The Financial Crimes Enforcement Network (“FinCEN”) has issued a Notice on the Use of Counterfeit U.S. Passport Cards to Perpetrate Identity Theft and Fraud Schemes at Financial Institutions (“Notice”), asking financial institutions (“FIs”) to be vigilant in identifying suspicious activity relating to the use of counterfeit U.S. passport cards.  According to the Notice, the U.S. Department of State’s Diplomatic Security Service (“DSS”) has determined that there is a growing use of such counterfeit cards to gain access to victim accounts at FIs.  “This fraud occurs in person at [FIs] and involves an individual impersonating a victim by using a counterfeit U.S. passport card that contains the victim’s actual information.”

As its title plainly states, the Notice pertains to passport cards, rather than passport books.  Passport cards have more limited uses and can be used only for land, sea and domestic air travel into the U.S. from Canada, Mexico, the Caribbean and Bermuda.  The following graphic from the Department of State illustrates the difference. 

The Notice observes that FIs are less likely to detect fraud involving passport cards because they are a less familiar form of U.S. government-issued identification.  Victims’ personal identifiable information (“PII”) is typically acquired through the darknet or the U.S. mail (see our blog post on the surge in mail-theft check fraud here).  After a fake card is created, the illicit actor or complicit money mule will visit a branch of the victim’s FI – often by trying to avoid any branches that the victim actually may visit, so as to reduce the chances of detection.

Continue Reading FinCEN Issues Notice on Counterfeit Passport Card Fraud

In February 2024, the Federal Deposit Insurance Corporation (FDIC) entered into consent orders (here and here) with two banks who partner with fintechs to offer “banking as a service” (BaaS) related to safety and soundness concerns relating to compliance with the Bank Secrecy Act (BSA), compliance with applicable laws, and third-party oversight. 

BaaS refers to arrangements in which banks integrate their banking products and services into the services of non-bank third-party distributors and the distributors deliver the integrated banking services directly to the customer.  A common example of BaaS is banks’ delivery of lending services through fintech partners’ digital platforms.  BaaS has gained popularity in recent years as the bank partner can generally roll out banking services to customers at a much faster pace and for lower costs than traditional banking products and services.

These two consent orders do not arise in a vacuum.  In June 2023, the FDIC, Federal Reserve Board, and Office of the Comptroller of the Currency released final interagency guidance for their respective supervised banking organizations on managing risks associated with third-party relationships, including relationships with financial technology-focused entities such as bank/fintech sponsorship arrangements.  The guidance explained that supervisory reviews will evaluate risks and the effectiveness of risk management to determine whether activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations.  At that time, we noted that we expected increased regulatory attention to bank/fintech partnership programs like the BaaS relationships addressed here.  Although these FDIC consent orders did not specifically cite to the interagency guidance, the guidance presumably was used to support the third-party oversight criticisms in the supervisory examinations of the two banks.

Continue Reading Recent FDIC Consent Orders Reflect Ongoing Scrutiny of Bank Relationships with Fintechs

The Financial Action Task Force (“FATF”) has re-rated the U.S. as “largely compliant” with FATF’s Recommendation 24, which pertains to transparency related to beneficial ownership of legal persons.  Specifically, FATF released its seventh Enhanced Follow-Up Report (the “Report”) indicating that the improved re-rating was due, in part, to the implementation of the Corporate Transparency Act (“CTA”) as well as the Customer Due Diligence (“CDD”) Rule, which requires covered financial institutions to obtain beneficial ownership information (“BOI”) from designated entity customers opening up accounts.

FATF is an independent, inter-governmental body that develops global policies related to anti-money laundering, terrorist financing, and related crimes. As a member of FATF, the U.S. is subject to evaluations of its technical compliance with the various FATF recommendations. FATF’s lengthy Mutual Evaluation Report for the U.S. (“MER”), issued in December 2016, had identified the U.S. as “deficient” and subject to enhanced follow-up in regards to Recommendation 24.

In a press release, Treasury Secretary Janet Yellen remarked that the re-rating was a result of the past decade of work by the Treasury Department and its interagency partners, and indicated Treasury’s commitment to “strengthening the implementation of the FATF’s global standards.”  As we have blogged, the U.S. has been subject to global criticism for years because it has been perceived as a haven for money laundering and tax evasion.

