July 1st, 2015

Financial Crime Quarterly Briefing

Updates, Events, and Feedback from the Field

News in Brief• Panama passes new money laundering laws

• Attempt to get removed from FATF “grey list”

• Creates new FIU, commission targeting money laundering and terrorist financing

• Adds new compliance and suspicious activity reporting requirements for more than a dozen industry sectors – currency exchangers, accountants, auditors, casinos, real estate agents, enterprises in Colon Free Trade Zone

• Panamanian president has made passage of law top priority

• Enforcement still an open question – FATF priority

News in Brief• Switzerland’s “white money” strategy goes forward

• BSI became first to reach settlement under US Justice Department’s Swiss Banking Program

• Several other banks have entered into non-prosecution agreements in April, June

• 11 banks remain under investigation by Department of Justice

• Swiss prosecutor – “When we have a law that doesn’t punish financial intermediaries accepting doubtful funds then we have a problem”

• Stiffer legal, regulatory framework

potentially on the horizon

EU’s 4th AML Directive• Formally adopted on June 5• Triggers two-year implementation period –

EU member states now must translate into law

• Previous directives have been implemented more or less as is, but lots of interpretation still left up to individual countries

• Who is covered?• Banks and other financial institutions• “Gatekeepers” – auditors, accountants, legal professionals engaged in

certain transactions on behalf of clients• Company service providers• Gambling companies (although option to exempt)• Any persons engaged in “trading of goods” with cash transactions at or

above 10,000 euros in single or linked transaction

EU’s 4th AML Directive• What’s new in the 4th Directive?

• Politically Exposed Persons

• Now includes domestic PEPs

• Risk-based determination to limit years someone is considered a PEP –change from “once a PEP, always a PEP”

• Tax crimes – now a predicate offense, points to broader focus on tax compliance within EU, including “tax avoidance”

• Beneficial ownership

• Determine ownership of legal entities to 25% ownership stake

• Designed to identify “natural person who ultimately owns or controls a legal entity through direct or indirect ownership”

• If no person determined, keep records on steps taken, provided no grounds for suspicion

EU’s 4th AML Directive• What’s new in the 4th Directive?

• Central registries• Member states must require legal entities to obtain and hold “adequate,

accurate and current information on their beneficial ownership”

• Create central register to hold that information

• Information must be accessible by:

• “Competent authorities and FIUs without restriction”

• Entities who need the information for customer due diligence requirements, such as financial institutions

• “Any person or organization who can demonstrate a legitimate interest”

• Authorities, FIUs can access without alerting entity

• Steps in place to link registries by 2019 – would effectively create EU-wide corporate registry

• http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=OJ:JOL_2015_141_R_0003&from=EN

US Treasury Risk Assessments• National Terrorist Financing Risk Assessment

• Issued June 12

• First of its kind

• Cooperative effort among Treasury, Homeland Security, DOJ, and intelligence agencies

• http://www.treasury.gov/resource-center/terrorist-illicit-finance/Documents/National%20Terrorist%20Financing%20Risk%20Assessment%20%E2%80%93%2006-12-2015.pdf

US Treasury Risk Assessments• National Terrorist Financing Risk Assessment

• Terrorist groups

• Core leadership of Al Qaeda “degraded,” but splintered and diverse threat landscape remains

• ISIS, Boko Haram, Taliban, Haqqani Network, Lashkar-e Tayyiba, FARC

• “Lone wolf” terrorism remains a key concern

• Funding sources• Kidnapping for ransom is a growth industry – ISIS made “at least $20 million and as

much as $45 million” in 2014 alone

• Extortion rackets

• Fundraising and charitable organizations, particularly those operating in Kuwait and Qatar – money moves through wire transfers, cash couriers, hawalas, and money transmitters

• Social media growing in popularity

US Treasury Risk Assessments• National Terrorist Financing Risk Assessment

• Other Funding Sources• Intersection between drug traffickers and terrorist financiers – Taliban

controls significant portion of heroin production, FARC still heavily involved in cocaine trafficking

• US targeting narco-terrorism actors with sanctions under Kingpin Act, civil asset forfeiture

• US cigarette smuggling, trade-based money laundering as a means to raise funds for Hezbollah

• Smaller-scale individual fundraising on the rise – door to door, teleconference

US Treasury Risk Assessments• National Terrorist Financing Risk Assessment

• Concerns for financial institutions

• Due diligence on non-profits and charitable orgs – may have US tax exemption, but do they operate or have branches overseas?

