International Financial Law Prof Blog

Editor: William Byrnes
Texas A&M University
School of Law

Tuesday, March 31, 2015

BSI SA of Lugano, Switzerland, is First Bank to Reach Resolution Under Justice Department’s Non Prosecution Agreement Program

Justice logoThe Department of Justice announced that BSI SA, one of the 10 largest private banks in Switzerland, is the first bank to reach a resolution under the Department of Justice’s Swiss Bank Program.  106 Swiss banks have sought non-prosecution agreements.

“We are using the information that we have learned from BSI and other Swiss banks in the program to pursue additional investigations into both banks and individuals,” said Acting Deputy Attorney General Sally Quillian Yates. 

The Swiss Bank Program, which was announced on Aug. 29, 2013, provides a path for Swiss banks to resolve potential criminal liabilities in the United States.  Swiss banks eligible to enter the program were required to advise the department by Dec. 31, 2013, that they had reason to believe that they had committed tax-related criminal offenses in connection with undeclared United States-related accounts.  Banks already under criminal investigation related to their Swiss-banking activities and all individuals were expressly excluded from the program.

Under the program, banks are required to:

  • Make a complete disclosure of their cross-border activities;
  • Provide detailed information on an account-by-account basis for accounts in which U.S. taxpayers have a direct or indirect interest;
  • Cooperate in treaty requests for account information;
  • Provide detailed information as to other banks that transferred funds into secret accounts or that accepted funds when secret accounts were closed;
  • Agree to close accounts of account holders who fail to come into compliance with U.S. reporting obligations; and
  • Pay appropriate penalties.

Banks meeting all of the above requirements are eligible for a non-prosecution agreement.

According to the terms of the non-prosecution agreement signed today, BSI agrees to cooperate in any related criminal or civil proceedings, demonstrate its implementation of controls to stop misconduct involving undeclared U.S. accounts, and pay a $211 million penalty in return for the department’s agreement not to prosecute BSI for tax-related criminal offenses.

BSI helped its U.S. clients create sham corporations and trusts that masked the true identity of its U.S. accountholders.  Many of its U.S. clients also opened “numbered” Swiss bank accounts that shielded their identities, even from employees within the Swiss bank.  BSI acknowledged that in order to help keep identities secret, it issued credit or debit cards to many U.S. accountholders without names visible on the card itself. 

BSI not only helped U.S. clients shield their identity from the Internal Revenue Service (IRS) but Treasury-Dept.-Seal-of-the-IRShelped them repatriate cash as well.  BSI admitted that its relationship managers and their U.S. clients used code words in emails to gain access to funds.  BSI disclosed instances where its U.S. clients would use coded language, such as asking their private bankers, “can you download some tunes for us?” or note that their “gas tank is running empty” when they required additional cash to be loaded to their cards.

From the beginning of the Swiss Bank Program, the department has emphasized the importance of the banks’ helping to identify individuals who facilitate U.S. tax evasion and U.S. accountholders.  BSI provided substantial assistance in this regard. 

“An individual is not culpable simply because he or she is identified by a bank within the program,” said Acting Assistant Attorney General Caroline D. Ciraolo of the department’s Tax Division.  “With that said, the department strongly encourages those individuals and entities currently under indictment, under investigation, or who have concerns regarding their potential criminal liability to contact and fully cooperate with the department to reach a final resolution.”

Since 2009, the department has charged more than 100 offshore bank accountholders, dozens of facilitators, and financial institutions.  The department’s offshore enforcement efforts have reached far beyond Switzerland, as evidenced by publicly announced actions involving banking activities in India, Luxembourg, Liechtenstein, Israel and the Caribbean.

BSI had more than 3,000 active United States-related accounts after 2008, many of which it knew were not disclosed in the United States.  In resolving its criminal liabilities under the program, BSI provided extensive cooperation and encouraged hundreds of U.S. accountholders to come into compliance.  BSI is also assisting with ongoing treaty requests.

“This action under the Swiss Bank Program shows just how far we’ve come in our efforts to stop offshore tax avoidance,” said Deputy Commissioner Douglas O’Donnell of IRS’s Large Business and International Division (LB & I).  “The IRS and DOJ remain committed to aggressively enforce our nation's tax laws regardless of how sophisticated or complicated the schemes may be.”

While BSI’s U.S. accountholders who have not yet declared their accounts to the IRS may still be eligible to participate in the IRS’s offshore voluntary disclosure programs, the price of such disclosure has increased.

Most U.S. taxpayers who enter the IRS offshore voluntary disclosure program to resolve undeclared offshore accounts will pay a penalty equal to 27.5 percent of the high value of the accounts.  On Aug. 4, 2014, the IRS increased the penalty to 50 percent if, at the time the taxpayer initiated their disclosure, either a foreign financial institution at which the taxpayer had an account or a facilitator who helped the taxpayer establish or maintain an offshore arrangement had been publicly identified as being under investigation, the recipient of a John Doe summons or cooperating with a government investigation, including the execution of a deferred prosecution agreement or non-prosecution agreement.  With today’s announcement of BSI’s non-prosecution agreement, its noncompliant U.S. accountholders must now pay that 50 percent penalty to the IRS if they wish to enter the IRS’ program. 

BSI and other banks in the Swiss Bank Program are also providing detailed information to the department about transfers of money from Switzerland to other countries.  The Tax Division and the IRS intend to follow that money to uncover additional tax evasion schemes.

The department has emphasized the importance of identifying U.S. accountholders who have undeclared foreign bank accounts, and BSI has provided assistance in that task.  Because of the information provided to the department under the program, the Tax Division has already begun the process of identifying noncompliant U.S. accountholders who have maintained accounts at many Swiss banks participating in the Swiss Bank Program. 


The Tax Division of the Department of Justice released a statement on December 12 strongly encouraging Swiss banks wanting to seek non-prosecution agreements to resolve past cross-border criminal tax violations to submit letters of intent by a Dec. 31, 2013 deadline required by the Program for Non-Prosecution Agreements or Non-Target Letters (the “Program“).  The Program was announced on Aug. 29, 2013, in a joint statement signed by Deputy Attorney General James M. Cole and Ambassador Manuel Sager of Switzerland (See the Swiss government’s explanation of the Program).  Switzerland’s Financial Market Supervisory Authority (FINMA) has issued a deadline of Monday, December 16, 2013 for a bank to inform it with its intention to apply for the DOJ’s Program.

