InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC amends Venezuela-related general licenses
On September 30, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced amended Venezuelan General Licenses (GL) 3G, which supersedes and replaces GL 3F, and 9F, which supersedes GL 9E. The amended GLs concern authorized transactions related to the financing and dealings in certain bonds and securities, and extend the authorization wind-down periods to March 31, 2020. As previously covered by InfoBytes, the GLs were issued in conjunction with Executive Order 13884 which, among other things, prevents all property and interest in property of the Government of Venezuela within the U.S. or in the possession of a U.S. person from being transferred, paid, exported, withdrawn, or otherwise dealt in.
SEC announces several FCPA-related bribery settlements
At the end of September, the SEC announced three settlements resolving claims related to alleged violations of the FCPA.
On September 27, a UK-based bank holding company agreed to pay over $6 million to settle alleged charges that it violated the FCPA by hiring relatives of government officials and other clients in an attempt to secure business in the Asia Pacific-region. According to the SEC, the bank hired more than 100 people connected to foreign government officials or other clients through the bank’s unofficial intern “work experience program,” or as part of its formal internship program, graduate program, or for permanent positions. Employees then created false books and records that concealed the practices and circumvented internal controls in place to prevent the activities. In the administrative order, the SEC ultimately charged violations of the books and records and internal controls provisions of the FCPA. Without admitting or denying wrongdoing, the bank agreed to pay a $1.5 million civil money penalty (CMP) and more than $4.8 million in disgorgement and interest.
In a second administrative order announced the same day, a Canadian fuel technology company agreed to pay over $4.1 million to settle FCPA bribery charges connected to a Chinese government official. The SEC alleged that the company and its former CEO transferred shares of stock in a Chinese joint venture to a Chinese private equity fund, in which the official had a financial stake, in an attempt to secure business and obtain a $3.5 million dividend payment. The SEC noted that the company concealed the identity of the private equity fund in its books and records, as well as in its public filings, by “falsely identifying a different entity as the counterparty to the transaction,” and that the CEO circumvented and falsely certified the sufficiency of the company’s internal accounting controls put in place to prevent such actions. Without admitting or denying wrongdoing, the company and the CEO consented to a cease and desist order covering violations of the anti-bribery, books and records, and internal controls provisions of the FCPA, and agreed to pay a $1.5 million CMP and $120,000 CMP, respectively, and more than $2.5 million in disgorgement and interest.
On September 26, a Wisconsin-based marketing provider agreed to pay nearly $10 million to settle FCPA charges related to bribery schemes in Peru and China. The alleged misconduct included the company’s Peruvian subsidiary paying or promising bribes to Peruvian government officials from at least 2011 to January 2016 in an attempt to secure sales contracts and avoid penalties, while also creating false records to conceal certain transactions with a sanctioned Cuban telecommunications company. The SEC stated that the company’s China-based subsidiary also made improper payments to employees of state owned entities and private customers through sham sales agents. According to the administrative order, the company violated the anti-bribery provisions of the FCPA as well as the books and records and internal controls provisions, including by failing to ensure that its internal accounting controls were sufficient to prevent the alleged bribery schemes in Peru and China. Without admitting or denying wrongdoing, the company consented to a cease and desist order, agreed to pay a $2 million CMP and over $7.8 million in disgorgement and interest, and will, for a one-year period, self-report on its compliance program.
FinCEN Director warns of account takeovers via fintech data aggregators
On September 24, Financial Crimes Enforcement Network (FinCEN) Director Kenneth Blanco spoke at the Federal Identity (FedID) Forum and Exposition, discussing the role of FinCEN in combatting fraud and cybercrime and highlighting concerns regarding identity crimes. Blanco noted that FinCEN sees approximately 5,000 account takeover reports each month, a crime that “involves the targeting of financial institution customer accounts to gain unauthorized access to funds.” Moreover, FinCEN sees a high amount of fraud through account takeovers via fintech platforms, where cybercriminals use fintech data aggregators to facilitate account takeovers and fraudulent wires. Blanco stated that cybercriminals create fraudulent accounts and are able to “exploit the platforms’ integration with various financial services to initiate seemingly legitimate financial activity while creating a degree of separation from traditional fraud detection efforts.”
Additionally, Blanco discussed how cybercriminals use business email compromise (BEC) fraud schemes to target financial institutions and relayed FinCEN’s efforts to combat these schemes. As previously covered by InfoBytes, in July, FinCEN issued an updated advisory, describing general trends in BEC schemes, information concerning the targeting of non-business entities, and risks associated with the targeting of vulnerable business processes. Blanco also discussed (i) FinCEN’s final rule titled the “Customer Due Diligence Requirements for Financial Institutions,” (the CDD Rule) (prior coverage by InfoBytes here); and (ii) FinCEN’s December 2018 joint statement with federal banking agencies encouraging innovative approaches to combatting money laundering, terrorist financing, and other illicit financial threats when safeguarding the financial system (previously covered by InfoBytes here).
