By Brian Monroe
bmonroe@acfcs.org
January 28, 2016
In this week’s Financial Crime Wave, authorities indict dozens in massive prison corruption, laundering scheme linked to illicit cell phones, banks still wary of Iran after sanctions thaw, casino sector compliance improves according to gaming association, and more.
Virtual currency
Dutch police have arrested 10 people in the Netherlands as part of an international investigation into money-laundering through sales of the shadowy virtual currency bitcoin, prosecutors said on Wednesday. Authorities raided more than a dozen areas Tuesday in eight Dutch towns as part of the investigation, during which investigators seized luxury cars, cash and the ingredients to make ecstasy. “Bank accounts and bitcoin accounts were also seized thanks to help from the United States, Australia, Morocco and Lithuania,” the Dutch prosecution service said in a statement. Bank compliance teams were critical in uncovering the scheme. Banks reportedly saw “large sums of money” being deposited before being immediately withdrawn at cashpoints, which is a classic red flag for money laundering. Criminals working in the shadows of the dark web – illicit sites trading in everything from firearms to drugs – are often paid in a virtual currency, known as bitcoins (via The Guardian).
The bigger picture: This case highlights that individuals, under personal or even corporate accounts, are still worming their way into the banking system to be able to buy and sell Bitcoins. Now, while FinCEN has decreed these Bitcoin exchanges be registered under AML rules, many groups have not. As well, not surprisingly, criminals have no problems using registered or non-registered Bitcoin exchanges, or simply working with an array of individuals who want cash for bitcoins or vice versa. As in prior stories, I can guarantee the banks holding the accounts that are seized are reviewing how the clients were onboarded, what transactions were expected, what transactions actually occurred and if any alerts generated were transmuted into SARs.
Corruption
Federal authorities have arrested more than 50 people, 15 of them current or former correctional officers, in a wide-ranging corruption, fraud and money laundering operation originating in Georgia state prisons. In the scheme, inmates allegedly used contraband cellular telephones from inside Autry Prison to access Internet websites to identify the names, addresses, and telephone numbers of potential fraud victims. Guards also allegedly gave inmates cigarettes and illicit drugs. Using the cellular telephones, inmates called the victims whose names and numbers had been obtained. During these calls, the inmates made certain false representations to the victims, including: (a) that the inmates were law enforcement officials; (b) that the potential victims had unlawfully failed to appear for jury duty; (c) that because the potential victims had failed to appear for jury duty, warrants had been issued for the victims’ arrest; and (d) that the potential victims had a choice of being arrested on the warrants or pay fines to have the arrest warrants dismissed. To make the calls seem real, the inmates created fictitious voicemail greetings on their contraband cellular telephones, identifying themselves as members of legitimate law enforcement agencies. For those victims who wanted to pay a fine, the inmates instructed them to purchase pre-paid cash cards and provide the account number of the cash card or wire money directly into a pre-paid debit card account held by the inmates. Based on these false representations, the victims electronically transferred money to the inmates because they believed that the funds would be used to pay the fine for failing to appear for jury duty and would result in the dismissal of the arrest warrant. After a victim provided an inmate with the account number of the pre-paid cash card, the inmates then used their contraband cellular telephones to contact co-conspirators, who were not incarcerated, to have those individuals transfer the money from the cash card purchased by the victims to a pre-paid debit card possessed by the co-conspirators. Next, the co-conspirators withdrew the victim’s money, which had been transferred to the pre-paid debit card they controlled, via an automated teller machine or at a retail store. Typically, the co-conspirators then laundered the stolen money by purchasing a new cash card so that the victims’ funds could be transferred back to the inmates. Georgia Department of Corrections employees, inmates and individuals outside the prison system have been charged federally with conspiring to commit wire fraud, conspiring to commit money laundering, and accepting bribes to smuggle contraband into Georgia prisons. Much of the alleged criminal activity was committed inside Georgia state prisons and was initiated by inmates (via the US Department of Justice).
