The Internal Revenue Service today reminded taxpayers who have one or more bank or financial accounts located outside the United States, or signature authority over such accounts that they may need to file an FBAR by Thursday, June 30.

By law, many U.S. taxpayers with foreign accounts exceeding certain thresholds must file Form 114, Report of Foreign Bank and Financial Accounts, known as the "FBAR." It is filed electronically with the Treasury Department's Financial Crimes Enforcement Network (FinCen).

"Robust growth in FBAR filings in recent years shows we are getting the word out regarding the importance of offshore tax compliance," said IRS Commissioner John Koskinen. "Taxpayers here and abroad should take their foreign account reporting obligations very seriously.”

In general, the filing requirement applies to anyone who had an interest in, or signature or other authority over foreign financial accounts whose aggregate value exceeded $10,000 at any time during 2015. Because of this threshold, the IRS encourages taxpayers with foreign assets, even relatively small ones, to check if this filing requirement applies to them. The form is only available through the BSA E-Filing System website.

In 2015, FinCen received a record high 1,163,229 FBARs, up more than 8 percent from the prior year. FBAR filings have grown on average by 17 percent per year during the last five years, according to FinCen data.

The IRS is implementing the Foreign Account Tax Compliance Act (FATCA), which mandates third-party reporting of foreign accounts to foster offshore tax compliance. FATCA created a new filing requirement: IRS Form 8938, Statement of Specified Foreign Financial Assets, which is filed with individual tax returns. The filing thresholds are much higher for this form than for the FBAR.

Professor William Byrnes of Texas A&M University's law school commented "In 2002, the IRS reported to Congress that the FBAR compliance rate was less than 20 percent because it had received fewer than 200,000 FBARs when one million taxpayers may have been required to file.  Then in 2013 the Taxpayer Advocate reported, relying on State Department statistics, that 7.6 million U.S. citizens reside abroad and many more U.S. residents have FBAR filing requirements for foreign accounts.  The Taxpayer Advocate noted that in Mexico alone, more than one million U.S. citizens reside, and many Mexican citizens reside in the U.S."

"Only 1.1 million FBARs from a potential class of between seven and ten million taxpayers with foreign asset exposure appears to me to be approximately a ten to fifteen percent compliance rate."  It may be that the IRS is putting a brave face on a bad situation that Congress needs to clean up through policy change or funding change?"

"Not every FBAR filer will also need to file a Form 8938, Statement of Specified Foreign Financial Assets, but many will.  Yet, Form 8938 filings only reached 300,000 for tax year 2014 (roughly the same as 2013), up from 200,000 for tax year 2011 - the first year of the form," continued Byrnes.

 For a detailed FBAR and Form 8938 enalysis, download my 118 page article.

June 20, 2016 in FinCEN, Tax Compliance | Permalink | Comments (0)

Download FinCEN 2016 rule  

See from page 205 through page 227 the new rules [and the very interesting RIA (academically speaking at least) before the rules]

(b) Identification and verification. With respect to legal entity customers, the covered financial institution’s customer due diligence procedures shall enable the institution to:

(1) Identify the beneficial owner(s) of each legal entity customer at the time a new account is opened, unless the customer is otherwise excluded pursuant to paragraph (e) of this section or the account is exempted pursuant to paragraph (h) of this section. A covered financial institution may accomplish this either by obtaining a certification in the form of appendix A of this section from the individual opening the account on behalf of the legal entity customer, or by obtaining from the individual the information required by the form by another means, provided the individual certifies, to the best of the individual’s knowledge, the accuracy of the information; and

(2) Verify the identity of each beneficial owner identified to the covered financial institution, according to risk-based procedures to the extent reasonable and practicable. At a minimum, these procedures must contain the elements required for verifying the identity of customers that are individuals under §1020.220(a)(2) of this chapter (for banks);

(d) Beneficial owner. For purposes of this section, beneficial owner means each of the following:

(1) Each individual, if any, who, directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, owns25 percent or more of the equity interests of a legal entity customer; and

(2) A single individual with significant responsibility to control, manage, or direct a legal entity customer, including:

(i) An executive officer or senior manager (e.g., a Chief Executive Officer, Chief Financial Officer, Chief Operating Officer, Managing Member, General Partner, President, Vice President, or Treasurer); or
(ii) Any other individual who regularly performs similar functions.

(3) If a trust owns directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, 25 percent or more of the equity interests of a legal entity customer, the beneficial owner for purposes of paragraph (d)(1) of this section shall mean the trustee. If an entity listed in paragraph (e)(2) of this section owns directly or indirectly, through any contract, arrangement, understanding, relationship or otherwise, 25 percent or more of the equity interests of a legal entity customer, no individual need be identified for purposes of paragraph (d)(1) of this section with respect to that entity’s interests.

Under paragraph (d)(1) of this section, depending on the factual circumstances, up to four individuals may need to be identified. Under paragraph (d)(2) of this section, only one individual must be identified. It is possible that in some circumstances the same person or persons might be identified pursuant to paragraphs (d)(1) and (2) of this section. A covered
financial institution may also identify additional individuals as part of its customer due diligence if it deems appropriate on the basis of risk.

free download of 118 page Lexisnexis® Guide to FATCA Compliance: Chapter 1

May 10, 2016 in FinCEN | Permalink | Comments (0)

Financial journalist Josep Maria Casas reports that Un eminente jurista norteamericano acusa a las autoridades antiblanqueo de su país de proceder con más severidad contra los bancos pequeños que contra los grandes ...

En una carta dirigida al FinCEN, Byrnes se muestra "consternado" al observar que esta unidad antiblanqueo supuestamente estaría violando la Ley de Procedimientos de la Administración norteamericana por tres motivos: por retener información no clasificada, por no escuchar a la otra parte antes de tomar una decisión y por no evaluar posibles alternativas.

Lees el articulo - Economia Digital

February 17, 2016 in FinCEN | Permalink | Comments (0)

On July 14, 2015, the P5+1 (China, France, Germany, Russia, the United Kingdom, and the United States), the European Union, and Iran reached a Joint Comprehensive Plan of Action (JCPOA) to ensure that Iran’s nuclear program will be exclusively peaceful.  October 18, 2015 marked Adoption Day of the JCPOA, the date on which the JCPOA came into effect and participants began taking steps necessary to implement their JCPOA commitments. 

See also Baker McKenzie's analysis at EU and US Sanctions Relief for Iran Under the Joint Comprehensive Plan of Action Goes into Effect

January 22, 2016 in FinCEN | Permalink | Comments (0)

On July 29, 2015, FinCEN issued a Final Rule imposing the fifth special measure against FBME Bank Ltd. (FBME) with an effective date of August 28, 2015.  On August 27, 2015, the United States District Court for the District of Columbia granted FBME’s motion for a preliminary injunction and enjoined the Final Rule from taking effect. On November 6, 2015, the Court granted the Government’s motion for voluntary remand to allow for further rulemaking proceedings.

On November 27, 2015, FinCEN published in the Federal Register a Notice to re-open the Final Rule for 60 days to solicit additional comment in connection with the rulemaking, particularly with respect to the unclassified, non-protected documents that support the rulemaking and whether any alternatives to the prohibition of the opening or maintaining of correspondent accounts with FBME would effectively mitigate the risk to domestic financial institutions.  The Notice can be found at http://www.gpo.gov/fdsys/pkg/FR-2015-11-27/pdf/2015-30119.pdf. The unclassified, non-protected documents that support the rulemaking are available at http://www.regulations.gov/#!documentDetail;D=FINCEN_FRDOC_0001-0038 [Docket ID: FINCEN_FRDOC_0001].

III. Request for Comments

FinCEN invites comments on all aspects of this rulemaking, including, but not limited to, the following:

1. The unclassified, non-protected information that FinCEN intends to rely upon during the rulemaking proceeding; ⁽⁷⁾

2. Whether any of special measures one through four under Section 311 with respect to covered U.S. financial institutions' activities involving FBME would be an effective alternative to mitigate the risk posed by FBME as explained in the Notice of Finding;

3. Whether, pursuant to special measure five of Section 311, FinCEN should impose conditions, rather than a prohibition, on the opening or maintaining of correspondent accounts with FBME as an effective alternative to mitigate the risk posed by FBME as explained in the Notice of Finding; and

4. Any material developments that have occurred with respect to FBME since the issuance of the NOF and NPRM on July 22, 2014, including whether reasonable grounds continue to exist for concluding that FBME is a primary money laundering concern.

December 23, 2015 in FinCEN | Permalink | Comments (0)

Litigation Release No. 23414 / November 27, 2015: Securities and Exchange Commission v. Robert Yang, Claudia Kano, Suncor Fontana, LLC, Suncor Hesperia, LLC, Suncor Care Lynwood, LLC, Civil Action No. 5:15-cv-02387 (November 19, 2015) (Central District of California, Eastern Division)

The Securities and Exchange Commission today announced an asset freeze obtained against two people in San Bernardino, California accused of defrauding Chinese investors who invested in their related companies in an effort to obtain U.S. residency through the EB-5 Immigrant Investor Program. The EB-5 program provides a method to obtain visas by investing $1 million, or at least $500,000 in an area designated as rural or high unemployment, and which creates or preserves at least ten jobs for U.S. workers.

