Loading…

44% of UK Solicitors Tested Are Not Meeting ML/TF Regulatory Requirements – but Unlike Their American Counterparts, At Least They Have Regulatory Requirements

A review by the UK’s Solicitors Regulation Authority (SRA) results in 44% of solicitor firms tested will be subject to disciplinary process. That’s bad, but what is worse is that US lawyers performing the same type of work are not subject to equivalent regulations

There are 7,000 regulated law firms in England and Wales that are subject to the anti-money laundering program and reporting regulations promulgated as a result of the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Act 2017. Among other things, those firms are required to have a risk-based ML/TF compliance program, including customer due diligence and suspicious activity reporting requirements.

Note 1: not all “lawyers” are subject to these regulations. In the UK (and Canada) lawyers are either barristers – representing clients in criminal and civil proceedings in court – or solicitors – acting for clients in all other legal matters. The ML/TF regulations apply, generally, to solicitors, or “independent legal professionals and trust of company service providers” that provide “legal or notorial services to other persons, when participating in financial or real property transactions concerning” the buying or selling of real property and businesses, managing client money or asserts, opening and management of bank, savings, or securities accounts, and creating companies, trusts, and foundations. Put simply, financial, company, or property transactional work outside the court systems is covered by the ML/TF program and reporting requirements.

Note 2: the money laundering and terrorist financing compliance program requirements address at least (or only) three (3) of the enumerated thirty-eight (38) risks identified by the SRA in its Regulatory Risks Index. Ten (10) of the risks relate to the market and are not given a “severity” score: twenty-eight (28) of the risks relate to individual firms and are given a severity risk. Those risks range from a low of 4% for geographical or jurisdictional conflicts to a high of 96% for misuse of money or assets. The mean (average) risk is 43%, and the median (middle) risk is 38%. The second highest severity score was for criminal association (77%), the third highest was for money laundering (73%), and the fourth highest was for bribery and corruption (67%). Other than stealing clients’ money, the Solicitors Regulation Authority considers financial crimes – associating with criminals, money laundering, and bribery and corruption – to be the risks with the greatest severity. So with such severe risk, one would assume that firms would be serious about their compliance requirements: the results of the SRA’s review suggest otherwise.

In 2018 the SRA reviewed the programs of 59 law firms. On May 7, 2019 the SRA published the results. The actual report is at Go to the review. The press release is at https://www.sra.org.uk/sra/news/press/aml-tcsp-review-2019.page.

The SRA’s press release provided as follows:

A review has shown that a significant minority of law firms are not doing enough to prevent money laundering, with some falling seriously short.

The review did not find evidence of actual money laundering or that firms had any intention of becoming involved in criminal activities. However, it did find a range of breaches of the 2017 Money Laundering Regulations, as well as poor training and processes.

One of the biggest areas of concern was firms’ risk assessments. A firm risk assessment is required in legislation and should be the backbone of a firm’s anti-money laundering approach. We found that more than a third (24) of firms reviewed fell short in this area, including four that had no risk assessment at all.

There were also issues around appropriate customer due diligence. This included inadequate processes in almost a quarter (14) of firms to manage risks around Politically Exposed Persons, known as PEPs. However, in some instances effective customer due diligence did result in firms turning down work. Fifteen firms had done this, with one of the main reasons being evasive clients.

As a result of the review we have put 26 firms [out of 59] into our disciplinary processes. We have also published a warning notice reminding the profession of their obligations, particularly in relation to firm risk assessments. And we have begun a further review of 400 other law firms to check compliance with the Governments 2017 Money Laundering Regulations. This review will be led by a new dedicated anti-money laundering unit, being set up to bolster resources to prevent and detect money laundering.

But as important as what the press release did include is what it did not include. According to the actual report:

“Firms had raised low numbers of internal suspicious activity reports (ISARs).” The actual data, represented by the graphic below, suggests an even bleaker picture: only three (3) of fifty-nine (59) firms  – or one out of twenty – averaged more than one internal report on potential suspicious activity per year.  And the report noted that “only 10 firms had submitted SARs in the last 24 months”, but like the ISAR data, the actual SAR data was even more bleak, with only two (2) of the fifty-nine (59) firms filing more than one SAR a year over the last two years. 

Other results are worth highlighting:

  • two firms failed to consider the countries that they operate in and failed to have a PEP process in place
  • two firms failed to consider the geographical location of their clients or the nature of their firm’s work
  • five firms failed to consider the types of transactions that they undertake. They also failed to provide information and procedures in their AML policy about scrutinising complex and/or unusual transaction or transactions that have no apparent economic or legal purpose
  • one firm failed to address how they deliver legal services and also acknowledged that they do not see 5% of their clients
  • five firms that did not have a file [client] risk assessment process in place. This is concerning and suggests that some firms are not systematically addressing money laundering issues. This undermines the ability of fee earners to detect issues, report concerns and mitigate risks.
  • nine firms that had a [client risk assessment] process in place, but the fee earner was unable to provide an adequate risk assessment for each file. These failures suggest some firms struggle to monitor the compliance levels of fee earners and/or fail to implement the process/policy
  • We made eight referrals into our disciplinary processes about inadequate AML policies. This included one referral for a complete lack of written policies
  • of the 59 firms we visited, the fee earner we spoke to at 10 of the firms (17%) was unable to provide the relevant CDD for each of their files
  • eight files did not contain adequate information and/or recorded evidence about beneficial owners of the relevant trust or company
  • eight firms had no PEP process. These firms were referred into our disciplinary process

These same firms are advising financial institutions on how to comply with UK AML laws and regulations. It is inconceivable that these firms would ignore their own advice – assuming it is good advice – by having programs that have inadequate risk assessments, missing or inadequate customer due diligence files, no or inadequate internal processes for escalating unusual or potentially suspicious activity, and missing SARs. In fairness, though, where five firms have no programs, fifty-four have programs; where eight firms have no PEP process, fifty-one have a PEP process. And, as the headline indicates, at least the UK solicitors are equal partners with their financial institution clients in the global fight against money laundering and terrorist financing … unlike their American counterparts.

Regulators Testify on BSA/AML

On May 15, 2019 the Senate Banking Committee held a hearing on “Oversight of Financial Regulators”. The link to the hearing is:

https://www.banking.senate.gov/hearings/oversight-of-financial-regulators

The heads of the OCC, FDIC, and NCUA, and the head of regulatory supervision of the Board of Governors of the Federal Reserve, submitted written statements and testified. Anti-money laundering (AML) and its regulatory regime under the Bank Secrecy Act (BSA) were touched on by three of the four witnesses in their written statements.

The OCC’s Comptroller, Joseph Otting, had the following:

“Compliance risk remains elevated as banks seek to manage money-laundering risks in a complex, dynamic operating and regulatory environment.”

“My priorities also include improving the efficiency and effectiveness of Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) regulations, supervision, and examination, while continuing to support law enforcement, protect the financial system from those who seek to exploit it for illicit and illegal purposes, and reduce the burden of BSA/AML compliance.”

And under the heading “Bank Secrecy Act and Anti-Money Laundering”, the Comptroller wrote:

The BSA and AML laws and regulations exist to protect our financial system from criminals who would exploit that system for their own illegal purposes or use that system to finance terrorism. While regulators and the industry share a commitment to fighting money laundering and other illegal activities, the process for complying with current BSA/AML laws and regulations has become inefficient and costly. It is critical that the BSA/AML regime be updated and enhanced to address today’s threats and better use the capabilities of modern technology to protect the financial system from illicit activity.

The OCC has taken a leadership role in coordinating discussions with the FDIC, Board of Governors of the Federal Reserve System, National Credit Union Administration, Treasury’s Office of Financial Intelligence, and FinCEN to identify and implement ways to improve the efficiency and effectiveness of BSA/AML regulations, supervision, and examinations, while continuing to meet the requirements of the statute and regulations, support law enforcement, and reduce BSA/AML compliance burden. In October 2018, these agencies released a joint statement clarifying ways in which community banks with a lower BSA risk profile may be able to increase efficiency and reduce burden in their BSA/AML compliance programs by sharing BSA resources. The statement describes how these banks can effectively use collaborative arrangements to share human, technology, or other resources related to BSA compliance to reduce costs, increase operational efficiency, and leverage specialized expertise.

More recently, in December 2018, these agencies issued a joint statement encouraging banks to take innovative approaches to meet their BSA/AML compliance obligations. The statement recognizes significant potential for technological innovation to transform BSA/AML compliance. In addition to assisting banks’ efforts to control their costs, innovation is increasingly necessary to counter constantly changing threats, as illicit financing methods evolve to exploit vulnerabilities in existing systems. The statement makes clear the agencies are committed to continued engagement with the private sector to modernize and innovate in their BSA/AML compliance programs. The OCC is actively engaged in discussions with banks and other stakeholders regarding ways to explore enhanced technology usage while maintaining the current strong protections for the financial system.

The OCC also has identified areas in which legislative changes could increase the impact and efficiency of BSA/AML regulation and compliance programs. The OCC generally supports legislative changes that would reduce unnecessary industry burden and compliance costs and allow for more effective information sharing related to illicit finance. These include requiring a regular review of BSA/AML regulations to identify those that could be strengthened, refined or to reduce unnecessary burden, and providing safe harbors to promote sharing of information.

