InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DOJ official discusses PPP fraud enforcement
On September 10, in remarks at the Paycheck Protection Program (PPP) Criminal Fraud Enforcement Action press conference, Acting Assistant Attorney General Brian Rabbitt provided an overview of recent PPP enforcement actions and noted that “[m]any financial institutions have been strong partners” in assisting the DOJ with “detecting and investigating potentially fraudulent activity in connection with the PPP.” In addition to partnerships with private institutions, Rabbitt emphasized the agency’s data analytics capabilities as a key component in their ability to bring PPP fraud cases quickly—within six months, the DOJ has charged 57 defendants in at least 19 federal judicial districts. Moreover, Rabbitt discussed commonalities among the cases, including the “defendants’ use of their stolen PPP funds for entirely illegitimate purposes” having nothing to do with the intended relief. In total, according to the DOJ, the current charges against the 57 defendants “involve attempts to steal over $175 million from the PPP” and over $70 million in “actual losses to the federal government.”
FinCEN reiterates criminality of unauthorized SAR disclosures
On September 1, the Financial Crimes Enforcement Network (FinCEN) released a statement reiterating that “the unauthorized disclosure of [suspicious activity reports] (SARs) is a crime that can impact the national security of the United States, compromise law enforcement investigations, and threaten the safety and security of the institutions and individuals who file such reports.” FinCEN stated it is aware that a series of articles will be published by various media outlets based on unlawfully disclosed SARs and other sensitive government documents and has referred the matter to the DOJ and the U.S. Treasury Department’s Office of Inspector General.
DOJ fines company for circumventing North Korean sanctions
On August 31, the DOJ announced that a company operating in South East Asia has pleaded guilty to “conspiring to launder monetary instruments in connection with evading sanctions on North Korea and deceiving correspondent banks into processing U.S. dollar transactions.” The company admitted and accepted responsibility for the criminal conduct and will pay a $673,714 fine. According to the DOJ, from at least February 2017 until at least May 2018, the company’s dual invoicing practices and false statements concealed the purchase of commodities for North Korean customers, leading to U.S. correspondent banks processing U.S. dollar transactions that would otherwise not have been authorized. Among other things, the company and its co-conspirators admitted to using front companies to “conceal the North Korean nexus,” including utilizing financial cutouts and falsifying shipping records. These actions, the DOJ stated, circumvented the U.S. correspondent banks’ sanction and anti-money laundering filters, which are designed to prevent banks from processing wire transfers on behalf of customers located in North Korea. In addition to paying the financial penalty, the company has agreed to “implement rigorous internal controls” and cooperate fully with the DOJ.
Nutrition company settles DOJ, SEC FCPA charges for over $123 million
On August 28, the DOJ and the U.S. Attorney’s Office for the Southern District of New York announced (see here and here) they had entered into a deferred prosecution agreement with a multinational nutrition company headquartered in Los Angeles, in which the company agreed to pay a criminal fine of over $55.7 million related to violations of the FCPA’s books and records provisions. According to the DOJ, the company “knowingly and willfully conspired with others in a scheme to falsify its books and records and provide corrupt payments and benefits to Chinese government officials.” Between 2007 and 2016, the company’s books showed that its Chinese subsidiary reimbursed its employees “more than $25 million for entertaining and giving gifts to Chinese government officials and Chinese media personnel. . ., some of which was used for improper purposes,” which the DOJ said was part of a scheme to obtain, retain, and increase business in China and remove negative media reports about the subsidiary. The payments were used to obtain and retain “certain direct selling licenses for its wholly-owned subsidiaries in China” and to “improperly influenc[e] certain Chinese governmental investigations into [the subsidiary’s] compliance with Chinese laws,” as well as to influence state-owned or controlled media.
As part of the deferred prosecution agreement, the company agreed to cooperate with the DOJ’s ongoing or future criminal investigations and to enhance its compliance program. The company received credit for cooperating with the investigation and taking remedial measures such as “terminating and disciplining individuals who orchestrated the misconduct, adopting heightened controls and anti-corruption protocols, and significantly increasing the resources devoted to compliance.”
The SEC simultaneously announced a resolution in which the company agreed to pay over $58.6 million in disgorgement and more than $8.6 million in prejudgment interest to settle allegations that the company violated the FCPA’s books and records and internal accounting controls provisions.
