Green Dot violated consumer law in its marketing, selling, and servicing of prepaid debit card products, and its offering of tax return preparation payment services. For example, Green Dot failed to adequately disclose the tax refund processing fee for tax preparation services offered on a third party’s website.

The firm also blocked access to accounts of legitimate customers receiving unemployment benefits and lacked reasonable policies and procedures to help those customers cure those blocks. In addition, Green Dot did not maintain effective consumer compliance risk management and anti-money laundering programs.

In response to the Fed’s announcement, Green Dot CEO George Gresham asserted that the company would strive to correct any and all deficiencies within Green Dot’s compliance program. “We have taken and will continue taking meaningful steps to correct and remediate those issues, including significant updates to our processes, our product packaging and marketing, our management team and our compliance programs,” Gresham said. “We are committed to cooperating and partnering closely with our regulators to ensure all concerns noted in the consent order are addressed and complied with and that our customers are well-served and protected on an ongoing basis.

Fed Orders Green Dot to Improve Compliance and Address Complaints

The Board is requiring the firm to take several steps to improve these programs. Green Dot is now required to hire an independent third-party to strengthen its consumer compliance risk management program and address the root causes of consumer complaints.

The firm also must develop an effective anti-money laundering program and hire an independent third-party to conduct a review of certain transaction activities to determine whether any suspicious activity conducted through the bank was properly identified and reported.

In his response, Gresham concluded by stating that the bank “remains optimistic about our financial and regulatory positions as well as our future growth potential and opportunity as we serve and empower customers directly and through our partners.”  

The post Federal Reserve Fines Green Dot for Consumer Compliance Violations appeared first on Compliance Chief 360.

According to the SEC’s complaint, Silvergate, Lane, and Fraher misled investors in stating that Silvergate had an effective BSA/AML compliance program and conducted ongoing monitoring of its high-risk crypto customers, including FTX, in part to deny public rumors that FTX had used its accounts at Silvergate to enable FTX’s misconduct. In reality, Silvergate’s automated transaction monitoring system failed to monitor more than $1 trillion of transactions by its customers on the bank’s payments platform, the Silvergate Exchange Network.

“At all times, but especially during moments of crises, public companies and their officers must speak truthfully to the investing public. Here, we allege that Silvergate, Lane and Fraher fell not only woefully, but also fraudulently, short in that regard,” said Gurbir Grewal, Director of the SEC’s Division of Enforcement. “Rather than coming clean to investors about serious deficiencies in its compliance programs in the wake of the collapse of FTX, one of Silvergate’s largest banking customers, they doubled down in a way that misled investors about the soundness of the programs. In fact, because of those deficiencies, Silvergate allegedly failed to detect nearly $9 billion in suspicious transfers among FTX and its related entities. Silvergate’s stock eventually cratered, wiping out billions in market value for investors.”

SEC Alleges Silvergate Misrepresented Its Financial Condition

The SEC’s complaint also alleges that Silvergate and Martino misrepresented the company’s bleak financial condition during a liquidity crisis and bank run following FTX’s collapse. The complaint alleges that Silvergate and Martino, in an earnings release and earnings call, understated Silvergate’s losses from expected security sales and misrepresented that it remained well-capitalized as of December 31, 2022. In March 2023, Silvergate announced it would wind down its banking operations, and its stock eventually plummeted to near $0.

The SEC charged Martino with violating certain of the antifraud and books-and-records provisions of the federal securities laws, and with aiding and abetting certain of Silvergate’s violations. The complaint also charges Silvergate, Lane, and Fraher with fraud and charges Silvergate with violating certain reporting, internal accounting controls, and books-and-records provisions.

Without admitting or denying the allegations, Silvergate agreed to a settlement ordering it to pay a $50 million civil penalty and imposing a permanent injunction to settle the charges. Lane and Fraher also settled the charges without admitting or denying the allegations, agreeing to permanent injunctions, five-year officer-and-director bars, and fines of $1 million and $250,000 respectively.