The written statements of Jelena Williams, Chair of the FDIC, and Randal K. Quarles, Vice Chair for Supervision for the Federal Reserve, did not include anything on BSA/AML.

The written statement of Rodney E. Hood, Chairman of the National Credit Union Administration (NCUA), included the following on BSA/AML (footnotes omitted):

Ensuring Compliance with the Bank Secrecy Act The NCUA takes seriously its obligations to supervise federal credit unions for compliance with the various BSA and AML laws and regulations. As technology has become embedded in financial systems, even small financial institutions like credit unions can be vulnerable to illicit finance activity. The NCUA examines federal credit union compliance with BSA during every examination that we conduct. Additionally, the NCUA assists state regulators by conducting BSA examinations in federally insured, state-chartered credit unions where state resources are limited. In 2018, the NCUA conducted 3,308 BSA examinations in federal credit unions.

The NCUA’s BSA reviews are risk-focused and include a set of core procedures that cover an institution’s compliance with the pillars of the BSA. These core procedures are based on the FFIEC examination procedures we issue jointly with the other federal financial regulatory agencies. In addition to the core procedures, examiners are trained and directed to tailor examinations based on the unique risk characteristics of each federal credit union. Federal credit unions that have diverse platforms with higher risk activities will receive an expanded review tailored to the unique risk characteristics they present. Conversely, examinations of smaller, low-risk credit unions are appropriately scaled to minimal necessary procedures consistent with their risk characteristics and our obligations under the FCU Act.

The NCUA coordinates regularly with our counterparts as the other federal financial regulatory agencies, as well as the Financial Crimes Enforcement Network (FinCEN). The NCUA actively participates in the Bank Secrecy Act Advisory Group (BSAAG) and the FFIEC BSA Working Group. Additionally, the NCUA is part of a recently established interagency working group to improve effectiveness and streamline, where possible, our regulations and supervisory processes. The working group recently issued a Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing, as well as an Interagency Statement on Shared BSA Resources. Both joint statements provide appropriate information for institutions to leverage resources and new technologies to improve and streamline their BSA compliance obligations. The NCUA intends to continue to foster collaborative working relationships with our regulatory counterparts, including FinCEN. I believe that this is especially important in addressing substantial concerns related to the proliferation of cash-based businesses, which further necessitates reforming and modernizing the BSA regime.

Finally, the NCUA also communicates with the credit union industry through numerous channels, including: BSAAG participation and outreach; assistance and participation in national events applicable to the BSA attended by credit union industry professionals and leaders; and through periodic and ongoing training via webinars. The NCUA continues to maintain transparency in its policy positions. To that end, the agency publishes our examination and policy manuals, as well as nearly all guidance and directives provided to examiners related to the supervisory process or examinations.

I’ve highlighted three excerpts from Comptroller’s Otting’s statement:

It is critical that the BSA/AML regime be updated and enhanced to address today’s threats and better use the capabilities of modern technology to protect the financial system from illicit activity.

The agencies issued a joint statement encouraging banks to take innovative approaches to meet their BSA/AML compliance obligations. The statement recognizes significant potential for technological innovation to transform BSA/AML compliance.

The OCC generally supports legislative changes that would reduce unnecessary industry burden and compliance costs and allow for more effective information sharing related to illicit finance. These include requiring a regular review of BSA/AML regulations to identify those that could be strengthened, refined or to reduce unnecessary burden, and providing safe harbors to promote sharing of information.

Comptroller Otting’s testimony – and indeed the actions of the OCC and the other regulators – around the encouragement of innovative uses of technology is a very positive for all financial institutions struggling to balance the competing and sometimes conflicting interests and perspectives of their regulators, their customers, and law enforcement. The promotion of sharing information is also very positive: financial institutions working individually will never fulfill their regulatory obligations effectively or efficiently, and can only do so by sharing information with other institutions. Big data intelligence and collaborative investigations are the future of BSA/AML.

The Plaintiffs Trump v Democrat-controlled House Committees’ Subpoenas

One key question – do the Committees’ investigations have a valid legislative purpose? – brings Anti-Money Laundering investigations and legislation into the spotlight

I am not offering an opinion, one way or another, on the relative merits of the parties’ allegations: I am pointing out that these cases could have an impact on AML programs and professionals.

In two different federal courts in a span of seven days, President Trump and various companies he owned or controlled, directly or indirectly (or owns or controls, directly or indirectly, through a trust or otherwise, or otherwise has or had an interest in), and in the New York case, three of his children (all collectively referred to “the Plaintiffs Trump”), sought to quash a number of subpoenas issued by three Democrat-controlled U.S. House of Representative committees. In both cases, the plaintiffs Trump argued that the Democrats or Democrat-controlled committees:

“ignored the constitutional limits on Congress’ power to investigate. Article I of the Constitution does not contain an ‘Investigations Clause’ or an ‘Oversight Clause.’ It gives Congress the power to enact certain legislation. Accordingly, investigations are legitimate only insofar as they further some legitimate legislative purpose. No investigation can be an end in itself. And Congress cannot use investigations to exercise powers that the Constitution assigns to the executive or judicial branch.”

In the Washington DC case, the Plaintiffs Trump allege:

“[the] subpoena … lacks a legitimate legislative purpose. There is no possible legislation at the end of this tunnel; indeed, the Chairman does not claim otherwise. With this subpoena, the Oversight Committee is instead assuming the powers of the Department of Justice, investigating (dubious and partisan) allegations of illegal conduct by private individuals outside of government. Its goal is to expose Plaintiffs’ private financial information for the sake of exposure, with the hope that it will turn up something that Democrats can use as a political tool against the President now and in the 2020 election.”

In the New York case, the Plaintiffs Trump allege:

“The subpoenas … lack any legitimate legislative purpose. There is no possible legislation at the end of this tunnel; indeed, the Committee Chairs have not claimed otherwise. With these subpoenas, the Committees are instead assuming the powers of the Department of Justice, investigating (dubious and partisan) rumors of illegal conduct by private individuals, many of whom are outside of government. Their goal is to rummage around Plaintiffs’ private financial information in the hope that they will stumble upon something they can expose publicly and use as a political tool against the President.”

The cases are very similar and involve the same four basic principles of law: the scope of the investigatory powers of Congress, whether and to what extent the various committees have the power to investigate, whether a committee has a “valid legislative purpose” in issuing a subpoena, and the role of the courts in quashing Congressional subpoenas. In the DC case, the “valid legislative purpose” or purposes involve conflicts of interest and financial disclosure issues: in the New York case, those purposes involve compliance with banking regulations, money laundering, industry-wide compliance with anti-money laundering policies, the use of anonymous corporations as vehicles to launder illicit funds, and transparency regarding ownership of anonymous shell corporations generally.

For AML professionals, the New York case should be watched closely to see if there is any impact on AML legislation, regulation, and expectations.

The Washington DC Case – Federal District Court, District of Columbia, Civil Case Number 19CV01136 –filed April 22, 2019

In this case, President Trump and various Trump-owned and/or controlled (previously or currently, directly or indirectly through trusts or otherwise) companies, sued Elijah Cummings in his official capacity as Chairman of the House Committee on Oversight & Reform, and Mazars USA LLP. The opening two paragraphs of the complaint paint the picture:

“The Democrat Party, with its newfound control of the U.S. House of Representatives, has declared all-out political war against President Donald J. Trump. Subpoenas are their weapon of choice.”

“This case involves one of those subpoenas. Last week, Defendant Elijah E. Cummings invoked his authority as Chairman of the House Oversight Committee to subpoena Mazars USA LLP—the longtime accountant for President Trump and several Trump entities (all Plaintiffs here). Chairman Cummings asked Mazars for financial statements, supporting documents, and communications about Plaintiffs over an eight-year period—mostly predating the President’s time in office.”

(One week after the complaint was filed, the parties agreed to, essentially, dismiss the case against the accounting firm and the Chairman of the House Committee, and substitute as the sole defendant the actual Committee, to be represented by the Office of General Counsel of the House of Representatives).

On May 9th, Judge Amit Mehta issued an order that has the effect of turning the May 14th hearing on the preliminary injunction into a trial on the merits: the Judge will hear arguments on the 14th and then decide whether the subpoena shall stand or not.

The New York Case – Federal District Court, Southern District of New York, Civil Case Number 19CV03826 – filed April 29, 2019

This complaint is very similar to the complaint filed in Washington DC the prior week. Here, President Trump, a number of his companies, and three of his children (Donald Jr., Eric, and Ivanka: again, “the Plaintiffs Trump”) brought a civil complaint against two of the Plaintiffs Trump’s banks, Deutsche Bank and Capital One, to prevent the banks from responding to subpoenas issued by the House Permanent Select Committee on Intelligence and the House Financial Services Committee. Among other allegations, the Plaintiffs Trump pleaded that the subpoenas “have no legitimate or lawful purpose”, are “to harass” the President, “to rummage through every aspect of his personal finances” and are intended to “ferret about” for incriminating information. And as in the DC case, the Plaintiffs Trump also argue that the Committees are exceeding their constitutional powers:

“The Committees have ignored the constitutional limits on Congress’ power to investigate. Article I of the Constitution does not contain an ‘Investigations Clause’ or an ‘Oversight Clause.’ It gives Congress the power to enact certain legislation. Accordingly, investigations are legitimate only insofar as they further some legitimate legislative purpose. No investigation can be an end in itself. And Congress cannot use investigations to exercise powers that the Constitution assigns to the executive or judicial branch.”