According to the SEC’s complaint filed in U.S. District Court for the Central District of California, Robert Yang, MD, Claudia Kano, and their affiliated “Suncor” entities have raised approximately $20 million from 40 investors located in China for the development of three “sub-acute nursing care facilities” located in Fontana, Hesperia, and Lynwood, California. But the SEC alleges that Yang and Kano diverted more than $10 million for personal and other uses and jeopardized investors’ prospects for U.S. residency under the terms of the EB-5 program.

Among other things, the SEC alleges that Yang and Kano, contrary to representations made to investors, used investor funds for Yang’s medical practice, to pay Yang’s personal taxes, and to purchase real estate unrelated to the EB-5 projects. Further, although the Defendants made repeated statements to investors that their funds would “only” be used to develop the specific medical facility project in which they made an investment, the Defendants transferred funds between projects. The SEC also alleges that, unbeknownst to investors, Yang and Kano diverted investors’ funds to a third-party “finder” to locate investors in China, which would disqualify them from the EB-5 program because this caused their net investments to fall below the minimum $500,000 threshold. The SEC alleges that while investors understood and paid $45,000 fees to the finder in addition to their $500,000 investments, they were not told that another 18% of their investments would be deducted and diverted to the finder.

On Wednesday, November 25, 2015, the court granted the SEC’s request for an asset freeze, and an order expediting discovery and prohibiting the destruction of documents.

The SEC’s investigation was conducted by Michael Cates and Kerry Matticks of the Denver Regional Office and supervised by Ian Karpel. The SEC’s litigation will be led by Zachary Carlyle.

See Also:

SEC Complaint

Investor Alert: Investment Scams Exploit Immigrant Investor Program

Investor Alert: Investment Scams Exploit Immigrant Investor Program

The U.S. Securities and Exchange Commission's Office of Investor Education and Advocacy and U.S. Citizenship and Immigration Services are jointly issuing this Investor Alert to warn individual investors about fraudulent investment scams that exploit the Immigrant Investor Program, also known as "EB-5."

The U.S. Securities and Exchange Commission's ("SEC") Office of Investor Education and Advocacy and U.S. Citizenship and Immigration Services ("USCIS") are aware of investment scams targeting foreign nationals who seek to become permanent lawful U.S. residents through the Immigrant Investor Program ("EB-5").  In close coordination with USCIS, which administers the EB-5 program, the SEC has taken emergency enforcement action to stop allegedly fraudulent securities offerings made through EB-5.

The EB-5 program provides certain foreign investors who can demonstrate that their investments are creating jobs in this country, with a potential avenue to lawful permanent residency in the United States. Business owners apply to USCIS to be designated as "regional centers" for the EB-5 program.  These regional centers offer investment opportunities in "new commercial enterprises" that may involve securities offerings.  Through EB-5, a foreign investor who invests a certain amount of money that is placed at risk, and creates or preserves a minimum number of jobs in the United States, is eligible to apply for conditional lawful permanent residency.  Toward the end of the two-year period of conditional residency, the foreign investor is eligible to apply to have the conditions on their lawful permanent residency removed, if he or she can establish that the job creation requirements have been met.  Foreign investors who invest through EB-5, however, are not guaranteed a visa or to become lawful permanent residents of the United States. For more details, read the EB-5 Immigrant Investor section of USCIS's website at www.uscis.gov.

The fact that a business is designated as a regional center by USCIS does not mean that USCIS, the SEC, or any other government agency has approved the investments offered by the business, or has otherwise expressed a view on the quality of the investment. The SEC and USCIS are aware of attempts to misuse the EB-5 program as a means to carry out fraudulent securities offerings. In a recent case, SEC v. Marco A. Ramirez, et al., the SEC and USCIS worked together to stop an alleged investment scam in which the SEC claims that the defendants, including the USA Now regional center, falsely promised investors a 5% return on their investment and an opportunity to obtain an EB-5 visa. The promoters allegedly started soliciting investors before USCIS had designated the business as a regional center. The SEC alleged that while the defendants told investors their money would be held in escrow until USCIS approved the business as eligible for EB-5, the defendants misused investor funds for personal use such as funding their Cajun-themed restaurant. According to the SEC's complaint, the investors did not obtain even conditional visas as a result of their investments through the USA Now regional center.

In another case, SEC v. A Chicago Convention Center, et al., the SEC and USCIS coordinated to halt an alleged $156 million investment fraud. The SEC alleged that an individual and his companies used false and misleading information to solicit investors in the "World's First Zero Carbon Emission Platinum LEED certified" hotel and conference center in Chicago, including falsely claiming that the business had acquired all necessary building permits and that the project was backed by several major hotel chains. According to the SEC's complaint, the defendants promised investors that they would get back any administrative fees they paid for their investments if their EB-5 visa applications were denied.  The defendants allegedly spent more than 90 percent of the administrative fees, including some for personal use, before USCIS adjudicated the visa applications.

As with any investment, it is important to research thoroughly any offering that purports to be affiliated with EB-5. Take these steps:

• Confirm that the regional center has been designated by USCIS. If you intend to invest through a regional center, check the list of current regional centers on USCIS's website at www.uscis.gov. If the regional center is not on the list, exercise extreme caution. Even if it is on the list, understand that USCIS has not endorsed the regional center or any of the investments it offers.
• Obtain copies of documents provided to USCIS. Regional centers must file an initial application (Form I-924) to obtain USCIS approval and designation, and must submit an information collection supplement (Form I-924A) at the end of every calendar year. Ask the regional center for copies of these forms and supporting documentation provided to USCIS.
• Request investment information in writing. Ask for a copy of the investment offering memorandum or private placement memorandum from the issuer.  Examine it carefully and research similar projects in evaluating the proposal. Follow up with any questions you may have. If you do not understand the information in the document or the issuer is unwilling or unable to answer your questions to your satisfaction, do not invest.
• Ask if promoters are being paid. If there are supposedly unaffiliated consultants, lawyers, or agencies recommending or endorsing the investment, ask how much money or what type of benefits they expect to receive in connection with recommending the investment. Be skeptical of information from promoters that is inconsistent with the investment offering memorandum or private placement memorandum from the issuer.
• Seek independent verification. Confirm whether claims made about the investment are true.  For example, if the investment involves construction of commercial real estate, check county records to see if the issuer has obtained the proper permits and whether state and local property tax assessments correspond with the values the regional center attributes to the property. If other companies have purportedly signed onto the project, go directly to those companies for confirmation. 
• Examine structural risk. Understand that you may be investing in a new commercial enterprise that has no assets and has been established to loan funds to a company that will use the funds to develop projects. Carefully examine loan documents and offering statements to determine if the loan is secured by any collateral pledged to investors.
• Consider the developer's incentives. EB-5 regional center principals and developers often make capital investments in the projects they manage.  Recognize that if principals and developers do not make an equity investment in the project, their financial incentives may not be linked to the success of the project.
• Look for warning signs of fraud. Beware if you spot any of these hallmarks of fraud:
  • Promises of a visa or becoming a lawful permanent resident. Investing through EB-5 makes you eligible to apply for a conditional visa, but there is no guarantee that USCIS will grant you a conditional visa or subsequently remove the conditions on your lawful permanent residency. USCIS carefully reviews each case and denies cases where eligibility rules are not met. Guarantees of the receipt or timing of a visa or green card are warning signs of fraud.
  • Guaranteed investment returns or no investment risk. Money invested through EB-5 must be at risk for the purpose of generating a return. If you are guaranteed investment returns or told you will get back a portion of the money you invested, be suspicious.
  • Overly consistent high investment returns. Investments tend to go up and down over time, particularly those that offer high returns.  Be suspicious of an investment that claims to provide, or continues to generate, high rates of return regardless of overall market conditions.
  • Unregistered investments.  Even though a regional center may be designated as a regional center by USCIS, most new commercial enterprise investment opportunities offered through regional centers are not registered with the SEC or any state regulator.  When an offering is unregistered, the issuer may not provide investors with access to key information about the company's management, products, services, and finances that registration requires. In such circumstances, investors should obtain additional information about the company to help ensure that the investment opportunity is bona fide.
  • Unlicensed sellers. Federal and state securities laws require investment professionals and their firms who offer and sell investments to be licensed or registered.  Designation as a regional center does not satisfy this requirement.  Many fraudulent investment schemes involve unlicensed individuals or unregistered firms.
  • Layers of companies run by the same individuals. Some EB-5 regional center investments are structured through layers of different companies that are managed by the same individuals. In such circumstances, confirm that conflicts of interest have been fully disclosed and are minimized.

If your investment through EB-5 turns out to be in a fraudulent securities offering, you may lose both your money and your path to lawful permanent residency in the United States. Carefully vet any EB-5 offering before investing your money and your hope of becoming a lawful permanent resident of the United States.

