Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On October 26, the Financial Crimes Enforcement Network (FinCEN) announced updates to the Financial Action Task Force (FATF) statements concerning jurisdictions with strategic anti-money laundering, countering the financing of terrorism, and combating weapons of mass destruction proliferation financing (AML/CFT/CPF) deficiencies. Specifically, to ensure compliance with international standards, the FAFT updated the following two statements: (i) Jurisdictions under Increased Monitoring, which identifies jurisdictions with strategic deficiencies in their AML/CFT/CPF regimes that have committed to, or are actively working with, the FATF to address those deficiencies in accordance with an agreed upon timeline and; (ii) High-Risk Jurisdictions Subject to a Call for Action, which identifies jurisdictions with significant strategic deficiencies in their AML/CFT/CPF regimes and instructs FATF members to apply enhanced due diligence, and in the most serious cases, apply counter-measures to protect the international financial system from such risks. Notably, Jordan, Mali, and Turkey have been added to the Jurisdictions under Increased Monitoring, while Botswana and Mauritius have been removed from the list. Among other things, through the announcement, FinCEN further instructed financial institutions to comply with U.S. prohibitions against the opening or maintaining of any correspondent accounts, whether directly or indirectly, for North Korean or Iranian financial institutions, which are already prohibited under existing U.S. sanctions and FinCEN regulations. As previously covered by InfoBytes, FinCEN last announced updates to the FATF statements in July.
On October 22, the U.S. Court of Appeals for the Second Circuit upheld a district court’s ruling against a Turkish state-owned commercial bank (defendant) denying its bid for immunity based on its characterization of an “instrumentality” of a foreign service, which is not entitled to immunity from criminal prosecution at common law. The U.S. government alleged that the bank converted Iranian oil money into gold and hid the transactions as purchases of goods to avoid conflicting sanctions against Iran. The district court denied the defendant’s motion to dismiss and partially concluded that the defendant was not immune from prosecution because the Foreign Sovereign Immunities Act (FSIA) confers immunity on foreign services only in civil proceedings. Furthermore, the district court concluded that, “even assuming arguendo that FSIA did confer immunity to foreign sovereigns in criminal proceedings, [the defendant’s] conduct would fall within FSIA’s commercial activity exception.” Additionally, the district court rejected the defendant’s “contention that it was entitled to immunity from prosecution under the common law, noting that [the defendant] failed to cite any support for its claim on this basis.” The district court found that the defendant’s characterization of its activities as sovereign in nature “conflates the act with its purpose,” finding that the lender's alleged money laundering was the type of activity regularly carried out by private businesses. The fact that the defendant is majority-owned by the Turkish Government is irrelevant under FSIA even if it is related to Turkey’s foreign policy because “literally any bank can violate sanctions.”
On appeal, the 2nd Circuit noted that it was unnecessary to resolve a question presented in the case—if foreign governments can assert immunity against criminal, as well as civil, charges—since money laundering would qualify as a commercial activity exception. The appellate court noted that, “[t]he gravamen of the Indictment is not that [the bank] is the Turkish Government’s repository for Iranian oil and natural gas proceeds in Turkey,” but that “it is [the bank’s] participation in money laundering and other fraudulent schemes designed to evade U.S. sanctions that is the ‘core action.’” And, “because those core acts constitute ‘an activity that could be, and in fact regularly is, performed by private-sector businesses,’ those acts are commercial, not sovereign, in nature.” The opinion also notes that “[e]ven assuming the FSIA applies in criminal cases—an issue that we need not, and do not, decide today—the commercial activity exception to FSIA would nevertheless apply to [the defendant’s] charged offense conduct.” The appellate court agreed with the district court, concluding that the bank must face criminal charges in the U.S. for allegedly assisting Iran evade economic sanctions by laundering approximately $20 billion in Iranian oil and gas revenues.