“The subpoenas to Deutsche Bank and Capital One lack any legitimate legislative purpose. There is no possible legislation at the end of this tunnel; indeed, the Committee Chairs have not claimed otherwise. With these subpoenas, the Committees are instead assuming the powers of the Department of Justice, investigating (dubious and partisan) rumors of illegal conduct by private individuals, many of whom are outside of government. Their goal is to rummage around Plaintiffs’ private financial information in the hope that they will stumble upon something they can expose publicly and use as a political tool against the President.”

On May 3rd the plaintiffs filed a Motion for Preliminary Injunction to prevent the defendant banks from responding to the subpoenas. The two Committees intervened, and were added as Intervenor-Defendants (“real parties in interest”) and are represented by the Office of General Counsel of the U.S. House of Representatives. The parties agreed on a schedule for submitting replies to the Motion and for a hearing date – May 15th.

On May 10th the House filed its Opposition to the Trump motion. Among other things, the Opposition addresses the Plaintiffs Trump arguments about the powers of the Congressional committees and their motives in issuing the subpoenas:

  • “Mr. Trump’s request for a preliminary injunction betrays a fundamental misunderstanding of the powers of the Legislative Branch under our constitutional scheme and is flatly inconsistent with nearly a century of Supreme Court precedent.”
  • “Contrary to Mr. Trump’s allegation that the Committees are merely attempting to expose his finances, the Committees are investigating serious and urgent questions concerning the safety of banking practices, money laundering in the financial sector, foreign influence in the U.S. political process, and the threat of foreign financial leverage, including over the President, his family, and his business.”
  • “The Committees are conducting wide-ranging investigations of issues bearing upon the integrity of the U.S. financial system and national security, including bank fraud, money laundering, foreign influence in the U.S. political process, and the counterintelligence risks posed by foreign powers’ use of financial leverage.”

The House Opposition provides some details on what the two committees are investigating. The details relating to the Committee on Financial Services are particularly interesting for AML professionals. That Committee is:

“… investigating serious issues regarding compliance with banking regulations, loan practices, and money laundering … the movement of illicit funds throughout the global financial system … the questionable financing provided to President Trump and the Trump Organization by banks like Deutsche Bank to finance his real estate properties …. industry-wide compliance with banking statutes and regulations, particularly anti-money laundering policies … the use of anonymous corporations as vehicles to launder illicit funds through legitimate investments and enterprises …”

And “[t]he Committee is considering legislation that would increase transparency regarding ownership of anonymous shell corporations generally.”

As of this writing, the Plaintiffs Trump have not yet replied to the House Opposition to their motion.

FinCEN’s Advisories and Guidance – “Persuasive Precedential Effect”, Whatever That Means

US-based AML practitioners are familiar with FinCEN Guidance and Advisories. Most are probably not sure what the differences are between a Guidance document and an Advisory. But both seem to have something called “persuasive precedential effect”. What is persuasive precedential effect? Is it different from non-persuasive precedential effect? My spell check doesn’t recognize the word “precedential”, and Googling the phrase only brings back 74 hits.

Just what is “persuasive precedential effect”? Having just glanced at the title of the first search result – “Legitimacy Model for the Interpretation of Plurality Decisions” – I couldn’t bear to try to answer that question myself, so … could a financial institution subject to the BSA please seek an Administrative Ruling from FinCEN to get an answer to the question “what does the phrase ‘persuasive precedential effect’ actually mean?”

FinCEN’s Regulatory Releases – Regulations, Guidance, Statements of Policy, Advisories, and Enforcement Rulings

On May 9, 2019, the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN), which has responsibility for the administration of the Bank Secrecy Act (BSA) under Treasury Order 180-01 (1992), issued formal Guidance (FIN-2019-G001) titled “Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies.”

https://www.fincen.gov/sites/default/files/2019-05/FinCEN%20Guidance%20CVC%20FINAL%20508.pdf

Also on May 9th, FinCEN issued an Advisory (FIN-2019-A003) titled “Advisory on Illicit Activity Involving Convertible Virtual Currency”.

https://www.fincen.gov/sites/default/files/advisory/2019-05-09/FinCEN%20Advisory%20CVC%20FINAL%20508_0.pdf

Why two documents? Why was one labeled “Guidance” and the other “Advisory”? The answers, in part, can be found at FinCEN’s “Regulatory Releases” page: FinCEN Regulatory Releases

According to FinCEN, it has authority to issue regulations, regulatory interpretations and guidance, advisories, and enforcement assessments/consent assessments. As explained by FinCEN:

I. Regulations

Regulations implementing the Bank Secrecy Act codified in title 31 of the Code of Federal Regulations, Chapter X (31 CFR Chapter X). Related publications include:

  • Final rules
  • Interim final rules
  • Notices of proposed rulemakings (known as “NPRM”)
  • Advance notices of proposed rulemakings (known as “ANPRM”)
  • Corrections

Final rules, interim final rules, and any subsequent corrections to these rules, are binding obligations on individuals and entities within the scope of such rules.

II. Regulatory Interpretations and Guidance

According to FinCEN, it “routinely issue[s] interpretations of BSA regulations as well as guidance to financial institutions on complying with our regulations.” There are three categories that fall into this bucket:

1. Administrative Rulings

The authority, process, and effect of Administrative Rulings is contained in subpart G of Part X of Title 31 of the code of Federal regulations – 31 CFR § 1010.710-717. Although FinCEN’s website provides that “published letter rulings often express an opinion about a new issue, apply an established theory or analysis to a set of facts that differs materially from facts or circumstances that have been previously considered, or provide a new interpretation of Title 31 of the United States Code, or any other statute granting FinCEN authority”, the regulation itself is somewhat more direct. It provides:

§1010.715 Issuing rulings – The Director, FinCEN, or his designee may issue a written ruling interpreting the relationship between this chapter and each situation for which such a ruling has been requested in conformity with § 1010.711. A ruling issued under this section shall bind FinCEN only in the event that the request describes a specifically identified actual situation. A ruling issued under this section shall have precedential value, and hence may be relied upon by others similarly situated, only if FinCEN makes it available to the public through publication on the FinCEN Web site under the heading “Administrative rulings” or other appropriate forum.”

The result? If FinCEN publishes an Administrative Ruling, it shall have precedential value and may be relied upon by financial institutions “similarly situated” as the requestor.

2. Interpretive Guidance

FinCEN provides three examples of interpretive guidance:

  • Interpretive releases, including written responses to informal inquires on the application of 31 CFR Chapter X that are not made and submitted to the Financial Crimes Enforcement Network consistent with the procedures outlined at 31 CFR § 1010.711
  • Frequently Asked Questions
  • Staff commentaries

Notably, interpretations of BSA regulations that are published on FinCEN’s public web site under the heading “Guidance” shall have persuasive precedential effect and, to that extent, may be relied upon by those financial institutions subject to the specific provision of the BSA regulation being interpreted until such interpretation is superseded, revoked, or amended.

FinCEN notes that “if written guidance is not published on FinCEN’s public web site under the heading “Guidance”, although not binding, such guidance provides useful insight into our view of the application of the Bank Secrecy Act and its implementing regulations at the time that the guidance is issued.”

3. Statements of Policy

This appears to cover guidance not published as “Guidance”, as well as “statements outlining or describing our policy with respect to specific issues arising under the Bank Secrecy Act.” According to FinCEN, “these statements provide useful insight into our view of the application of the Bank Secrecy Act and its implementing regulations at the time the statement is issued.”

III. Advisories

Advisories are published to financial institutions “concerning money laundering or terrorist financing threats and vulnerabilities for the purpose of enabling financial institutions to guard against such threats.”  If published on the FinCEN web site under the heading “Advisories” and to the extent they interpret BSA regulations , Advisories shall have persuasive precedential effect and may be relied upon by those financial institutions subject to the specific provision of the BSA regulation being interpreted until such interpretation is superseded, revoked, or amended.

And, like guidance not published under the heading “Guidance”, advisories not published under the heading “Advisory”, are not binding but provides “useful insight into [FinCEN’s] view of the application of the BSA and BSA regulations at the time that the advisory/guidance is issued.

IV. Enforcement Assessments and Consent Assessments

Public enforcement actions, often referred to as “Consent Orders” by the OCC and Federal Reserve and “Consent Assessments” by FinCEN because they are entered into with the (grudging) consent of the sanctioned entity, are binding on and apply exclusively to the sanctioned entity. However, as FinCEN notes, any “regulatory interpretations contained in such assessments shall have persuasive precedential effect and, to that extent, may be relied upon by those financial institutions subject to the specific provision of 31 CFR Chapter X being interpreted until such interpretation is superseded, revoked, or amended.”