All the settlements require court approval, and Silvergate’s payment may be offset by penalties paid to the Board of Governors of the Federal Reserve System (FRB) and/or the California Department of Financial Protection and Innovation (DFPI). In parallel actions, FRB and DFPI today announced settled charges against Silvergate.  

Jacob Horowitz is a contributing editor at Compliance Chief 360° 

The post Silvergate Settles SEC Charges for Compliance Failures appeared first on Compliance Chief 360.

“Bank Secrecy Act and Anti-Money Laundering laws and regulations are critical national security protections, safeguarding financial markets and consumers from bad actors,” said Superintendent of Financial Services, Adrienne Harris. “Regulated institutions must be held accountable for failing to adhere to New York’s rigorous legal and regulatory standards.”

The Consent Order resolves the Department’s investigation into ICBC’s compliance failures, including multiple deficiencies in the New York branch’s BSA/AML compliance program from 2018 through 2022 including the Bank’s failure to maintain books and records, its failure to submit a report to the Superintendent upon discovering the occurrence of “embezzlement, misapplication, larceny, forgery, fraud, dishonesty, making of false entries and omission of true entries, or other misconduct.”

The investigation also concluded that a former New York branch employee, under the order of a branch employee, backdated several compliance documents and that ICBC failed to report this misconduct to the Department in a timely fashion. Finally, the investigation concluded that ICBC unlawfully disclosed confidential supervisory information to an overseas regulator.

Required ICBC Compliance Improvements

As part of its agreement with the Department, in addition to paying a $30 million penalty to New York State, ICBC will be required to create a written plan, acceptable to the Department, outlining improvements to compliance policies and procedures, corporate governance and management oversight, customer due diligence requirements, and the handling of confidential supervisory information. According to the Consent Order the Bank’s  plan is required to include updates on the following:

• A system of internal controls reasonably designed to ensure compliance with BSA/AML requirements and relevant state laws and regulations;
• Controls reasonably designed to ensure compliance with all requirements relating to correspondent accounts for foreign financial institutions;
• A comprehensive BSA/AML risk assessment that identifies and considers all products and services of the New York Branch, customer types, geographic locations, and transaction volumes, as appropriate, in determining inherent and residual risks;
• Management of the New York Branch’s BSA/AML compliance program by a qualified compliance officer, who is given full autonomy, independence, and responsibility for implementing and maintaining an effective BSA/AML compliance program that is commensurate with the New York Branch’s size and risk profile, and is supported by adequate staffing levels and resources;
• Identification of management information systems used to achieve compliance with BSA/AML requirements and relevant state laws and regulations, and a timeline to review key systems to ensure they are configured to mitigate BSA/AML risks;
• Comprehensive and timely independent testing for the New York Branch’s compliance with applicable BSA/AML requirements and relevant state laws and regulations; and
• Effective training for all appropriate New York Branch personnel and appropriate ICBC personnel that perform BSA/AML compliance-related functions for the New York Branch in all aspects of BSA/AML requirements, relevant state laws and regulations, and relevant internal policies and procedures.  

The post China Bank AML Settlement Comes with Several Compliance Requirements appeared first on Compliance Chief 360.

Rapidly changing elements of digital finance and geopolitical dynamics mean organizations need to continuously adapt and improve sanctions screening programs and AML measures for compliance programs to maintain their effectiveness and integrity. Regulatory enforcement of sanctions violations also appears to be on the rise. Managing sanctions risk has become more complex than ever.

To cope with this pressure and stay compliant, organizations need a strong sanctions screening program—one that achieves a healthy balance between data demands, compliance posture, and operational equilibrium.

Avoiding Data Malnutrition

Access to accurate, high-quality data is essential for a healthy sanctions screening program. Screening effectiveness can be compromised when dealing with incomplete or inaccurate data, resulting in an overwhelming number of alerts and false positives and increasing the risk of overlooking false negatives.

Compliance teams need to screen customers and transactions against a myriad of constantly changing sanctions lists that update often with new sanctions, modified existing ones, and some being removed.

Screening data needs to include both sanctions and customer data, which are the backbone of any healthy screening program. These insightful data sets enable businesses to accurately screen their customers (both existing and new) and transactions against the latest sanctions lists and prevent inadvertent engagement with sanctioned parties.

