicting sanctions against Iran. The district court denied the defendant’s motion to dismiss and partially concluded that the defendant was not immune from prosecution because the Foreign Sovereign Immunities Act (FSIA) confers immunity on foreign services only in civil proceedings. Furthermore, the district court concluded that, “even assuming arguendo that FSIA did confer immunity to foreign sovereigns in criminal proceedings, [the defendant’s] conduct would fall within FSIA’s commercial activity exception.” Additionally, the district court rejected the defendant’s “contention that it was entitled to immunity from prosecution under the common law, noting that [the defendant] failed to cite any support for its claim on this basis.” The district court found that the defendant’s characterization of its activities as sovereign in nature “conflates the act with its purpose,” finding that the lender's alleged money laundering was the type of activity regularly carried out by private businesses. The fact that the defendant is majority-owned by the Turkish Government is irrelevant under FSIA even if it is related to Turkey’s foreign policy because “literally any bank can violate sanctions.”
On appeal, the 2nd Circuit noted that it was unnecessary to resolve a question presented in the case—if foreign governments can assert immunity against criminal, as well as civil, charges—since money laundering would qualify as a commercial activity exception. The appellate court noted that, “[t]he gravamen of the Indictment is not that [the bank] is the Turkish Government’s repository for Iranian oil and natural gas proceeds in Turkey,” but that “it is [the bank’s] participation in money laundering and other fraudulent schemes designed to evade U.S. sanctions that is the ‘core action.’” And, “because those core acts constitute ‘an activity that could be, and in fact regularly is, performed by private-sector businesses,’ those acts are commercial, not sovereign, in nature.” The opinion also notes that “[e]ven assuming the FSIA applies in criminal cases—an issue that we need not, and do not, decide today—the commercial activity exception to FSIA would nevertheless apply to [the defendant’s] charged offense conduct.” The appellate court agreed with the district court, concluding that the bank must face criminal charges in the U.S. for allegedly assisting Iran evade economic sanctions by laundering approximately $20 billion in Iranian oil and gas revenues.
- Jonice Gray Tucker to discuss “Getting your company ready: Managing fair lending for IMBs” at the Mortgage Bankers Association Independent Mortgage Bankers Conference
- Jonice Gray Tucker to discuss “Be Your Compliance Best in 2022” at the California Mortgage Bankers Association webinar
- Lauren R. Randell to discuss “Significant legal developments in the Northeast” at the 37th Annual National Institute on White Collar Crime
- Jonice Gray Tucker to discuss “Small business & regulation: How fair lending has evolved & where it is heading?” at the Consumer Bankers Association Live program
- Jonice Gray Tucker to discuss “Regulators always ring twice: Responding to a government request” at ALM Legalweek
- Jonice Gray Tucker and Kari Hall to discuss “Equity, equality, regulation and enforcement – The evolving regulatory landscape of fair lending, redlining, and UDAAP” at the ABA Business Law Committee Hybrid Spring Meeting