The DOJ statement described the framework of the Program for Non-Prosecution Agreements: every Swiss bank not currently under formal criminal investigation concerning offshore activities will be able to provide the cooperation necessary to resolve potential criminal matters with the DOJ.  On November 5, 2013 the Tax Division of the DOJ had released comments about the Program for Non-Prosecution Agreements or Non-Target Letters for Swiss Banks.

Swiss banks that have committed violations of U.S. tax laws and wished to cooperate and receive a non-prosecution agreement under the Program, known as Category 2 banks, had until Dec. 31, 2013 to submit a letter of intent to join the program, and the category sought. 

To be eligible for a non-prosecution agreement, Category 2 banks must meet several requirements, which include agreeing to pay penalties based on the amount held in undeclared U.S. accounts, fully disclosing their cross-border activities, and providing detailed information on an account-by-account basis for accounts in which U.S. taxpayers have a direct or indirect interest.  Providing detailed information regarding other banks that transferred funds into secret accounts or that accepted funds when secret accounts were closed is also a stipulation for eligibility. The Swiss Federal Department of Finance has released a model order and guidance note that will allow Swiss banks to cooperate with the DOJ and fulfill the requirements of the Program.

March 31, 2015 | Permalink | Comments (0)

Central Registries of BVI and Cayman Corporate Ownership?

S630_HMRC_sign__media_library__960_Reuters reports that the British government has ordered BVI and Cayman Islands to set out timetables for implementing a central register of companies revealing corporate ownership, in a bid to help combat tax evasion.  The previous 4 February BVI official response is available here

On 17 December the EU announced that it reached agreement for such for each of its members, via the 4th AML Directive.

What About Delaware's Corporate Secrecy?

Professor William Byrnes stated, “The US has a highly successful international financial service industry that is important to the US economy, exemplified by, firstly, the international financial centres such as Miami and New York) of over a half trillion dollars of foreign deposits of high net wealth individuals whom many experts allege are not tax and exchange control compliant in their home countries; secondly, over 900,000 Delaware companies is the second to Hong Kong, and ahead of British Virgin Islands (BVI is actually third in the world);[1] and thirdly, the US territories’ offshore regimes, reducing the effective US corporate and income tax rates below 3.5 percent.[2]

In 2011, 133,297 businesses incorporated in Delaware.  Delaware has more corporate entities than people, reports Leslie Wayne of the New York Times — 945,326 to 897,934. These absentee corporate residents account for a quarter of Delaware’s total budget, roughly $860 million in taxes and fees in 2011.[3]  Moreover, the economic spill over impact for Delaware includes substantial employment and professional fees to Delaware business participating in the incorporation and advisory industry. Delaware is just behind China’s Hong Kong in number of annual incorporations and overall incorporations, and well ahead of the UK’s Virgin Islands (British) both in terms of offshore business and the dollars earned from that offshore business.

Transparency & Trust:  Enhancing The Transparency  Of UK Company Ownership  And Increasing Trust In UK  Business (April 2014)

Asset Recovery Guides (World Bank Star Program)

[1] “Storm Survivors”, Special Report: Offshore Finance, The Economist, 16 Feb 2013. Available at (accessed 28 February 2014).

[2] See William H Byrnes and Dr. Robert J Munro, Tax Havens of the World, US Virgin Islands chapter, LexisNexis.

March 31, 2015 | Permalink | Comments (0)

UK Issues New CRS and Updated FATCA Regulations

S630_HMRC_sign__media_library__960_The UK government has issued regulations allowing it to automatically exchange bank account information with other jurisdictions under its various international agreements.

In compliance with the UK’s obligations under the EU Revised Directive on Administrative Cooperation (Council Directive 2014/107/EU) to improve international tax compliance, and the UK’s obligations under Competent Authority Agreements with non-EU jurisdictions for the Common Reporting Standard, HM Treasury is introducing regulations creating due diligence and reporting obligations for UK financial institutions.

The regulations will have effect on and after 1 January 2016 in relation to the DAC and the CRS Competent Authority Agreements, and 21 days from the date these regulations are laid in relation to the Foreign Account Tax Compliance Act agreement.  See Tax administration: regulations to implement the UK's automatic exchange of information agreements

UK Regulation: International Tax Compliance Regulations 2015

UK's Implementing Agreements under the Global Standard on Automatic Exchange of Information to Improve International Tax Compliance

March 31, 2015 | Permalink | Comments (0)

Monday, March 30, 2015

10 most tax-friendly states for retirees

NU logo Every client’s goals are different when it comes to choosing where to retire, but from a tax perspective, there are some clear winners that can allow a client to maximize the value of accumulated retirement savings.

While the client’s lifestyle choices — a desire for an expensive home vs. spending on consumer products, for example — greatly impact the tax system that will provide the most substantial benefits, below is a list of ten of the top states for retirees, from a tax perspective. read the analysis of Prof. William Byrnes and Robert Bloink in National Underwriter Life Health Pro

March 30, 2015 | Permalink | Comments (0)

Sunday, March 29, 2015

Criminalizing the Overseas Sale of Stolen U.S. Financial Information

Justice logoFrom the DOJ Blog: In the last of our series on the need for limited updates to laws enhancing cybersecurity while protecting individual rights, this post will describe a proposal that is geared toward shutting down the international black market for Americans’ stolen financial information. 

One of the most common motivations for hacking is the theft of financial information.  In recent years, organized, multinational criminal enterprises have arisen to steal large volumes of credit card numbers and other personally identifiable information.  Middlemen then sell the stolen data to the highest bidder, often using underground “carding” forums. 

The amendments are aimed at making sure that these middlemen — those who profit from the sale of stolen financial data of Americans — can be brought to justice even if they are operating outside of the United States.