USCIS and the SEC have in recent years built a strong partnership with an emphasis on fostering EB-5 program integrity. The two agencies coordinate on issues at the case-specific and programmatic levels, and have participated in joint public engagement events to raise awareness among EB-5 developers and investors as to these issues. This Investor Alert is another example of our coordinated efforts regarding EB-5 program integrity.

December 11, 2015 in FinCEN | Permalink | Comments (0)

www.fatf-gafi.org/publications/fatfrecommendations/documents/public-consultation-npo-inr8.html

November 18, 2015 in FinCEN | Permalink | Comments (0)

Today, I’d like to talk about the Justice Department’s perspective on the Computer Fraud and Abuse Act (CFAA): how we use it to fight cybercrime and to protect privacy, and how we propose to improve it.  Whether and how to improve the CFAA has generated many interesting academic ideas over the last few years, and will be the subject of some of the discussion here later.  For our part, the administration has proposed several targeted updates that we believe will help law enforcement keep up with evolving cyber threats, and consequently benefit computer users and those whose information is stored on computers.

I hope that my remarks will both set the stage for the panels to come, and also elucidate how federal prosecutors have applied the CFAA to prosecute serious financial crimes and invasions of privacy.  Equally, I know that I speak for my colleagues on the panels and in the audience when I say that we look forward to a robust discussion of the statute, its use and its appropriate reach.

The CFAA was drafted and enacted in the early 1980s.  At that time, the computer age in America was rapidly dawning.  The amount of information stored digitally was growing equally quickly, feeding a growing public concern about the victimization of citizens and businesses through computer systems.  A decade later, we would call that victimization “cybercrime.” 

In response to that public concern, Congress included provisions in the Comprehensive Crime Control Act of 1984 to address the unauthorized access to and use of computers and computer networks and created a new statute—Title 18, U.S. Code, Section 1030.  The legislative history indicates that Congress intended these provisions to provide “a clearer statement of proscribed activity” to “the law enforcement community, those who own and operate computers, as well as those who may be tempted to commit crimes by unauthorized access.”  Two years later the statute was amended and renamed the Computer Fraud and Abuse Act.

At its core, the CFAA reflects a basic expectation that computer owners and operators are entitled to control access to their computer systems and networks.  And it reflects the need for rules of the road in cyberspace just like in physical space, so that computer users can expect that information stored there remains safe.  Computers in 2015 may not look much like computers in 1984, but the statute’s authors envisioned that technology would evolve and complex relationships would emerge among computer owners, operators and users—and worked to establish and refine legal definitions that would accurately capture the most salient aspects of those complexities in describing criminal conduct.

Additionally, over the years, as new types of cybercrime—like cyber extortion and distributed denial-of-service (DDOS) attacks using botnets—have arisen, and as courts and Congress have gained experience with the statute, the CFAA has been updated several times to reflect these emerging trends in criminal conduct.

And, throughout, we have debated how prosecutors should most effectively hold cyber criminals accountable, prevent and punish financial crimes, and vindicate the privacy rights of our citizens—while protecting free expression, encouraging development of new technologies, and fostering essential computer security research.  Sometimes these interests point in the same direction; sometimes they compete with one another and a balance has to be struck.  In some cases, those debates have played out in legislative hearings, in popular media or in academic settings such as this.  Often, the department has engaged with key constituencies, such as computer security researchers, to better understand their concerns.

In making decisions about whether to bring federal charges in cybercrime cases, prosecutors look to the Principles of Federal Prosecution, as they do in all cases.  Those principles direct us to the general factors that affect all charging decisions—like the losses experienced by the victim of the crime and the deterrent effect of prosecution.  But we also go a step further and consider factors specific to cybercrimes.  These factors include the sensitivity of information that has been obtained and disclosed, whether damage to a computer system affects public safety, market integrity or critical infrastructure, and whether the activity is related to a larger criminal endeavor.  Department prosecutors take charging decisions very seriously.  These decision are part of pursuing the department’s overall mission to protect Americans’ privacy and security and to seek justice for victims.

One point that is not always recognized is that many of the most robust and thoughtful discussions on these topics have taken place wholly within the Department of Justice.  We have these discussions internally on a daily basis, as prosecutors carefully weigh the appropriateness and possible long-term consequences of our charging decisions.  And, of course, we cannot always talk about those decisions.  But that is one of the reasons why I am happy that we have both current and former federal prosecutors here today, who can share some of what we’ve learned from our deliberations.

Continuing to examine this important balancing process is crucial, as the concept of cyberspace constantly evolves.  Computers are now ubiquitous in our lives—at home and at work.  Just about everyone in this room probably has one in front of you, in your hands, in your pocket or on your wrist.  Some of you probably have two or three.  We use computers to manage just about every aspect of our lives—our finances; our health.  And, increasingly, we use computers to control our cars, our refrigerators, lightbulbs and thermostats.  Our reliance on computer networks and electronic devices will only keep growing.  One study predicts that the Internet economy of G-20 countries will grow to $4.2 trillion by 2016, which means that if it were a country it would rank among the top five economies in the world—it would be Germany.

The same trends will also mean, however, that individual hackers, organized criminal networks and nation states will find even more ways to victimize American citizens and businesses in cyberspace. 

Hackers are already able to steal the financial information of millions of victims from a computer halfway around the world—we should expect to see them turning toward other types of information stored on networks, so long as it can be monetized or exploited.

Cyber criminals can already orchestrate massive disruptions of businesses and spirit away trade secrets in seconds—we should expect them to aim disruptions at new targets of opportunity or of political interest, and to steal from developing industries.

And, of course, every day we have threats that come from within, such as the disgruntled IT manager, the soon-to-be ex-employee and other company insiders who steal, delete or otherwise compromise company or private, personally identifiable information—there is little reason to expect this phenomenon will change, except that the criminally-inclined insider can now wreak ever-more damage with ever-less effort.

This past year alone we saw a series of extraordinarily invasive and damaging data breaches that victimized some of our nation’s largest businesses, as well as the federal government itself, with tens of millions of personal and consumer records being stolen or compromised at a time.  All types of businesses were victimized, from banks to retailers, to mom and pop financial firms, to entertainment companies, to restaurant chains, to health care providers.  Sadly, according to data from a recent report, there are twelve new victims of online crime every second—which means there will be more than 20,000 additional victims by the time I’m done speaking.

The cost of cybercrime is staggering.  One study last summer estimated the annual loss to the global economy due to cybercrime at as much as $400 billion.  But the financial effects can never capture the unquantifiable harms—the invasion of privacy, the trauma of sextortion, the personal strain of identity theft—that cybercrime causes its victims.

So, what has the Justice Department been doing about these cyber threats?  The Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS), along with prosecutors in U.S. Attorneys’ Offices around the country, have been successfully using the CFAA to combat cybercrime, and vindicate the privacy rights of victims for over two decades.  They work closely with agents from the FBI, the U.S. Secret Service and other law enforcement agencies.  And they also work in conjunction with attorneys from the National Security Division, who are responsible for cyber cases involving terrorism or nation-state actors.  CCIPS is the linchpin of the department’s anti-cybercrime efforts, and has been involved in one capacity or another in practically every significant cybercrime case involving the CFAA.

CCIPS and the U.S. Attorneys’ Offices represent the front line of our cybercrime prosecution efforts, and work closely with law enforcement agencies on complex and often long-term investigations against many of the world’s worst computer criminals.  Computer crime investigations can literally span the globe, and successfully building a prosecution can involve collecting evidence from multiple victims in different countries, over months and years.  But we have succeeded at unplugging some of the worst offenders, whether by successfully prosecuting them, working with international partners to ensure that they are charged in other countries, or disrupting the technical and financial infrastructure upon which they depend.

Let me now discuss the department’s recent use of the CFAA in two types of cases: to combat botnets—networks of victim computers surreptitiously infected with malicious malware—and to prosecute corrupt insiders—a serious threat to cybersecurity.  These types of cases have vindicated the rights of victims when hackers invade their privacy by stealing confidential information.  Additionally, I will describe how the administration’s targeted updates to the CFAA would empower law enforcement to better address these evolving threats.

Botnets threaten our privacy on a magnitude previously unimaginable.  Individual hackers and organized criminal groups are using state-of-the-art techniques to infect hundreds of thousands—sometimes millions—of computers and cause massive financial losses, all while becoming increasingly difficult to detect.

As you probably know, when a computer becomes part of a botnet, it can be remotely controlled from another computer and used as infrastructure for a variety of illicit activities.  Sometimes called “bot-masters” or “bot-herders,” cyber criminals who control botnets take control of the victim computers, or “bots.”  They can then command those victim computers to steal financial information, personally identifiable information, login credentials and other information from victims who often do not realize their computers have been compromised.

The threat from botnets has increased dramatically over the past several years.  Because utilizing botnets can be so lucrative, their designers use sophisticated code, often located on servers in foreign countries, and employ the latest in encryption methods—all designed to frustrate personal and corporate cybersecurity efforts, and to prevent law enforcement from responding effectively.  Indeed, recent cases demonstrate that botnets are used by criminals halfway around the world to commit crimes of a scope and sophistication that was difficult to imagine only a few years ago.