On October 26, the U.S. Treasury Department announced sanctions pursuant to Executive Order 13726 against a Libyan national who is allegedly responsible for serious human rights abuse against migrants in Libya. According to OFAC, the individual has been identified as the de facto manager of a detention center in the country, and is “responsible for the systematic exploitation of African migrants at the detention center where these migrants are subject to various human rights abuses.” As a result of the sanctions, “all property and interests in property of the designated individual that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC,” and “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” OFAC’s announcement further noted that OFAC regulations “generally prohibit” U.S. persons from participating in transactions with designated persons unless exempt or otherwise authorized by a general or specific license.
On October 22, the Financial Action Task Force (FATF) announced that it concluded its October plenary, which is the sixth session since the beginning of the Covid-19 pandemic. According to the announcement, utilizing a hybrid approach of both virtually and in-person participation, FATF “advanced its core work on virtual assets, beneficial ownership transparency, and illicit finance risks.” Among other things, the FATF: (i) approved an updated version of its Guidance on a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers for publication; (ii) proposed changes to beneficial ownership standards; (iii) approved the commencement of a study on Illicit Proceeds Generated from the Fentanyl and Related Synthetic Opioids Supply Chain; (iv) adopted an update to its 2016 confidential report on terrorist financing risk indicators; and (v) issued a statement regarding Afghanistan that reaffirmed the “United Nations Security Council Resolutions that Afghanistan should not be used to plan or finance terrorist acts, emphasiz[ing] the importance of supporting the work of non-governmental organizations in the country and maintaining the flow of humanitarian assistance to the Afghan people, and for governments to facilitate information sharing with their financial institutions on any emerging illicit finance risks related to Afghanistan.”
On October 19, multiple agencies—the DOJ, SEC and UK’s FCA—announced a coordinated resolution with a European bank related to debt offerings for entities in Mozambique. (See here and here.) In total, fines to U.S. and U.K. authorities reached almost $475 million, and the institution also agreed to forgive $200 million of the debt.
In a related action, a London-based subsidiary of a Russian bank (bank) separately agreed to pay over $6 million to settle SEC charges related to its role in a second 2016 bond offering. According to the SEC’s order, the second offering as structured by the bank and reespondent permitted investors “to exchange their loan participation notes (LPNs) for a direct sovereign bond issued by the Republic of Mozambique” in an earlier bond offering. However, the SEC alleged that the offering materials distributed and marketed by the respondent and bank “failed to disclose the full nature of Mozambique’s indebtedness and, relatedly, its risk of default on the notes.” Furthermore, the SEC alleged that proceeds from the financing from the respondent and bank were supposed to be used exclusively for maritime projects, but in reality, without the bank’s knowledge, only a portion of the loan proceeds was applied towards maritime projects while the rest was diverted to pay kickbacks and make improper payments to Mozambican government officials. Mozambique later defaulted on the financings after the full extent of “secret” debt was revealed.
On October 19, the Financial Crimes Enforcement Network (FinCEN) issued a notice that grants limited exceptive relief to casinos from some customer identity verification requirements regarding online gaming. Casinos are not subject to Customer Identification Program (CIP) regulations, which results in casinos not having the ability to rely upon non-documentary verification of a customer’s identity. As previously covered by InfoBytes, in 2020, FinCEN issued an interagency order granting an exemption from the requirements of the CIP rules for insurance premium finance loans extended by banks to all customers. According to the recent notice, a casino can use suitable non-documentary methods to verify online customers’ identification and “[t]he suitability or non-suitability of any particular method should be evaluated based on risk.” The notice also notes that a casino’s anti-money laundering program requires describing when the casino will verify identity by documentary methods, non-documentary methods, or a combination of both. This exceptive relief is effective October 19.
