Loading…

Business Email Compromise – New FinCEN Advisory and Trend Analysis

FinCEN has issued an updated advisory on Business Email Compromise (BEC) fraud schemes: FinCEN 2019 BEC Advisory . At the same time it issued a Financial Trend Analysis that provides some details on what FinCEN is seeing from the Suspicious Activity Reports on BEC schemes: BEC Trends

FIN-2019-A005 Updated Advisory on Email Compromise Fraud Schemes Targeting Vulnerable Business Processes (July 16, 2019)

This 2019 Advisory is 12 pages long, and supersedes the 2016 advisory: FinCEN 2016 BEC Advisory. Highlights of the 2019 Advisory can be summarized as follows:

Instances of BEC reported to FinCEN have climbed from averaging just under 500 reports per month (averaging $110 million monthly in total attempted BEC thefts) in 2016 to over 1,100 monthly reports (averaging over $300 million monthly in total attempted BEC thefts) in 2018. Since November 2016, financial institutions reported over 6,000 instances and over $2.6 billion in attempted and successful transactions affiliated with suspected money laundering activity through BEC schemes.

Three observed trends since the 2016 Advisory. First, a concentration of targeting of particular sectors: manufacturing and construction (25% of reported BEC cases), commercial services (18%), and real estate (16%). Second, the majority of BEC incidents (reported in the Trends Analysis at 73%) affecting U.S. financial institutions and their customers are increasingly involving initial domestic funds transfers, rather than international, likely taking advantage of money mule networks across the United States to move stolen funds. Third, the two most common impersonations – CEO and vendor – are trending in different directions: CEO impersonations are trending down (from 33% of reported incidents in 2017 to 12% in 2018), and vendor impersonations are trending up (from 30% of incidents in 2017 to 39% in 2018, becoming the most common BEC method). FinCEN also noted that the average transaction amount for BECs impersonating a vendor or client invoice was $125,439, compared with $50,373 for impersonating a CEO.

A BEC scheme’s probability of success and the potential payout from fraudulent payment instructions often depends on (1) the criminal’s knowledge of their victim’s normal business processes by leveraging publicly available information about the victim organization’s vendors, contracts, and business processes, and (2) weaknesses in the victim’s authorization and authentication protocols.

In this 2019 Advisory, FinCEN broadens its definitions of email compromise fraud activities to clarify that such fraud targets a variety of types of entities and may be used to misdirect any kind of payment (not just wire transfers) or transmittal of other things of value. While many email compromise fraud scheme payments are carried out via wire transfers (as originally stated in the 2016 BEC Advisory), FinCEN has observed BEC schemes fraudulently inducing funds or value transfers through convertible virtual currency payments, ACH transfers, and purchases of gift cards.

The 2019 Advisory also expands the types of victims beyond commercial businesses. FinCEN analysis has indicated criminal groups use a variety of techniques to conduct BEC fraud against individuals, particularly and increasingly those with high net worth, and entities that routinely use email to make or arrange payments between partners, customers, or suppliers. Targets of these schemes fall outside of the definition of traditional business customers, such as government entities and non-profit organizations or even the financial institutions themselves.

Footnote 7 provides that “The definitions of email compromise fraud, BEC, and EAC supersede the definitions in the 2016 BEC Advisory.” Those definitions are (and the red font indicates changes from 2016):

Email Compromise Fraud: Schemes in which 1) criminals compromise[1] the email accounts of victims to send fraudulent payment instructions to financial institutions or other business associates in order to misappropriate funds or value; or in which 2) criminals compromise the email accounts of victims to effect fraudulent transmission of data that can be used to conduct financial fraud. The main types of email compromise, the definitions of which have been modified to reflect the expansion of victims being targeted, include:

Business Email Compromise (BEC): Targets accounts of financial institutions or customers of financial institutions that are operational entities, including commercial, non-profit, nongovernmental, or government entities.

Email Account Compromise (EAC): Targets personal email accounts belonging to an individual.

BEC Fraud against Governments – BEC frauds have targeted accounts used for pension funds, payroll accounts, and contracted services. Schemes against government victims are consistent with other common typologies in BEC fraud. BEC schemes targeting government entities also often include vendor impersonation.

BEC Fraud against Educational Institutions – In 2016, financial institutions reported to FinCEN over 160 incidents of BEC targeting educational institutions where criminals attempted to steal over $50 million. The education sector has the largest concentration of high-value BEC attempts in financial sector reporting, even though only approximately 2% of BEC incidents affected educational institutions in 2017. Schemes against educational institutions frequently involve vendor impersonation. Attackers use authentic-looking payment requests to direct funds to domestic bank accounts they control. Large-scale construction and renovation projects have repeatedly been targets of high-dollar thefts.

BEC Fraud against Financial Institutions – In some cases, BEC actors directly target the financial institutions themselves. This scheme typically involves spoofing bank domains and sending what appear to be credible messages to imitate official communications between bank employees, such as sending emails that appear to be from a financial institution’s SWIFT (wire operations) department with payment instructions and SWIFT reference numbers in the email text to enhance its apparent legitimacy to the victim.

Information Sharing – The 2019 Advisory encourages financial institutions to use 314(b) to share information. FinCEN points out that many beneficiaries of BEC schemes play roles in larger networks of criminal activity and laundering of funds from illicit activity (“FinCEN encourages financial institutions to share valuable information about BEC beneficiaries and perpetrators, for purposes of identifying and, where appropriate, reporting activities that they suspect may involve possible terrorist activity or money laundering.”).