FINRA’s list of AML Red Flags has gone from 25 to 97

FINRA Provides Guidance to Firms Regarding Suspicious Activity Monitoring and Reporting Obligations

http://www.finra.org/sites/default/files/notice_doc_file_ref/Regulatory-Notice-19-18.pdf

May 9, 2019

FINRA issued the Notice to provide guidance to member firms regarding suspicious activity monitoring and reporting obligations under FINRA Rule 3310 (Anti-Money Laundering Compliance Program). The guidance included ninety-seven (97) red flags organized into six sections:

  1. Potential Red Flags in Customer Due Diligence and Interactions With Customers (19 red flags, 10 are new)
  2. Potential Red Flags in Deposits of Securities (8 red flags, all are new)
  3. Potential Red Flags in Securities Trading (20 red flags, 18 are new)
  4. Potential Red Flags in Money Movements (31 red flags, 20 are new)
  5. Potential Red Flags in Insurance Products (5 red flags, all are new)
  6. Other Potential Red Flags (14 red flags, 10 are new)

The Notice provided that these red flags were in addition to the money laundering red flags that appeared in Notice to Members 02-21 (NTM 02-21) published in April 2002:

“Since NTM 02-21 was published [in April 2002], guidance detailing additional red flags that may be applicable to the securities industry have been published by a number of U.S. government agencies and international organizations. FINRA is issuing this Notice to provide examples of these additional money laundering red flags for firms to consider incorporating into their AML programs, as may be appropriate in implementing a risk-based approach to BSA/AML compliance.”

“This Notice is intended to assist broker-dealers in complying with their existing obligations under BSA/AML requirements and does not create any new requirements or expectations. In addition, this Notice incorporates the red flags listed in NTM 02-21 so that firms can refer to this Notice only for examples of potential red flags.”

So the twenty-five 2002 red flags are included, but not identified, within the ninety-seven 2019 red flags. To assist compliance professionals, I have gone through the 2002 red flags and inserted them into the 2019 red flags so that those professionals can more easily determine whether their current programs are covering off the “new” red flags.

2002 Red Flags

  1. The customer exhibits unusual concern regarding the firm’s compliance with government reporting requirements and the firm’s AML policies, particularly with respect to his or her identity, type of business and assets, or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspect identification or business documents.
  2. The customer wishes to engage in transactions that lack business sense or apparent investment strategy, or are inconsistent with the customer’s stated business strategy.
  3. The information provided by the customer that identifies a legitimate source for funds is false, misleading, or substantially incorrect.
  4. Upon request, the customer refuses to identify or fails to indicate any legitimate source for his or her funds and other assets.
  5. The customer (or a person publicly associated with the customer) has a questionable background or is the subject of news reports indicating possible criminal, civil, or regulatory violations.
  6. The customer exhibits a lack of concern regarding risks, commissions, or other transaction costs.
  7. The customer appears to be acting as an agent for an undisclosed principal, but declines or is reluctant, without legitimate commercial reasons, to provide information or is otherwise evasive regarding that person or entity.
  8. The customer has difficulty describing the nature of his or her business or lacks general knowledge of his or her industry.
  9. The customer attempts to make frequent or large deposits of currency, insists on dealing only in cash equivalents, or asks for exemptions from the firm’s policies relating to the deposit of cash and cash equivalents.
  10. The customer engages in transactions involving cash or cash equivalents or other monetary instruments that appear to be structured to avoid the $10,000 government reporting requirements, especially if the cash or monetary instruments are in an amount just below reporting or recording thresholds.
  11. For no apparent reason, the customer has multiple accounts under a single name or multiple names, with a large number of inter-account or third-party transfers.
  12. The customer is from, or has accounts in, a country identified as a non-cooperative country or territory by the Financial Action Task Force (FATF).
  13. The customer’s account has unexplained or sudden extensive wire activity, especially in accounts that had little or no previous activity.
  14. The customer’s account shows numerous currency or cashiers check transactions aggregating to significant sums.
  15. The customer’s account has a large number of wire transfers to unrelated third parties inconsistent with the customer’s legitimate business purpose.
  16. The customer’s account has wire transfers that have no apparent business purpose to or from a country identified as a money laundering risk or a bank secrecy haven.
  17. The customer’s account indicates large or frequent wire transfers, immediately withdrawn by check or debit card without any apparent business purpose.
  18. The customer makes a funds deposit followed by an immediate request that the money be wired out or transferred to a third party, or to another firm, without any apparent business purpose.
  19. The customer makes a funds deposit for the purpose of purchasing a long-term investment followed shortly thereafter by a request to liquidate the position and transfer of the proceeds out of the account.
  20. The customer engages in excessive journal entries between unrelated accounts without any apparent business purpose.
  21. The customer requests that a transaction be processed in such a manner to avoid the firm’s normal documentation requirements.
  22. The customer, for no apparent reason or in conjunction with other “red flags,” engages in transactions involving certain types of securities, such as penny stocks, Regulation “S” (Reg S) stocks, and bearer bonds, which although legitimate, have been used in connection with fraudulent schemes and money laundering activity. (Such transactions may warrant further due diligence to ensure the legitimacy of the customer’s activity.)
  23. The customer’s account shows an unexplained high level of account activity with very low levels of securities transactions.
  24. The customer maintains multiple accounts, or maintains accounts in the names of family members or corporate entities, for no apparent business purpose or other purpose.
  25. The customer’s account has inflows of funds or other assets well beyond the known income or resources of the customer.

