By Brian Monroe
bmonroe@acfcs.org
August 11, 2016
In this week’s Financial Crime Wave, a U.S. immigration visa program that trades status for big dollars and investments draws scrutiny for possible ties to criminals, terrorists, Chinese bank expansion plans don’t extend to AML programs, OFAC releases rare enforcement action against the insurance sector, and more.
Compliance
Regulatory investigations in the U.S. and Europe are forcing China’s major banks to slow their aggressive expansion into the global financial market and focus instead on significant shortcomings in their risk management and compliance programs. In the midst of this aggressive expansion, however, Chinese banks have a culture that has long been willing to bypass compliance to win business and have thus been paying little heed to their compliance standards and controls. According to a recent survey of financial services in Asia, Chinese respondents listed regulatory compliance at the bottom of their priorities by a wide margin. According to the non-profit watchdog Global Financial Integrity, such attitudes resulted in Chinese banks being responsible for an estimated 28 percent of the $4.885 trillion in illicit funds moved from the 10 biggest source economies between 2004 and 2013. Chinese banks are beginning to understand that what may suffice in China — where lackluster enforcement and low fines for violations fail to create much of an incentive to foster compliance — is inadequate for their overseas operations. Since February 2016, financial regulators in Europe and the U.S. and others have launched investigations questioning the compliance management of overseas branches of Chinese banks allegedly related to anti-money laundering (AML) and anti-financial corruption controls. Many such investigations have revealed significant money laundering activities at the overseas subsidiaries and branches of Chinese banks on behalf of the expatriate Chinese community around Europe and in the U.S. Most are investing in additional training and revamping their compliance systems.
Bank of China Ltd reportedly aims to produce 200 certified AML specialists in the next three years with special AML training for management and staff.
China Construction Bank Corp agreed to overhaul its transaction controls, oversight and reporting controls in a deal with the U.S. Federal Reserve.
Industrial and Commercial Bank of China Ltd (ICBC) claims it has improved its AML systems and supervision of overseas institutions by implementing an AML mechanism compliant with local regulations at each overseas branch. ICBC also purchased an advanced European AML monitoring system in 2015, (via Reuters).
Financial crime compliance officers often are saddled with dated technology when crafting and implementing anti-money laundering (AML) and other programs, an issue compounded by a tight job market and budgetary challenges tied to adding staff with adequate expertise, according to a new survey. In an increasingly complex regulatory environment, many financial institution executives are concerned that they have insufficient staff, technology and budgetary resources to support their AML efforts, a survey of financial service executives released today by financial technology solutions provider NextAngles revealed. The top future concern for executives regarding AML was effective enterprise-wide compliance and integration, with 79 percent describing themselves as moderately or very concerned. The respondents also said case analysis time is concentrated heavily on routine monitoring such as data analysis (35 percent), data collection (34 percent) and data consolidation (29 percent). For 2016 and 2017, cybersecurity, Know Your Customer (KYC) regulations, and AML remain top priorities. AML in particular presents a host of challenges for financial institutions. In addition to the integration of AML systems in different business functions and regions, future concerns cited by respondents include the introduction of new regulations (77 percent), staffing challenges (76 percent), and a lack of clarity regarding rules for compliance with existing regulations. The online survey of 280 senior-level executives of financial institutions with $3 billion or more in assets was conducted in May, 2016 by SourceMedia Research for NextAnglesTM. All survey participants are involved in compliance-related decision-making and execution, (via ValueWalk).
Immigration
Immigration to the United States has long been one of the most vexing issues for foreign nationals seeking a new life on this side of the American border. But a new ABC News investigation looks at one of the most obscure paths to a U.S. visa and green card — one being aggressively marketed to wealthy foreigners, and one that whistleblowers say is being exploited by criminals, spies, and possibly even terrorists. This is the story of the $500,000 Green Card — a path to legal residency that begins with an offer by a wealthy foreign national to invest half-a-million dollars in an approved project that promises to create American jobs. Known by its visa designation, the EB-5 program has been booming in recent years. Advocates for the program argue that it is creating thousands of American jobs and supporting a wide range of business ventures that may never have gotten off the ground. Critics say, however, it amounts to buying a visa. The federal official who oversaw the growth of the program, Deputy Homeland Security Secretary Alejandro Mayorkas, told lawmakers last year that any weaknesses in the program have been tightened. But whistleblowers told ABC News that little has changed since concerns were raised about visa applicants being approved despite being suspected of fraud, money laundering, and in one instance, possible involvement in selling child pornography. The most serious concerns raised by whistleblowers centered on national security. Internal records show officials inside the Department of Homeland Security had begun looking into the possibility that the EB-5 program was “abused by Iranian operatives to infiltrate the United States,” (via ABC News).