The 2019 Advisory includes a section on information for US financial institutions (which supersedes the 2016 advisory):

Risk Management Considerations – In determining the inherent risk of BEC, financial institutions should consider the level of information available publicly about key financial counterparties and processes, including information on public websites or on the darknet (e.g., email account login credentials that have been compromised and posted for sale). Financial institutions need to also consider its procedures and processes relating to how it (1) authenticates participants in communications,( 2) authorizes transactions, and (3) communicates information and changes about transactions. A multi-faceted transaction verification process, as well as training and awareness-building to identify and avoid spear phishing schemes, are critical.

Response and Recovery of Funds – To request immediate assistance in recovering BEC-stolen funds, financial institutions should file a complaint with the FBI’s Internet Crime Complaint Center (IC3), contact their local FBI field office, or contact the nearest USSS field office. These agencies are part of FinCEN’s Rapid Response Program (RRP). Financial institutions should also use the 314(b) information sharing process to request assistance from other financial institutions involved in (victims of or unwitting participants in) the scheme.

Suspicious Activity Reporting – Financial institutions should provide all pertinent available information on the event and associated suspicious activity, including cyber-related information, in the SAR form and narrative. Specifically, the following information is highly valuable to law enforcement and FinCEN in investigating BEC/EAC fraud:

Transaction details:

1) Dates and amounts of suspicious transactions;

2) Sender’s identifying information, account number, and financial institution;

3) Beneficiary’s identifying information, account number, and financial institution; and

4) Correspondent and intermediary financial institutions’ information, if applicable.

Scheme details:

1) Relevant email addresses and associated Internet Protocol (IP) addresses with their respective timestamps;

2) Description and timing of suspicious email communications and any involved compromised or impersonated parties; and

3) Description of related cyber-events and use (or compromise) of particular technology in the conduct of the fraud. For example, financial institutions should consider including any of the following information or evidence related to the email compromise fraud:

  1. a) Email auto-forwarding
  2. b) Inbox sweep rules or sorting rules set up in victim email accounts
  3. c) A malware attack, and
  4. d) The authentication protocol that was compromised (i.e., single-factor or multi-factor, one-step or multi-step, etc.)

[1] Criminals engaged in email compromise fraud may directly compromise email accounts through unauthorized electronic intrusions in order to leverage the compromised account for sending messages, or they may instead impersonate an email account through spoofing the email address or using an email account closely resembling a known counterparty or customer’s email address (i.e., that is slightly altered by adding, changing, or deleting one or more characters).

FATF Terrorist Financing Risk Assessment Guidance

Is the United States a jurisdiction with no or very few known (or suspected) terrorism or TF cases?

The Financial Action Task Force (FATF) released its Terrorist Financing Risk Assessment Guidance on July 5, 2019. It is available at FATF TF Guidance

As FATF notes in its introduction of the Report …

The FATF requires each country to identify, assess and understand the terrorist financing risks it faces in order to mitigate them and effectively dismantle and disrupt terrorist networks. Countries often face particular challenges in assessing terrorist financing risks due to the low value of funds or other assets used in many instances, and the wide variety of sectors misused for the purpose of financing terrorism.

This guidance aims to assist practitioners, and particularly those in lower capacity countries, in assessing terrorist financing risk at the jurisdiction level by providing good approaches, relevant information sources and practical examples based on country experience.

This report builds on the 2013 FATF guidance on national money laundering and terrorist financing risk assessments, and draws on inputs from over 35 jurisdictions from across the FATF Global Network on their extensive experience and lessons learnt in assessing terrorist financing risk. Recognising that there is no one-size-fits all approach when assessing terrorist financing risk, this guidance provides relevant information sources and considerations for different country contexts.

The report addresses:

    • Key considerations when determining the relevant scope and governance of a terrorist financing risk assessment, and practical examples to overcome information sharing challenges related to terrorism and its financing.
    • Examples of information sources when identifying terrorist financing threats and vulnerabilities, and considerations for specific country contexts (e.g. financial and trade centres, lower capacity jurisdictions, jurisdictions bordering a conflict zone etc.).
    • Relevant information sources for practitioners when identifying cross-border terrorist financing risks but also terrorist financing risks within the banking and money or value transfer sectors, and facing those non-profit organisations that fall within the FATF definition.
    • Good approaches for maintaining an up-to-date assessment of risk, and areas for further focus going forward.

The report includes an interesting discussion around “considerations for jurisdictions with no or very few known (or suspected) terrorism or TF cases”. It provides:

34. It is important that countries assess and continue to monitor their TF risks regardless of the absence of known threats. The absence of known or suspected terrorism and TF cases does not necessarily mean that a jurisdiction has a low TF risk. In particular, the absence of cases does not eliminate the potential for funds or other assets to be raised and used domestically (for a purpose other than terrorist attack) or to be transferred abroad. Jurisdictions without TF and terrorism cases will still need to consider the likelihood of terrorist funds being raised domestically (including through willing or defrauded donors), the likelihood of transfer of funds and other assets through, or out of, the country in support of terrorism, and the use of funds for reasons other than a domestic terrorist attack.”

The United States – What Does the SAR Data Show About Terrorist Financing Cases?