Despite the scale and complexity, however, the department has had success in combatting botnets.  One of the most effective methods has been to prosecute those responsible for the creation of the botnets using the CFAA.  For example, a couple of months ago, pursuant to a DOJ request, our foreign law enforcement partners in Cyprus arrested Andrey Ghinkul, a Moldovan national.  Mr. Ghinkul was allegedly responsible for creating the botnet known as “Bugat” or “Dridex,” which infected computers worldwide and was used by criminals to steal banking credentials and, ultimately, millions of dollars from victims.  It was specifically designed to defeat antivirus and other defensive measures employed by victims.  The FBI estimates that the Bugat/Dridex botnet is responsible for at least $10 million in U.S. losses.  Mr. Ghinkul was indicted under the CFAA and the department is seeking his extradition to the United States

In addition, the department seeks to disrupt and dismantle botnets, through the use of seizures, forfeitures, restraining orders, and other civil and legal processes.  We did that with respect to Bugat/Dridex, obtaining a civil restraining order to disrupt its operation, following a similar action taken by British law enforcement.  And last year, we did the same with respect to the notorious Gameover Zeus botnet—a sophisticated type of malware that created a global network of between 500,000 and one million infected victim computers.  Criminals used this botnet to steal about $100 million from consumers and businesses.

The Gameover Zeus botnet also was used to infect computers with Cryptolocker—a form of malware that would encrypt the files on a victim’s computer until they paid a ransom.  One estimate indicated that victims paid more than $27 million in ransom in just the first two months after Cryptolocker emerged.  Last May, using various civil and criminal legal processes, the department, with judicial authorization and oversight, wrested domains and servers from cyber criminals’ control, prevented infected computers from communicating with the criminals’ command and control infrastructure, and liberated hundreds of thousands of computers.

So far, so good.  But as I mentioned before, criminals can be incredibly creative in the way in which they victimize innocent computer users—and the Internet can be a powerful tool that enables them to do so.  And while the department has enjoyed success against botnets and, accordingly, vindicating victims’ privacy rights, our cases have revealed shortcomings in the CFAA which limit our ability to disrupt botnets and prosecute the criminals behind the keyboards.

First, although botnets can rely on extremely sophisticated programming, cross-border infrastructure, and the latest in encrypted communications technology, you don’t need to be an expert to use one.  You can go online, for example to a dark market on the Tor network, and buy one.  Or you can rent one—investigations have revealed botnets advertised for rent for about $300 to $500 a day, or even less for a short-term DDOS attack.  Criminals can then use the infected computers to commit various offenses—including stealing personal or financial information from U.S. citizens and businesses—while distancing themselves from the conduct by which the thousands, or more, computers were initially hacked.

Unfortunately, the CFAA currently poses obstacles to our ability to prosecute botnet trafficking, because it does not expressly cover buying or selling access to botnets.  Instead, it only expressly prohibits the sale or transfer of “passwords and other information.”  This loophole has already prevented the department from prosecuting clearly wrongful conduct.  In one case, an undercover officer discovered that a criminal was offering to sell a botnet consisting of thousands of victim computers.  The officer accordingly did an undercover purchase of the botnet from the criminal and notified the victims that their computers were infected.  The operation, however, did not result in a prosecutable U.S. offense because there was no evidence that the seller had created the botnet in question, and accordingly the seller was free to continue his activity.  This loophole will prevent federal prosecutors from being able to prosecute other individuals for selling access to infected computers.

The provision for the trafficking in “passwords or other information” also poses an obstacle, because it currently requires proving that the defendant had an intent to defraud.  But such intent is often difficult—if not impossible—to prove in botnet trafficking cases because the traffickers often have a wrongful purpose other than the commission of fraud.  This can be the case when botnets are rented to conduct DDOS attacks.  DDOS attacks may be committed out of malice, as ideological warfare against those with whom they disagree, or even as a paid service to other criminals.  But such attacks are not always committed with an intent to defraud. 

Alternatively, criminals may rent botnets as a proxy to conceal their identity while committing other crimes, such as drug dealing and the sexual exploitation of children.  While the botnets in such circumstances are being used to further criminal activity, the CFAA would not apply because there was no intent to defraud.

In response, the administration has proposed an update to the CFAA that would clarify that it is illegal to sell or rent control over infected computers, just like it is already clearly illegal to sell or transfer computer passwords.  The proposal would amend the CFAA, to expressly prohibit trafficking in “means of access.”  Such language would make clear that the CFAA not only prohibits the sale or transfer of “passwords and other information,” but also prohibits the sale of access to the hacked computers that make up botnets.

The proposal would also update the CFAA by replacing the current requirement that the government prove that the offender had an “intent to defraud” with a requirement to prove that the offender both knew that his conduct was “wrongful,” and also knew or should have known that the means of access would be used to hack or damage a computer.  Combined, these amendments would help the CFAA adapt to meet the evolving threat of botnets and ensure that the department has the necessary means to dismantle criminal infrastructure and vindicate the privacy rights of botnet victims.

Second, there is a similar gap in the statute that gives prosecutors the ability to undertake technical disruptions of botnets such as the ones that we deployed against Bugat/Dridex and Gameover Zeus.  We were able to do so in those cases because the law gives federal courts authority to issue injunctions to stop the ongoing commission of fraud or illegal wiretapping.  But, as I noted, botnets, can be used for other types of illegal activity.  To close this gap, we have proposed to change the law to permit the government to seek such a court order in any case where 100 or more victim computers have been hacked.

Another area where the department believes the CFAA needs to be updated concerns the “insider threat”—the threat to privacy and security from those who have limited authorization to access computers and networks, but intentionally exceed that authority to compromise sensitive information.  The department believes that the CFAA should protect computer owners against people who intentionally abuse a computer system, even if they have some authorization to access the system under limited circumstances—like company employees authorized to access a sensitive database but only for specified work purposes.

The insider threat to American companies is both diverse and very real.  Having written policies between computer owners and those individuals to whom some access must be granted is an important way to secure information because the policies make the limits of authorization explicit.

But insiders nonetheless may violate those rules by intentionally exceeding the limits of authorization they were granted, such as when an insider brings proprietary information to their next employer, exposes a political candidate’s private medical records or simply sells confidential information without any knowledge or concern of what the buyer intends to do with it.  Violating these written restrictions harms businesses as well as average Americans, particularly when the information stolen by insiders contains the private information of consumers, such as credit card numbers, banking information or social security numbers.

The CFAA has been a powerful authority in our fight to protect victims of crimes committed by insiders who exceed authorized access to their employers’ computers.  The department has used the CFAA, for example, to charge police officers who took advantage of their access to confidential criminal records databases in order to look up sensitive information about a paramour, sell access to those records to others, or even provide confidential law enforcement information to a charged drug trafficker.

We have also used this statute to prosecute an employee of a health insurer who used his access to improperly obtain the names and social security numbers of thousands of current and former employees (as well as information about how much his colleagues were being paid).  We have prosecuted a system administrator for reading the emails of a company’s CEO, and for passing those emails on to a competitor.  All of these insider hackers had some right to access those computers—their employers had to give them that access so they could do their jobs.  Their conduct became a crime under the CFAA only because they intentionally exceeded their employer’s computer access rules.

However, recent judicial decisions have imposed obstacles in much of the country to prosecuting such cases.  These decisions imposed a restrictive interpretation of the term “exceeds authorized access” in the CFAA based on a concern that the statute potentially makes relatively trivial conduct a federal crime.  For example, federal judges expressed concern that the statute could be construed to permit prosecution of a person who accesses the Internet to check baseball scores at lunchtime in violation of her employer’s strict business-only internet use policy.  Or perhaps where someone joins a dating website but lies about his physical fitness in violation of the site’s terms of service that requires users to provide only accurate information.

The department has no interest in prosecuting anyone for such activity.  Yet, as a result of these recent decisions, insiders in the affected circuits are effectively immunized from punishment under the CFAA even when they intentionally exceed the bounds of their legitimate access to confidential information and cause significant harm to their employers and to the people—often everyday Americans—whose data is improperly accessed.  Essentially legalizing insider hacking ignores the significant threat posed by insiders.  Just the other month, the Ninth Circuit overturned CFAA convictions in a case where a private investigator bribed a Los Angeles police officer in exchange for confidential police records and a paid a phone company employee for private commercial information.  This is exactly the kind of abuse of privacy that, in DOJ’s view, we should be deterring.

Therefore, the administration has proposed an update to the CFAA that maintains the law’s key privacy-protecting function while ensuring that trivial conduct does not constitute a federal crime.  To accomplish this, the proposal does two things.

First, it clarifies that the definition of “exceeds authorized access” includes the situation where the person accesses the computer for a purpose that he knows is not authorized by the computer owner.  This clarification is necessary to permit the prosecution of, for example, a law enforcement officer who is permitted access to criminal records databases, but only for official business purposes.