U.S. issues warning on North Korean hackers targeting banks worldwide
On August 26, a joint alert was issued by the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Treasury Department, the FBI, and U.S. Cyber Command warning that since February 2020, North Korean hackers have resumed targeting banks worldwide through the use of fraudulent international money transfers and ATM cash-outs. The alert provides an “overview of North Korea’s extensive, global cyber-enabled bank robbery scheme, a short profile of the group responsible for this activity, in-depth technical analysis, and detection and mitigation recommendations to counter this ongoing threat to the Financial Services sector.” The North Korean hackers, the alert notes, were responsible for stealing $81 million from a Bangladeshi bank in 2016, and have engaged in fraudulent ATM cash-outs affecting upwards of 30 countries in a single incident. According to the alert, the hackers’ “international robbery scheme” poses “severe operational risk” for individual banks beyond reputational harm and financial losses. A robbery directed at one bank may implicate multiple banks “in both the theft and the flow of illicit funds back to North Korea,” the alert warns. The hackers “initially targeted switch applications at individual banks with FASTCash malware but, more recently, have targeted at least two regional interbank payment processors,” the alert states, cautioning that this suggests the hackers “are exploring upstream opportunities in the payments ecosystem.”
Senate investigation finds that oligarchs use art industry to avoid sanctions
Last month, the U.S. Senate Permanent Subcommittee on Investigations issued a bipartisan report titled “The Art Industry and U.S. Policies that Undermine Sanctions,” which details findings from a two-year investigation related to how Russian oligarchs appear to have used the art industry to evade U.S. sanctions. According to the Subcommittee, the investigation—which focused on major auction houses, private New York art dealers, and seven financial institutions—revealed that the “secretive nature” of the art industry “allowed art intermediaries to purchase more than $18 million in high-value art in the United States through shell companies linked to Russian oligarchs after they were sanctioned by the United States in March 2014,” and that, moreover, “the shell companies linked to the Russian oligarchs were not limited to just art and engaged in a total of $91 million in post-sanctions transactions.” The report claims that the art industry is largely unregulated, and, unlike financial institutions, is not subject to the Bank Secrecy Act (BSA) and is not required to maintain anti-money laundering (AML) and anti-terrorism financing controls. However, the report notes that sanctions imposed by the U.S. Treasury’s Office of Foreign Assets Control (OFAC) do apply to the industry, emphasizing that U.S. persons are not allowed to conduct business with sanctioned individuals or entities.
The Subcommittee’s key findings include that while four of the major auction houses have established voluntary AML controls, they treat an art agent or advisor as the principal purchaser of the art, which allows the auction house to perform due diligence on the art agent or advisor instead of identifying and evaluating a potentially undisclosed client. The auction houses also reportedly rely on financial institutions to identify the source of funds used to purchase the art. Because of these practices, the report concludes that these shell companies continue to have access to the U.S. financial system despite the imposition of sanctions.
The report makes several recommendations including: (i) the BSA should be amended to include businesses that handle transactions involving high-value art; (ii) Treasury should be required to collect beneficial ownership information for companies formed or registered to do business in the U.S., making the information available to law enforcement; (iii) Treasury should consider imposing sanctions on a sanctioned individual’s immediate family members; (iv) Treasury should announce and implement sanctions concurrently “to avoid creating a window of opportunity for individuals to avoid sanctions”; (v) the ownership threshold for blocking companies owned by sanctioned individuals should be lowered or removed; (vi) Treasury should maximize its use of suspicious activity reports filed by financial institutions to, among other things, alert other financial institutions of the risks of transacting with sanctioned entities; (vii) OFAC should issue comprehensive guidance for auction houses and art dealers on steps for determining “whether a person is the principal seller or purchaser of art or is acting on behalf of an undisclosed client, and which person should be subject to a due diligence review”; and (viii) OFAC should issue guidance on “the informational exception to the International Emergency Economic Powers Act related to ‘artworks.’”
Additionally, in June, a bipartisan group of senators introduced the Anti-Money Laundering Act of 2020 (AMLA) as an amendment (S.Amdt 2198 to S.4049) to the National Defense Authorization Act (NDAA), which would, among many other things, require federal agencies to study “the facilitation of money laundering and the financing of terrorism through the trade of works of art or antiquities” and, if appropriate, propose rulemaking to implement the study’s findings within 180 days of the AMLA’s enactment.
Agencies clarify BSA/AML due diligence requirements for “politically exposed persons”
On August 21, the FDIC, Federal Reserve Board, FinCEN, NCUA, and OCC issued a joint statement clarifying that banks should ensure customers who may be considered “politically exposed persons” (PEPs) be subject to customer due diligence matching the risk levels posed by the relationships. In general, while PEPs are not defined within the Bank Secrecy Act/Anti-Money Laundering (BSA/AML) regulations, they commonly refer to “foreign individuals who are or have been entrusted with a prominent public function, as well as their immediate family members and close associates.” U.S. public officials are not included. Specifically, the agencies emphasized that not all individuals who might qualify as PEPs “are high risk solely by virtue of their status.” While FinCEN’s customer due diligence rule (CDD rule), requires banks to identify and verify the identities of new account holders, assess the riskiness of these customer relationships, and conduct ongoing monitoring (see InfoBytes coverage of the CDD Rule here), the agencies note that “the CDD rule does not create a regulatory requirement, and there is no supervisory expectation, for banks to have unique, additional due diligence steps for customers who are considered PEPs. Instead, the level and type of CDD should be appropriate for the customer risk.”