The FATF Report includes a list (in Annex A) of the fifty-six countries that have money laundering/terrorist financing, or stand-alone (in the case of nine of the fifty-six) terrorist financing risk assessments. The US is one of those nine, with a 2015 and 2018 national terrorist financing risk assessment. The 2018 assessment (available at US 2018 Terrorist Financing Risk Assessment) notes that depository institutions and money services businesses (MSBs) filed approximately 33% and 58%, respectively, of the 6,000 SARs filed for terrorist financing in 2015, 2016, and 2017 (see pages 16 and 18). The US report notes that these numbers come from the FinCEN SAR data, available at https://www.fincen.gov/reports/sar-stats. Looking at that data reveals the following:

6,131 – Total number of SARs filed with suspicious activity category of “Terrorist Financing” in filing years 2015 through 2017

2,188 – Depository Institutions

3,446 – Money Services Businesses (MSBs)

   288 – Other

    137 – Casinos

      51 – Securities/Futures

      21 – All Other Listed Filers (Insurance, Card Clubs, Loan/Finance Companies)

Using the FinCEN data, it appears that for the three year period indicated, depository institutions (approximately 11,000 banks and credit unions) filed 35.7% of the terrorist financing SARs, and MSBs filed 56.2% of the terrorist financing SARs. Looking at all (available) years’ filings – 2012 through Q1 2019 – depository institutions did, in fact, file 33% (33.4%) of the terrorist financing SARs and MSBs filed 58% (58.6%) of the terrorist financing SARs.

But the 6,131 terrorist financing SARs filed in 2015 through 2017 made up only 0.1% of the total number of SARs filed in that period – 5,822,709. Does this make the United States one of those “jurisdictions with no or very few known (or suspected) terrorism or TF cases”? Regardless, as the FATF notes, “the absence of known or suspected terrorism and TF cases does not necessarily mean that a jurisdiction has a low TF risk. In particular, the absence of cases not not eliminate the potential for funds or other assets to be raised and used domestically for a purpose other than a terrorist attack or to be transferred abroad.” 

FinCEN’s FY2020 Report to Congress Reveals its Priorities and Performance

FinCEN Needs More Resources – and a TSV SAR Feedback Loop – To Really Make a Difference in the Fight Against Crime & Corruption

Every year each US federal government department and agency submits its Congressional budget justification and annual performance report and plan: essentially a document that says to Congress “here’s our mission, here’s how we did last year, here’s what we need for next year.” FinCEN’s fiscal year 2020 (October 1, 2019 through September 30, 2020) Congressional Budget Justification and Annual Performance Report and Plan is available at

https://home.treasury.gov/system/files/266/12.-FINCEN-FY-2020-CJ.pdf

My notes on the 14-page document summarize some of the key aspects of the report.

First is a summary of what FinCEN does: its areas of responsibility. Of note is the seventh area – “bringing together the disparate interests of law enforcement, [158 foreign] FIUs, regulatory partners, and industry”. This is also an admission that the interests of the various public and private sector participants are, in fact, disparate. Which begs the questions “should there be disparate interests?” and “what can we do to bring all these participants together and forge a single, unified interest of safeguarding the financial system from illicit use, combating money laundering, and promoting national security through the strategic use of financial authorities and the collection, analysis, and dissemination of financial intelligence?” (quoting FinCEN’s mission statement).  When it comes to fighting human trafficking, drug trafficking, etc., different perspectives are healthy and expected … competing or disparate interests are counterproductive.

Second, many people will be surprised at just how small FinCEN is – from the number of people to its overall budget – given the importance of its mission. The FY2019 budget called for 332 people and a budget of $115 million. The FY2020 budget proposes an increase to 359 people and a budget of $124.7 million, with the increase in people split between two priority programs: 13 for cybercrime, and 14 for “special measures”, which includes the actual special measures section (section 311) of the Patriot Act, requests to financial institutions for data on foreign financial institution wire transfers, and Geographic Targeting Orders.  As a “participant” for 20+ years, I would like to see what FinCEN could do if it had 659 people and a budget of $224.7 million: perhaps the $100 million to fund FinCEN’s efforts to combat human trafficking, narcotics trafficking, and foreign corruption could come from a 2.8% reduction in the “new drone procurement” budget request of the Department of Defense …

Third, the data on SARs filed, total BSA reports filed, and BSA Database Users is interesting. From FY2014 through FY2018 (actuals) and through FY2020 (estimates), the number of SARs filed has gone from 1.9 million to 2.7 million, an increase of 41.5%. But in the same period, the total number of BSA reports filed – including SARs – has gone from 19.2 million to 20.9 million, an increase of only 9.2%. That tells us two things: SARs are estimated to make up about 1 out of every 8 BSA reports filed in FY2020 compared to 1 out of every 10 BSA reports filed in FY2014 (a positive trend); and the total number of non-SAR BSA filings has essentially been the same for the last 7 years. In other words, the number of CTRs, CMIRs, and FBARs is not going up.

Fourth, there is the axiomatic, reflexive gripe that the SAR database is a black-hole: that financial institutions file SARs then never hear anything back from FinCEN or law enforcement as to whether those SARs are meaningful, effective, useful.  But look at the following from page 12:

FinCEN monitors the percentage of domestic law enforcement and regulators who assert queried BSA data led to detection and deterrence of illicit activity. This performance measure looks at the value of BSA data, such as whether the data provided unknown information, supplemented or expanded known information, verified information, helped identify new leads, opened a new investigation or examination, supported an existing investigation or examination, or provided information for an investigative or examination report. In FY 2018, FinCEN narrowly missed its target of 86 percent with 85 percent of users finding value from the data. FinCEN will work toward increasing its FinCEN Portal/FinCEN Query training efforts to provide more users with the knowledge needed in order to better utilize both FinCEN Portal and FinCEN Query. In FY 2019, the target is set at 86 percent and 87 percent in FY 2020.