Second, the proposal adds new requirements that the government must meet to make clear that trivial conduct does not constitute an offense.  In order to constitute a crime under the proposed language, an offender is considered to have accessed a protected computer in excess of authorization and obtain information if the information so obtained is valued at $5,000 or more, or the access is in furtherance of a separate felony offense, or the access is to a government computer.

The administration’s proposed amendments will empower the department to prosecute and deter significant threats to privacy and security posed by insiders who abuse their access.  Simultaneously, the updates ensure that the CFAA does not inadvertently cover trivial conduct that we have no interest in prosecuting.

In closing, over the years, the CFAA has been a critical statute that the department has used to protect the privacy and security of American citizens and businesses.  But as cybercrime evolves, our laws must also evolve.

November 15, 2015 in FinCEN | Permalink | Comments (0)

Situations where financial institutions terminate or restrict business relationships with categories of customer (so-called “de-risking”) is a complex issue that goes far beyond anti-money laundering (AML) and counter-terrorist financing (CFT). The FATF has gathered preliminary information on the potential drivers of “de-risking”, with input from the private sector which highlights that there is a continued need to improve the evidence base in order to determine the causes, scale and impact of de-risking. The FATF approach to “de-risking” is based on the FATF Recommendations which require financial institutions to identify, assess and understand their money laundering and terrorist financing risks, and implement AML/CFT measures that are commensurate with the risks identified.

When establishing correspondent banking relationships, banks are required to perform normal customer due diligence on the respondent bank. Additionally, banks are required to gather sufficient information about the respondent bank to understand the respondent bank’s business, reputation and the quality of its supervision, including whether it has been subject to a money laundering or terrorist financing investigation or regulatory action, and to assess the respondent bank’s AML/CFT controls. Although there will be exceptions in high risk scenarios, the FATF Recommendations do not require banks to perform, as a matter of course, normal customer due diligence on the customers of their respondent banks when establishing and maintaining correspondent banking relationships.

The FATF is undertaking work to further clarify the interplay between the FATF standards on correspondent banking (Recommendation 13) and other intermediated relationships, and the FATF standards on customer due diligence (Recommendation 10) and wire transfers (Recommendation 16). In doing so, the FATF will consult with regulators and the private sector, and will take into account relevant work on correspondent banking and account closure being undertaken by the Committee on Payments and Market Infrastructures (CPMI), the Financial Stability Board (FSB), the Global Partnership for Financial Inclusion (GPFI), the International Monetary Fund (IMF) and the Union of Arab Banks (UAB), the World Bank Group (WBG), and the World Trade Organisation (WTO). The FATF will also take into account the Basel Committee on Banking Supervision’s Guidance on Sound Management of Risks Related to Money Laundering and Financing of Terrorism which was published in January 2014, and will continue engagement with the Basel Anti-Money Laundering Experts Group (AMLEG).

The FATF continues to focus its efforts on de-risking, including through stocktaking and acknowledging the work of other bodies in this area. De-risking is having a significant impact in certain regions and sectors in particular and, although there is currently no evidence that de-risking is adversely impacting global financial stability, the international community continues to study this issue closely.

De-risking will remain a priority for FATF. The FATF continues to monitor closely developments related to de-risking, including the fact gathering and analytical work conducted by other bodies – notably the Financial Stability Board (FSB), the Committee on Payments and Market Infrastructure (CPMI), the International Monetary Fund and Union of Arab Banks, the Global Partnership for Financial Inclusion, the Basel Committee, the World Bank Group, and the World Trade Organization.

The FATF will also continue to engage with other international bodies, countries, the private sector and civil society on this important issue. The FATF will also invite the Secretariats of the FSB and the CPMI to its next working group meeting to facilitate coordination and engagement on these important issues.

Analytical work so far undertaken by different bodies, including the FATF, shows that de-risking is being driven by many different factors. This is a serious concern for FATF and the FATF-style regional bodies to the extent that de-risking may drive financial transactions underground which creates financial exclusion and reduces transparency, thereby increasing money laundering and terrorist financing risks.

The drivers of de-risking are complex and include: profitability; reputational risk; lower risk appetites of banks; and regulatory burdens related to the implementation of anti-money laundering and counter-terrorist financing (AML/CFT) requirements, the increasing number of sanctions regimes, and regulatory requirements in financial sector. The FATF is acting quickly to clarify regulatory expectations in four areas that are particularly relevant to de-risking to ensure that AML/CFT measures are being implemented effectively and in line with its risk-based approach. In particular, the FATF is:

• developing guidance to clarify how to properly identify and manage risk in the context of correspondent banking and  remittances. This guidance will address the issues highlighted by the FATF in its June 2015 statement on de-risking.
• developing guidance to help money remitters identify and manage their risks, and to help banks evaluate and manage the risks of providing financial services to money remitters. This guidance will also help governments supervise these activities.
• developing best practices on appropriate customer due diligence to facilitate financial inclusion in a manner that strikes an appropriate balance with AML/CFT objectives, and
• revising the relevant standard to help governments properly identify those non-profit organisations which are most vulnerable to terrorist financing abuse, and address those risks in a proportionate way. This work builds on the FATF Best Practices on Combating the Abuse of Non-Profit Organisations which was issued in June 2015.

The FATF aims to complete its work on these four projects in 2016.

In addition to these significant initiatives, the FATF has just issued Guidance on the Risk-Based Approach for Effective Supervision and Enforcement by AML/CFT Supervisors of the Financial Sector and Law Enforcement. This guidance reiterates the existing expectation that regulators and supervisors should use a risk-based approach when supervising financial institutions’ compliance with AML/CFT measures.

This is not a“zero failure” or “zero tolerance” approach which means that, when failures are detected, the regulator or supervisor should apply actions that are appropriate and proportionate, taking into account the nature of the failure. Regulators and supervisors should also ensure that financial institutions are taking a risk-based approach to implementing AML/CFT measures, without prejudice to rules-based measures such as targeted financial sanctions. Implementation by financial institutions should be aimed at managing (not avoiding) risks. What is not in line with the FATF standards is the wholesale cutting loose of entire countries and classes of customer, without taking into account, seriously and comprehensively, their level of money laundering and terrorist financing risk and applicable risk mitigation measures for those countries and for customers within a particular sector.

November 12, 2015 in Financial Regulation, FinCEN | Permalink | Comments (0)

Several of my blog readers have been following FinCEN's first use (and abuse alleges the FBME bank, defendant of this contentious matter) of the PATRIOT Act's power allowing FinCEN to block a foreign financial institution from the US financial market.  Over the past year, FinCEN has published a couple press releases referring to its action against FMBE, and that its action is justified based on the nefarious behavior of some of FBME's clients.  See FinCEN Cuts FBME Bank from Access to U.S. Financial System

But, there are generally two or more perspectives for any story.  FBME has fought back against FinCEN's determination, and at least convinced a judge that there is more here going on than meet's the eye.  See FBME Bank Obtains Preliminary Injunction Against FinCEN

On Friday, FinCEN agreed to a "do-over" of its determination with FBME, and to disclose 'four' items of the substantial evidence upon which it relied (but not the other evidence).  Of course this heightens the interest in the evidence that FinCEN will not disclose.  

At the core of this case for FBME is whether FinCEN must disclose to FBME all the evidence that it relied upon to make a determination to ban FBME from the US financial system.  Who is to determine if such evidence is protected by national security interests?  FinCEN itself, or the judiciary?  Should a defendant have to defend against non-reviewed evidence?  What if the evidence is hearsay, by example - newspaper accounts?

So, now I am curious if the doctrine of due process has been afforded FBME bank?  And if the rules of evidence have been followed?  

Some respondents will point out that a civil action, such as FinCEN, does not require the heightened protections of the doctrine of due process and the rules of evidence that apply to an individual's criminal investigation.  "The government giveth the license to carry on commerce, and the government taketh away that license."  Though I disagree with that bifurcation from a political philosophy and from a rule of law perspective, the Courts lean in the respondents' favor.

In FBME's situation, this FinCEN determination impacts FBME maintaining a correspondent banking relationship in the US, and also implies to other regulators that they should evaluate FBME's activities in light of FinCEN's determination.  It is the equivalent of a banking death sentence.

Given the public nature of FinCEN's allegations, not sure how FBME can obtain a correspondent U.S. banking relationship in the future.  But BNP pled guilty to funding genocidal regimes and Iran, was given a setence of five year probabtion and nearly $10 billion in fines.  No BNP employees went to prison, or even paid a fine.  And BNP is operating in the US.  (see BNP Paribas Criminally Sentenced for Financing Sudan, Iran and Cuba)  A search of this blog will find numerous like situations of criminal activity at banks, a non-prosecution agreement, and the bank continues on.

Why is FBME being treated differently?  Should it be?  Questions that we cannot provide an opinion upon because we have limited information.

In consideration of the many other banks that have been fined for AML and/or OFAC transgressions, the FBME case stands out because of the severity of the sanction and the lack of background information about FinCEN's action.   