• US-based fundraising by charitable orgs, including using the cover of disaster relief

• Individuals receiving multiple small transfers from others in neighborhood, geographic areas

• Foreign fighters and lone wolves – does your institution have typologies around these• Purchases and/or shipments of camping, survival equipment

• Money transfers from certain ethnic communities to higher-risk areas

• Money transfers to Turkish border with Syria

US Treasury Risk Assessments• National Money Laundering Risk Assessment

• First of its kind in decade

• Overall, AML gaps have narrowed, and formal financial system has improved interdiction, detection and reporting of illicit proceeds

• Report focused not just on AML vulnerabilities within the system, but the underlying sources of laundered funds – healthcare fraud generates more in illicit proceeds than narcotics trafficking

• Estimated $80 billion in health care fraud losses to US government alone, private insurance estimated $30 billion

• Identity theft - $25 billion in 2012

• Mortgage fraud - $4 – 6 billion

• Tax fraud - ~$12 billion in 2010

• http://www.treasury.gov/resource-center/terrorist-illicit-finance/Documents/National%20Money%20Laundering%20Risk%20Assessment%20%E2%80%93%2006-12-2015.pdf

US Treasury Risk Assessments• National Money Laundering Risk Assessment

• Notable gaps• Nominee accounts

• Complex legal entities

• Third-party payment processors

• Correspondent accounts

• Funnel accounts and structuring

• Beneficial ownership, trade-based money laundering are persistent challenges – more regulatory activity is likely

National Money Laundering Risk Assessment

• Financial industry sectors• MSBs – illicit virtual currencies, unlicensed money transmitters, complicity

of check cashers in fraud schemes• Pre-paid – foreign-issued prepaid cards• Casinos – accessing illicit offshore funds through US casinos• Securities – master/sub accounts, omnibus accounts, foreign

correspondent relationships

• Takeaways?• Diverse risk landscape for money laundering, but much of it comes down to

broad-based and extensive customer due diligence• Persistent issues and lack of progress increase pressure for regulatory, legal

changes• Fraud is highest-dollar value illicit activity – what are your AML controls around

fraud-related transactions, how are your AML/fraud programs connecting?

US regulators hone in on casinos• $75 million penalty on Tinian Dynasty earlier this month was

largest ever on a casino – clear message from FinCEN

• Follows $10 million penalty on Trump Taj Mahal earlier this year

• Recent reports of tribal gaming operations refusing to cooperate with IRS examinations

US regulators hone in on casinos

• Some takeaways• Casinos need to review and improve compliance programs, especially

customer due diligence, ASAP

• “Bread and butter” AML issues highlighted in recent enforcement actions – SAR and CTR reporting, recordkeeping, cooperation with examiners and investigators

• Customer due diligence concerns are front and center

• Financial institutions holding accounts for casinos – are you conducting appropriate levels of monitoring and due diligence?

OPM data breach• Initially thought to be 4 million records stolen from US Office of

Personnel Management

• Now thought to be closer to 14 million, may be as high as 32 million current and former employees

• Investigation still ongoing

• Breach went on for weeks, discovered by accident

• Records taken were extensive form used for federal background checks – included financial information, medical details, other sensitive personal information

• Fallout hits every type of public and private sector org – are you examining customer base for heightened ID fraud risk related to government employees? National security risks?

OPM data breach• Fallout hits every type of public and private sector org

• Data stolen is potential gold mine for identity fraud, spearphising attacks, state actors and cyber espionage

• Are you examining customer base for heightened ID fraud risk related to government employees?