Looking at this in a positive light, there appears to be a feedback loop between the users of BSA data – law enforcement and the regulators – and FinCEN, where law enforcement and regulators can assert – therefore they can determine – whether BSA data (mostly SARs and CTRs) led to detection and deterrence of illicit activity: whether the data provided unknown information, supplemented or expanded known information, verified information, helped identify new leads, opened a new investigation or examination, supported an existing investigation or examination, or provided information for an investigative or examination report.

The feedback loop between the users of BSA data (law enforcement, regulators, and FinCEN) must be expanded to include the producers (financial institutions) of BSA data

I have written previously about the need to provide financial institutions with more feedback on the 20 million+ BSA reports they produce every year. See, for example: https://regtechconsulting.net/uncategorized/rules-based-monitoring-alert-to-sar-ratios-and-false-positive-rates-are-we-having-the-right-conversations/

In that article, I introduced something I call the “TSV” SAR, or “Tactical or Strategic Value” SAR. I wrote:

How do you determine whether a SAR provides value to Law Enforcement? One way would be to ask Law Enforcement, and hope you get an answer. That could prove to be difficult.  Can you somehow measure Law Enforcement interest in a SAR?  Many banks do that by tracking grand jury subpoenas received to prior SAR suspects, Law Enforcement requests for supporting documentation, and other formal and informal requests for SARs and SAR-related information. As I write above, an Alert-to-SAR rate may not be a good measure of whether an alert is, in fact, “positive”. What may be relevant is an Alert-to-TSV SAR rate.  What is a “TSV SAR”? A SAR that has Tactical or Strategic Value to Law Enforcement, where the value is determined by Law Enforcement providing a response or feedback to the filing financial institution within five years of the filing of the SAR that the SAR provided tactical (it led to or supported a particular case) or strategic (it contributed to or confirmed a typology) value. If the filing financial institution does not receive a TSV SAR response or feedback from law enforcement or FinCEN within five years of filing a SAR, it can conclude that the SAR had no tactical or strategic value to law enforcement or FinCEN, and may factor that into decisions whether to change or maintain the underlying alerting methodology. Over time, the financial institution could eliminate those alerts that were not providing timely, actionable intelligence to law enforcement, and when that information is shared across the industry, others could also reduce their false positive rates.

Tactical or Strategic Value (TSV) SAR Feedback Loop

It appears that there are already mechanisms in place for law enforcement and the regulators to determine whether the 20 million CTRs and SARs that are being filed every year provide unknown information, supplement or expand known information, verify information, help identify new leads, open a new investigation or examination, support an existing investigation or examination, or provide information for an investigative or examination report. There is a way – there is always a way if there is the will – to provide that information to the private sector filers of the CTRs and SARs. Perhaps there is a member of Congress out there that could tweak FinCEN’s Fiscal Year 2020 budget request a little bit to give it the people power and monetary resources to begin developing a TSV SAR Feedback loop. We’d all benefit.

Online Scams – One Chicago Area Crime Ring Offered a Full Suite of Online Fraud Schemes

The Big 4 Online Scams: Romance, Business Email Compromise, Job Offers, and Mystery Shopper

The US Attorney’s Office for the Northern District of Illinois (Chicago) has indicted ten Nigerians – eight living in the Chicago area – for operating a full-service online scam crime ring. What’s interesting about this crime ring is the breadth of “offerings” it had: romance scams, business e-mail compromise (BEC) scams, employment scams, and mystery shopper scams.

The indictment – available at https://www.justice.gov/usao-ndil/press-release/file/1166631/download  – provides explanations for how all four of the online scams work, and examples of each. Notably, the ten defendants had eleven accounts eight different banks: they were smart enough to spread their banking activity between multiple banks, including the five largest US banks.

And there’s not much you can do if a crime ring operates across multiple banks … unless all of those banks are on Verafin’s cloud-based, cross-institutional financial crime management platform used by more than 2,600 financial institutions across the US and Canada. Verafin’s ability to detect crime rings operating across multiple institutions when any one of those institutions may not see its piece of the ring is unique in the industry.

https://verafin.com/

The College Admissions Scandal – Plea Agreements, Sentencing Guidelines, and Money Laundering

The “college admission scandal” cases are complicated, and the pleadings are voluminous and more are being filed every day. I’ll try to summarize it all as accurately as possible: caution, though, that I am not offering any legal advice nor opinions, and defendants are innocent until proven guilty.

The US Attorney for Massachusetts has charged thirty three parents in two cases.

Case 19CR10117 – The Guilty Pleas

This case charges eleven parents with one count each of conspiracy to commit mail and wire fraud and honest services, mail and wire fraud under 18 USC 1349. Those parents/defendants have entered into plea agreements. The plea agreements are important, as they set out the agreed upon punishment for each defendant using the US Sentencing Guidelines. Those Guidelines are intended to provide “guideline ranges that specify an appropriate sentence for each class of convicted persons determined by coordinating the offense behavior categories with the offender characteristic categories.” https://www.ussc.gov/guidelines/2018-guidelines-manual/2018-chapter-1#NaN So there are two things the defendants needed to consider: their own criminal histories, if any, and the “offense level” of their crime, adjusted up for (in these cases) the amounts involved, and adjusted down for “acceptance of responsibility”. This gives an offense level of between 1 and 43, organized into four “zones”. The defendant’s criminal history is then considered, resulting in being placed into one of six criminal history categories. The result is a Sentencing Table with the seriousness of the crime on the Y axis and the seriousness of the criminal on the X axis. The court refers to, and can depart from, the ranges set out in the Table. A (partial) sentencing table (showing only the first 30 of the 43 offence levels) is seen here:

So … where are these eleven defendants on the Offense Level (Y) axis of the sentencing table? Each defendant is charged with the same offense, which carries an offense level of 7. The second factor is the amount involved in the conspiracy. Here, the base offense level of 7 was enhanced or increased by between 2 and 12:

Amount Range               “Amount” Offense Level    Base Offense Level     Acceptance        Total     Number of Defendants

$250,000 – $500,000      +12                                     +7                                       -3                        16                      2

$150,000 – $250,000      +10                                     +7                                       -3                        14                      1

$95,000 – $150,000        +8                                       +7                                       -2                        13                       2

$40,000 – $95,000          +6                                       +7                                       -2                         11                      3

$15,000 – $40,000          +4                                       +7                                       -2                          9                       2

$6,500 – $15,000            +2                                       +7                                        -2                          7                        1

Based solely on the offense levels, and if all defendants are in criminal history category I (the first column), then one defendant falls within Zone A, five fall in Zone B, two fall in Zone C, and three fall in Zone D.

What did the plea agreements provide for?

Offense Level     Number of Defendants  Sentencing Range           Plea Agreement[1]

16                                     2                                   21-27 months              15 months; $95,000 fine

14                                     1                                   15-21 months               12 months; $75,000 fine

13                                     2                                  12-18 months               12 months; $55,000 fine

11                                     3                                    8-14 months                “at low end”; $40,000 fine

9                                       2                                   4-10 months                “at low end”; $20,000 fine

7                                       1                                    0-6 months                  “within the range”; $9,500 fine

A few examples are warranted.

A husband and wife (the “Abbotts”) fell into offense level 13. The allegations are that they paid a total of $125,000 to have their daughter’s ACT and SAT test scores manipulated. That amount fell into the $95,000 to $150,000 range, which added 8 to the base level of 7, for a total of 15. Because that total (15) was below 16, they received credit of 2 for accepting responsibility. Their plea agreements are recommending to the court that they receive prison sentences of 12 months each, serve 12 months of supervised release, each pay $55,000 in fines, and pay restitution in an amount to be determined.

The actress Felicity Huffmann fell into offense level 9. The allegations are she paid “at least $15,000” to have her daughter’s SAR test scores manipulated. That amount – at least $15,000 – added 4 levels to her offense level (as opposed to adding 2 for $6,5000 to $15,000).

Case 19CR10080

In a separate case, a second superseding indictment filed on April 9, 2019, nineteen defendants have been charged with two counts each: conspiracy to commit mail and wire fraud and honest services, mail and wire fraud under 18 USC 1349 (as charged in the other indictment) and money laundering conspiracy under 18 USC 1956(h).[2]

Both the original criminal complaint and the second superseding indictment provide some detail on the money laundering “conspiracies”. I put “conspiracies” in quotes because there were no elaborate schemes to hide the origins of the payments, nor to really mask the identities of the recipients of the payments. Very simply, checks were written to a university or college sports department c/o the bribed official, or checks or wire transfers were made to a charitable organization operated by Rick Singer. The Government is alleging, and hopes to prove, that these simple transactions satisfy the elements of money laundering conspiracy. At least the Government will not have to unravel complex financial transactions involving multiple shell companies and payments mechanisms.

Conclusion

Eleven mothers and fathers have entered into plea agreements relating to a federal criminal charge of conspiracy to commit mail and wire fraud; nineteen more have been been charged with conspiracy to commit mail and wire fraud, and money laundering conspiracy. Ten of the eleven that have entered plea agreements have agreed to recommended federal prison sentences of between four and fifteen months; the eleventh has agreed to a recommended sentence of zero to six months. All eleven have agreed to fines ranging from $9,500 to $95,000, as well as restitution (to whom?) in amounts to be determined.

[1] In addition to the recommended sentences and fines, all defendants agreed to 12 months of supervised release and restitution to be set by the court

[2] In both indictments, the Government has brought forfeiture (18 USC 981(a)(1)) and money laundering forfeiture (18 USC 982(a)(1)) charges against the defendants.

Global Money Laundering Estimate – Time for An Update!

This article is an update from the original article published on September 7, 2018 and which is available at:

https://regtechconsulting.net/uncategorized/unodc-report-2011-the-estimate-for-global-money-laundering/

Many recent reports refer to the total amount of money laundering in the world, with wild and often unsupported estimates. For example, a September 2018 CD Howe research paper titled “Hidden Beneficial Ownership and Control: Canada as a Pawn in the Global Game of Money Laundering” (with the conclusion “with increasing concern about tax evasion, corruption, money laundering, the use of shell companies and offshore legal arrangements, it is time for a central publicly accessible registry to unmask the beneficial owners of corporations and certain trusts.”) found that “official estimates of money laundering in Canada range from $5 billion to $100 billion.” That is quite a range (imagine if a prospective employer offered to pay you between $50,000 and $1 million a year)!  https://www.cdhowe.org/sites/default/files/attachments/research_papers/mixed/Final%20for%20advance%20release%20Commentary_519.pdf

Other reports use statements like “over $1 trillion is laundered globally every year, and less than one per cent is seized.” A recent article posted on LinkedIn confidently stated that “IMF indicates that every year, up to 2 trillion USD is laundered through financial systems globally.” Where do these numbers come from? Are they accurate? Even if they’re not accurate, can they be useful, if used responsibly?

The first question can be answered simply: those numbers/estimates probably come from their authors having read about, but probably not reading, a United Nations Office of Drug Control report (not an IMF report) issued in October 2011 titled “Estimating illicit financial flows resulting from drug trafficking and other transnational organized crimes.” The report is available at https://www.unodc.org/documents/data-and-analysis/Studies/Illicit_financial_flows_2011_web.pdf.