FBME states in its press releases that it has been cooperating with FinCEN over the course of FinCEN's investigation.  However, alleges FBME, FinCEN has not been cooperating with FBME because FinCEN will not present the evidence at the heart of the matter upon which FinCEN bases it allegations against FBME upon.  FBME argues that it cannot defend against "secret" evidence.  FinCEN retorts that the evidence is required to remain secret as a matter of national security.  Sounds reminiscent of a Star Chamber.  I thought we don't like Star Chambers in America?  

If this is national security protected evidence, should at least the FISA tribunal be presented with it and agree?  It's not the correct forum, but better than a single executive branch serving as its own prosecutor, judge, and executioner.  

Latest News About FBME Case

Last Friday November 6, 2015 in response to the FinCEN's request for voluntary remand regarding its Final Rule against FBME, Judge Cooper of the DC District Court had asked FinCEN to submit the basis for withholding unclassified and unprotected documents on which the agency relied during the first rulemaking process. Judge Cooper of the DC District court granted FinCEN's request for voluntary remand in the case. 

Judge Cooper wrote:

Although FinCEN does not directly confess error, it recognizes that the Court has identified serious “procedural concerns” with the Final Rule, Mot. Remand 1, and it agrees that the “record . . . needs to be supplemented,” Defs.’ Reply 2. These concerns include both potential inadequacies in the notice-and-comment process as well as FinCEN’s seeming failure to consider significant, obvious, and viable alternatives to the sanction it imposed. Id. at 4. Moreover, FinCEN does not challenge the preliminary injunction, nor does it wish to continue to defend its previous rulemaking. FinCEN has thus acknowledged substantial and legitimate concerns with the promulgation of its Final Rule.

Judge Cooper has retained jurisdiction and the injunction remains in place to protect FBME. He also made express his assumption that FinCEN will “fulfill its obligations under the Administrative Procedure Act to disclose unclassified information not protected by the Bank Secrecy Act on which it intends to rely.”  And he’s specified a clear timetable whereby the case may return to him around April if FBME remain's aggrieved.  

FinCEN in a filing to the court late Friday has now said it will release four of these documents publicly. 

Quinn Emanuel on behalf of FBME, filed this response to the Court as its rebuttal to FinCEN.  

• The Notice studiously avoids giving a straightforward answer to the Court’s straightforward question whether the Government will disclose specified documents, or else “on what basis it would continue to withhold those materials.
• The Government now says it “anticipates” that four documents 'will likely be made available,' but only to the extent that other unidentified agencies may separately permit their disclosure. Thus, the Government commits to nothing beyond awaiting further word from unnamed agencies.
• In a footnote, the Government discloses for the first time—after the preliminary injunction proceedings concluded, after being pressed by FBME for the administrative record as well as a schedule for briefing summary judgment, after making its case for voluntary remand, and after being asked by the Court about any additional documents—that it has withheld from the Court unclassified “sensitive” (but apparently not privileged) documents that it relied upon in imposing the Final Rule. Even while alluding to these documents and FinCEN’s substantive reliance thereon, the Government commits to withholding them from FBME as well as the Court. Thus, rather than retreat from its withholding or defend its withholding, the Government blazes a third path for itself, by waving a wand to make the materials simply vanish from this case: if FinCEN 'reaches a decision adverse to Plaintiffs, these documents will not be part of the subsequent administrative record.'” 

Court Documents

• Download FBME Declaration with public exhibits
• Download Dkt. No. 47 - FinCEN response to J Cooper's request
• Download FBME Opp. to FinCEN Mot. for Voluntary Remand
• Download FBME Response to DOJ Notice
• Download Judge Cooper's Voluntary Remand Decision

November 10, 2015 in FinCEN | Permalink | Comments (0)

Swiss info reports: The spreading corruption scandal surrounding the Rio de Janeiro- based oil and gas producer has plunged Brazil into recession ....

Swiss prosecutors said in March they had uncovered more than 300 accounts belonging to senior Petrobras executives and its suppliers at over 30 banking institutions apparently used to “process bribery payments.” 

Switzerland Probes Banks to Gauge Exposure in Petrobras Scandal - read SwissInfo's article

November 7, 2015 in FinCEN | Permalink | Comments (0)

The operators of an alleged tech support scam agreed to settle Federal Trade Commission charges that they tricked consumers into paying millions of dollars for technical support services they did not need and software that was otherwise free.

Under the settlement, Pairsys, Inc., and its owners, Tiya Bhattachara and Uttam Saha, are required to turn over multiple real estate properties as well as the contents of numerous bank accounts, and to give up the leases on two luxury cars.

The FTC first filed suit against the alleged scammers last year, charging that they cold-called consumers, pretending to be representatives of Microsoft or Facebook. The FTC’s complaint also alleged that the defendants purchased deceptive online advertisements that led consumers to believe that calls to Pairsys were actually calls to companies’ legitimate technical support numbers.

Whether consumers were cold-called or drawn in by the misleading advertisements, what followed was a deceptive high-pressure sales pitch by operators in an overseas call center. The scammers would then request remote access to consumers’ computers, telling them that otherwise benign portions of their computers were actually signs of dangerous malware or viruses needing “immediate” repair.

The scammers would then pressure consumers into paying for computer security or technical support services, usually at a cost of $149 to $249, though in some cases the defendants charged as much as $600.

In addition to giving up ill-gotten gains, under the settlement the defendants are banned from selling any technical support service to consumers, from participating in any telemarketing generally, from making any misrepresentations to consumers in the sale of a good or service, and from collecting money for any technical support service.

The settlement includes a monetary judgment of $3,095,037.02, which is suspended pending the defendants’ surrender of the contents of numerous bank accounts and a safe deposit box, along with two pieces of real estate in Albany, N.Y. In addition, the defendants are required to terminate the leases on a 2013 Range Rover and a 2014 Maserati Quattroporte.

The Commission vote approving the stipulated order was 5-0. The order was filed in and entered by the U.S. District Court for the Northern District of New York.

NOTE: Stipulated orders have the force of law when approved and signed by the District Court judge.

November 4, 2015 in FinCEN | Permalink | Comments (0)

October 31, 2015 in FinCEN | Permalink | Comments (0)

Since Aug. 1, 2008, Piguet Galland and its predecessor banks held 337 U.S.-related accounts, with aggregate assets under management of $441 million.  Piguet Galland will pay a penalty of $15.365 million.

Piguet Galland evolved through the combination of three small, traditional Swiss private banks focused on wealth management.  In November 2003, Banque Franck SA acquired the client relationships of Banque Galland & Cie SA to become Franck Galland & Cie SA.  Until 2011, Piguet & Cie (Banque Piguet) was a separate entity, majority-owned by Banque Cantonale Vaudoise (BCV).  Between February and April 2011, BCV acquired Franck Galland from its owner, a U.S. financial group (the U.S. financial group), and then merged it with Banque Piguet (the 2011 Acquisition) to form the current entity, Piguet Galland.  BCV owns Piguet Galland.

Piguet Galland and its predecessor banks opened, serviced and profited from accounts for U.S. taxpayers with the knowledge that some of these account holders likely were not complying with their U.S. income tax and reporting obligations.  Piguet Galland and its predecessor banks offered a variety of traditional Swiss banking services that they knew or should have known would assist U.S. taxpayers in concealing assets and income from the Internal Revenue Service (IRS), including hold mail and code name or numbered account services.

One particular relationship manager (RM-1) was responsible for managing many of the U.S.-related accounts at Banque Franck and later Franck Galland.  RM-1 was a member of senior management at both of those banks.  Before Aug. 1, 2008, RM-1 opened several entity and trust accounts for U.S. persons, which remained open past Aug. 1, 2008.  RM-1 was a relationship manager for at least 65 U.S.-related accounts at Piguet Galland after Aug. 1, 2008.

RM-1 traveled regularly to the United States, mostly to attend meetings with both existing and potential U.S. clients.  Among other places, RM-1 traveled to Arizona, California, New Hampshire, New York and Wisconsin to meet both existing and potential clients.  This travel sometimes occurred at the request of the U.S. financial group that owned Franck Galland and often was in connection with trips to visit the U.S. financial group’s management.  RM-1 met with U.S. clients at hotels, clients’ clubs and other public places in the United States.  Management at Franck Galland, including its former chief executive officer, was aware of RM-1’s travel to the United States.  In fact, at least one member of Franck Galland’s Executive Committee knew that RM-1 was a U.S. person at the time he started employment.

Franck Galland permitted two other former relationship managers to travel to the United States to meet with U.S. taxpayer-clients.  On one occasion, one of these relationship managers provided $5,000 in cash from an undeclared account held by a U.S. taxpayer-client directly to that client in the United States.

Franck Galland had a sister entity that was also owned by the U.S. financial group.  This sister entity was a now-dissolved Cayman Island entity (the Cayman Entity).  The Cayman Entity was acquired by Piguet Galland as part of the 2011 Acquisition.  The Cayman Entity was ultimately liquidated in 2013, effective in 2014.  Prior to the 2011 Acquisition, the Cayman Entity:

• Assisted in the opening of undeclared U.S.-related accounts at Franck Galland, sometimes through entities the Cayman Entity helped to create;

• Helped manage structures holding undeclared U.S.-related accounts at Franck Galland;

• Suggested facilitating meetings in the United States between RM-1 and undeclared U.S. taxpayer-clients with Cayman Entity accounts at Franck Galland;

• Facilitated cash withdrawals and transfers out of undeclared U.S.-related accounts at Franck Galland; and

• Served as trustee for two trusts that held U.S.-related accounts from 1995 to June 2011.