OFAC sanctions additional entities and vessels operating in Venezuela’s oil sector
On September 24, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13850 against four entities for their alleged involvement in the transportation of oil from Venezuela to Cuba. According to OFAC, the entities’ actions offer support to the Maduro regime and “enable its repressive security and intelligence apparatus.” In addition, OFAC identified four vessels as blocked property owned by the identified entities. As a result of the sanctions, “all property and interests in property of these entities, and of any entities that are owned, directly or indirectly, 50 percent or more by the designated entities, that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC.” OFAC notes that its regulations “generally prohibit” U.S. persons from participating in transactions with blocked or designated persons.
Additionally, the announcement notes that OFAC is delisting two entities in recognition of their actions to ensure that their vessels are not complicit in supporting the Maduro regime. As a result of the delisting, all property and interest of the entities are now unblocked and lawful transactions involving U.S. persons are no longer prohibited.
Since OFAC’s designation of Venezuela’s state-owned oil company last January, the department has sanctioned several entities and individuals connected to Venezuela’s oil sector. Continuing InfoBytes coverage on these actions can be found here.
OFAC sanctions Iran’s central bank and national development fund
On September 20, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13224 against Iran’s central bank, the country’s national development fund, and an Iran-based company for providing financial support to the Islamic Revolutionary Guards Corps, its Qods Force (IRGC-QF), and Hizballah, the regime’s terrorist proxy. OFAC designated the bank for purportedly providing billions of dollars to these entities, and alleged that the national development fund “has been a major source of foreign currency and funding” for both the IRGC-QF and Iran’s Ministry of Defense and Armed Forces Logistics (MODAFL). Sanctions were brought against the Iran-based company for concealing financial transfers for MODAFL’s military purchases, including those originating from the national development fund. As a result of the sanctions, “all property and interests in property of these entities that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC.” OFAC noted that its regulations “generally prohibit” U.S. persons from participating in transactions with the designated persons, and warned foreign financial institutions that if they knowingly facilitate significant transactions for any of the designated entities, they may be subject to U.S. correspondent account or payable-through account sanctions.
OFAC settles with London bank for Sudanese sanctions violations
On September 17, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $4,000,000 settlement with a London-based commercial bank for 72 alleged violations of the Sudanese Sanctions Regulations (SSR). The settlement resolves allegations that between September 2010 and August 2014, the bank processed 72 bulk funding payments totaling $190,700,000 related to Sudan, which involved transactions processed to or through U.S. financial institutions in apparent violation of the SSR, which prohibits U.S. persons, including U.S. financial institutions, from processing such transactions. OFAC notes that it lowered the penalty to $4,000,000 from the proposed $228,840,000, in light of the bank’s operating capacity and the fact that it represented that it ceased the conduct at issue.
In arriving at the settlement amount, OFAC considered various mitigating factors including that (i) OFAC has not issued a violation against the bank in the five years preceding the earliest date of the transactions at issue; (ii) the bank fully cooperated with the investigation into the alleged violations, including by entering into a statute of limitations tolling agreement and agreeing to extend the agreement; (iii) the bank provided significant investigative leads regarding a foreign financial institution that hosted an account involved in processing the transactions; and (iv) the bank undertook several remedial measures in response to the alleged violations, such as exiting the Sudanese market in 2014, hiring new senior management, and implementing improvements to its compliance program.
OFAC also considered various aggravating factors, including that (i) the bank exhibited “reckless disregard" for U.S. sanctions regulations when it entered the Sudanese market; (ii) the bank ignored warning signs that it may have been violating U.S. law; and (iii) several of the bank’s senior managers were aware of and involved in the conduct giving rise to the alleged violations.
OFAC sanctions persons linked to corruption network in Venezuela
On September 17, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 13850 against three individuals and 16 entities connected to two previously sanctioned Colombian nationals (covered by InfoBytes here) for enabling the Maduro regime “to corruptly profit from imports of food aid and distribution in Venezuela.” According to OFAC, the designated individuals are immediate family members with business connections to the sanctioned Colombian nationals “who are responsible for or complicit in, or have directly or indirectly engaged in, any deceptive or corrupt transaction or series of transactions with the Government of Venezuela or projects or programs administered by the Government of Venezuela.” The 16 designated entities, OFAC noted, are either owned or controlled by the designated individuals or one of the sanctioned Colombian nationals. As a result of the sanctions, “all property and interests in property of the individuals and entities designated today, and of any entities that are owned, directly or indirectly, 50 percent or more by those individuals or entities, that are in the United States or in the possession or control of U.S. persons are blocked and must be reported to OFAC.” OFAC noted that its regulations “generally prohibit” U.S. persons from participating in transactions with the designated entities and individuals. OFAC also referred financial institutions to Financial Crimes Enforcement Network advisories FIN-2019-A002, FIN-2017-A006, FIN-2017-A003, and FIN-2018-A003 for further information concerning the efforts of Venezuelan government agencies and individuals to use the U.S. financial system and real estate market to launder corrupt proceeds, as well as human rights abuses connected to corrupt foreign political figures and their financial facilitators.