Sanctions
Two related enforcement actions by the U.S. Department of Treasury’s Office of Foreign Assets Compliance (OFAC) are stark reminders that health insurance providers (and other insurers) must maintain adequate U.S. trade sanctions compliance programs, including conducting screening of customers and others. While the insurance company and its third party administrator (TPA), which provided health insurance coverage to, and received payments from, sanctioned narcotics dealers, were fortunate to escape with non-monetary “Findings of Violation,” in the future insurers that do not engage in adequate screening and other trade sanctions compliance measures may not be so lucky. In its recent enforcement actions, OFAC found that AXA Equitable Life Insurance Company (AXA) facilitated and/or processed payments and maintained two health insurance policies in which SDNs had an interest. When AXA issued the policies in 1992, the policy holders were not on the SDN List. The Kanawha Insurance Company (whose parent company is Humana, Inc.), as TPA, serviced the policies, collected premiums, maintained policy records, and answered general inquiries from insured parties. In 2009, OFAC added the policy holders to the SDN List. Neither AXA nor Kanawha screened the names of the policyholders serviced by the TPA, and both companies failed to identify and block the policies and premium payments. In 2011, a new company assumed TPA responsibilities, identified the policyholders as SDNs, and coordinated with AXA to block and cease providing any services for the policies. OFAC found that Findings of Violation should be issued because:
The companies are large and commercially sophisticated financial institutions.
The companies facilitated and/or processed numerous payments, and maintained two health insurance policies in which one or more SDNs had an interest, doing harm to the U.S. sanctions programs.
The companies’ compliance programs did not ensure that the names of policyholders associated with policies were screened or reviewed for OFAC compliance purposes.
However, OFAC elected not to impose monetary penalties because:
No company personnel, including managers or supervisors, appear to have had actual knowledge of the conduct that led to the violations.
The companies had not received a penalty notice or Finding of Violation from OFAC relating to substantially similar violations in the five years preceding the current violation.
The companies cooperated with OFAC’s investigation, including by making voluntary disclosures, and executing statute of limitations tolling agreements and extensions, (via Davis Wright Tremaine LLP).
Money laundering
This is a great Wall Street Journal interview with a law enforcement legend whose exploits are now being turned into what looks like a cinematic blockbuster. Bob Mazur, now president of a private investigative agency, spent 27 years as a federal agent investigating money laundering and drug trafficking. His memoir, “The Infiltrator,” chronicled Operation C-Chase, a two-year operation in the 1980s that busted the Medellin Cartel and helped bring down BCCI Bank. The memoir became the basis for a film of the same name featuring Bryan Cranston playing the role of Mr. Mazur, a high-flying undercover agent posing as a money launderer for the cartel. Mr. Mazur spoke to Risk & Compliance Journal about bank compliance, corporate criminal law enforcement and more. The conversation was shortened for length and clarity. Here is one of the questions: List five or six things we should be paying attention to that we aren’t already.
Mr. Mazur:
Bulk bank-note business, which includes foreign exchange.
Gold bullion.
Trade-based money laundering in free trade zones.
Agency cooperation: A big area we’re missing. No matter what the talking heads tell you, federal agencies do not cooperate with one another. They do on a low level; they don’t on a high level. There’s massive amounts of information in the databases at various agencies related to financial transactions that are totally ignored.
I need an agency that’s responsible for looking for money launderers, not money launderers prosecuted as an accident related to an SEC case, or this case or another case. Recognize money laundering for what it is: a crime. Get an agency that’s responsible for it and get them to focus on it. We’re just not focused on it, (via the Wall Street Journal).