The Cayman Entity also held a subsidiary, the only purpose of which was to hold a condominium in George Town, Cayman Islands.  While the condominium was principally for use by the U.S. financial group and its management, it was also used by executives of Franck Galland and at least three of its U.S. taxpayer-clients.  The condominium was sold prior to the 2011 Acquisition.

Banque Piguet, another predecessor to Piguet Galland, allowed some of its relationship managers to communicate with its clients, including U.S. taxpayers, through private email accounts and the email domain “4uonly.ch,” without disclosure of the communication’s origin.

Franck Galland and Banque Piguet opened and maintained undeclared accounts beneficially owned by U.S. taxpayers and held in the name of structures, some of which had cash or credit cards linked to them, while knowing, or having reason to know, that some of these structures were used by U.S. taxpayer-clients to help conceal their identities from the IRS.  Franck Galland and Banque Piguet also:

• Accepted instructions in connection with U.S.-related accounts not to invest in U.S. securities and not to disclose the names of U.S. taxpayer-clients to U.S. tax authorities, including the IRS;

• Opened and maintained accounts for U.S. taxpayer-clients transferring from other Swiss financial institutions that were closing such accounts, while both Franck Galland and Banque Piguet knew, or had reason to know, that a portion of the accounts at the other institutions were or likely were undeclared; and

• Maintained undeclared accounts for U.S. taxpayer-clients who renounced their beneficial ownership of such accounts, or who transferred account funds to non- U.S.- related accounts, while continuing to exercise control or retain entitlement to the funds.

Throughout its participation in the Swiss Bank Program, Piguet Galland committed to providing full cooperation to the U.S. government.  Among other things, Piguet Galland provided a list of the names and functions of individuals who structured, operated or supervised the cross-border business at Franck Galland, Banque Piguet and Piguet Galland.

October 27, 2015 in FinCEN | Permalink | Comments (0)

The FTC recently informed consumers about credit and debt chip card technology designed to reduce fraud, including counterfeiting.  However, many consumers do not have such cards yet.

The FTC is now reporting that scammers are trying to take advantage of the millions of consumers who have not yet received a chip card.  The FTC shared the following: 

Here's what’s happening: Scammers are emailing people, posing as their card issuer. The scammers claim that in order to issue a new chip card, you need to update your account by confirming some personal information or clicking on a link to continue the process.

If you reply to the email with personal information, the scammer can use it to commit identity theft. If you click on the link, you may unknowingly install malware on your device. Malware programs can cause your device to crash, monitor your online activity, send spam, steal personal information and commit fraud.

So how can you tell if the email is from a scammer?

• There's no reason your card issuer needs to contact you by email — or by phone, for that matter — to confirm personal information before sending you a new chip card. Don't respond to an email or phone call that asks you to provide your card number. Period.
• Still not sure if the email is a scam? Contact your card issuers at the phone numbers on your cards.
• Don't trust links in emails. Only provide personal information through a company's website if you typed in the web address yourself and you see signals that the site is secure, like a URL that begins https (the "s" stands for secure).

October 23, 2015 in FinCEN | Permalink | Comments (0)

The Financial Crimes Enforcement Network (FinCEN) announced a settlement with Desert
Palace, Inc. d/b/a Caesars Palace where Caesars agreed to pay an $8 million civil money penalty for its willful and repeated violations of the Bank Secrecy Act. In addition, the casino agreed to conduct periodic external audits and independent testing of its anti-money laundering compliance program, report to FinCEN on mandated improvements, adopt a rigorous training regime, and engage in a “look-back” for suspicious transactions.

 The Financial Crimes Enforcement Network (FinCEN) today announced a settlement with Desert Palace, Inc. d/b/a Caesars Palace where Caesars agreed to pay an $8 million civil money penalty for its willful and repeated violations of the Bank Secrecy Act (BSA).

In addition, the casino agreed to conduct periodic external audits and independent testing of its anti-money laundering (AML) compliance program, report to FinCEN on mandated improvements, adopt a rigorous training regime, and engage in a “look-back” for suspicious transactions. Several failures at Caesars caused systemic and severe AML compliance deficiencies.

The casino allowed a blind spot to exist in its compliance program―private gaming salons―which are reserved for Caesars’ wealthiest clientele who may gamble millions of dollars in a single visit, and which openly allowed patrons to gamble anonymously. Despite the elevated money laundering risks present in these salons, Caesars failed to impose appropriate AML scrutiny, which allowed some of the most lucrative and riskiest financial transactions to go unreported.

Caesars also marketed these salons through branch offices in the U.S. and abroad, particularly in Asia, but failed to adequately monitor transactions, such as large wire transfers, conducted through these offices for suspicious activity. These failures compromised Caesars, and exposed the casino and the U.S. financial system to illicit activity.

“Caesars knew its customers well enough to entice them to cross the world to gamble and to cater to their every need,” said FinCEN Director Jennifer Shasky Calvery. “But, when it came to watching out for illicit activity, it allowed a blind spot in its compliance program. Every business wants to impress its customers, but that cannot come at the risk of introducing illicit money into the U.S. financial system.”

Enforcement Action:  http://www.fincen.gov/news_room/ea/files/CaesarsConsent13Aug2015.pdf

September 16, 2015 in FinCEN | Permalink | Comments (0)

January Conference to Help FTC Keep Pace With New Technologies, Research and Trends in Protecting Consumer Privacy and Security

September 2, 2015 in FinCEN | Permalink | Comments (0)

On July 29, 2015, FinCEN issued a final rule under Section 311 of the USA PATRIOT Act imposing a special measure involving FBME Bank Ltd. (FBME) with an effective date of August 28, 2015.

FBME filed suit on August 7, 2015 in the United States District Court for the District of Columbia; FBME also moved for a preliminary injunction.

On August 27, 2015, the Court granted the preliminary injunction and enjoined the rule from taking effect until a final judgment is entered. The Court further ordered the parties to meet and confer as to an expedited briefing schedule on the merits of FBME’s Complaint and to file a joint proposed briefing schedule, or separate schedules if mutual agreement cannot be reached.

On July 23, 2015 the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN)  issued a final rule, pursuant to Section 311 of the USA PATRIOT Act, which imposes “special  measure five” against FBME Bank Ltd. (FBME), formerly known as the Federal Bank of the Middle East. Special measure five prohibits U.S. financial institutions from opening or maintaining correspondent accounts or payable through accounts for or on behalf of FBME.

What is FBME bank?

FBME was established in 1982 in Cyprus as the Federal Bank of the Middle East, Ltd., a subsidiary of the private Lebanese bank, Federal Bank of Lebanon. Both FBME and the Federal Bank of Lebanon are owned by Ayoub-Farid M. Saab and Fadi M. Saab.

Who regulates FBME bank?

FBME, via its Cypriot branches, are licensed and regulated by the Cyprus Central Bank.  According to a Wall Street Journal report of March 4, 2013, FBME acquired €240 million of Cypriot government junk bonds at the height of the 2011 Cypriot financial crisis, representing 13% of FBME's balance sheet.  In 2012, on the day of Parliament's announcement of the Cyprus financial system bailout WJS noted, FBME coincidently moved its headquarters to Cyprus and applied for a full banking license that would allow it EU wide distribution.

18 months later, in November 2013, the Cyprus Central Bank stated that FBME may be subject to sanctions and a fine of up to €240 million for alleged violations of Cypriot capital controls put in place with the bailout.  

On July 18, the Cyprus Central Bank took control of FMBE's Cypriot branch operations.   FMBE responded that it welcomed this takeover by its regulator that FBME may clear itself from the allegations of facilitating money laundering.   For a detailed look at Cyprus AML controls, see Special Assessment of the Effectiveness of Customer Due Diligence Measures in the Banking Sector in Cyprus of April 24, 2013.

What money laundering activities are FBME accused of facilitating?

FINCEN alleges that in just the year from April 2013 through April 2014, FBME conducted at least $387 million in wire transfers through the U.S. financial system that exhibited indicators of high-risk money laundering typologies, including widespread shell company activity, short-term “surge” wire activity, structuring, and high-risk business customers.  FBME was involved in at least 4,500 suspicious wire transfers through U.S. correspondent accounts that totaled at least $875 million between November 2006 and March 2013.