Continue Reading FATF Re-Rates United States as “Largely Compliant” with Beneficial Ownership Recommendation

We are very pleased to be presenting on both Bank Secrecy Act/Anti-Money Laundering (BSA/AML) compliance and the Corporate Transparency Act (CTA), in partnership with the Practicing Law Institute

First, on April 8 at 1 p.m., Siana Danch will discuss issues involving the CTA during a live one-hour briefing with Sara C. Lenet of Hogan Lovells.  The briefing will dig into the following:

  • The context and stated purpose for the new Beneficial Ownership Information (BOI) reporting requirements;
  • How to determine whether an entity is a “reporting company;”
  • Timing requirements for initial BOI report filings and updated reports;
  • Identifying “beneficial owners;”
  • Identifying “company applicants;”
  • Information to be included in BOI reporting filings and process for filing;
  • Use of Financial Crime Enforcement Network (FinCEN) identifiers;
  • Who has access to BOI information reported to FinCEN;
  • Penalties for non-compliance;
  • Constitutional challenges to the CTA and related litigation considerations;
  • Anticipated revisions to the Customer Due Diligence Rule; and
  • Key takeaways, practical considerations and suggested next steps for affected entities.

Second, through an on-demand presentation now available, Kaley Schafer explains the “basics” of BSA/AML compliance, as well as the Countering Financial Terrorism (CFT) regulatory framework. The presentation discusses disclosure and record-keeping requirements, the “five pillars” of compliance, the roles of the relevant regulatory agencies, and the implications of non-compliance.  The presentation also offers practical tips on implementing the rules on a day-to-day basis.

This presentation is tailored for in-house professionals, lawyers in private practice and government, and paralegals wishing to learn the basics about BSA/AML/CFT compliance.  Because BSA/AML/CFT regulatory framework is growing and enforcement is becoming more common, a basic understanding of this area is useful and important to an expanding pool of professionals.  This presentation serves as a “primer” for those new to BSA/AML/CFT issues, and as a prelude to PLI’s expanded and more advanced 2024 Anti-Money Laundering Conference on May 23, starting at 9 a.m. in New York City (which also will be virtual). 

We hope that you take advantage of these useful and interesting briefings.  We also would like to thank our partners at PLI.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here.

Last week, the United States Attorney’s Office for the Southern District of New York unsealed an indictment against global cryptocurrency exchange KuCoin and two of its founders, Chun Gan and Ke Tang, for allegedly conspiring to operate an unlicensed money transmitting business and conspiring to violate the Bank Secrecy Act (“BSA”) by willfully failing to maintain an adequate anti-money laundering (“AML”) program.  KuCoin also was charged with operating an unlicensed money transmitting business and a substantive violation of the BSA. Further, the Commodity Futures Trading Commission (the “CFTC”) filed a complaint on the same day in the United States District Court for the Southern District of New York alleging that KuCoin violated the Commodity Exchange Act (the “CEA”) and related regulations.

The indictment alleges that KuCoin failed to design and implement procedures to prevent it from being used for money laundering and terrorist financing, failed to maintain reasonable procedures for verifying the identity of customers, and failed to file any Suspicious Activity Reports.  When distilled, the indictment alleges that KuCoin had no real BSA/AML compliance program at all, because it pretended to not have any U.S. customers.  This allegation is familiar theme in similar U.S. enforcement actions, including those against Binance.

The CFTC civil complaint specifically alleges that KuCoin illegally dealt in off-exchange commodity futures transactions; solicited and accepted orders for commodity futures and swaps, and leveraged, margined, or financed retail commodity transactions without registering with the CFTC as a Futures Commission Merchant (“FCM”); failed to diligently supervise its FCM activities; operated a facility for the trading or processing of swaps without registering with the CFTC as a swap execution facility or designated contract market; and failed to implement an effective customer identification program.

Continue Reading KuCoin and Founders Charged with Operating Illegally as Money Transmitter and Futures Commission Merchant

On March 28, 2024, the Financial Crimes Enforcement Network (FinCEN), in consultation with the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Board of Governors of the Federal Reserve System, issued a request for information (RFI).

The RFI seeks information and comment regarding the Customer Identification Program (CIP) Rule requirement that banks collect a full Social Security number (SSN) prior to account opening from a customer who is an individual and a U.S. person (SSN collection requirement). Specifically, in a press release announcing the RFI, FinCEN stated that it intends to use any information gathered “to evaluate the risks, benefits, and safeguards” if banks were allowed to collect partial SSN information from the customer and use a third-party source to obtain the full SSN.