• For government agencies, numerous risks of ID fraud, unauthorized access to further sensitive information, blackmail

• US government may not be able to keep pace with cyber threats• EINSTEIN system failed in OPM hack

• Protecting Cyber Networks Act now in question – passed House in April, but concerns over privacy in sharing of customer data, ability of US government to secure that information now at the forefront

• Number of attacks on the rise – 67,168 in 2014, according to GAO

Anthem and new reality of data breaches

• Breach of nearly 80 million records in March

• Premera Blue Cross suffered breach of 11 million

• Loss of data on individuals who weren’t directly Anthem customers – other insurers affiliated with Anthem

• Why target this data?• More valuable than payment cards• More “flexible” and less easily cancelable and replacable• Some companies in healthcare industry remain vulnerable

• Financial institutions still the most common target – face 300 percent more cybersecurity incidents than any other industry sector

FIFA corruption scandal• FIFA officials and executives of companies involved with World Cup soccer

alleged to have accepted more than $150 million in bribes over more than a decade to rig World Cup bids

• US indicts 14 people, Switzerland extradites 7 FIFA executives in late May on money laundering and fraud charges related to corruption in 2010, 2018, and 2022 World Cup bidding

• FIFA president resigned, investigation has spread to South Africa, Brazil, Switzerland and other countries

• Major sponsors of Brazil World Cup being probed by Brazilian senate panel

• Swiss, US banks now reviewing transactions related to FIFA

FIFA corruption scandal• Implications for anti-corruption compliance

• Heightened attention paid to financial institutions’ roles in handling transactions related to alleged FIFA corruption• FATF alert posted June 16 - "recent reports about alleged corruption and

money laundering activities on a large scale by several high-ranking FIFA officials underscore how important it is that financial institutions identify and monitor high-risk customers.“

• Julius Baer, CIBC FirstCaribbean Bank have announced internal transaction reviews to determine if they were used to move illicit proceeds

• Other institutions were named as holding accounts for FIFA execs in US indictments

• What does your due diligence, risk assessment and monitoring program for corruption look like?

• Who do consider “high risk”?

FIFA corruption scandal• Implications for anti-corruption compliance

• Sheer attention paid to the FIFA scandal highlights reputational harm from corruption cases – raised profile

• Further indication of the growing interconnection between money laundering and corruption enforcement – indictments are charging ML violations

• Sponsors, service providers involved remain at risk – potential for FCPA violations through Travel Act, state-owned soccer clubs, and violations of books and records provisions

• US remains ready and willing to reach across international borders in corruption cases with tenuous US nexus

Financial Action Task Force Plenary• The Paris-based FATF, which sets the global financial crime

agenda, particularly in the areas of anti-money laundering and terrorist financing, just released the results of its latest plenary.

• The FATF released two key pieces of guidance to the industry, focusing on virtual currencies, such as Bitcoin, and a second on best practices to combat criminals working through non-profit groups.

• The recommendations and guidance by this group is widely watched by jurisdictions and the financial institutions within them as they typically foreshadow areas that law enforcement is concerned about and where regulators will center their financial crime program scrutiny, even if these mandates are not from any formal federal legislation or guidance.

Financial Action Task Force Plenary• The bottom line: the reports urge countries to engage in a country risk

assessment to gauge the risk of virtual currency operations operating in their bodies, and potentially update laws and regulations, though there are jurisdictional challenges in the case of de-centralized currencies.

• The guidance focuses on banks, which are the physical nexus to the virtual world and where virtual currency exchangers will have accounts, though banks may not be aware of they have a roster of such higher risk customers.

• As for charities, the FATF is urging countries and financial institutions to take a closer look at what laws are in place in which countries tied to NPOs but, more importantly, more heavily scrutinize non-profit operations themselves, particularly if the operations involved in “service activities”, meaning programs focused on providing housing, social services, education, or health care and have a propinquity to areas where terror groups are operating.

Bank of Mingo Penalty • FinCEN imposes $4.5 million penalty on small West Virginia

bank for “severe and systemic AML failures”

• $4.5 million for a bank with $94 million in assets

• “Regulatory climate change” – major penalties, tighter scrutiny of larger institutions means an increase in downstream risk, with smaller institutions held to the same standards

• Cited for failure to recognize risky customers, transactions –“de-risking” may be heightening risk

Questions?Comments?

Thanks for Attending!