Here is the problem.  Current law makes it a crime to sell “access devices” such as credit card numbers.  The law allows the government to prosecute offenders located outside the United States if the credit card number involved in the offense was issued by an American company and meets a set of additional requirements.

In the increasingly international marketplace for stolen financial information, however, these requirements have proved increasingly  unworkable in practice.  The government has to prove either that an “article” used in committing the offense moved though the United States, or that the criminal is holding his illicit profits in an American bank.  But when you steal only digital data, it’s not clear what “article” could be involved.  And of course, foreign criminals generally move their money back to their home country.

The upshot is that these requirements unduly limit the Department of Justice’s ability to prosecute criminals residing outside of the United States who commit crimes that harm Americans.  Indeed, law enforcement agencies have identified foreign-based individuals holding for sale vast quantities of credit card numbers issued by American financial institutions where there is no evidence that the person selling the numbers is the one who stole them, and no evidence of “articles” in the United States.  The United States has a compelling interest in prosecuting such individuals because of the great harm they cause to U.S. financial institutions and citizens.

That’s why we’ve proposed an amendment that would strike the unnecessary language in the current statute.  It would permit the United States to prosecute anyone possessing or trafficking in credit card numbers with intent to defraud if the credit cards were issued by a United States financial institution, regardless of where the possession or trafficking takes place.  This kind of jurisdiction over conduct that occurs abroad is fully consistent with international norms and other criminal laws aimed at protecting Americans from economic harm.  Moreover, in an era of global cybercrime where criminals steal Americans’ financial information so that they can traffic it abroad, it is necessary to prevent criminals from victimizing our citizens with impunity.

The DOJ Blog may be accessed here.

March 29, 2015 | Permalink | Comments (0)

Saturday, March 28, 2015

Prosecuting Privacy Abuses by Corporate and Government Insiders

Justice logofrom the Department of Justice's blogs - authored by Leslie R. Caldwell, Assistant Attorney General for the Criminal Division

In a series of recent posts, we’ve been discussing the need for the Administration’s current cybersecurity proposals and discussing how they have been drafted in a careful and targeted way to enable us to protect privacy and security without ensnaring harmless or legitimate conduct.  Reaching this balance is important in many parts of the criminal law, but it is particularly important in the law that protects the privacy and security of computer owners and users — the Computer Fraud and Abuse Act (CFAA). 

This law applies both to the hackers who gain access to victim computers without authorization from halfway around the world, and to those who have some authorization to access a computer — like company employees entitled to access a sensitive database for specified work purposes — but who intentionally abuse that access.  Yet the CFAA needs to be updated to make sure that the statute continues to appropriately deter privacy and security violations.  The Administration has proposed an amendment that maintains the law’s key privacy-protecting function while ensuring that trivial violations of things like a website’s terms of service do not constitute federal crimes.

As noted, in addition to prohibiting unauthorized access to victim computers by outside hackers, the CFAA also covers the conduct of insiders who have a right to access a system but who abuse that right and access sensitive or valuable information for their own purposes.  This part of the CFAA is, for example, the tool that department prosecutors have used to charge police officers who took advantage of their access to confidential criminal records databases in order to look up sensitive information about a paramoursell access to those records to others, or even provide confidential law enforcement information to a charged drug trafficker. We’ve also used this statute to prosecute[external link] an employee of a health insurer who used his access to the company’s sensitive databases to improperly obtain the names and Social Security numbers of hundreds of thousands of current and former employees (as well as information about how much his colleagues were being paid).

Unfortunately, recent judicial decisions have limited the government’s ability to prosecute such cases.  As a result of these decisions, insiders may be effectively immunized from punishment even where they intentionally exceed the bounds of their legitimate access to confidential information and cause significant harm to their employers and to the people — often everyday Americans — whose data is improperly accessed.

The restrictive judicial interpretation of the term “exceeds authorized access” in the CFAA stemmed from the concern that the statute potentially makes relatively trivial conduct a federal crime.  For example, a federal court feared that the statute could be construed to permit prosecution of a person who accesses the internet to check baseball scores at lunchtime in violation of her employer’s strict business-only internet use policy.  Or, similarly, where a member of the public accesses a dating website but lies about his physical fitness in violation of the site’s terms of service that require users to provide only accurate information.

We understand these concerns.  The Department of Justice has no interest in prosecuting harmless violations of use restrictions like these.  That’s why we’ve crafted proposed amendments to the CFAA to address these concerns — while still preserving the law’s application to those who commit serious thefts and privacy invasions. 

To accomplish this, the proposal does two things.  First, it addresses the recent judicial decisions that have prevented important prosecutions.  It does this by clarifying that the definition of “exceeds authorized access” includes the situation where the person accesses the computer for a purpose that he knows is not authorized by the computer owner.  This clarification is necessary to permit the prosecution of, for example, a law enforcement officer who is permitted access to criminal records databases, but only for official business purposes.  Second, at the same time, the proposal adds new requirements that the government must meet to make clear that trivial conduct does not constitute an offense.  In order to constitute a crime under the new wording, not only must an offender access a protected computer in excess of authorization and obtain information, but the information must be worth $5,000 or more, the access must be in furtherance of a separate felony offense, or the information must be stored on a government computer.  

These changes will empower the department to prosecute and deter significant threats to privacy and security, but make sure that the CFAA doesn’t inadvertently cover trivial conduct.

March 28, 2015 | Permalink | Comments (0)

Friday, March 27, 2015

FinCEN Penalizes Colorado Check Casher $75,000 for Lack of AML Controls

FINCENThe Financial Crimes Enforcement Network (FinCEN) assessed a $75,000 civil money penalty against a Colorado money services business (MSB), Aurora Sunmart Inc., and its owner and general manager, Jamal Awad. Since 2008, Aurora willfully violated the Bank Secrecy Act’s (BSA’s) registration, program, and reporting requirements. Mr. Awad, who also served as the MSB’s compliance officer, admitted to willfully participating in these violations.