Bigger picture: Banks may want to think that law enforcement or public service professionals, such as police, firefighters or correctional officers, hold themselves to a higher standard when it comes to financial crime. But in some cases, the opposite is true, and having power over others and a badge makes them feel like they can act above the law. We recently wrote about allegations of a small South Florida police force that got into the business of drug trafficking and money laundering. This case is another example that banks actually have to do extra diligence and potentially put these individuals into a higher risk category. In tandem, they may want to tune their transaction monitoring systems to look for combinations of say, a correctional officer doing a debit or credit card payment at a phone outlet or kiosk, and then unexplained deposits of cash, or large purchases of prepaid cards, that go beyond a person’s standard salary.
Sanctions
Surprisingly, it could actually be more complicated for banks with Iran sanctions pulling back in large measure than the cavalcade of tightening restrictions in recent years in response to the country’s purported nuclear weapons goals. On Saturday, January 16, the United States and European Union formally suspended or relaxed a series of ‘nuclear-related’ sanctions on Iran after the International Atomic Energy Agency (IAEA) verified to the United Nations that Iran had undertaken the nuclear suspensions to which it agreed in the Joint Comprehensive Plan of Action (JCPOA) on July 14, 2015. The broadest U.S. relaxations, necessary to give effect to the relaxations undertaken by the EU, apply to non-U.S. persons (secondary sanctions), where the United States has indicated it will not enforce its existing secondary sanctions on non-U.S. persons who undertake the following types of identified activity in the following sectors:
Financial and Banking. Transactions involving the Iranian financial sector, including transactions with the Central Bank of Iran, or otherwise involving the Iranian Rial.
Insurance. Insurance or reinsurance transactions in connection with activities consistent with the JCPOA.
Energy and Petrochemical. Transactions relating to the energy and petrochemical sectors, including investment, purchase, acquisition, sale, transportation or marketing of petroleum, petrochemical products and natural gas from Iran.
Shipping, Shipbuilding, and Ports. Transactions involving shipping, shipbuilding and ports, including the operation or use of a vessel used to transport crude and operating a port or provision of vessels to certain designated entities. Gold and Precious Metals. Transactions for the sale or supply of gold and other precious metals to Iran.
Software and Metals.Transactions involving trade with Iran in graphite, raw, or semi-finished metals. Transactions for the sale or supply of certain software for integrating industrial processes.
Transactions involving the sale, supply and transfer of goods and services in connection with the automotive sector (via Crowell).
Illustrating the still-lingering fear from large foreign banks of violating sanctions rules – many of which are still smarting from paying sanctions-related penalties in the hundreds of of millions and billions of dollars – even with sanctions on Iran pulling back, many institutions are still not eager to engage the Islamic theocracy. A week after the lifting of sanctions against Iran, major European banks are still reluctant to handle Iranian payments as they remain wary of being the first to test the reaction of US authorities. Despite guidance issued by the US treasury aimed at reassuring Europe that it was permissible to do business with Iran, excluding a number of entities and individuals that remain blacklisted, the continent’s big banks still err on the side of caution. The Guardian approached 10 banks this week to see if they would process Iranian payments. The majority were unwilling to disclose whether they had plans to deal with Iran, a few said there was no change in their existing policy, and the London-based Standard Chartered, which was fined £400m by the US authorities in 2012, issued a statement to make clear it was not dealing with anyone or any entity that had anything to do with Iran. This contrasts with the desire of European companies and European governmentsto increase trade with Iran from the current €7.6bn (£5.8bn) to the pre-sanctions figure of almost €28bn. An unprecedented number of EU business delegations have already visited Tehran and the Iranian president, Hassan Rouhani, is expected in Rome on Monday and then Paris on Wednesday to revamp Iran’s relations with Europe (via The Guardian).
Bigger picture: While some companies may be salivating at the prospect of entering an entirely new region – Iran has been mostly locked from doing business in an array of sectors for what seems like decades – banks are having to tread more cautiously. But even if banks are not directly taking the plunge, they still have to worry about their customers in these regions working with Iran and engaging in transactions that may violate sanctions or, at the very least, the bank is not comfortable with from a compliance perspective. What I have heard from sources is that some banks are querying customers that could be considering working with Iran to find out which ones are so they can either increase monitoring for these firms or potentially close their accounts to prevent questionable funds of Iranian origin getting into the institution because, say, a European metals company is now supplying parts to certain Iranian business sectors.