The joint statement also outlines a number of considerations for banks to take into account when evaluating a PEP’s risk level, including the type of products and services used, the volume and nature of transactions, the nature of the customer’s authority or influence over government activities or officials, and the customer’s access to significant government assets or funds. Among other impacts, the agencies note that the customer risk profile may effect “how the bank complies with other regulatory requirements, such as suspicious activity monitoring, since the bank structures its BSA/AML compliance program to address its risk profile, based on the bank’s assessment of risks.” The joint statement also rescinds the 2001 Guidance on Enhanced Scrutiny for Transactions that May Involve the Proceeds of Foreign Corruption related to foreign PEPs.
The agencies emphasized, however, that the joint statement does not change existing BSA/AML legal or regulatory requirements, nor does it “require banks to cease existing risk management practices if the bank considers them necessary to effectively manage risk.”
OFAC sanctions Syrian government officials
On August 20, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13573 against two senior members of the Syrian government. OFAC noted that, among other things, the designated individuals allegedly contributed to “the oppression of the Assad regime” in Syria. As a result, all property and interests in property belonging to the designated individuals and subject to U.S. jurisdiction are blocked and must be reported to OFAC. OFAC further noted that its regulations “generally prohibit all dealings by U.S. persons or within (or transiting) the United States that involve any property or interests in property of blocked or designated persons,” and warned that non-U.S. persons that engage in transactions with the designated persons may expose themselves to designation.
OFAC sanctions persons for providing support to Iranian airline, DOJ files concurrent criminal charges
On August 19, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) designated two companies, as well as the owner of one of the companies, pursuant to Executive Order 13224 for allegedly providing material support to an Iranian airline previously “designated under counterterrorism authorities for support to Iran’s Islamic Revolutionary Guard Corps-Qods Force (IRGC-QF), as well as under a counter proliferation authority that targets weapons of mass destruction proliferators and their supporters.” According to OFAC, the designated persons allegedly provided services to assist the airline sustain its fleet of aircraft and allow it to support the IRGC-QF, as well as transport Iranian technicians and technical equipment to Venezuela to support the Maduro regime. The designations follow a recent OFAC action that targeted a China-based company for allegedly acting as a general sales agent for or on behalf of the Iranian airline (covered by InfoBytes here), and serves as “another warning to the international aviation community of the sanctions risk for individuals and entities that choose to maintain commercial relationships with [the Iranian airline] and other designated airlines.” As a result of the sanctions, all property and interests in property of the designated persons that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC. OFAC further noted that its regulations “generally prohibit all dealings by U.S. persons or within (or transiting) the United States that involve any property or interests in property of blocked or designated persons, unless licensed or exempt,” and warned foreign financial institutions that knowingly facilitating significant transactions or providing significant financial services to the designated persons may subject them to U.S. correspondent account or payable-through sanctions.
On the same day, the DOJ announced criminal charges against the designated individual and one of the companies for allegedly conspiring to violate U.S. export laws, defraud the U.S., and violate the International Emergency Economic Powers Act (IEEPA) and the Iranian Transactions and Sanctions Regulations (ITSRs).
Special Alert: FinCEN outlines approach to BSA enforcement
On August 18, the Financial Crimes Enforcement Network, which has overall responsibility for administering the Bank Secrecy Act, issued a short statement that, for the first time, publicly outlined its approach to BSA enforcement. Of note, FinCEN indicated that it will not base enforcement actions on an institution’s failure to comply with standards announced solely in a guidance document. Additionally, for the first time, FinCEN listed a nonexhaustive set of factors it will use to determine what enforcement steps should be taken. The statement leaves FinCEN with considerable flexibility in enforcing the BSA, and raises a number of questions for legal and compliance professionals.
The statement will be of most interest to “financial institutions,” which under the BSA include a wide swath of financial services companies, that are not subject to supervision by a federal prudential regulator authorized to enforce compliance with the BSA; most prudential regulators have their own enforcement guidelines, and the federal banking agencies recently issued a joint statement on BSA enforcement. Companies subject to FinCEN’s BSA enforcement authority, particularly those such as money services businesses without federal prudential regulators, may wish to familiarize themselves with FinCEN’s enforcement factors and tailor their compliance efforts accordingly. The statement also provides implicit guidance on what actions institutions should take upon identification of a potential violation.