The Financial Crimes Enforcement Network (FinCEN) today announced the assessment of a $75,000 civil money penalty against a Colorado money services business (MSB), Aurora Sunmart Inc., and its owner and general manager, Jamal Awad. Since 2008, Aurora willfully violated the Bank Secrecy Act’s (BSA’s) registration, program, and reporting requirements. Mr. Awad, who also served as the MSB’s compliance officer, admitted to willfully participating in these violations.

Among other violations, Aurora failed to implement an effective written anti-money laundering (AML) program by failing to implement adequate AML controls, failing to conduct an adequate internal review of its compliance program, and failing to provide pertinent compliance training for staff, all of which are required under the BSA. Aurora’s inadequate AML procedures did not ensure the timely and accurate filing of currency transaction reports (CTRs), which it was required to file within 15 days of any currency transaction exceeding $10,000.

On average, between 2009 and 2012, 49 percent of the CTRs filed by Aurora were filed significantly late and it has not filed any CTRs since September 2012. Aurora has been the subject of three BSA/AML compliance examinations, all of which found significant and repeated violations.

“All financial institutions – large and small -- must take their obligation to protect the U.S. financial system seriously,” said FinCEN Director Jennifer Shasky Calvery. “They cannot just go through the motions, as Aurora did, and hope things turn out all right. Today’s action emphasizes that FinCEN will take action against both entities and individuals who willfully participate in violations of our anti-money laundering laws.”

In addition to the fine, Aurora and Mr. Awad also agreed to an undertaking to immediately cease operation of any business related to any money services activity that requires registration with FinCEN until several conditions related to establishing and maintaining a proper AML program are met. Mr. Awad must then certify, under oath, that the requirements have been met.

Director Shasky Calvery expressed her appreciation to the Internal Revenue Service, Small Business/Self-Employed Division, which performed the examinations of Aurora Sunmart.

Enforcement Action:

International Financial Law Prof Blogger William Byrnes is the author of Lexis' Money Laundering, Asset Forfeiture and Recovery and Compliance -- A Global Guide, a resource detailing anti-money laundering and counter-terrorist financing law, asset forfeiture, risk and compliance, and international agreements for 87 countries & territories.

March 27, 2015 | Permalink | Comments (0)

Are Law Students Receiving Enough Data Science Training for the New Economy?

Commerce Data logoThe Department of Commerce's Economics and Statistics Administration (ESA) released a new report entitled "The Importance of Data Occupations in the U.S. Economy," that explores the importance of data jobs and their impact on the U.S. economy.  The new report shows data jobs pay 68% more than the average private sector job and have grown 4 times faster than the rest of the private sector, adding 1.8 million jobs representing 31 percent of total private sector job growth.

 "Our report found that data occupations pay more than average, and employment in these data-intensive industries has been growing faster than overall employment," said Under Secretary for Economic Affairs, Dr. Mark Doms.  "Our society increasingly depends on the intelligent use of data, whether making our businesses more competitive, our governments smarter, or our citizens better informed.  This report reveals a new dimension to the value of data as an employment engine driving innovation and economic growth."

Key highlights of the new report include:

  • Over half the American workforce, 74.3 million work with data in their jobs. US-DeptOfCommerce-Seal.svg
  • Data analysis and processing using fairly sophisticated computer technology are central to 10.3 million private and public sector jobs.
  • Over the past ten years, data jobs have grown 4 times faster than the rest of the private sector, adding 1.8 million jobs representing 31 percent of total private sector job growth.
  • Jobs in the data sector pay on average $40/hour, 68% more than the average private sector job.
  • Click here for the full report.

This new ESA-led report on data jobs is part of a series of reports authored by the Office of the
Chief Economist for the Department of Commerce. The first report released July, 2014, entitled "Fostering Innovation, Creating Jobs, Driving Better Decisions: The Value of Government Data", explored the huge benefits from a relatively small investment in our nation's statistical agencies. 

March 27, 2015 | Permalink | Comments (0)

Thursday, March 26, 2015

6 Tax Questions on Deferred Annuities You Need Answered, Pt. 2

4. Is the full gain on a deferred annuity or retirement income contract taxable in the year the contract matures?

Logo-tablet-400If the contract provides for automatic settlement under an annuity option, the lump sum proceeds are not constructively received in the year of maturity; if the policy provides a choice of settlement options, the policy owner can opt out of the lump sum proceeds choice within 60 days and avoid constructive receipt.  read on at ThinkAdvisor ....

March 26, 2015 | Permalink | Comments (0)

Assuring Authority For Courts To Shut Down Botnets

Extracted from the Department of Justice's Blog, author Leslie R. Caldwell, Assistant Attorney General for the Criminal Division

USCYBERCOM_Logo... we noted the dramatic growth over the past several years in the incidence of cybercrime that victimizes Americans.  One of the most striking examples of this trend is the threat from botnets — networks of victim computers surreptitiously infected with malicious software, or “malware.”  Once a computer is infected with the malware, it can be controlled remotely from another computer with a so-called “command and control” server.  Using that control, criminals can steal usernames, passwords, and other personal and financial information from the computer user, or hold computers and computer systems for ransom. 

Criminals can also use armies of infected computers to commit other crimes, such as distributed denial of service (DDoS) attacks, or to conceal their identities and locations while perpetrating crimes ranging from drug dealing to online child sexual exploitation.  The scale and sophistication of the threat from botnets is increasing every day.  Individual hackers and organized criminal groups are using state-of-the-art techniques to infect hundreds of thousands — sometimes millions — of computers and cause massive financial losses, all while becoming increasingly difficult to detect.  If we want security to keep pace with technological innovations by criminals, we need to ensure that we have a variety of effective tools to combat evolving cyber threats like these.

One powerful tool that the department has used to disrupt botnets and free victim computers from criminal malware is the civil injunction process.  Current law gives federal courts the authority to issue injunctions to stop the ongoing commission of specified fraud crimes or illegal wiretapping, by authorizing actions that prevent a continuing and substantial injury. 