OFAC sanctions North Korean cyber groups
On September 13, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order (E.O.) 13722 against three North Korean state-sponsored cyber groups allegedly responsible for North Korea’s malicious cyber activity on critical infrastructure around the world. OFAC cited cyber attacks using phishing and backdoor intrusions, targeting a range of organizations that included financial institutions. In addition to malicious cyber activities on conventional financial institutions and major companies, North Korea’s cyber operations also targeted Virtual Asset Providers and cryptocurrency exchanges “to possibly assist in obfuscating revenue streams and cyber-enabled thefts that also potentially fund North Korea’s WMD and ballistic missile programs.” As a result of the sanctions, “all property and interests in property of these individuals and entities that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC.” OFAC noted that its regulations “generally prohibit” U.S. persons from participating in transactions with the designated persons, and warned foreign financial institutions that if they knowingly facilitate significant transactions for any of the designated individuals, they may be subject to U.S. correspondent account or payable-through account sanctions.
FinCEN deputy director discusses innovation, non-bank supervision, and “culture of compliance”
On September 11, Financial Crimes Enforcement Network (FinCEN) Deputy Director Jamal El-Hindi delivered remarks at the 2019 Money Transmitter Regulators Association’s annual conference. El Hindi’s remarks focused on innovation and reform pertaining to the Bank Secrecy Act (BSA), supervision in the non-bank financial institution sector and coordination with state supervisors, and “the importance of a strong culture of compliance and what it means in a national and global security context.” According to El-Hindi, the BSA/anti-money laundering system “is good; but it can always be improved,” including through innovations that can “help better detect and safeguard against illicit activity.” El-Hindi reiterated FinCEN’s policy statement from December 2018, which encouraged innovation in the banking sector. (Previously covered by InfoBytes here.)
El-Hindi also highlighted recent discussions related to the role artificial intelligence can play in reducing false positives to assist human analysis, and the potential for blockchain technology to enhance transparency through the understanding of customer identity or transaction profiles. He noted that these themes and others emerged from FinCEN’s recent “Innovation Hours Program,” which encourages fintech companies, regtech companies, and financial institutions to present to FinCEN new and innovative products and services for potential use in the financial sector. The program’s upcoming September meeting will focus on innovations in “know your customer” compliance, BSA reporting, and core inter-bank payment and messaging systems associated with industry anti-money laundering/combating the financing of terrorism efforts. Additionally, El-Hindi noted that FinCEN’s enhanced supervision of nonbank financial institutions involves “actively prioritizing and engaging in,” among other activities, (i) conducting examinations of “specialized, rapidly evolving” financial services providers (e.g., virtual currency exchangers and administrators); (ii) identifying sector data to support FinCEN's analytic endeavors; and (iii) developing a stronger framework for risk assessments of the nonbank financial sector “from both the compliance and illicit activity standpoints.” El-Hindi closed his remarks by encouraging FinCEN and other regulators to discuss with foreign counterparts “the concept of a culture of compliance in the United States and what underpins it, and explore with our counterparts concepts that could underpin a culture of compliance in their own jurisdictions.”
U.S. enforcement authorities seize $3.7 million, arrest 281 for involvement in Business Email Compromise schemes
On September 10, the DOJ announced a coordinated effort with the U.S. Department of Homeland Security, the U.S. Department of the Treasury, the U.S. Postal Inspection Service, and the U.S. Department of State, against a series of Business Email Compromise (BEC) scams. The effort was conducted over a four-month period, resulting in the seizure of nearly $3.7 million and the arrest of 281 individuals in the U.S. and overseas, including 167 in Nigeria, 18 in Turkey and 15 in Ghana, along with arrests in France, Italy, Japan, Kenya, Malaysia, and the U.K. According to the DOJ, “BEC, also known as ‘cyber-enabled financial fraud,’ is a sophisticated scam often targeting employees with access to company finances and businesses working with foreign suppliers and/or businesses that regularly perform wire transfer payments.” BEC scams can involve requests for paper checks and may not actually “compromise” an email account or computer network. The DOJ notes that many BEC scams are perpetrated by foreign citizens, who are often members of transnational criminal organizations.
As previously covered by InfoBytes, the Financial Crimes Enforcement Network (FinCEN), in July, discussed efforts designed to restrict and impede Business Email Compromise (BEC) scammers and other illicit actors who profit from email compromise fraud schemes and issued an updated advisory, providing general trends in BEC schemes, information concerning the targeting of non-business entities, and risks associated with the targeting of vulnerable business processes.