On October 18, the U.S. Treasury Department released the results from a comprehensive economic and financial sanctions review and issued recommendations on preserving and enhancing sanctions’ effectiveness in supporting national security and U.S. interests going forward. The 2021 sanctions review involved the participation of hundreds of sanctions stakeholders, including former Treasury officials, the Departments of State and Justice, USAID, Congress, small and large commercial businesses and financial institutions, and foreign governments, among others. The review found that while sanctions are “an essential and effective policy tool,” there are new challenges, “including rising risks from new payments systems, the growing use of digital assets, and cybercriminals,” as well as the “impact of sanctions on the flow of legitimate humanitarian aid to those in need.” The review noted that “American adversaries—and some allies—are already reducing their use of the U.S. dollar and their exposure to the U.S. financial system more broadly in cross-border transactions,” and that Treasury is “mindful of the risk that, if left unchecked, these digital assets and payments systems could harm the efficacy of our sanctions.” The review further found that in the past 20 years, there has been a 933 percent increase in the number of sanctions designations, and stressed that in order to ensure sanctions continue to support U.S. national security objectives, there must be changes made to adapt and modernize the underlying system by which sanctions are deployed.
The review made the following recommendations to mitigate these challenges and bolster the effectiveness of sanctions programs: (i) adopt a structured policy framework linking sanctions to a clear policy objective; (ii) engage in multilateral coordination when possible; (iii) calibrate sanctions to prevent unintended economic, political, and humanitarian impact; (iv) expand existing outreach to ensure sanctions are easily understood, enforceable, and, where possible, reversible; and (v) invest in modernizing Treasury’s sanctions technology, workforce, and infrastructure, especially with respect to digital assets and services.
On October 15, the U.S. Treasury Department announced additional steps to help the virtual currency industry combat ransomware and prevent exploitation by illicit actors. The guidance builds upon recent “whole-of-government” actions focused on confronting “criminal networks and virtual currency exchanges responsible for laundering ransoms, encouraging improved cyber security across the private sector, and increasing incident and ransomware payment reporting to U.S. government agencies, including both Treasury and law enforcement.” (Covered by InfoBytes here.) The newest industry-specific guidance—part of the Biden administration’s efforts to counter ransomware threats—outlines sanctions compliance best practices tailored to the unique risks associated with this space. According to Treasury, there is a “need for a collaborative approach to counter ransomware attacks, including public-private partnerships and close relationships with international partners.”
The same day, the Financial Crimes Enforcement Network (FinCEN) released new data analyzing ransomware trends in Bank Secrecy Act reporting filed between January 2021 and June 2021. The report follows FinCEN’s government-wide priorities for anti-money laundering and countering the financing of terrorism priorities released in July (covered by InfoBytes here). Issued pursuant to the Anti-Money Laundering Act of 2020, the report flags “ransomware as a particularly acute cybercrime concern,” and states that in the first half of 2021, FinCEN identified $590 million in ransomware-related suspicious activity reports (SARs)—an amount exceeding the entirety of the value report in 2020 ($416 million). If this trends continues, FinCEN warns that ransomware-related SARs submitted in 2021 will have a higher transaction value than similar SARs filed in the previous 10 years combined. FinCEN attributes this uptick in activity to several factors, including an increasing overall prevalence of ransomware-related incidents, improved detection and incident reporting, and an increased awareness of reporting obligations and willingness to report by financial institutions.
In conjunction with the “growing prevalence of virtual currency as a payment method,” Treasury’s Office of Foreign Assets Control (OFAC) issued sanctions compliance guidance for companies in the virtual currency industry, including technology companies, exchangers, administrators, miners, wallet providers, and financial institutions. OFAC warned that “sanctions compliance obligations apply equally to transactions involving virtual currencies and those involving traditional fiat currencies,” and that participants “are responsible for ensuring that they do not engage, directly or indirectly, in transactions prohibited by OFAC sanctions, such as dealings with blocked persons or property, or engaging in prohibited trade- or investment-related transactions.” Among other things, the guidance will assist participants on ways to evaluate risks and build a risk-based sanctions compliance program. OFAC also updated related FAQs 559 and 646.