This authority played a crucial role in the department’s successful disruption of the Coreflood botnet in 2011 and the Gameover Zeus botnet in 2014.  These botnets used keystroke logging or “man-in-the-middle” attacks to collect online financial account information, and they transferred stolen funds to accounts controlled by the criminals.  The Gameover Zeus botnet, which infected computers worldwide, was estimated to have inflicted over $100 million in losses on American victims alone, often on small and mid-sized businesses.  Because the criminals behind these particular botnets used them to commit fraud against banks and bank customers, existing law allowed the department to obtain court authority to disrupt the botnets by taking actions such as disabling communication between infected computers and the command and control servers.  Taking action to shut down botnets has been praised in the press and in Congress.

The problem is that current law only permits courts to consider injunctions for limited crimes, including certain frauds and illegal wiretapping.  Botnets, however, can be used for many different types of illegal activity.  They can be used to steal sensitive corporate information, to harvest email account addresses, to hack other computers, or to execute DDoS attacks against web sites or other computers.  Yet — depending on the facts of any given case — these crimes may not constitute fraud or illegal wiretapping.  In those cases, courts may lack the statutory authority to consider an application by prosecutors for an injunction to disrupt the botnets in the same way that injunctions were successfully used to incapacitate the Coreflood and Gameover Zeus botnets.

The Administration’s proposed amendment would add activities like the operation of a botnet to the list of offenses eligible for injunctive relief.  Specifically, the amendment would permit the department to seek an injunction to prevent ongoing hacking violations in cases where 100 or more victim computers have been hacked.  This numerical threshold focuses the injunctive authority on enjoining the creation, maintenance, operation, or use of a botnet, as well as other widespread attacks on computers using malicious software (such as “ransomware” ).

The same legal safeguards that currently apply to obtaining civil injunctions, and that applied to the injunctions obtained by the department in the Coreflood and Gameover Zeus cases, would also apply here.  Before an injunction is issued, the government must civilly sue the defendant and demonstrate to a court that it is likely to succeed on the merits of its lawsuit and that the public interest favors an injunction; the defendants and enjoined parties have the right to notice and to have a hearing before a permanent injunction is issued; and the defendants and enjoined parties may move to quash or modify any injunctions that the court issues.

In sum, this proposal would provide the government with an effective tool to shut down illegal botnets or certain widespread malicious software to better match the ways that criminals are using these technologies.  It assures that the legal mechanism that has proven effective to date will be available. 

see Cyber Crime 2014 Round Up - StealthGenie, Blackshades, Dark Market, Gameover Zeus

March 26, 2015 | Permalink | Comments (0)

Legislative Proposals To Protect Online Privacy And Security

Extracted from the Department of Justice's Blog, author Leslie R. Caldwell, Assistant Attorney General for the Criminal Division

USCYBERCOM_LogoOur growing reliance on computer networks and electronic devices in almost every aspect of our lives has been accompanied by an increasing threat from individuals, organized criminal networks, and nation states who victimize American citizens and businesses.  Hackers can steal or hold for ransom our most valuable and personal information.  They can invade our homes by secretly activating webcams.  They can steal financial information to line their pockets while jeopardizing the credit and financial stability of everyday Americans. 

A new generation of organized criminals is able to steal the personal information of millions of victims from a computer halfway around the world.  These developments also pose a widespread threat to American businesses and the economy.  Cyber criminals can orchestrate massive disruptions of businesses and can electronically spirit away millions of dollars worth of trade secrets in seconds.  Every individual has a stake in protecting computers and computer networks from intrusions and abuse.  One 2014 report found a 62% increase in the number of breaches over the previous year, resulting in over half a billion identities exposed – a 368% increase. The global cost of cybercrime is estimated to exceed $100 billion.

An essential part of the mission of the Department of Justice is to protect Americans from emerging criminal threats such as the ones described above and to deter, disrupt, and prosecute the criminals who are culpable.  The department’s prosecutors, along with agents from the Federal Bureau of Investigation, the U.S. Secret Service and other law enforcement agencies, are working diligently using the legal tools at our disposal to protect personal information and vindicate the privacy rights of citizens and businesses.  But just as our adversaries adapt to new technologies and global realities, so must we.

On Jan. 12, 2015, the President announced new legislative proposals designed to protect the online privacy and security of American citizens and businesses.  These proposals include a set of targeted updates to the criminal code to provide additional tools to prosecute offenders and deter and disrupt criminal conduct.  Some of the proposals will enable the department to address the growth of specific types of crime, such as the sale of illegal spyware or the use of botnets — networks of victim computers surreptitiously infected with malicious software, or “malware.”  Other proposals address shortcomings in existing statutory tools, such as the government’s ability to prosecute cases involving insiders, including government or corporate employees, who use their access to information systems to misappropriate sensitive and valuable data.  The proposals also respond to changes in the threats posed by cyber criminals, such as by adding provisions to enable the prosecution of hacking by organized crime groups and to give federal courts the authority to sentence the most significant cyber crimes in line with similar financial crimes.

As part of our effort to explain to the public why these proposals are important, and also how they have been drafted in a careful and targeted way, the Justice Department’s Criminal Division will outline several of the proposed changes and set forth how they will enable us to protect Americans’ privacy and security.  Our first post will focus on a proposed amendment to the statute that gives federal courts the authority to issue civil injunctions to stop ongoing cyber crimes.

see Cyber Crime 2014 Round Up - StealthGenie, Blackshades, Dark Market, Gameover Zeus

March 26, 2015 | Permalink | Comments (1)

Wednesday, March 25, 2015

Former U.K. Rabobank Trader Appears in U.S. Court to Face LIBOR Interest Rate Manipulation Charges

Justice logoThe former global head of liquidity and finance for Coöperatieve Centrale Raiffeisen-Boerenleenbank B.A. (Rabobank) has waived extradition and appeared in U.S. federal court today for an arraignment on charges related to his alleged role in a scheme to manipulate the U.S. Dollar (USD) and Yen London InterBank Offered Rate (LIBOR), a benchmark interest rate.

Anthony Allen plead not guilty to a superseding indictment charging him with conspiracy to commit wire and bank fraud and substantive counts of wire fraud.  The court released Allen on a $500,000 bond and set a trial date for Oct. 5, 2015.  