As to the second question: are the numbers accurate? The authors of the UNODC report warn in the preface of the report that “the final monetary estimates are to be treated with caution. Further research and more systematic collection of data on this topic are clearly required.” And the various estimates of total criminal proceeds, criminal proceeds available for laundering, and transnational criminal organization proceeds laundered through the financial system, are all given in broad ranges. And the estimate of the amount seized by law enforcement – “less than one per cent” – is both accurate and inaccurate: the report actually provides that “globally, it appears that much less than 1% (probably around 0.2%) of the proceeds of crime laundered via the financial system are seized and frozen”. So yes, 0.2% is “less than 1%”, but it isn’t an impressive number either way.

As to the third question: even if they’re not accurate, can they be useful, if used responsibly? In my opinion, yes. Whether the amount laundered through the global financial system is $1,000,000,000,000 or $2,000,000,000,000 ($1 trillion or $2 trillion),

The report refers to a number of earlier reports, but four deserve a mention. The first was a paper written by John Walker: “Estimates of the Extent of Money Laundering in and through Australia” (1995). The second was a 1998 IMF report that provided a “consensus range” of the total amount of criminal proceeds as 2% to 5% of global GDP. The third was a paper written by a British academic, Brigette Unger, “The Scale and Impact of Money Laundering”. The fourth was a paper written by the aforesaid Walker and Unger, “Measuring Global Money Laundering: The Walker Gravity Model” (2009). Note that with the 2011 UNODC report, there has been nothing of consequence in almost eight years.

The Preface to the UNODC Report is useful. It provides:

“‘Always follow the money’ has been sound advice in law enforcement and political circles for decades. Nevertheless, tracking the flows of illicit funds generated by drug trafficking and organized crime and analysing the magnitude and the extent to which these are laundered through the world’s financial systems remain daunting tasks … As with all such reports, however, the final monetary estimates are to be treated with caution. Further research and more systematic collection of data on this topic are clearly required.  Prior to this report, perhaps the most widely quoted figure for the extent of money-laundering was the IMF’s ‘consensus range’ of between 2-5 per cent of global GDP, made public in 1998. A study-of-studies, or meta analysis, conducted for this report, suggests that all criminal proceeds are likely to have amounted to some 3.6 per cent of GDP (2.3 – 5.5 per cent) or around US$2.1 trillion in 2009. The resulting best estimate of the amounts available for money-laundering would be within the IMF’s original ‘consensus range’, equivalent to some 2.7 per cent of global GDP (2.1 – 4 per cent) or US$1.6 trillion in 2009. From this figure, money flows related to transnational organized crime activities represent the equivalent of some 1.5 per cent of global GDP, 70 per cent of which would have been available for laundering through the financial system.

…..

Less than 1 per cent of global illicit financial flows are currently seized and frozen. UNODC’s challenge is to work within the UN system and with Member States to help build the capacity to track and prevent money laundering, strengthen the rule of law and prevent these funds from creating further suffering.”

The 2011 report used the global GDP as of 2009. Roughly $60 trillion. The World Bank estimates that global GDP was $81 trillion in 2017. So global GDP has gone up roughly 33%.  So let’s summarize the ranges and amounts from the UNODC Report:

Global Criminal Proceeds – $2.8 trillion

Between 2.3% and 5.5% of Global GDP in 2009, likely 3.6% or $2.1 trillion in 2009 and $2.8 trillion in 2017

Global Criminal Proceeds Available for Money Laundering – $2.1 trillion

Between 2.1% and 4.0% of Global GDP in 2009, likely 2.7% or $1.6 trillion in 2009 and $2.1 trillion in 2017

Transnational Organized Crime (TOC) Proceeds – $1.2 trillion

Roughly 1.5% of Global GDP in 2009 or $870 billion in 2009 and $1.2 trillion in 2017

TOC Proceeds Laundered Through the Financial System – $775 billion

Roughly 70% of TOC proceeds are estimated to be laundered through the financial system – $580 billion in 2009 and $775 billion in 2017

Page 7 of the report provides some detail on the phrase “less than 1 per cent of global illicit financial flows are currently seized and frozen: “The results also suggest that the ‘interception rate’ for anti-money-laundering efforts at the global level remains low. Globally, it appears that much less than 1% (probably around 0.2%) of the proceeds of crime laundered via the financial system are seized and frozen.”

Proceeds of Crime Laundered Through the Financial System That Are Seized by Law Enforcement – $1.6 billion

What about this now-accepted “consensus range” for the extent of money laundering of between 2% and 5% of global GDP? Page 9 offers an interesting observation on that consensus range: “The data suggest that the best estimates are situated at the lower end of the range. But this is to some extent a question of methodology. If tax- and customs-related money-laundering activities were included in the calculation, results would move towards – and perhaps exceed – the upper end of the ‘consensus range’. On the other hand, if only transnational crime-related proceeds were considered, the available estimates for laundering would fall to levels around 1% of GDP, and thus below the ‘consensus range’.” Note that global GDP is ~$75 trillion.

This is not to say that the report lacks rigor. The authors and contributors did a remarkable, and remarkably detailed, study; the results of which deserve to be used as benchmarks for the ongoing fight against global money laundering. An example of that rigor can be found in the sections that describe the methodologies used, including (at pages 16 and 17), the “dynamic multiple-indicators multiple-causes’ (DYMIMIC) model, which uses two sets of observable variables and links them as a proxy to the unobservable variable (the extent of money-laundering).”