In issuing the RFI, FinCEN recognizes the significant advances in customer identifying information collection and verification tools available to banks and other financial institutions since the adoption of the CIP Rule. FinCEN also recognizes that current technology has identified more customer identifying attributes – including email addresses, geolocation, and internet protocol (IP) address locations – that banks may collect that could be used as part of a bank’s risk-based customer verification procedures.

Even with these advancements, however, FinCEN remains concerned that permitting partial SSN collection could result in increased fraud. By way of example, it notes that failing to obtain full SSNs could result in increased identity theft. And additional risks – including impeding law enforcement investigative efforts in obtaining accurate customer identifying information – may arise if third-party sources obtain inaccurate SSNs.

For these reasons, FinCEN is seeking information and comment in order to determine the potential risks and benefits of more closely aligning data collection components of the CIP Rule to advancements in the modern digital banking environment. To that end, FinCEN includes in the RFI a host of suggested topics for commenters, including:

  • Should banks be permitted to collect part or all of a customer’s SSN and/or other customer identifying information required by the CIP Rule from a third-party source prior to account opening?
  • What would be the risks and benefits of permitting partial SSN collection and what safeguards would need to be in place?
  • What due diligence would a bank conduct before contracting with a third-party source for SSN collection, and what ongoing due diligence and monitoring of the third-party would it conduct?
  • Does the current SSN collection requirement impact a customer’s ability to access financial products and services?
  • What type of changes to the SSN collection requirement would improve the risk-based nature of a financial institution’s AML program?
  • What factors and consideration may be necessary to identify, assess, and mitigate any risks associated with new technologies or innovative approaches to the SSN collection requirement?
  • Do financial institutions use a combination of documentary and non-documentary methods to verify the identity of its customers, or do financial institutions rely solely on one of the two methods?
  • Describe the processes and technologies used by financial institutions when obtaining and verifying partial and/or full customer identifying information as it pertains to various delivery channels (such as telephonic, mobile, and point-of-sale).
  • What are the competitive advantages and disadvantages between banks that are required to collect the full SSN from the customer and those non-banks that collect a partial SSN from the customer and then use a third-party source to obtain the customer’s full SSN?

FinCEN strongly encourages all interested parties to submit written comments as it “explore[s] ways to modernize the U.S. anti-money laundering/countering the financing of terrorism regime.” Comments must be received on or before May 28, 2024.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here

Today we are very pleased to welcome guest blogger Lili Infante, who is the CEO of CAT Labs – a tech company building digital asset recovery and quantum-resistant cryptography tools to fight crypto crime.  Lili previously spent a decade as a DEA Special Agent with the U.S. Department of Justice and pioneered an early federal task force focusing exclusively on crypto and dark web crimes. Lili has led numerous major crypto-related investigations to include the takedown of Hydra – the largest crypto-powered dark web criminal organization and money laundering platform in the world.

We reached out to Lili because her work is fascinating and increasingly important.  Law enforcement agencies, the U.S. Treasury Department and other regulators are focused on vulnerabilities and potential gaps in the United States’ anti-money laundering (“AML”) and countering the financing of terrorism (“CFT”) regulatory, supervisory, and enforcement regimes in regards to the use and misuse of virtual assets and decentralized finance.  Virtual assets can be the vehicle of choice for terrorist financing, fraud schemes, and state-sponsored cyber crime.  Meanwhile, agencies such as the Financial Crimes Enforcement Network (FinCEN) struggle to find proposed regulatory solutions.

This blog post again takes the form of a Q&A session, in which Lili responds to questions posed by Money Laundering Watch about investigating crypto-related illicit activity and recovering digital assets. We hope you enjoy this discussion on this important topic. – Peter Hardy

Continue Reading Fighting Crypto Crime:  A Guest Blog.

It is challenging for law enforcement to track down and trace illicit activities conducted through digital currencies. The process can be very time- and resource-intensive.  Further, securing charges and arrests, and subsequent convictions, often requires the strong support of traditional sources of evidence, such as fact witness testimony and electronic communications.  Nonetheless, blockchain analytics is a key component of the government’s ability to pursue such cases.

On March 12, a jury in the United States District Court for the District of Columbia found Roman Sterlingov guilty on charges of money laundering conspiracy, so-called “sting” money laundering, operating an unlicensed money transmitting business, and violations of the D.C. Money Transmitters Act.  We blogged about the initial criminal complaint issued against Sterlingov here.  Sterlingov allegedly laundered $400 million through Bitcoin Fog, a bitcoin mixing service which can be used to obscure the origins of cryptocurrency transactions. 