Paul Robson, a former Rabobank LIBOR submitter, and Takayuki Yagami, a former Rabobank derivatives trader, already pled guilty in 2014 earlier this year to one count of conspiracy in connection with their roles in the scheme.  Lee Stewart pled guilty to one count of conspiracy to commit wire and bank fraud.   Rabobank entered into a deferred prosecution agreement with the Department of Justice on Oct. 29, 2013, and agreed to pay a $325 million penalty to resolve violations arising from Rabobank’s LIBOR submissions.

According to admissions made in connection with his guilty plea, Stewart worked as a senior derivatives trader at Rabobank’s London desk from 1993 to 2009, and entered into derivative contracts involving interest rate swaps linked to the U.S. Dollar LIBOR rate.  Stewart admitted that from May 2006 through early 2011, he conspired with others at Rabobank to manipulate the LIBOR benchmark interest rate, which was tied to the profitability of interest rate derivative trades entered into by Rabobank traders.

Motomura, Thompson, Yagami and other traders entered into derivative contracts containing USD or Yen LIBOR as a price component and they asked Conti, Robson, Allen and others to submit LIBOR contributions consistent with the traders’ or the bank’s financial interests, to benefit the traders’ or the banks’ trading positions.  Conti, who was based in London and Utrecht, Netherlands, served as Rabobank’s primary USD LIBOR submitter and at times acted as Rabobank’s back-up Yen LIBOR submitter.  Robson, who was based in London, served as Rabobank’s primary submitter of Yen LIBOR.  Allen, in addition to supervising the desk in London and money market trading worldwide, occasionally acted as Rabobank’s backup USD and Yen LIBOR submitter.  Allen also served on a BBA Steering Committee that provided the BBA with advice on the calculation of LIBOR as well as recommendations concerning which financial institutions should sit on the LIBOR contributor panel. 

According to the superseding indictment, at the time relevant to the charges, LIBOR was an average interest rate, calculated based on submissions from leading banks around the world, reflecting the rates those banks believed they would be charged if borrowing from other banks.  It serves as the primary benchmark for short-term interest rates globally and is used as a reference rate for many interest rate contracts, mortgages, credit cards, student loans and other consumer lending products.  See original indictment DOJ announcement.

LIBOR was published by the British Bankers’ Association (BBA), a trade association based in London.  LIBOR was calculated for 10 currencies at 15 borrowing periods, known as maturities, ranging from overnight to one year.  The published LIBOR “fix” for U.S. Dollar and Yen currency for a specific maturity was the result of a calculation based upon submissions from a panel of 16 banks, including Rabobank. 

According to allegations in the superseding indictment, Allen, who was Rabobank’s Global Head of Liquidity & Finance and the manager of the company’s money market desk in London, put in place a system in which Rabobank employees who traded in derivative products linked to USD and Yen LIBOR regularly communicated their trading positions to Rabobank’s LIBOR submitters, who submitted Rabobank’s LIBOR contributions to the BBA.  Rabobank traders entered into derivative contracts containing USD or Yen LIBOR as a price component and they allegedly asked others at Rabobank to submit LIBOR contributions consistent with the traders’ or the bank’s financial interests, to benefit the traders’ or the banks’ trading positions.   

March 25, 2015 | Permalink | Comments (0)

6 Tax Questions on Deferred Annuities You Need Answered, Pt. 1

Logo-tablet-400As part of ThinkAdvisor’s Special Report, 22 Days of Tax Planning Advice: 2015, throughout the month of March, we are partnering with our ALM Media sister service, Tax Facts Online, to take a deeper dive into certain tax planning issues in a convenient Q&A format.

This is part 1 of a two-part look at six important tax questions, covering questions 1-3, about Deferred Annuities. 

1. What is the difference between a longevity annuity and a deferred annuity?

read the story on ThinkAdvisor


March 25, 2015 | Permalink | Comments (0)

Developing countries participate in global meetings to counter BEPS

Logooecd_enDelegates from over 90 jurisdictions have gathered at the OECD Conference Centre in Paris in two meetings devoted to discussing solutions to base erosion and profit shifting (BEPS). The Global Forum on Transfer Pricing and the Task Force meetings built on the structured dialogue with developing countries and complement the direct involvement in the CFA’s BEPS work and the regional meetings on BEPS held in Seoul, Lima, Libreville, Ankara and Pretoria.

OECD's engagement with developing countries in the BEPS Project has been strongly supported by several international and regional organisations. This close cooperation was highlighted by the signing of a Memorandum of Understanding (MOU) between the Centre de rencontres et d'études des dirigeants des administrations fiscales (CREDAF) on 16 March. CREDAF joined the African Tax Administration Forum (ATAF) and the Center for Inter-American Tax Administrators (CIAT) who already have MOUs with the OECD aimed at strengthening the partnership to improve tax policy and statistics and tax administration, and helping build greater capacity within the respective regions.

On 16 and 17 March more than 240 tax officials discussed solutions to end base erosion and profit shifting at the Global Forum on Transfer Pricing. During this meeting the experience of delegates and the practical impact of the current BEPS work on Transfer Pricing took centre stage. In his opening address, Pascal Saint-Amans, Director of OECD's Centre for Tax Policy and Administration welcomed developing countries as participants in the BEPS Project. "Your participation is vital for the BEPS Project. Learning from your experiences helps to develop new international standards for the global tax community."

The challenges faced and experience gained by developing countries also played an important role in the meeting of the Task Force on Tax and Development on 18 March. In their outcomes statement, the Co-Chairs applauded the G20 mandate to the OECD and other international and regional organisations to work together to develop toolkits to support the practical implementation of the BEPS measures and the other priority issues for developing countries. "We appreciate the work done in cooperation with other international and regional organisations, building on the experience of developing and developed countries". The first outputs on Tax Incentives and on Transfer Pricing Comparables are scheduled to be presented in the second half of 2015.

i. Direct participation in the Committee on Fiscal Affairs (CFA) and its subsidiary bodies

The Task Force meeting welcomed the direct participation of 14 developing countries and the regional tax organisations (ATAF and CIAT) in the work of the CFA and the Working Party meetings on the BEPS Project.

ii. Regional Networks of tax policy and administration officials

iii. Capacity building support

Participants expressed concerns over the current lack of coherence in granting tax incentives, the lack of capacity to conduct effective cost/benefit analysis, and the lack of transparency on the governance of tax incentives. Participants also welcomed the outline of a report by the international organisations to assist Low Income Countries on ensuring tax incentives designed to attract investment are efficient and effective.