2019 Red Flags (with references to 2002 red flags)

I. Potential Red Flags in Customer Due Diligence and Interactions With Customers
  1. The customer provides the firm with unusual or suspicious identification documents that cannot be readily verified or are inconsistent with other statements or documents that the customer has provided. Or, the customer provides information that is inconsistent with other available information about the customer. This indicator may apply to account openings and to interaction subsequent to account opening. (2002 red flag # 1 – The customer exhibits unusual concern regarding the firm’s compliance with government reporting requirements and the firm’s AML policies, particularly with respect to his or her identity, type of business and assets, or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspect identification or business documents.)
  2. The customer is reluctant or refuses to provide the firm with complete customer due diligence information as required by the firm’s procedures, which may include information regarding the nature and purpose of the customer’s business, prior financial relationships, anticipated account activity, business location and, if applicable, the entity’s officers and directors. (2002 red flag # 1 – The customer exhibits unusual concern regarding the firm’s compliance with government reporting requirements and the firm’s AML policies, particularly with respect to his or her identity, type of business and assets, or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspect identification or business documents.)
  3. The customer refuses to identify a legitimate source of funds or information is false, misleading or substantially incorrect. (2002 Red Flag #4 – Upon request, the customer refuses to identify or fails to indicate any legitimate source for his or her funds and other assets. Also, 2002 red flag #3 – The information provided by the customer that identifies a legitimate source for funds is false, misleading, or substantially incorrect.)
  4. The customer is domiciled in, doing business in or regularly transacting with counterparties in a jurisdiction that is known as a bank secrecy haven, tax shelter, high-risk geographic location (e.g., known as a narcotics producing jurisdiction, known to have ineffective AML/Combating the Financing of Terrorism systems) or conflict zone, including those with an established threat of terrorism.
  5. The customer has difficulty describing the nature of his or her business or lacks general knowledge of his or her industry. (2002 red flag # 8 – The customer has difficulty describing the nature of his or her business or lacks general knowledge of his or her industry.)
  6. The customer has no discernable reason for using the firm’s service or the firm’s location (e.g., the customer lacks roots to the local community or has gone out of his or her way to use the firm).
  7. The customer has been rejected or has had its relationship terminated as a customer by other financial services firms.
  8. The customer’s legal or mailing address is associated with multiple other accounts or businesses that do not appear related.
  9. The customer appears to be acting as an agent for an undisclosed principal, but is reluctant to provide information. (2002 red flag # 7 – The customer appears to be acting as an agent for an undisclosed principal, but declines or is reluctant, without legitimate commercial reasons, to provide information or is otherwise evasive regarding that person or entity.)
  10. The customer is a trust, shell company or private investment company that is reluctant to provide information on controlling parties and underlying beneficiaries.
  11. The customer is publicly known or known to the firm to have criminal, civil or regulatory proceedings against him or her for crime, corruption or misuse of public funds, or is known to associate with such persons. Sources for this information could include news items, the Internet or commercial database searches. (2002 red flag #5 – The customer (or a person publicly associated with the customer) has a questionable background or is the subject of news reports indicating possible criminal, civil, or regulatory violations.)
  12. The customer’s background is questionable or differs from expectations based on business activities.
  13. The customer maintains multiple accounts, or maintains accounts in the names of family members or corporate entities, with no apparent business or other purpose. (2002 red flag # 11 – For no apparent reason, the customer has multiple accounts under a single name or multiple names, with a large number of inter-account or third-party transfers. Also 2002 red flag #24 – The customer maintains multiple accounts, or maintains accounts in the names of family members or corporate entities, for no apparent business purpose or other purpose.)
  14. An account is opened by a politically exposed person (PEP), particularly in conjunction with one or more additional risk factors, such as the account being opened by a shell company beneficially owned or controlled by the PEP, the PEP is from a country which has been identified by FATF as having strategic AML regime deficiencies, or the PEP is from a country known to have a high level of corruption. (similar to 2002 red flag # 12 – The customer is from, or has accounts in, a country identified as a non-cooperative country or territory by the Financial Action Task Force (FATF).)
  15. An account is opened by a non-profit organization that provides services in geographic locations known to be at higher risk for being an active terrorist threat.
  16. An account is opened in the name of a legal entity that is involved in the activities of an association, organization or foundation whose aims are related to the claims or demands of a known terrorist entity.
  17. An account is opened for a purported stock loan company, which may hold the restricted securities of corporate insiders who have pledged the securities as collateral for, and then defaulted on, purported loans, after which the securities are sold on an unregistered basis.
  18. An account is opened in the name of a foreign financial institution, such as an offshore bank or broker-dealer, that sells shares of stock on an unregistered basis on behalf of customers.
  19. An account is opened for a foreign financial institution that is affiliated with a U.S. broker-dealer, bypassing its U.S. affiliate, for no apparent business purpose. An apparent business purpose could include access to products or services the U.S. affiliate does not provide.
II. Potential Red Flags in Deposits of Securities
  1. A customer opens a new account and deposits physical certificates, or delivers in shares electronically, representing a large block of thinly traded or low-priced securities.
  2. A customer has a pattern of depositing physical share certificates, or a pattern of delivering in shares electronically, immediately selling the shares and then wiring, or otherwise transferring out the proceeds of the sale(s).
  3. A customer deposits into an account physical share certificates or electronically deposits or transfers shares that:
    • were recently issued or represent a large percentage of the float for the security;
    • reference a company or customer name that has been changed or that does not match the name on the account;
    • were issued by a shell company;
    • were issued by a company that has no apparent business, revenues or products;
    • were issued by a company whose SEC filings are not current, are incomplete, or nonexistent;
    • were issued by a company that has been through several recent name changes or business combinations or recapitalizations;
    • were issued by a company that has been the subject of a prior trading suspension; or
    • were issued by a company whose officers or insiders have a history of regulatory or criminal violations, or are associated with multiple low-priced stock issuers.
  1. The lack of a restrictive legend on deposited shares seems inconsistent with the date the customer acquired the securities, the nature of the transaction in which the securities were acquired, the history of the stock or the volume of shares trading.
  2. A customer with limited or no other assets at the firm receives an electronic transfer or journal transfer of large amounts of low-priced, non-exchange-listed securities.
  3. The customer’s explanation or documents purporting to evidence how the customer acquired the shares does not make sense or changes upon questioning by the firm or other parties. Such documents could include questionable legal opinions or securities purchase agreements.
  4. The customer deposits physical securities or delivers in shares electronically, and within a short time-frame, requests to journal the shares into multiple accounts that do not appear to be related, or to sell or otherwise transfer ownership of the shares.
  5. Seemingly unrelated clients open accounts on or at about the same time, deposit the same low-priced security and subsequently liquidate the security in a manner that suggests coordination.
III. Potential Red Flags in Securities Trading
  1. The customer, for no apparent reason or in conjunction with other “red flags,” engages in transactions involving certain types of securities, such as penny stocks, Regulation “S” stocks and bearer bonds, which although legitimate, have been used in connection with fraudulent schemes and money laundering activity. (Such transactions may warrant further due diligence to ensure the legitimacy of the customer’s activity.) (2002 red flag # 22 – The customer, for no apparent reason or in conjunction with other “red flags,” engages in transactions involving certain types of securities, such as penny stocks, Regulation “S” (Reg S) stocks, and bearer bonds, which although legitimate, have been used in connection with fraudulent schemes and money laundering activity. (Such transactions may warrant further due diligence to ensure the legitimacy of the customer’s activity.)).
  2. There is a sudden spike in investor demand for, coupled with a rising price in, a thinly traded or low-priced security.
  3. The customer’s activity represents a significant proportion of the daily trading volume in a thinly traded or low-priced security.
  4. A customer buys and sells securities with no discernable purpose or circumstances that appear unusual. (2002 red flag #2 – The customer wishes to engage in transactions that lack business sense or apparent investment strategy, or are inconsistent with the customer’s stated business strategy.)
  5. Individuals known throughout the industry to be stock promoters sell securities through the broker-dealer.
  6. A customer accumulates stock in small increments throughout the trading day to increase price.
  7. A customer engages in pre-arranged or other non-competitive securities trading, including wash or cross trades, with no apparent business purpose.
  8. A customer attempts to influence the closing price of a stock by executing purchase or sale orders at or near the close of the market.
  9. A customer engages in transactions suspected to be associated with cyber breaches of customer accounts, including potentially unauthorized disbursements of funds or trades.
  10. A customer engages in a frequent pattern of placing orders on one side of the market, usually inside the existing National Best Bid or Offer (NBBO), followed by the customer entering orders on the other side of the market that execute against other market participants that joined the market at the improved NBBO (activity indicative of “spoofing”).
  11. A customer engages in a frequent pattern of placing multiple limit orders on one side of the market at various price levels, followed by the customer entering orders on the opposite side of the market that are executed and the customer cancelling the original limit orders (activity indicative of “layering”).
  12. Two or more unrelated customer accounts at the firm trade an illiquid or low priced security suddenly and simultaneously.
  13. The customer makes a large purchase or sale of a security, or option on a security, shortly before news or a significant announcement is issued that affects the price of the security.
  14. The customer is known to have friends or family who work at or for the securities issuer, which may be a red flag for potential insider trading or unlawful sales of unregistered securities.
  15. The customer’s purchase of a security does not correspond to the customer’s investment profile or history of transactions (e.g., the customer may never have invested in equity securities or may have never invested in a given industry, but does so at an opportune time) and there is no reasonable explanation for the change.
  16. The account is using a master/sub structure, which enables trading anonymity with respect to the sub-accounts’ activity, and engages in trading activity that raises red flags, such as the liquidation of microcap issuers or potentially manipulative trading activity.
  17. The firm receives regulatory inquiries or grand jury or other subpoenas concerning the firm’s customers’ trading.
  18. The customer engages in a pattern of transactions in securities indicating the customer is using securities to engage in currency conversion. For example, the customer delivers in and subsequently liquidates American Depository Receipts (ADRs) or dual currency bonds for U.S. dollar proceeds, where the securities were originally purchased in a different currency.
  19. The customer engages in mirror trades or transactions involving securities used for currency conversions, potentially through the use of offsetting trades.
  20. The customer appears to buy or sell securities based on advanced knowledge of pending customer orders.
IV. Potential Red Flags in Money Movements
  1. The customer attempts or makes frequent or large deposits of currency, insists on dealing only in cash equivalents, or asks for exemptions from the firm’s policies and procedures relating to the deposit of cash and cash equivalents. (2002 red flag # 9 – The customer attempts to make frequent or large deposits of currency, insists on dealing only in cash equivalents, or asks for exemptions from the firm’s policies relating to the deposit of cash and cash equivalents.)
  2. The customer “structures” deposits, withdrawals or purchases of monetary instruments below a certain amount to avoid reporting or recordkeeping requirements, and may state directly that they are trying to avoid triggering a reporting obligation or to evade taxing authorities. (2002 red flag # 10 – The customer engages in transactions involving cash or cash equivalents or other monetary instruments that appear to be structured to avoid the $10,000 government reporting requirements, especially if the cash or monetary instruments are in an amount just below reporting or recording thresholds.)
  3. The customer seemingly breaks funds transfers into smaller transfers to avoid raising attention to a larger funds transfer. The smaller funds transfers do not appear to be based on payroll cycles, retirement needs, or other legitimate regular deposit and withdrawal strategies.
  4. The customer’s account shows numerous currency, money order (particularly sequentially numbered money orders) or cashier’s check transactions aggregating to significant sums without any apparent business or lawful purpose. (2002 red flag # 14 – The customer’s account shows numerous currency or cashiers check transactions aggregating to significant sums.)
  5. The customer frequently changes bank account details or information for redemption proceeds, in particular when followed by redemption requests.
  6. The customer makes a funds deposit followed by an immediate request that the money be wired out or transferred to a third party, or to another firm, without any apparent business purpose. (2002 red flag # 18 – The customer makes a funds deposit followed by an immediate request that the money be wired out or transferred to a third party, or to another firm, without any apparent business purpose.)
  7. Wire transfers are made in small amounts in an apparent effort to avoid triggering identification or reporting requirements. (this is similar to 2002 red flag # 21 – The customer requests that a transaction be processed in such a manner to avoid the firm’s normal documentation requirements.)
  8. Incoming payments are made by third-party checks or checks with multiple endorsements.
  9. Outgoing checks to third parties coincide with, or are close in time to, incoming checks from other third parties.
  10. Payments are made by third party check or money transfer from a source that has no apparent connection to the customer.
  11. Wire transfers are made to or from financial secrecy havens, tax havens, high risk geographic locations or conflict zones, including those with an established presence of terrorism. (2002 red flag #16 – The customer’s account has wire transfers that have no apparent business purpose to or from a country identified as a money laundering risk or a bank secrecy haven.)
  12. Wire transfers originate from jurisdictions that have been highlighted in relation to black market peso exchange activities.
  13. The customer engages in transactions involving foreign currency exchanges that are followed within a short time by wire transfers to locations of specific concern (e.g., countries designated by national authorities, such as FATF, as non-cooperative countries and territories).
  14. The parties to the transaction (e.g., originator or beneficiary) are from countries that are known to support terrorist activities and organizations.
  15. Wire transfers or payments are made to or from unrelated third parties (foreign or domestic), or where the name or account number of the beneficiary or remitter has not been supplied. (2002 red flag # 15 – The customer’s account has a large number of wire transfers to unrelated third parties inconsistent with the customer’s legitimate business purpose.)
  16. There is wire transfer activity that is unexplained, repetitive, unusually large, shows unusual patterns or has no apparent business purpose.
  17. The securities account is used for payments or outgoing wire transfers with little or no securities activities (i.e., account appears to be used as a depository account or a conduit for transfers, which may be purported to be for business operating needs). (similar to 2002 red flag # 23 – The customer’s account shows an unexplained high level of account activity with very low levels of securities transactions.).
  18. Funds are transferred to financial or depository institutions other than those from which the funds were initially received, specifically when different countries are involved.
  19. The customer engages in excessive journal entries of funds between related or unrelated accounts without any apparent business purpose. (2002 red flag #20 – The customer engages in excessive journal entries between unrelated accounts without any apparent business purpose.)
  20. The customer uses a personal/individual account for business purposes or vice versa.
  21. A foreign import business with U.S. accounts receives payments from outside the area of its customer base.
  22. There are frequent transactions involving round or whole dollar amounts purported to involve payments for goods or services.
  23. Upon request, a customer is unable or unwilling to produce appropriate documentation (e.g., invoices) to support a transaction, or documentation appears doctored or fake (e.g., documents contain significant discrepancies between the descriptions on the transport document or bill of lading, the invoice, or other documents such as the certificate of origin or packing list).
  24. The customer requests that certain payments be routed through nostro or correspondent accounts held by the financial intermediary instead of its own accounts, for no apparent business purpose.
  25. Funds are transferred into an account and are subsequently transferred out of the account in the same or nearly the same amounts, especially when the origin and destination locations are high-risk jurisdictions.
  26. A dormant account suddenly becomes active without a plausible explanation (e.g., large deposits that are suddenly wired out). (similar to 2002 red flag # 13 – The customer’s account has unexplained or sudden extensive wire activity, especially in accounts that had little or no previous activity.)
  27. Nonprofit or charitable organizations engage in financial transactions for which there appears to be no logical economic purpose or in which there appears to be no link between the stated activity of the organization and the other parties in the transaction.
  28. There is unusually frequent domestic and international automated teller machine (ATM) activity.
  29. A person customarily uses the ATM to make several deposits into a brokerage account below a specified BSA/AML reporting threshold.
  30. Many small, incoming wire transfers or deposits are made using checks and money orders that are almost immediately withdrawn or wired out in a manner inconsistent with the customer’s business or history; the checks or money orders may reference in a memo section “investment” or “for purchase of stock.” This may be an indicator of a Ponzi scheme or potential funneling activity. (2002 red flag # 17. The customer’s account indicates large or frequent wire transfers, immediately withdrawn by check or debit card without any apparent business purpose.)
  31. Wire transfer activity, when viewed over a period of time, reveals suspicious or unusual patterns, which could include round dollar, repetitive transactions or circuitous money movements.
V. Potential Red Flags in Insurance Products
  1. The customer cancels an insurance contract and directs that the funds be sent to a third party.
  2. The customer deposits an insurance annuity check from a cancelled policy and immediately requests a withdrawal or transfer of funds.
  3. The customer cancels an annuity product within the free-look period. This could be a red flag if accompanied with suspicious indicators, such as purchasing the annuity with several sequentially numbered money orders or having a history of cancelling annuity products during the free-look period.
  4. The customer opens and closes accounts with one insurance company, then reopens a new account shortly thereafter with the same insurance company, each time with new ownership information.
  5. The customer purchases an insurance product with no concern for the investment objective or performance.
VI. Other Potential Red Flags
  1. The customer is reluctant to provide information needed to file reports to proceed with the transaction.
  2. The customer exhibits unusual concern with the firm’s compliance with government reporting requirements and the firm’s AML policies. (similar to part of 2002 red flag #1 – The customer exhibits unusual concern regarding the firm’s compliance with government reporting requirements and the firm’s AML policies, particularly with respect to his or her identity, type of business and assets, or is reluctant or refuses to reveal any information concerning business activities, or furnishes unusual or suspect identification or business documents.)
  3. The customer tries to persuade an employee not to file required reports or not to maintain the required records.
  4. Notifications received from the broker-dealer’s clearing firm that the clearing firm had identified potentially suspicious activity in customer accounts. Such notifications can take the form of alerts or other concern regarding negative news, money movements or activity involving certain securities.
  5. Law enforcement has issued subpoenas or freeze letters regarding a customer or account at the securities firm.
  6. The customer makes high-value transactions not commensurate with the customer’s known income or financial resources. (2002 red flag #25 – The customer’s account has inflows of funds or other assets well beyond the known income or resources of the customer.)
  7. The customer wishes to engage in transactions that lack business sense or an apparent investment strategy, or are inconsistent with the customer’s stated business strategy.
  8. The stated business, occupation or financial resources of the customer are not commensurate with the type or level of activity of the customer.
  9. The customer engages in transactions that show the customer is acting on behalf of third parties with no apparent business or lawful purpose.
  10. The customer engages in transactions that show a sudden change inconsistent with normal activities of the customer.
  11. Securities transactions are unwound before maturity, absent volatile market conditions or other logical or apparent reason. (similar to 2002 red flag # 19 – The customer makes a funds deposit for the purpose of purchasing a long-term investment followed shortly thereafter by a request to liquidate the position and transfer of the proceeds out of the account.)
  12. The customer does not exhibit a concern with the cost of the transaction or fees (e.g., surrender fees, or higher than necessary commissions). (2002 red flag # 6 – The customer exhibits a lack of concern regarding risks, commissions, or other transaction costs.)
  13. A borrower defaults on a cash-secured loan or any loan that is secured by assets that are readily convertible into currency.
  14. There is an unusual use of trust funds in business transactions or other financial activity.