FINCEN alleges:

• In 2008, an FBME customer received a deposit of hundreds of thousands of dollars from a financier for Lebanese Hezbollah.
• As of 2008, a financial advisor for a major transnational organized crime figure who banked entirely at FBME in Cyprus maintained a relationship with the owners of FBME.
• FBME facilitated transactions for entities that perpetrate fraud and cybercrime against victims from around the world, including in the United States. For example, in 2009, FBME facilitated the transfer of over $100,000 to an FBME account involved in a High Yield Investment Program (“HYIP”) fraud against a U.S. person.
• In September 5 2010, FBME facilitated the unauthorized transfer of over $100,000 to an FBME account from a Michigan-based company that was the victim of a phishing attack.
• Since at least early 2011, the head of an international narcotics trafficking and money laundering network has used shell companies’ accounts at FBME to engage in financial activity.
• Several FBME accounts have been the recipients of the proceeds of cybercriminal activity against U.S. victims. For example, in October 2012, an FBME account holder operating as a shell company was the intended beneficiary of over $600,000 in wire transfers generated from a fraud scheme, the majority of which came from a victim in California.
• FBME facilitates U.S. sanctions evasion through its extensive customer base of shell companies. For example, at least one FBME customer is a front company for a U.S.-sanctioned Syrian entity, the Scientific Studies and Research Center (“SSRC”), which has been designated as a proliferator of weapons of mass destruction

What is FMBE's response to FINCEN's allegations?

FMBE, denying the FINCEN allegations, responded: 

FBME Bank commissioned a detailed assessment by the German office of a leading international accountancy firm into its operations and practices, which found that the Bank’s services are indeed in compliance with applicable AML rules of the Central Bank of Cyprus and the European Union.

FBME Bank welcomes the involvement of its regulator, is cooperating fully with it and reiterates its absolute continued commitment to full compliance with applicable laws and regulations.

FBME Bank continues to comply with European Capital Adequacy and Liquidity Standards and other healthy balance sheet ratios.

If FBME makes available its AML "assessment of the leading international accountancy firm", then I will post a follow up to this unfolding story with a link to that assessment.

What did FINCEN previously announce about FBME?

Director Jennifer Shasky Calvery stated in FINCEN's July 17, 2014 announcement:

“FBME promotes itself on the basis of its weak Anti-Money Laundering (AML) controls in order to attract illicit finance business from the darkest corners of the criminal underworld.” ... “Unfortunately, this business plan has been far too successful. But today’s action, effectively shutting FBME off from the U.S. financial system, is a necessary step to disrupt the bank’s efforts and send the message that the United States will not stand by while financial institutions help those who intend to harm or threaten Americans.”

In its Notice of Finding, FINCEN stated "FBME is used by its customers to facilitate money laundering, terrorist financing, transnational organized crime, fraud, sanctions evasion, and other illicit activity internationally and through the U.S. financial system."

FINCEN Proposed Shutting FBME Out of US Financial System

In its Notice of Proposed Rulemaking, FINCEN stated that it intended to impose the fifth, special measure allowed by Section 311 of the USA PATRIOT Act (“Section 311”).  FINCEN's Director has the authority, upon finding that reasonable grounds exist for concluding that a foreign jurisdiction, institution, class of transaction, or type of account is of “primary money laundering concern,” to require domestic financial institutions and financial agencies to take certain “special measures” to address the primary money laundering concern.

The fifth special measure prohibits covered financial institutions from opening or maintaining correspondent accounts for or on behalf of FBME  Currently, only one U.S. covered financial institution maintains an account for FBME (FBME lists three U.S. correspondent relationships on its website).  FINCEN's fifth measure entails as follows:

Covered financial institutions also would be required to take reasonable steps to apply special due diligence .. to all of their correspondent accounts to help ensure that no such account is being used to provide services to FBME.  For direct correspondent relationships, this would involve a minimal burden in transmitting a one-time notice to certain foreign correspondent account holders concerning the prohibition on processing transactions involving FBME through the U.S. correspondent account.

U.S. financial institutions generally apply some level of screening and, when required, conduct some level of reporting of their transactions and accounts, often through the use of commercially-available software such as that used for compliance with the economic sanctions programs administered by the Office of Foreign Assets Control (“OFAC”) of the Department of the Treasury and to detect potential suspicious activity.  To ensure that U.S. financial institutions are not being used unwittingly to process payments for or on behalf of FBME, directly or indirectly, some additional burden will be incurred by U.S. financial institutions to be vigilant in their suspicious activity monitoring procedures. ...

A covered financial institution may satisfy the notification requirement by transmitting the following notice to its foreign correspondent account holders that it knows or has reason to know provide services to FBME:

Notice: Pursuant to U.S. regulations issued under Section 311 of the USA PATRIOT Act, see 31 CFR 1010.661, we are prohibited from establishing, maintaining, administering, or managing a correspondent account for or on behalf of FBME Bank Ltd. The regulations also require us to notify you that you may not provide FBME Bank Ltd. or any of its subsidiaries with access to the correspondent account you hold at our financial institution. If we become aware that the correspondent account you hold at our financial institution has processed any transactions involving FBME Bank Ltd. or any of its subsidiaries, we will be required to take appropriate steps to prevent such access, including terminating your account.

The special due diligence would also include implementing risk-based procedures designed to identify any use of correspondent accounts to process transactions involving FBME. A covered financial institution would be expected to apply an appropriate screening mechanism to identify a funds transfer order that on its face listed FBME as the financial institution of the originator or beneficiary, or otherwise referenced FBME in a manner detectable under the financial institution’s normal screening mechanisms. An appropriate screening mechanism could be the mechanism used by a covered financial institution to comply with various legal requirements, such as the commercially available software programs used to comply with the economic sanctions programs administered by OFAC.

A covered financial institution would also be required to implement risk-based procedures to identify indirect use of its correspondent accounts, including through methods used to hide the beneficial owner of a transaction. Specifically, FinCEN is concerned that FBME may attempt to disguise its transactions by relying on types of payments and accounts that would not explicitly identify FBME as an involved party. A financial institution may develop a suspicion of such misuse based on other information in its possession, patterns of transactions, or any other method available to it based on its existing systems. Under the proposed rule, a covered financial institution that suspects or has reason to suspect use of a correspondent account to process transactions involving FBME must take all appropriate steps to attempt to verify and prevent such use, ...

FinCEN: http://www.fincen.gov/statutes_regs/patriot/pdf/FBMEFinalRule20150723.pdf

August 31, 2015 in FinCEN | Permalink | Comments (0)

The Financial Crimes Enforcement Network (FinCEN) proposed a rule requiring certain investment advisers to establish anti-money laundering (AML) programs and report suspicious activity to FinCEN pursuant to the Bank Secrecy Act (BSA). FinCEN also proposed to include investment advisers in the general definition of “financial institution,” which, among other things, would require them to file Currency Transaction Reports (CTRs) and keep records relating to the transmittal of funds.

 The Financial Crimes Enforcement Network (FinCEN) proposed a rule requiring certain investment advisers to establish anti-money laundering (AML) programs and report suspicious activity to FinCEN pursuant to the Bank Secrecy Act (BSA). FinCEN also proposed to include investment advisers in the general definition of “financial institution,” which, among other things, would require them to file Currency Transaction Reports (CTRs) and keep records relating to the transmittal of funds. “Investment advisers are on the front lines of a multi-trillion dollar sector of our financial system,” said FinCEN Director Jennifer Shasky Calvery.

“If a client is trying to move or stash dirty money, we need investment advisers to be vigilant in protecting the integrity of their sector.” This proposed rulemaking would address money laundering vulnerabilities in the U.S. financial system. Presently, illicit actors seeking to access the financial system may attempt to gain such access through an investment adviser as a means to avoid detection of their activity which might otherwise occur in dealings with financial institutions that have AML programs and suspicious activity reporting requirements.

Requiring investment advisers to establish AML programs and file reports of suspicious activity would bring them under similar regulations as other financial institutions subject to the BSA, such as mutual funds, broker-dealers in securities, banks, and insurance companies. Requiring investment advisers to file CTRs and comply with the recordkeeping requirements of the BSA may also deter illicit actors from using them as conduits.The proposal would apply to investment advisers that are required to be registered with the U.S. Securities and Exchange Commission (SEC), including advisers to certain hedge funds, private equity funds, and other private funds. FinCEN would delegate its authority to examine investment advisers for compliance with these requirements to the SEC.

News Release: http://www.fincen.gov/news_room/nr/pdf/20150825.pdf

 Proposed Rule: http://www.fincen.gov/statutes_regs/frn/pdf/1506-AB10_FinCEN_IA_NPRM.pdf

August 28, 2015 in FinCEN | Permalink | Comments (0)

The purpose of the IRS interim guidance is to implement procedures to improve the administration of the Service’s FBAR compliance program.

When asserting an FBAR penalty, the burden is on the IRS to show that an FBAR violation occurred and, for willful violations, that the violation was in fact willful. The FBAR penalty provision of Title 31 establishes only maximum penalty amounts, leaving the IRS to determine the appropriate FBAR penalty amount based on the facts and circumstances of each case.

Read the May 13, 2015 IRS FBAR Guidance 

Prof Jack Townsend, on his federal tax crimes blog, discusses the recent Moore v United States (W.D. WA 2015) in which the Court "admonishes the IRS and imposes a cost for misleading the taxpayer" about a FBAR assessment.

August 12, 2015 in FinCEN | Permalink | Comments (0)