U.S. exporters, which typically must use banks to finance international deals, are facing a newly energized regulator with more funding and proposed rules allowing for higher penalties, meaning export controls are likely to become a bigger compliance issue in the months ahead. The U.S. Department of Commerce’s Bureau of Industry and Security, or BIS, which develops U.S. export-control policy, received a $10 million boost in funding, bumping it to $112.5 million in the omnibus spending bill for fiscal 2016, which runs through Sept. 30. The higher funding reflects a higher priority placed on export control by the U.S. government since it launched a reform effort in August 2009. Export control is used by the government to enforce sanctions on various nations as an instrument of foreign policy. BIS has already made its presence felt as a more aggressive regulator, securing a huge jump in criminal fines in fiscal 2014 to $137.8 million, according to the latest penalty figures posted to its website, from $2.7 million in 2013 and $4.8 million in 2012. Last year the agency got convictions against 39 people and businesses, compared with 52 in 2013 and 27 the year before. Financial institutions also can get caught in the export-control net, including one bankthat came under criminal investigation after providing financial services to a company that later pleaded guilty to exporting aircraft parts and other items to Iran (via Wall Street Journal).
The bigger picture: This is important because banks already have to worry about a bevy of state and federal regulators penalizing them for dealing with sanctioned entities, even if they weren’t completely aware of these at-times nebulous and many-layered connections. Now, let’s be clear, in many of the massive sanctions penalties against banks in recent years – which have regularly hit hundreds of millions and even billions of dollars – a division in the bank knew what they were doing and where actively doing business with places like Iran and scrubbing out the transaction history. But, say, even if a bank does business with a shipping line, and that shipping line is moving something with ties to Iran, and the bank misses it, they can be on the hook as OFAC infractions are a strict liability standard. So why am I opining so loquaciously? Because if BIS gets into the game of looking for sanctions violations, that means it will be giving much more scrutiny of the documents, financing and banks involved. That means there is more potential for another set of eyes to find something a bank missed and report those violations to OFAC. One of the reasons there are not more sanctions penalties against banks, and other companies, is that there is so much global trade, most shipments barely get the eye of inspectors on the ground or anyone else, though it sounds like that could be changing.
Compliance
More than 2,000 financial institutions have signed up for The Know Your Customer (KYC) Registry, SWIFT’s centralised repository which maintains a standardised set of information about financial institutions required for KYC compliance. The Registry provides a KYC solution that enables banks to maintain and grow their correspondent network. It is used by institutions in more than 200 countries and territories, with nearly 1,150 banks in Europe, the Middle East and Africa; 325 in the Americas, and over 550 in the Asia Pacific region. Launched in December 2014 and operated by SWIFT, The KYC Registry provides KYC information for correspondent banks as well as fund distributors and custodians. Banks contribute an agreed ‘baseline’ set of data and documents for validation by SWIFT, which the contributors can then share with their counterparties. Each bank retains ownership of its own information, as well as control over which other institutions can view it. Banks are not charged for data contribution or for using the Registry to share their KYC information with other users (via Automated Trader).
Cognizant of the increased scrutiny of the casino sector and informed by historic penalties against household name gaming operations, the sector broadly has bolstered its financial crime compliance policies. These moves come three years after the head of the U.S. Treasury Department’s federal money laundering unit told the gaming industry it needed to clean up its casinos, with the result being operators have heeded the advice. The Washington, D.C.-based American Gaming Association said last week casino companies have “significantly” boosted their investment and vigilance to comply with the Bank Secrecy Act and anti-money laundering regulations. Accounting and consulting firm Ernst & Young looked at the gaming industry’s practices and found that casino operators have implemented “a sweeping series” of customer due diligence procedures that monitor illicit behavior and increased the number of Currency Transaction Reports and Suspicious Activity Reports filed with the Treasury Department. The American Gaming Association, which drafted a white paper in December 2014 to help the casino industry institute “best practices” for anti-money laundering compliance, commissioned the study. “The casino industry has had some successes in the past several years,” said American Gaming Association CEO Geoff Freeman. He said casino companies have made an “unprecedented” investment into their anti-money laundering programs, he said. Budgets for those programs grew by 74 percent in the past five years. Suspicious activity report filings have doubled and gaming companies have actually ended relationships with customers that posed an “unacceptable risk level,” (via the Las Vegas Review Journal).