The result? It remains fair to say that one trillion dollars is laundered every year, most of that flows through the global financial system, and less than one-quarter of one per cent of the proceeds of crime laundered via the financial system is seized and frozen. We must do better.

UNODC Report 2011 – The Estimate for Global Money Laundering

Many recent reports refer to the total amount of money laundering in the world, with wild and often unsupported estimates. For example, a September 2018 CD Howe research paper titled “Hidden Beneficial Ownership and Control: Canada as a Pawn in the Global Game of Money Laundering” (with the conclusion “with increasing concern about tax evasion, corruption, money laundering, the use of shell companies and offshore legal arrangements, it is time for a central publicly accessible registry to unmask the beneficial owners of corporations and certain trusts.”) found that “official estimates of money laundering in Canada range from $5 billion to $100 billion.” That is quite a range (imagine if a prospective employer offered to pay you between $50,000 and $1 million a year)!  https://www.cdhowe.org/sites/default/files/attachments/research_papers/mixed/Final%20for%20advance%20release%20Commentary_519.pdf

Other reports use statements like “over $1 trillion is laundered globally every year, and less than one per cent is seized.” Where do these numbers come from? Are they accurate? Even if they’re not accurate, can they be useful, if used responsibly?

The first question can be answered simply: both of those numbers come from the same United Nations Office of Drug Control report issued in October 2011 titled “Estimating illicit financial flows resulting from drug trafficking and other transnational organized crimes.” The report is available at https://www.unodc.org/documents/data-and-analysis/Studies/Illicit_financial_flows_2011_web.pdf.

As to the second question: are the numbers accurate? The authors do warn in the preface of the report that “the final monetary estimates are to be treated with caution. Further research and more systematic collection of data on this topic are clearly required.” And the various estimates of total criminal proceeds, criminal proceeds available for laundering, and transnational criminal organization proceeds laundered through the financial system, are all given in broad ranges. And the estimate of the amount seized by law enforcement – “less than one per cent” – is both accurate and inaccurate: the report actually provides that “globally, it appears that much less than 1% (probably around 0.2%) of the proceeds of crime laundered via the financial system are seized and frozen”. So yes, 0.2% is “less than 1%”, but it isn’t an impressive number either way.

As to the third question: even if they’re not accurate, can they be useful, if used responsibly? In my opinion, yes. Whether the amount laundered through the global financial system is $1,000,000,000,000 or $2,000,000,000,000 ($1 trillion or $2 trillion),

The report refers to a number of earlier reports, but four deserve a mention. The first was a paper written by John Walker: “Estimates of the Extent of Money Laundering in and through Australia” (1995). The second was a 1998 IMF report that provided a “consensus range” of the total amount of criminal proceeds as 2% to 5% of global GDP. The third was a paper written by a British academic, Brigette Unger, “The Scale and Impact of Money Laundering”. The fourth was a paper written by the aforesaid Walker and Unger, “Measuring Global Money Laundering: The Walker Gravity Model” (2009). Note that with the 2011 UNODC report, there has been nothing of consequence in almost eight years.

The Preface to the UNODC Report is useful. It provides:

“‘Always follow the money’ has been sound advice in law enforcement and political circles for decades. Nevertheless, tracking the flows of illicit funds generated by drug trafficking and organized crime and analysing the magnitude and the extent to which these are laundered through the world’s financial systems remain daunting tasks … As with all such reports, however, the final monetary estimates are to be treated with caution. Further research and more systematic collection of data on this topic are clearly required.  Prior to this report, perhaps the most widely quoted figure for the extent of money-laundering was the IMF’s ‘consensus range’ of between 2-5 per cent of global GDP, made public in 1998. A study-of-studies, or meta analysis, conducted for this report, suggests that all criminal proceeds are likely to have amounted to some 3.6 per cent of GDP (2.3 – 5.5 per cent) or around US$2.1 trillion in 2009. The resulting best estimate of the amounts available for money-laundering would be within the IMF’s original ‘consensus range’, equivalent to some 2.7 per cent of global GDP (2.1 – 4 per cent) or US$1.6 trillion in 2009. From this figure, money flows related to transnational organized crime activities represent the equivalent of some 1.5 per cent of global GDP, 70 per cent of which would have been available for laundering through the financial system.

…..

Less than 1 per cent of global illicit financial flows are currently seized and frozen. UNODC’s challenge is to work within the UN system and with Member States to help build the capacity to track and prevent money laundering, strengthen the rule of law and prevent these funds from creating further suffering.”

The ranges can be summarized as follows:

                                             Consensus Range   Percentage           USD (2009)
All Criminal Proceeds    → 2.3% – 5.5%      3.6% global GDP       $2.1 trillion
Proceeds available for
money laundering           → 2.1% – 4.0%      2.7% global GDP      $1.6 trillion
Transnational organized
crime (TOC) proceeds   →                             1.5% global GDP       $870 billion
TOC proceeds laundered
through financial system →                    ~1% gobal lGDP       $580 billion

Page 7 of the report provides some detail on the phrase “less than 1 per cent of global illicit financial flows are currently seized and frozen: “The results also suggest that the ‘interception rate’ for anti-money-laundering efforts at the global level remains low. Globally, it appears that much less than 1% (probably around 0.2%) of the proceeds of crime laundered via the financial system are seized and frozen.”