Cybersecurity
Australia has set up a cyber-intelligence unit to identify terrorism financing, money laundering and financial fraud online, the government said on Tuesday, because of “unprecedented” threats to national security. The measure expands on a major platform of conservative Prime Minister Malcolm Turnbull, who narrowly won re-election last month after promising to improve Australia’s cybersecurity and transform the economy into a tech-savvy business hub. Justice Minister Michael Keenan said the new unit, set up under money-tracking agency the Australian Transaction Reports and Analysis Centre (AUSTRAC), would investigate online payment platforms and financial cybercrime to crack down on money-laundering and criminal networks. The statement said the new AUSTRAC unit would work with the Australian and New Zealand government-funded identity support service, ID Care, to target job recruitment scams that crime syndicates used to recruit innocent people to traffic money between jurisdictions. The new unit would also work with the Australian Cybercrime Online Reporting Network to identify patterns and trends that could indicate large-scale financial scams or their methodology, Keenan said. Reuters previously reported that a decision by Australia’s major banks to stop offering overseas remittance services had driven the money transfer business underground, making it harder for the authorities to track, (via Reuters).
The risks associated with data breaches continue to grow, impacting a variety of industries, tech firms, and social networking platforms. In the past few months, over one billion credentials were dumped online as a result of mega breaches in popular social networks. Now, Oracle is the latest in the list. Oracle has confirmed that its MICROS division – which is one of the world’s top three point-of-sale (POS) services the company acquired in 2014 – has suffered a security breach. Hackers had infected hundreds of computers at Oracle’s point-of-sale division, infiltrated the support portal used by customers, and potentially accessed sales registers all over the world. The software giant came to know about the data breach after its staff discovered malicious code on the MICROS customer support portal and certain legacy MICROS systems. Hackers likely installed malware on the troubleshooting portal in order to capture customers’ credentials as they logged in. These usernames and passwords can then be used to access their accounts and remotely control their MICROS point-of-sales terminals. In a brief letter sent to MICROS customers, Oracle told businesses to change their MICROS account passwords for the MICROS online support site – particularly passwords that are used by MICROS staff to control on-site payment terminals remotely, (via The Hacker News).
Officials from the Bangladesh central bank are visiting Manila this week to pressure the authorities in the Philippines to find ways to return the $63 million that is still missing out of the funds stolen from its account at the Federal Reserve Bank of New York earlier this year, two people close to Bangladesh Bank said. Unknown cyber criminals tried to steal nearly $1 billion from the Bangladesh Bank account between Feb. 4 and Feb. 5, and succeeded in transferring $81 million to four accounts at Rizal Commercial Banking Corp RCB.PS (RCBC) in Manila. Only about $18 million has been recovered. The Bangladeshi officials are alleging that the money was allowed to disappear into the casino industry in the Philippines, where investigators say it was laundered, because of systemic failures at RCBC, the two sources said. Bangladesh Bank is relying on internal RCBC documents to buttress its assertion that the Filipino bank’s Jupiter Street branch in Manila ignored suspicions raised by some RCBC officials when the money was first remitted to the accounts on Feb. 5, and then delayed acting on requests from RCBC’s head office to freeze the funds on Feb. 9, said one of the sources in Dhaka, (via Reuters).
KYC
From data and devices, to behavior analysis and technology, there’s a growing number of ways digital identities are being authenticated in the payments ecosystem today. But identity assurance is still a hard nut to crack. Though there are many tools and technologies out there, knowing when to use what and where can be a complex decision. Not only is fraud prevention top of mind, but also ensuring that authentication doesn’t include increased friction on the consumer or strain on a merchant. As new approaches to authentication continue to emerge, the definition of what it means to validate a person’s digital identity is also blurring, with unique obstacles whether they are new or existing customers. In the digital identity landscape, all of the tools, technologies and payment schemes address one of two parts of the financial services lifecycle: authenticating new users and authenticating existing users. Sunil Madhu, CEO of Socure, explained that there are unique challenges for each. For new users, the lack of historical information available means that authentication tools and methods such as passive biometrics, device fingerprinting, payment behavior analysis, etc., just don’t work – there’s no baseline. For existing users, the difficulty lies in verifying that the transactions coming from an account that’s established with a financial institution or merchant are being performed by the person authorized as the owner of the account, (via Pymnts).