Bigger picture: Some banks have given me the analogy that having a casino account is akin to having a correspondent banking relationship with another institution. That is because the casino can be doling out and taking in money from a wide array of domestic and foreign customers, but banks may only see certain large movements of cash with few details on who are the underlying customers. As well, some casinos allow wealthy customers to deposit money in the casino account in one jurisdiction, and then come to the United States and use the funds. These are all dynamics that could worry the bank holding the large casino account because it has to rely on the casino’s compliance program to ensure no criminal groups or illicit funds are getting into the casino, and potentially being moved around the world, seemingly at the behest of the casino. I have also heard that apart from Shasky Calvery putting the industry on notice, large banks in the US were doing on-site visits are large casinos in Vegas to get an on-the-ground sense of their AML compliance practices. So it appears the casino industry is taking their duties more seriously.
Illustrating another aspect of bank “de-risking” going on, U.S. banks are cutting off a growing number of customers in Mexico, deciding that business south of the border might not be worth the risks in the wake of mounting regulatory warnings. At issue are correspondent-banking relationships that allow Mexican banks to facilitate cross-border transactions and meet their clients’ needs for dealing in dollars—in effect, giving them access to the U.S. financial system. The global firms that provide those services are increasingly wary of dealing with Mexican banks as well as their customers, according to U.S. bankers and people familiar with the matter. The moves are consistent with a broader shift across the industry, in which banks around the world are retreating from emerging markets as regulators ramp up their scrutiny and punishment of possible money laundering. For many banks, the money they can earn in such countries isn’t worth the cost of compliance or the penalties if they step across the line. U.S. financial regulators have long warned about the risks in Mexico of money laundering tied to the drug trade. The urgency spiked more than a year ago, when the Financial Crimes Enforcement Network, a unit of the Treasury Department, sent notices warning banks of the risk that drug cartels were laundering money through correspondent accounts, people familiar with the advisories said. Earlier, the Office of the Comptroller of the Currency sent a cautionary note to some big U.S. banks about their Mexico banking activities (via the Wall Street Journal).
The bigger picture: Most large criminal groups, corrupt political power brokers and even an array of fearsome fraudsters know that it’s pretty tough to get dirty funds directly through US banks, and even through other large financial centers, such as the United Kingdom and many European countries. But what they are also aware of is that these large banks, with stout AML programs, are also connected to countries all over the world through correspondent banking portals. And what the big banking hubs don’t know is what the customers of their correspondents are doing. These big correspondents in many cases have to rely on the AML programs of the other correspondent bank or some kind of written assurance they aren’t doing business with criminal or sanctioned entities, which can be less than accurate. So that is why you see you see US regulators pressing banks to be more stringent with their correspondent banking ties in a place like Mexico, which is still a mecca for criminals, drug cash and illict funds of all stripes.
Terror finance
A new European counter-terrorism centre opening this month will improve information-sharing among national police forces whose performance is under scrutiny after the jihadist attacks in Paris in November, the director of Europol has told AFP. “It establishes for the first time in Europe a dedicated operation centre,” Britain’s Rob Wainwright said in an interview at the World Economic Forum in Davos, Switzerland, on Friday. “It will provide French and Belgian police services and their counterparts around Europe with the platform they need to share information more quickly and to crack down on the terrorist groups that are active.” Although the creation of the centre was announced seven months before the Paris attacks, the coordinated shootings and suicide bombings in the French capital by a team mainly based in neighbouring Belgium have given the 28-country project new impetus. “We will be working to improve intelligence sharing and to maximise our capability to track terrorist financing,” Wainwright said. The centre at Europol’s headquarters in the Hague will also monitor the way in which Islamic State (IS) and other extremist groups “are abusing the Internet and social media, in particular for their propaganda and recruitment purposes,” he added. French investigators believe the attacks that killed 130 in Paris were planned by a Belgian national, Abdelhamid Abaaoud, who was widely thought to have been in Syria fighting with IS forces. The apparent ease in which Abaaoud slipped back into Europe and moved around the continent has thrown into question the intelligence-sharing capabilities of EU police forces (via AFP).