Shortly before the trial and guilty verdicts, the Court issued an order addressing the admissibility of expert testimony related to blockchain analysis software under the factors established by the Supreme Court’s decision in Daubert v. Merrell Dow Pharmaceuticals, Inc. to assess the reliability of expert testimony under Federal Rule of Evidence 702.  This blog post focuses on that order.

Specifically, the Court addressed proprietary software used by the private digital asset forensic firm Chainalysis, Chainalysis Reactor (“Reactor”), and whether expert testimony by witnesses propounded by the government – Luke Scholl (“Scholl”) from the FBI, and Elizabeth Bisbee (“Bisbee”) from Chainalysis – could rely upon Reactor under Daubert.  Reactor is a software used to dissect bitcoin transactions, utilizing techniques like co-spend analysis to connect multiple addresses to a single entity. The defense raised significant concerns about the reliability of Reactor.

The Court found the expert testimony admissible under Daubert.  Importantly, the Court also noted that while Reactor was important to the government’s case, it was not the sole basis for the prosecution’s theories. Other evidence, such as materials found in Sterlingov’s possession, online forum posts, IP analyses, and traditional blockchain tracing, also supported the prosecution.

The Court’s decision has potentially significant implications for future cases involving cryptocurrency transactions and digital currency-related crimes. It establishes a precedent regarding the potential admissibility of evidence derived from such software tools and underscores the evolving challenges and complexities of investigating financial crimes in the digital age.

Continue Reading Blockchain Analysis and Related Expert Testimony Admissible In Criminal Trial

With Guest Speaker IRS Criminal Investigation Special Agent Jonathan Schnatz

We are very fortunate to have Special Agent Jonathan Schnatz as our guest speaker in this podcast on international efforts to investigate tax evasion and money laundering, and how they relate to criminal investigations and civil audits of U.S. businesses and individuals.

Special Agent Schnatz is a Senior Analyst with IRS Criminal Investigation (“IRS CI”) where he chairs the Professional Enabler Group as part of the Joint Chiefs of Global Tax Enforcement (J5), an international law enforcement and financial investigation collaborative dedicated to combatting transnational tax crime.  Prior to this position, Jonathan was a Senior Analyst within International Operations, served as the Deputy Attaché at the US Embassy in London, UK, and a Supervisory Special Agent and Special Agent in the Philadelphia Field Office. Prior to his government service, he worked in public accounting and has a dual degree in Accounting and Finance from DeSales University.

In this podcast, we delve into Special Agent Schnatz’s work with the J5, what it does and how it operates, and why it focuses on professional enablers of tax and money laundering violations, such as lawyers.  We then discuss how IRS CI works with its civil counterparts in the IRS in regards to enhancing the examinations of U.S. businesses and individuals for tax compliance.  The podcast further examines why a civil audit of a business or individual might turn into a criminal investigation, and what factors IRS CI special agents look for.

Finally, we briefly discuss the Corporate Transparency Act (“CTA”), and how law enforcement agents may approach the CTA and the beneficial ownership information which will be collected under the CTA as an investigative resource.  The podcast was recorded before a March 1 district court ruling that the CTA is unconstitutional as written; FinCEN has indicated that it will comply with this ruling as to the particular plaintiffs “for as long as [the ruling] remains in effect.”

We previously have blogged on enforcement efforts by the J5, and efforts in general to combat cross-border tax evasion.  And we repeatedly have blogged on the growing focus on professional enablers of tax evasion and money laundering (here and here, just as examples).

We hope you enjoy the podcast.

If you would like to remain updated on these issues, please click here to subscribe to Money Laundering Watch. To learn more about Ballard Spahr’s Anti-Money Laundering Team, please click here.  To learn more about Ballard Spahr’s Tax Controversy Team, please click here.  Please click here to read our article on potential money laundering and client due diligence issues facing attorneys.

Years in the making, on February 13, the Financial Crimes Enforcement Network (“FinCEN”) issued a notice of proposed rulemaking (“NPRM”) to include “investment adviser” (“IA”) within the definition of “financial institution” under the Bank Secrecy Act (“BSA”). FinCEN has posted a fact sheet on the NPRM here.

The NPRM subjects broad categories of IAs to statutory and regulatory anti-money laundering/countering terrorist financing (“AML/CTF”) compliance obligations. FinCEN is accepting comments on the NPRM until April 15, 2024.

Continue Reading FinCEN Seeks to Make Investment Advisers Subject to Bank Secrecy Act