Participants noted the challenges developing countries face in building effective transfer
pricing regimes due to the lack of comparability data. Discussions highlighted that countries use a broad range of approaches in an attempt to address the difficulties of finding comparability data. The Task Force considered the toolkit aimed at providing assistance to developing countries on this issue as a critical step forward.



March 25, 2015 | Permalink | Comments (0)

Tuesday, March 24, 2015

Most Big Law Firms Have Been Breached, As Hackers Seek Corporate Client Secrets

USCYBERCOM_LogoBloomberg Law's Ellen Rosen with assistance from Michael Riley, Patrick G. Lee, Sabrina Willmer and Devin Banerjee, report that data breaches don't just affect retailers and banks; most big law firms have also been hacked, according to a report from Cisco Systems Inc.  ...

This is particularly true at firms with practices involving government contracts or mergers and acquisitions, and especially when non-U.S. companies or countries are involved.

“Law firms are very attractive targets. They have information from clients on deal negotiations which adversaries have a keen interest in,” Harvey Rishikof, co-chairman of the American Bar Association Cybersecurity Legal Task Force, told Bloomberg News. “They're a treasure trove that is extremely attractive to criminals, foreign governments, adversaries and intelligence entities.”

Breach at Top 100 Firms

Although Cisco ranked law firms as the seventh most-vulnerable industry to “malware encounters” in its 2015 Annual Security Report, other statistics relevant to law firms are more striking.

At least 80 percent of the biggest 100 law firms have had some sort of breach, Peter Tyrrell, chief operating officer of Digital Guardian, a data security software company, told Bloomberg News.

read the full story on Bloomberg Law

March 24, 2015 | Permalink | Comments (0)

FFIEC Focuses on Cybersecurity, Will Debut Self-Assessment Tool


The Federal Financial Institutions Examination Council (FFIEC) provided an overview of its cybersecurity priorities for the remainder of 2015.

The priorities include seven workstreams that stem from last year’s pilot assessment of cybersecurity readiness at more than 500 financial institutions. The planned work includes the development and issuance of a self-assessment tool that financial institutions can use to evaluate their readiness to identify, mitigate and respond to cyber threats.

The FFIEC also will enhance their incident analysis, crisis management, training, and policy development and expand their focus on technology service providers’ cybersecurity preparedness. Additionally, the FFIEC will continue to improve its collaboration with other agencies and communicate on the importance of cybersecurity awareness and best practices among financial industry participants and regulators.

Work is underway in the following workstreams:

  1. Cybersecurity Self-Assessment Tool—The FFIEC plans to issue a self-assessment tool this year to assist institutions in evaluating their inherent cybersecurity risk and their risk management capabilities.
  2. Incident Analysis—FFIEC members will enhance their processes for gathering, analyzing, and sharing information with each other during cyber incidents.
  3. Crisis Management—The FFIEC will align, update, and test emergency protocols to respond to system-wide cyber incidents in coordination with public-private partnerships.
  4. Training—The FFIEC will develop training programs for the staff of its members on evolving cyber threats and vulnerabilities.
  5. Policy Development—The FFIEC will update and supplement its Information Technology Examination Handbook to reflect rapidly evolving cyber threats and vulnerabilities with a focus on risk management and oversight, threat intelligence and collaboration, cybersecurity controls, external dependency management, and incident management and resilience.
  6. Technology Service Provider Strategy—The FFIEC’s members will expand their focus on technology service providers’ ability to respond to growing cyber threats and vulnerabilities.
  7. Collaboration with Law Enforcement and Intelligence Agencies—The FFIEC will build upon existing relationships with law enforcement and intelligence agencies to share information on the growing cybersecurity threats and response techniques.

The FFIEC has published several resources to help financial institutions improve their cybersecurity, including additional information regarding the cybersecurity assessment conducted in 2014. They are available on the FFIEC website at

March 24, 2015 | Permalink | Comments (0)

Monday, March 23, 2015

May DOJ Start Cancelling NPAs with Global Banks?

Excerpts from the March 16, 2015 speech of Assistant Attorney General Leslie Caldwell 

DOJ-U-S-ATTORNEYS-OFFICEDPAs and NPAs are useful enforcement tools in criminal cases.  Through those agreements, we can often accomplish as much as, and sometimes even more than, we could from a criminal conviction.  We can require improved compliance programs, remedial steps or the imposition of a monitor.  We can require that the banks cooperate with our ongoing investigations, particularly in our investigations of individuals.  We can require that such compliance programs and cooperation be implemented worldwide, rather than just in the United States.  We can require periodic reporting to a court that oversees the agreement for its term.  These agreements can enable banks to get back on the right track, under the watchful eye of the Criminal Division and sometimes a court.

And these agreements have teeth – not just because they are overseen by the Department of Justice and sometimes a court, but because of the potential penalties triggered by a breach. 

Let me be clear: in the Criminal Division, we will hold banks and other entities that enter into DPAs and NPAs to the obligations imposed on them by those agreements.  And where banks fail to live up to their commitments, we will hold them accountable. 

Just like an individual on probation faces a range of potential consequences for a violation, so too does a bank that is subject to a DPA or NPA.

Under DPAs and NPAs, we have a range of tools at our disposal.  We can extend the term of the agreement and the term of any monitor, while we investigate allegations of a breach, including allegations of new criminal conduct.  Where a breach has occurred, we can impose an additional monetary penalty, or additional compliance or remedial measures.  Most significantly, we can pursue charges based on the conduct covered by the agreement itself – the very conduct that the bank had tried to resolve through the DPA or NPA. 

Make no mistake: the Criminal Division will not hesitate to tear up a DPA or NPA and file criminal charges, where such action is appropriate and proportional to the breach. 