Bigger picture: This kind of initative is immensely important, because terrorists don’t care about borders, and frankly will use any gap in monitoring or intelligence to their advantage. As well, if one country is investigating a possible terror cell, typically their considerable authority ends when the suspect leaves the country, so it’s vital many countries form a network devoted to finding information on terror groups, sharing those details with trusted partners and arresting suspects before they can carry out their attacks. But these countries must also to strengthen their partnerships with banks, who can often find connections to suspects more quickly than investigators. Currently, many large banks and money services businesses, Western Union comes to mind, employ sophisticated data analytics and monitoring systems to do historical reviews of customers and can find links to other individuals and jurisdictions, which would be critical details to help this new EU counter-terrorism center.
Money laundering
Bank compliance officers are tasked with capturing aberrant behavior for large criminal groups but should be careful not to miss the smaller fraudsters behind a variety of crimes that all generate illicit funds. In addition to large anti-money-laundering scandals involving global banks and worldwide organizations such as FIFA that grabbed headlines last year, there were plenty of lower dollar but very damaging laundering convictions and accusations in 2015 that went unnoticed but still took a heavy toll on midlevel banks. Money laundering is a crime that occurs more often than the general public realizes, and in most sectors of our economy. It’s critical bank compliance teams understand what law enforcement is seeing in different industires to more accurately calibrate risk. Here is a list of 10 frauds and laundering cases that didn’t make headlines, but still represent significant compliance risks. In the past year alone, charity officials, a mortuary owner, a church director and a doctor providing chemo treatments were at the center of appalling cases you probably never heard about (via American Banker).
The bigger picture: I know compliance officials can’t worry about everything. Look for money laundering, then human trafficking, then large transactions, then micro-structuring. The list goes on and on. But it’s important that smaller companies, and the frauds they purport, don’t fall through the cracks of all of these larger anti-laundering, anti-corruption and counter-financing of terrorism initiatives. This mantra goes right to the heart of a critical regulatory flashpoint issue: risk assessments. At face value, someone working at a funeral home, doctor, church or charity may seem low risk, and thus they get less initial due diligence and transactional scrutiny. But banks sometimes have to think further, and realize that charity workers can be tempting to tip the till in their favor, mortuary owners can have no compunctions about defrauding the dead and chemo treatment clinics, which can be wildly expensive, are havens for health care fraud.
Want an illustrated, paint-by-numbers glimplse of the creativity of criminal money laundering syndicates? Take a look at this story. At first glance, it’s a case that could easily be misconstrued as a humdrum allegation of ill-gotten foreign money being laundered through dealings in American real estate. Peel away a couple layers of The United States Of America vs. Prevezon Holdings Ltd., however, and you’ll find all the makings of a modern international spy thriller. The mind-boggling case currently making its way through U.S. District Court in Manhattan centers on money, power, and strange plot twists. The most eye-opening particulars of the case, however, aren’t even officially on the docket: an audacious $230 million tax-fraud scheme, allegedly carried out with the complicity of Russian government officials, followed by the posthumous conviction of а whistle-blowing tax auditor and the trial in absentia of a crusading British-American financier. But when U.S. vs. Prevezon opens as a “civil-asset forfeiture trial” on January 27, it will be the first case stemming from the original tax-fraud scheme — which unfolded eight years ago in Russia — to make it to trial in U.S. courts. That means there may be more plot twists to come (via Radio Free Europe, Radio Liberty).
Enforcement
In a continuation of an aggressive stance toward the gaming sector large and small, one of Southern California’s oldest casinos has agreed to plead guilty to shielding several high rollers from federal reporting requirements and violating the Bank Secrecy Act, according to court documents filed Friday. The Normandie Casino in Gardena failed to properly record and report a series of large-scale cash transactions in 2013, according to the documents. The casino also agreed to plead guilty to failing to maintain an effective anti-money laundering program, according to a news release issued by the U.S. attorney’s office in Los Angeles. Federal law requires casinos to record the identities, addresses, Social Security numbers and taxpayer information of any gambler who cashes out more than $10,000 in winnings. The Normandie club, which opened on Rosecrans Avenue in the 1940s, has agreed to forfeit $1.3 million in ill-gotten earnings, documents show. The casino’s managing partners also agreed to pay $1 million in federal fines, according to the plea agreement (via the LA Times).