DeepDotWeb – a Major Gateway to Darknet Marketplaces Shut Down

“single most significant law enforcement disruption of the Darknet to date”

DeepDotWeb administrators led hundreds of thousands of users to DarkNet marketplaces

In an indictment dated April 24th and announced publicly on May 8th, the Department of Justice charged  Tal Prihar, 37, an Israeli citizen residing in Brazil, and Michael Phan, 34, an Israeli citizen residing in Israel, with one count of money laundering based on a number of underlying (predicate) criminal acts. The Government also seized the website, http://www.deepdotweb.com (DDW).

From October 2013 through April 2019, Prihar and Phan ran a “gateway” service that made it easy for people to access DarkNet marketplaces. In return, they received “Referral Bonuses” from the marketplaces, based on a percentage of purchases made by those they referred. In total, they received ~8,155 bitcoin worth $8.1 million (based on the value at the time of each transaction) in 40,000 deposits or transactions. They then made 2,700 withdrawals from their wallet (from at least three exchanges – OKCoin, Kraken, and BitPay – based on the forfeiture allegations) valued at $15.5 million, and converted bitcoin to fiat currency in accounts in at least three banks – Baltikums Bank in Latvia, First International Bank of Israel in Israel, and TBC Bank in Georgia (also based on the forfeiture allegations).

According to the DOJ press release – https://www.justice.gov/opa/pr/administrators-deepdotweb-indicted-money-laundering-conspiracy-relating-kickbacks-sales:

“According to the indictment unsealed today, these defendants allegedly made millions of dollars by providing a gateway to illegal Darknet marketplaces, allowing hundreds of thousands of users to buy fentanyl, hacking tools, stolen credit cards, and other contraband,” said Assistant Attorney General Benczkowski. “This is the single most significant law enforcement disruption of the Darknet to date,” said U.S. Attorney Scott W. Brady.  “While there have been successful prosecutions of various Darknet marketplaces, this prosecution is the first to attack the infrastructure supporting the Darknet itself.”

How did the Darknet gateway work?

Darknet marketplaces operated on the “Tor” network, a computer network designed to facilitate anonymous communication over the Internet.  Because of Tor’s structure, a user who wanted to visit a particular Darknet marketplace needed to know the site’s exact .onion address. Prihar and Phan provided a service to make it easier for people to access the Darknet marketplaces. They (allegedly) owned and operated DDW, hosted at www.deepdotweb.com and also accessible on the Darknet at DeepDot35Wveyd5.onion. DDW provided users with direct access to numerous online Darknet marketplaces, including AlphaBay, Hansa Market, and the recently shut-down Wall Street Market (by design, Darknet marketplaces are not accessible through traditional search engines). DDW simplified this process by including pages of hyperlinks to various Darknet marketplaces’ .onion addresses.

Users who visited DDW were able to click on the hyperlinks to navigate directly to the Darknet marketplaces.  Embedded in these links were unique account identifiers, which enabled the individual marketplaces to pay what they referred to as “Referral Bonuses,” to DDW. Through the use of the referral links, DDW received kickbacks from Darknet marketplaces every time a purchaser used DDW to buy illegal narcotics or other illegal goods on the marketplace.