On October 13, the U.S. District Court for the Southern District of New York denied a relator’s motion seeking indicative relief, ruling that post-ruling news reports were insufficient to reverse the dismissal of a qui tam suit accusing a UK-based bank and related entities (collectively, “defendants”) of violating U.S. sanctions against Iran. In 2020, the court dismissed the complaint after finding that the government “had articulated multiple valid purposes served by dismissal, and that relator had not carried its burden to show that a dismissal would be ‘fraudulent, arbitrary or capricious, or illegal.’” The relator’s appeal to the U.S. Court of Appeals for the Second Circuit is pending. At the district court, the relator moved for indicative relief based on the premise that if the court had jurisdiction, it would have vacated the dismissal based on disclosures in post-dismissal media reports.
According to the opinion, the defendants entered into a deferred prosecution agreement (DPA) with the DOJ in 2012 following a multi-year, multi-agency investigation concerning allegations that defendants deceptively facilitated U.S. dollar transactions by Iranian clients between 2001 and 2007 in violation of U.S. sanctions and various New York and federal banking regulations. The defendants admitted to the violations and paid hundreds of millions of dollars in fines and penalties. The relator subsequently filed a qui tam action alleging the defendants misled the government in negotiating the DPA. A government investigation found no support for the allegations. In 2019, the DOJ entered a new DPA with defendants. The relator amended its complaint alleging improper conduct related to the 2019 DPA, which the court dismissed.
The relator then filed the instant motion to reopen the case, arguing that news reports published in 2020 showed that the defendants engaged in transactions with sanctioned Iranian entities after 2007, which was contrary to the government’s representations when it moved to dismiss the case. The relator claimed that the government incorrectly asserted that it closely examined records before seeking dismissal and failed to honestly conclude that the allegations were meritless. In denying the relator’s motion, the court explained that the relator failed to show that the news reports would be admissible or were important enough to change the outcome of the earlier motion to dismiss. The court held that news reports are inadmissible and further concluded that none of the suspicious activity reports discussed in the news reports contradicted the government’s representations in its motion to dismiss.
On October 8, the Financial Industry Regulatory Authority (FINRA) encouraged member firms to consider ways to incorporate recently issued anti-money laundering and countering the financing of terrorism priorities (AML/CFT Priorities) into their risk-based compliance programs. As previously covered by InfoBytes, the Financial Crimes Enforcement Network’s (FinCEN) AML/CFT Priorities—issued pursuant to the Anti-Money Laundering Act of 2020—highlighted key threat trends and provided informational resources to help covered institutions manage their risks and meet their obligations under laws and regulations designed to combat money laundering and counter terrorist financing.
FINRA reminded member firms that FINRA Rule 3310 requires the development and implementation of a written AML program to achieve compliance with the Bank Secrecy Act (BSA). While FinCEN’s issuance of the AML/CFT Priorities “does not trigger an immediate change in the BSA requirements or supervisory expectations for member firms,” FINRA advised member firms to evaluate how they plan to incorporate these priorities into their risk-based AML programs. Among other things, FINRA advised member firms to: (i) review red flags based on potential risks presented by their business activities, size, geographic location, and types of accounts and transactions; and (ii) consider potential technical changes, including those used to monitor and investigate suspicious activity.
- Jonice Gray Tucker to discuss “Be Your Compliance Best in 2022” at the California Mortgage Bankers Association webinar
- Lauren R. Randell to discuss “Significant legal developments in the Northeast” at the 37th Annual National Institute on White Collar Crime
- Jonice Gray Tucker to discuss “Small business & regulation: How fair lending has evolved & where it is heading?” at the Consumer Bankers Association Live program
- Jonice Gray Tucker to discuss “Regulators always ring twice: Responding to a government request” at ALM Legalweek
- Jonice Gray Tucker and Kari Hall to discuss “Equity, equality, regulation and enforcement – The evolving regulatory landscape of fair lending, redlining, and UDAAP” at the ABA Business Law Committee Hybrid Spring Meeting