Crowdfunding
This story covers a rising anti-money laundering vulnerability tied to crowdfunding, noting that the sob stories or potential world-altering item purported purveyors are proffering may be run by organized crime groups. We’ve all seen them shared across our social media circles: the emotional stories of people and charities in need, the heartfelt pleas for help in funding a startup or pet project, and then a link to a webpage where we can donate to lend a financial hand. In most cases these stories are legitimate and the crowd-sourced funds are used to benefit those who have encountered illness or tragedy or who are determined to finance their next big project; however, in a growing number of cases, crowdfunding websites are being used for illicit purposes—including money laundering. First gaining popularity in the early 2000s, crowdfunding is a way of soliciting financial contributions from people around the globe through an online platform. The most well-known sites today include Kickstarter, GoFundMe and IndieGoGo. There are several types of crowdfunding, including these most common ones:
Rewards-based crowdfunding, which gathers collections to fund projects, business ventures or personal causes (e.g., raising money to fund production of an amateur singer’s album)
Debt-based—or P2P—crowdfunding, where people can apply to the platform for unsecured loans that they must then repay with interest
Donation-based crowdfunding, which allows small organizations and even individuals to solicit donations for a variety of causes
Suspicious activities can include:
Deposits from crowdfunding sites being followed by structured cash withdrawals
Deposits received from multiple accounts and then payments immediately submitted to crowdfunding sites
Personal accounts receiving deposits and checks from unidentified people and foreign businesses, with funds then being transferred to crowdfunding sites, (via CaseWare Analytics).
Regulations
South Carolina passed a law that aims to cut down on money laundering. It requires all money and wire transfers be tracked. Solicitor Jimmy Richardson told News13 people transferred hundreds of millions of dollars out of the state of South Carolina. He said that money all went to Mexico and blames that for part of the drug problem in Horry County. From 2010 to 2015 arrests for heroin in Horry County doubled. Solicitor Jimmy Richardson says it’s a problem that’s gotten out of hand. “It is imperative that we get control over the heroin epidemic.” Richardson said at least three people die each week in Horry County because of an overdose. He said the way the heroin gets into our state is through money laundering. “On average 700-million leaving our state and going to the cartels in Mexico,” (via WCBD News 2).
Sanctions
If you want a piece of evidence that not everything that is lawful is also right, look no further than the Obama administration’s January shipment of $400 million in euros and Swiss francs to Iran—in cash in an unmarked cargo plane. Some have suggested that sending the money to Iran might have run afoul of the Constitution. Spending by the executive, after all, must be authorized in an appropriation by Congress. However, the funds in question apparently came from a deposit in the 1970s on the purchase of weapons by the government of the Shah—a deposit that was the subject of a lawsuit by Iran against the U.S. No taxpayer funds were involved, and thus there was no offense to Congress’s spending authority. To be sure, there were at the time, and still are, sanctions in place that bar anyone from engaging in dollar transactions with the regime in Tehran. Thus if the U.S. had simply made a conventional bank transfer to Iran in dollars, the regime would have been unable to readily use the funds, because banks and others would be barred from participating in those transactions. Hence the need for a transfer in other currencies—to avoid the potential for a sanctions violation, (via the Wall Street Journal).
Corporate transparency
Many of the world’s largest banks are giving their support to a congressional effort to bolster transparency and frustrate criminals abusing amorphous ownership structures, a critical deficiency in the country’s framework to fight financial crime. On Monday, the Clearing House Association – representing the world’s largest commercial banks – sent a letter to Congressional lawmakers supporting strong measures to crack down on the abuse of anonymous companies. The group, which counts among its owners Bank of America, Citibank, JPMorgan Chase, and Wells Fargo, explicitly endorses the bipartisan Incorporation Transparency and Law Enforcement Assistance Act (H.R.4450, S.2489). The bipartisan legislation (H.R.4450, S.2489), which has been gaining momentum since the release of the Panama Papers earlier this year, is sponsored by Reps. Peter King (R-NY) and Carolyn Maloney (D-NY) as well as Sens. Charles Grassley (R-IA) and Sheldon Whitehouse (D-RI). In the letter, the association stated, if passed, the legislation would “assist public sector efforts to identify money laundering and terrorist financing through the disclosure of the beneficial owners of corporations. In addition, the legislation would bring the United States further in line with international AML/CFT expectations, such as the recommendations developed by the Financial Action Task Force (FATF). We can see no justification for allowing corporations to shield their ownership.”
Click here to read an HTML version of this release.
Click here to download a PDF of the full letter from The Clearing House.
Click here for a full list of the Clearing House’s owner banks, (via the FACT Coalition).