What about this now-accepted “consensus range” for the extent of money laundering of between 2% and 5% of global GDP? Page 9 offers an interesting observation on that consensus range: “The data suggest that the best estimates are situated at the lower end of the range. But this is to some extent a question of methodology. If tax- and customs-related money-laundering activities were included in the calculation, results would move towards – and perhaps exceed – the upper end of the ‘consensus range’. On the other hand, if only transnational crime-related proceeds were considered, the available estimates for laundering would fall to levels around 1% of GDP, and thus below the ‘consensus range’.” Note that global GDP is ~$75 trillion.

This is not to say that the report lacks rigor. The authors and contributors did a remarkable, and remarkably detailed, study; the results of which deserve to be used as benchmarks for the ongoing fight against global money laundering. An example of that rigor can be found in the sections that describe the methodologies used, including (at pages 16 and 17), the “dynamic multiple-indicators multiple-causes’ (DYMIMIC) model, which uses two sets of observable variables and links them as a proxy to the unobservable variable (the extent of money-laundering).”

The result? It remains fair to say that more than one trillion dollars is laundered every year, most of that flows through the global financial system, and less than one-quarter of one per cent of the proceeds of crime laundered via the financial system is seized and frozen. We must do better.

Professional Money Launderers – FATF Guidance and a US criminal case

FATF’s report on Professional Money Launderers is a must read. The public version of the report was released on July 26, 2018 (wouldn’t we all love to see the non-public version!). In an ironic twist, the report team was was co-led by the delegations from Russia and the United States (HUGE collusion!). The Report does a great job of describing the techniques and tools used by the three types of PMLs: individuals, organizations, and networks of associates and contacts. There are sections on: the four types of dedicated money laundering organizations and networks; three supporting mechanisms used by PMLs; and five types of complicit or criminal service providers. And like many FATF reports, the 25 “boxes” or examples are very useful and add some color to the report.  Well done FATF! And after reading this … are lawyers and accountants high risk customer classes???

The report is available at http://www.fatf-gafi.org/media/fatf/documents/Professional-Money-Laundering.pdf

And just two days before the FATF report was issued, an indictment was unsealed in Federal Court in Miami charging 8 defendants with money laundering. A press release provided, in part:

“According to the criminal complaint, the conspiracy in this case allegedly began in December 2014 with a currency exchange scheme that was designed to embezzle around $600 million from PDVSA, obtained through bribery and fraud, and the defendants’ efforts to launder a portion of the proceeds of that scheme.  By May 2015, the conspiracy had allegedly doubled in amount to $1.2 billion embezzled from PDVSA.  PDVSA is Venezuela’s primary source of income and foreign currency (namely, U.S. Dollars and Euros). 

The complaint alleges that surrounding and supporting these false-investment laundering schemes are complicit money managers, brokerage firms, banks and real estate investment firms in the United States and elsewhere, operating as a network of professional money launderers.

The alleged conspirators include former PDVSA officials, professional third-party money launderers, and members of the Venezuelan elite …”.

The indictment can be found here: US v Venezuelans Money Laundering SDFL 18CR03119

Real News: 600+ indicted … $2 billion in fraud … where is the national media attention?

A review of both Bing and Google News suggests that none of the major national news services ran a story on the Justice Department’s “largest ever health care fraud enforcement action”.  Negative news searches only work if there is news to search …

https://www.justice.gov/opa/pr/national-health-care-fraud-takedown-results-charges-against-601-individuals-responsible-over

National Health Care Fraud Takedown Results in Charges Against 601 Individuals Responsible for Over $2 Billion in Fraud Losses

Largest Health Care Fraud Enforcement Action in Department of Justice History Resulted in 76 Doctors Charged and 84 Opioid Cases Involving More Than 13 Million Illegal Dosages of Opioids

Department of Justice

Office of Public Affairs

Attorney General Jeff Sessions and Department of Health and Human Services (HHS) Secretary Alex M. Azar III, announced today the largest ever health care fraud enforcement action involving 601 charged defendants across 58 federal districts, including 165 doctors, nurses and other licensed medical professionals, for their alleged participation in health care fraud schemes involving more than $2 billion in false billings.  Of those charged, 162 defendants, including 76 doctors, were charged for their roles in prescribing and distributing opioids and other dangerous narcotics.  Thirty state Medicaid Fraud Control Units also participated in today’s arrests.  In addition, HHS announced today that from July 2017 to the present, it has excluded 2,700 individuals from participation in Medicare, Medicaid, and all other Federal health care programs, which includes 587 providers excluded for conduct related to opioid diversion and abuse …

US v Rabobank NA, SD CA 18CR00614 – Does it pose questions every BSA Officer needs to ask?

On February 7, 2018, Rabobank NA pleaded guilty to a charge of conspiracy to defraud the United States and corruptly obstruct an OCC examination. On May 18th the judge sentenced Rabobank to two years’ probation and the maximum fine of $500,000. This is on top of the previous $368.7 million forfeiture.

There is an interesting passage from the original criminal information. Paragraph 17 provides as follows:

“During certain periods in 2011, the M&I [Monitoring & Investigations] Unit had only two people to handle investigations and only three analysts to monitor and manage thousands of monthly alerts. In other words, during those particular periods, three people were tasked with reviewing approximately 2,300 alerts per month and two people were tasked with conducting more than 100 investigations per month, including approximately 75 customers per month for whom SAR determinations had to be made.”

So the Government appears to be critical that there were only 3 people to clear 2,300 alerts per month … that’s about 733 per person per month, or about 35 per day … and that there were only 2 people to clear 100 investigations per month … that’s just over two cases per day.

The questions every BSA Officer has to ask are these: how many alerts and cases are my folks clearing every day, how does that compare to what the Rabobank analysts/investigators were clearing, and do I have to do something different in my shop as a result?