These kickback payments were made in virtual currency, such as bitcoin, and paid into a DDW-controlled bitcoin “wallet.” To conceal and disguise the nature and source of the illegal proceeds, totaling over $15 million, Prihar and Phan transferred their illegal kickback payments from their DDW bitcoin wallet to other bitcoin accounts and to bank accounts in Latvia, Israel, and Georgia they controlled in the names of shell companies.

AlphaBay DarkNet Marketplace

AlphaBay was shut down by the DOJ on July 20, 2017. Its administrator, Alexandre Cazes, was indicted in the Eastern District of California (EDCA 17CR00144). According to that indictment, AlphaBay had 40,000 vendors and 200,000 users. According to the Prihar and Phan indictment, approximately 23.6 percent of all orders completed on AlphaBay were associated with an account created through a DDW referral link, and Prihar and Phan received 3,273 Bitcoin in referral fees or kickbacks.

An inter-agency and international effort

This is another example of the good work being done by the FBI’s Hi-Tech Organized Crime Unit and a multi-agency Joint Criminal Opioid and Darknet Enforcement (J-CODE) Team made up of agents and analysts from the FBI, DEA, US Postal Inspection Service (USPIS), U.S. Customs and Border Protection (CBP), U.S. Immigration and Customs Enforcement’s Homeland Security Investigations (HSI), Department of Defense (DOD), and FinCEN.  International partners included French authorities, Brazilian Federal Police Cyber Division, Israeli National Police, Dutch National Police, Europol Darkweb Team, German Federal Criminal Police (the Bundeskriminalamt), Polizeidirektion Zwickau and Saxon Police in Germany and law enforcement authorities in the United Kingdom.

As the US Attorney reminds us … an indictment contains only allegations.  A defendant is presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

AG Sessions: “No more guidance!” AG Barr: “Here’s new guidance!”

Does “good faith” mean “effective”?

On November 17, 2017 the DOJ issued a press release titled “Attorney General Jeff Sessions Ends the Department’s Practice of Regulation by Guidance”. It provided, in part:

“Today, in an action to further uphold the rule of law in the executive branch, Attorney General Jeff Sessions issued a memo prohibiting the Department of Justice from issuing guidance documents that have the effect of adopting new regulatory requirements or amending the law. The memo prevents the Department of Justice from evading required rulemaking processes by using guidance memos to create de facto regulations. ‘Guidance documents can be used to explain existing law,’ Associate Attorney General Brand said.  ‘But they should not be used to change the law or to impose new standards to determine compliance with the law … This Department of Justice will not use guidance documents to circumvent the rulemaking process, and we will proactively work to rescind existing guidance documents that go too far.’”

See https://www.justice.gov/opa/pr/attorney-general-jeff-sessions-ends-department-s-practice-regulation-guidance

On April 30, 2019 the DOJ issued a press release titled “Criminal Division Announces Publication of Guidance on Evaluating Corporate Compliance Programs.” It provided, in part:

“The Criminal Division announced today the release of a guidance document for white-collar prosecutors on the evaluation of corporate compliance programs.  The document, entitled ‘The Evaluation of Corporate Compliance Programs,’ updates a prior version issued by the Division’s Fraud Section in February 2017.  It seeks to better harmonize the guidance with other Department guidance and standards while providing additional context to the multifactor analysis of a company’s compliance program.”

See https://www.justice.gov/opa/pr/criminal-division-announces-publication-guidance-evaluating-corporate-compliance-programs

This new Guidance Document brings far-reaching consequences for corporations and those that work for corporations. It provides as follows:

“As the Justice Manual notes, there are three ‘fundamental questions’ a prosecutor should ask:

  1. ‘Is the corporation’s compliance program well designed?’
  2. ‘Is the program being applied earnestly and in good faith?’ In other words, is the program being implemented effectively?
  3. ‘Does the corporation’s compliance program work’ in practice?

And then it cites JM [Justice Manual] § 9-28.800.

So as I usually do, I went to the source – the Justice Manual – to make sure that it does, in fact, have those same three fundamental changes. What does that section actually provide? Accessing  https://www.justice.gov/jm/jm-9-28000-principles-federal-prosecution-business-organizations#9-28.800 on May 3, 2019, it provides as follows:

“The fundamental questions any prosecutor should ask are: Is the corporation’s compliance program well designed? Is the program being applied earnestly and in good faith? Does the corporation’s compliance program work?”

So it appears that the Guidance has interpreted “applied earnestly and in good faith” to mean “implemented effectively.”

This appears to be a shift from one that appears more focused on intent – earnestness and good faith both describe the intent of the actor – to one that is more focused on outcome – effectiveness.

That appears to be a real change.  Does it mean that acting earnestly and in good faith doesn’t bear much weight if, at the end of the day, the program was found to have been implemented ineffectively?

Notwithstanding former AG Sessions “no more guidance!” command, perhaps AG Barr can provide some guidance on the guidance of whether they’ve shifted from an intent standard to a result standard.

Finally, I didn’t see anything in the new Guidance, nor in the DOJ press release, that referenced the September 5, 2015 memo (guidance) put out by then-DAG Sally Yates titled “Individual Accountability for Corporate Wrongdoing”. Among other things, that guidance provided that “to be eligible for any cooperation credit, corporations must provide to the Department all relevant facts about the individuals involved in corporate misconduct.”

Perhaps that guidance was rescinded by then-AG Sessions at or around the same time he rescinded the Cole and Ogden Memos around federal priorities for cannabis prosecutions?

The “Ice Cream Social” Bandit – Former Bank Cash Vault Manager Stole $4.3 Million

Former Bank Cash Vault Manager Sentenced to 10 Years in Federal Prison for Stealing over $4 Million – Case Reveals Gaps in “Dual Control” Training

The scheme involved an “ice cream social” as an excuse to stay late, a private jet paid for with stolen bank funds, and training to get around dual controls

https://www.justice.gov/usao-ak/pr/former-vault-manager-sentenced-10-years-federal-prison-stealing-over-4-million-keybank

According to the US Attorney for Alaska, on April 29, 2019, Gerardo Valenzuela aka Gary Cazarez was sentenced to serve 10 years in prison after pleading guilty to stealing more than $4.3 million from the cash vault of KeyBank in Anchorage Alaska. The theft occurred on July 26, 2011, and Valenzuela fled to Mexico. He was arrested by Mexican authorities on Aug. 2, 2011, when a random search of his luggage at an internal (Mexico) checkpoint revealed $3.8 million in cash, firearms, and ammunition. Cazarez was charged and convicted in Mexico of criminal offenses analogous to money laundering and illegal possession of firearms for smuggling the cash and firearms into Mexico.  After serving a term of seven years in prison for his Mexican conviction, Cazarez was extradited to the U.S. to face the Alaska bank theft charges.

The theft was well conceived, well planned, and well executed. It also reveals a few interesting potential gaps that banks could have in their controls and training programs. The US Attorney’s press release tells the story:

According to court documents, on or about July 29, 2011, Valenzuela was the Vault Manager for KeyBank when he stole approximately $4.3 million dollars in U.S. Currency from KeyBank in Anchorage, and then flew in a chartered jet to Washington, bought a car, obtained an AK-47 for protection and drove to Mexico.  He mailed his and his girlfriend’s cell phones to Florida and New York to throw off investigators.  The investigation revealed that Valenzuela’s motive to rob his employer was his concern that Keybank was going to make his position obsolete and he would be out of a job.

Months prior to his theft, Valenzuela told his girlfriend that he could rob the bank noting that the bank had video surveillance, but no physical surveillance at that time.  In June 2011, he started to put his plan into action, which began with requesting that his brother obtain a firearm for him.  On July 8, 2011, Valenzuela falsely trained new employees on vault procedures, effectively removing dual controls over the vault and laying the groundwork for his ability to steal $4.3 million a few weeks later.

Here are the first two potential control gaps. First, the bank video surveillance but no physical surveillance. Second, he was able to falsely train new employees on vault procedures, effectively removing dual controls over the vault.

On July 26, 2011, Valenzuela purchased an airplane ticket for his girlfriend from Anchorage to Seattle.  Two days later, he then stole $30,000 from Keybank, which he used $24,000 to rent a private jet for himself to make his escape the next day.  On the day of his theft, July 29, 2011, Valenzuela told the branch manager he was going to organize an ice cream social for bank customers, giving him an excuse to stay late as he cleaned up.  Late at night and without dual controls in place, Valenzuela was able to access the vault without another employee present.  He boxed up $4.3 million in cash, rolled it out of the vault to his car in the parking lot, and loaded the money into his car.  Valenzuela drove to where the private jet was waiting for him in Anchorage and he flew to Seattle.

Valenzuela had set the timer on the vault lock for the maximum time allowable, giving him six days to escape to Mexico.  By the time Keybank discovered his theft, Valenzuela and his girlfriend were already in Mexico; however, Valenzuela was arrested by Mexican authorities on Aug. 2, 2011, when a random search of his luggage at a checkpoint revealed $3.8 million in cash, firearms, and ammunition.

Here is the third control gap: the vault manager was able to set the timer on the vault lock for six days. July 29, 2011 was a Friday, so at most the vault timer should have been set for two days, not six.

Cazarez was charged and convicted in Mexico of criminal offenses analogous to money laundering and illegal possession of firearms for smuggling the cash and firearms into Mexico.  After serving a term of seven years in prison for his Mexican conviction, Cazarez was extradited to the U.S. for the crimes charged in the superseding indictment.