DPAs and NPAs are powerful tools.  They can’t be ignored once they’re signed, and they can’t be followed partially but not completely.  We will take action to ensure that banks are held accountable for DPA or NPA violations.  And where a bank that violates a DPA or NPA is a repeat offender with a history of misconduct, or where a violating bank fails to cooperate with an investigation or drags its feet, that bank will face criminal consequences for its breach of the agreement. 

International Financial Law Prof Blogger William Byrnes is the author of Lexis' Money Laundering, Asset Forfeiture and Recovery and Compliance -- A Global Guide, a resource detailing anti-money laundering and counter-terrorist financing law, asset forfeiture, risk and compliance, and international agreements for 87 countries & territories.

March 23, 2015 | Permalink | Comments (0)

UK Regulators outline new rules for senior bankers

FCA UKThe British Bankers Association (BBA) reports that the Financial Conduct Authority (FCA) and Prudential Regulation Authority (PRA) provided further details of the new accountability regime for senior bankers...

The PRA announced that those responsible for running the UK operations of non-European banks will be subject to the new rules and could be subject to “fines, public censure and bans” if found guilty of serious malpractice (FT, £, p3). The FCA also announced that investment banks will have to assess the fitness of their traders on an annual basis, although CityAM (p2) notes concerns by lawyers that the definition of a “trader” has not been clarified.

March 23, 2015 | Permalink | Comments (0)

Sunday, March 22, 2015

Central Banking in Latin America: From the Gold Standard to the Golden Years

IMF Working Paper No. 15/60 of Author/Editor Luis Ignacio Jácome

IMF_Text_LogoThis paper provides a brief historical journey of central banking in Latin America to shed light on the debate about monetary policy in the post-global financial crisis period. The paper distinguishes three periods in Latin America’s central bank history: the early years, when central banks endorsed the gold standard and coped with the collapse of this monetary system; a second period, in which central banks turned into development banks under the aegis of governments at the expense of increasing inflation; and the “golden years,” when central banks succeeded in preserving price stability in an environment of political independence.

The paper concludes by cautioning against overburdening central banks in Latin America with multiple mandates as this could end up undermining their hard-won monetary policy credibility. 

March 22, 2015 | Permalink | Comments (0)

Saturday, March 21, 2015

UK Follows US Approach - Bankers Who Assist Tax Evaders Will Go to Jail

S630_HMRC_sign__media_library__960_The 2015 UK Budget has been tabled.  Interesting, the UK has one of the lowest corporate tax rates of the OECD and its other competitors.  The UK is also experiencing growth and unprecedented levels of employment.  

But the Budget has a surprise for bankers.  Besides increasing the bank tax to raise an additional L900 million (which gives the UK a forecast budget surplus) ...

1.247 This government has been clear that banks should make an additional contribution
that reflects the risks they pose to the UK economy. This contribution has always needed to be balanced against financial stability considerations and banks’ ability to lend to the real economy.

However, with banks now strengthening their balance sheets and returning to profitability, the government believes that the sector should be expected to absorb a greater burden of remaining deficit reduction. The government will therefore increase the Bank Levy from 0.156% to 0.210% from 1 April 2015.

...bankers who assist with tax evasion will suffer criminal prosecution, like in the USA.  See the Budget, page 60. 

1.238 The government is committed to a fair tax system in which everyone contributes to reducing the deficit, and those with the most make the largest contribution. Budget 2015 announces further measures to tackle offshore evasion, close down tax avoidance, and ensure a fair contribution from businesses and individuals.

1.240 Tax evasion is a crime that deprives the country of much needed revenue for public
services. Over the last two years, this government has led work in Europe, in the G20 and
through the UK’s G8 Presidency to transform international tax transparency. Agreement has now been reached among 92 countries to exchange information on bank accounts automatically every year. Regulations giving effect to these agreements will be laid shortly after Budget 2015.

1.241 Under these agreements, starting in 2016 for the Crown Dependencies and Overseas Territories, HMRC will receive a wide range of information on offshore accounts held by UK tax residents, including names, addresses, account numbers, interest and balances. This represents an unprecedented change in HMRC’s ability to tackle offshore tax evasion.

1.242 Building on this, the government will toughen sanctions for those who continue to evade tax by closing the existing disclosure facilities for tax evaders early. A tougher ‘last chance’ disclosure facility will be offered between 2016 and mid-2017, with penalties of at least 30% on top of tax owed and interest and with no immunity from criminal prosecutions in appropriate cases.

1.243 This government has introduced changes throughout this Parliament to tackle avoidance
and to focus in on the diminishing minority who refuse to play by the rules. As proposed in
the consultation document ‘Strengthening Sanctions for Tax Avoidance,’ the government will introduce tougher measures for those who persistently enter into tax avoidance schemes that fail, and will develop further measures to publish the names of such avoiders and to tackle avoiders who repeatedly abuse reliefs.106 The government will also widen the current scope of the Promoters of Tax Avoidance Schemes regime by bringing in promoters whose schemes are regularly defeated by HMRC.

1.244 The government introduced a significant new regime for avoidance with the creation of the general anti-abuse rule (GAAR). The government will increase the deterrent effect by introducing a penalty based on the amount of tax that is tackled by the GAAR.

1.245 The government changed the economics of tax avoidance with the introduction of the Accelerated Payments regime, removing the cash-flow advantage that users of avoidance schemes have benefitted from. HMRC has continued to review cases and more accelerated payment notices will now be issued than previously announced.

1.246 Some companies enter into contrived arrangements, with little economic substance, to convert old losses into new ones and circumvent the loss relief rules. The government will introduce a targeted anti-avoidance rule to level the playing field between the majority of companies, who follow the rules, and those others who side step them.

The Telegraph reports that: ... “We’re making it a crime if companies fail to put in place measures to stop economic crime happening in their organisations.   

“Tax evasion is a crime like any other. If people help a burglar, they are accomplices and criminals, too.  Now it will be the same for those that help tax evaders.” (emphasis added)

March 21, 2015 | Permalink | Comments (0)