Chief Judge Burgess noted that the most important sentencing factors in this case were the “magnitude of the crime” and Valenzuela’s lack of candor with the court.  At the sentencing hearing, evidence was presented that Valenzuela had executed a “fail safe plan” that included stashing $500,000 in Washington before he fled to Mexico so that if he were caught he would still have money when he was released.  That money has still not been recovered.

Appropriate controls on the timers on vaults, and ensuring there is physical surveillance to supplement any video surveillance, are two controls that should be in place for most financial institutions. But the most interesting control breakdown was around training the staff on appropriate dual control procedures. As the very name – dual – suggests, these controls are intended to involve (at least) two people on the theory that it is much harder for two people to conspire and act together than it is for one person to act alone. But if the person doing the training is both corrupt and one of the two people involved in the execution of the dual control, that control is ineffective, and the innocent person that received the fraudulent training is none the wiser.

So … all institutions that have dual controls, check to see who is doing the training: it cannot be one of the people involved in the execution of that control!

Elvis, Donald Duck, Bittrex, and New York’s “Safe Harbor” for Crypto Exchanges

“… examiners found that a substantial number of aliases (e.g., Give Me My Money, Elvis Presley, abc-abc, Donald Duck, and other clearly false names) and obscene terms and phrases are used to identify accounts at Bittrex …”

Bittrex, Inc., a virtual currency exchange with almost 1.7 million users across the world, applied to the New York State Department of Financial Services for two licenses: a BitLicense to engage in “virtual currency business activity” in the state of New York (that application was filed in August 2015), and to engage in money transmission activity (that application was filed in July 2018).

Both applications were denied on April 10, 2019.

The denial letter reads like a criminal charging document. https://www.dfs.ny.gov/system/files/documents/2019/04/dfs-bittrex-letter-41019.pdf

The BitLicense application didn’t go well from the beginning. The NYSDFS “worked steadily with Bittrex to address continued deficiencies” and issued “several deficiency letters” relating to BSA, AML, and OFAC compliance. Things were going so badly, that in February 2019 the NYSDFS had a number of examiners do a four-week, onsite review of Bittrex’s policies, procedures, practices, and controls, including testing 100 million virtual currency transactions that Bittrex processed in 2017 and 2018. What they found is stunning, and led to their conclusion that Bittrex had an inadequate BSA/AML/OFAC compliance program. Among other things:

  • Bittrex had non-existent or inadequate policies and procedures
  • “a large number of transactions for customers domiciled in sanctioned countries (including Iran and North Korea) had passed through screening and were processed …”
  • Bittrex excludes “corporate and cash customers from its transaction monitoring”
  • the Compliance Officer was inadequate, there was a lack of training, and audit was inadequate

I expect – hope – that New York State and federal prosecutors are taking a close look at Bittrex and its principals.

And I hope – but don’t expect – that New York takes a close look at its “safe harbor” approach for unlicensed crypto exchanges. The Department noted that Bittrex had been operating under the “safe harbor” provision that allowed Bittrex to engage in virtual currency business activity during the pendency of its crypto licensing application. Based on the denial letter, it looks like Bittrex allowed – even encouraged – transactions from its corporate and “cash” customers to go unmonitored, it had customers in North Korea and Iran, and flaunted know your customer controls. The New York harbor may have been a safe place for  Bittrex to safely flaunt AML and sanctions controls for more than two years and 100 million crypto transactions, but it wasn’t a safe place for all the New Yorkers, and others, who may have been, or eventually harmed by the unknown financial activity related to rogue states and actors.

There needs to be consequences. I hope that this isn’t the last we’ve heard of Bittrex, its CEO Bill Shihara, and New York’s crypto safe harbor.

 

The College Admissions Scandal – Plea Agreements, Sentencing Guidelines, and Money Laundering

The “college admission scandal” cases are complicated, and the pleadings are voluminous and more are being filed every day. I’ll try to summarize it all as accurately as possible: caution, though, that I am not offering any legal advice nor opinions, and defendants are innocent until proven guilty.

The US Attorney for Massachusetts has charged thirty three parents in two cases.

Case 19CR10117 – The Guilty Pleas

This case charges eleven parents with one count each of conspiracy to commit mail and wire fraud and honest services, mail and wire fraud under 18 USC 1349. Those parents/defendants have entered into plea agreements. The plea agreements are important, as they set out the agreed upon punishment for each defendant using the US Sentencing Guidelines. Those Guidelines are intended to provide “guideline ranges that specify an appropriate sentence for each class of convicted persons determined by coordinating the offense behavior categories with the offender characteristic categories.” https://www.ussc.gov/guidelines/2018-guidelines-manual/2018-chapter-1#NaN So there are two things the defendants needed to consider: their own criminal histories, if any, and the “offense level” of their crime, adjusted up for (in these cases) the amounts involved, and adjusted down for “acceptance of responsibility”. This gives an offense level of between 1 and 43, organized into four “zones”. The defendant’s criminal history is then considered, resulting in being placed into one of six criminal history categories. The result is a Sentencing Table with the seriousness of the crime on the Y axis and the seriousness of the criminal on the X axis. The court refers to, and can depart from, the ranges set out in the Table. A (partial) sentencing table (showing only the first 30 of the 43 offence levels) is seen here:

So … where are these eleven defendants on the Offense Level (Y) axis of the sentencing table? Each defendant is charged with the same offense, which carries an offense level of 7. The second factor is the amount involved in the conspiracy. Here, the base offense level of 7 was enhanced or increased by between 2 and 12:

Amount Range               “Amount” Offense Level    Base Offense Level     Acceptance        Total     Number of Defendants

$250,000 – $500,000      +12                                     +7                                       -3                        16                      2

$150,000 – $250,000      +10                                     +7                                       -3                        14                      1

$95,000 – $150,000        +8                                       +7                                       -2                        13                       2

$40,000 – $95,000          +6                                       +7                                       -2                         11                      3

$15,000 – $40,000          +4                                       +7                                       -2                          9                       2

$6,500 – $15,000            +2                                       +7                                        -2                          7                        1

Based solely on the offense levels, and if all defendants are in criminal history category I (the first column), then one defendant falls within Zone A, five fall in Zone B, two fall in Zone C, and three fall in Zone D.

What did the plea agreements provide for?

Offense Level     Number of Defendants  Sentencing Range           Plea Agreement[1]

16                                     2                                   21-27 months              15 months; $95,000 fine

14                                     1                                   15-21 months               12 months; $75,000 fine

13                                     2                                  12-18 months               12 months; $55,000 fine

11                                     3                                    8-14 months                “at low end”; $40,000 fine

9                                       2                                   4-10 months                “at low end”; $20,000 fine

7                                       1                                    0-6 months                  “within the range”; $9,500 fine

A few examples are warranted.

A husband and wife (the “Abbotts”) fell into offense level 13. The allegations are that they paid a total of $125,000 to have their daughter’s ACT and SAT test scores manipulated. That amount fell into the $95,000 to $150,000 range, which added 8 to the base level of 7, for a total of 15. Because that total (15) was below 16, they received credit of 2 for accepting responsibility. Their plea agreements are recommending to the court that they receive prison sentences of 12 months each, serve 12 months of supervised release, each pay $55,000 in fines, and pay restitution in an amount to be determined.

The actress Felicity Huffmann fell into offense level 9. The allegations are she paid “at least $15,000” to have her daughter’s SAR test scores manipulated. That amount – at least $15,000 – added 4 levels to her offense level (as opposed to adding 2 for $6,5000 to $15,000).

Case 19CR10080

In a separate case, a second superseding indictment filed on April 9, 2019, nineteen defendants have been charged with two counts each: conspiracy to commit mail and wire fraud and honest services, mail and wire fraud under 18 USC 1349 (as charged in the other indictment) and money laundering conspiracy under 18 USC 1956(h).[2]

Both the original criminal complaint and the second superseding indictment provide some detail on the money laundering “conspiracies”. I put “conspiracies” in quotes because there were no elaborate schemes to hide the origins of the payments, nor to really mask the identities of the recipients of the payments. Very simply, checks were written to a university or college sports department c/o the bribed official, or checks or wire transfers were made to a charitable organization operated by Rick Singer. The Government is alleging, and hopes to prove, that these simple transactions satisfy the elements of money laundering conspiracy. At least the Government will not have to unravel complex financial transactions involving multiple shell companies and payments mechanisms.

Conclusion

Eleven mothers and fathers have entered into plea agreements relating to a federal criminal charge of conspiracy to commit mail and wire fraud; nineteen more have been been charged with conspiracy to commit mail and wire fraud, and money laundering conspiracy. Ten of the eleven that have entered plea agreements have agreed to recommended federal prison sentences of between four and fifteen months; the eleventh has agreed to a recommended sentence of zero to six months. All eleven have agreed to fines ranging from $9,500 to $95,000, as well as restitution (to whom?) in amounts to be determined.

[1] In addition to the recommended sentences and fines, all defendants agreed to 12 months of supervised release and restitution to be set by the court

[2] In both indictments, the Government has brought forfeiture (18 USC 981(a)(1)) and money laundering forfeiture (18 USC 982(a)(1)) charges against the defendants.