Additionally, there are a multitude of sanctioning bodies, including sovereign states, regional unions, and international organizations such as the Office of Foreign Assets Control that enforce their own sanctions—and these lists do not always align. Each sanctioning body has its own unique way of organizing and disseminating the data, which can create complexities in integrating and comparing the information.

Navigating through a variety of formats and sizes of sanctions lists, keeping track of frequent updates and ensuring real-time screening requires continuous effort and resources. This means organizations should use extensively researched and up-to-date global risk information that includes the latest Politically Exposed Persons and sanctions lists as well as adverse media and enforcement records from all corners of the world.

Even so, the strength of external data alone is not enough. The quality of customer data is equally important. Streamlining data acquisition processes and enriching customer and third-party data is a must. Organizations should invest time at the very front of their screening processes to cleanse and prepare their data. Conducting an internal data quality assessment will greatly improve process efficiency, saving time in unnecessary remediation.

Today’s high-risk global marketplace also means organizations need to have a clear understanding of their prospective customers and proactively assess the risks they may bring to their business. It’s not only customers, however, who can present sanctions risk. A comprehensive screening program encompasses a list of various entities connected to the organization’s operations including associates, beneficial owners, and the extended supply chain. Regularly reviewing and updating internal and external data is crucial for businesses, as regulatory bodies around the world constantly evolve their rules and restrictions to address geopolitical tensions, financial crimes, and global security concerns.

Strengthening Compliance’s Analytics Capabilities

Access to more accurate, high-quality data is critical for productive screening. While vast amounts of data can deliver deep insights, however, the sheer volume can cause problems for organizations seeking to identify suspicious activity that could constitute compliance risk.

This is where technology automation has a lot to offer. Applying powerful analytics and machine-learning techniques to screening programs helps accurately record, cross-reference, and analyze massive quantities of data and variables. This has distinct benefits when it comes to customer, vendor, and third-party screening as this activity requires the aggregation of disparate data sources including internal systems and external sources.

The world’s rapidly evolving regulatory landscape is increasing demand for organizations to proactively manage risk on a daily and sometimes hourly basis. As challenges continue to grow, it becomes imperative for tools and strategies to evolve accordingly. By harnessing the power of collecting, managing, and analyzing both external and internal data, organizations can gain strategic advantages in risk management. Embracing the latest technologies empowers them to proactively identify, manage, mitigate, and prevent risks effectively.

Organizations can use this increased capability to interrogate their records and identify screening issues earlier so they can move from a reactive to a proactive compliance posture and prevent or neutralize threats before they become a problem. Automating previously manual, time-consuming processes helps to reduce costs, improve compliance efficiency, and free up human resources for tasks that require emotional intelligence.

Boosting Operational Metabolism

One of the greatest challenges organizations face when it comes to sanctions screening is managing frequent alerts and false positives. This is particularly true for legacy systems that rely on fuzzy matching and rules-based screening, as these methods have limitations that make them less effective in handling the complexity of sanctions and countless changes to watchlists.

To address these challenges and reduce the number of false positives, businesses should turn to more advanced technologies such as machine learning and big data analytics. Modernizing legacy technology is a critical first step, ideally followed by a thorough analysis of the quality of the data organizations hold, as data gaps and inaccuracies can compromise screening effectiveness. Finally, organizations should avoid treating all false positives as equal without considering the likelihood of a match and the varying levels of risk. Using entity resolution tools can achieve this.

Deploying entity resolution tools to assess the relevance scores for alerts helps organizations transition from a perspective of quantity to one focused on quality. These tools help consolidate and link records that refer to the same real-world entity, even if the data points have slight variations or discrepancies, enhancing the screening process with improved relevance and matching precision for handling false positives.

Rather than relying on a rules-based method to accept or reject matches, entity resolution employs sophisticated analytics and accurate entity linking to match data points and assess the probability that two database records represent the same real-world individual, company, or entity. This process eliminates irrelevant data, enabling it to effectively identify matches and uncover concealed relationship risks.

This approach provides a quantitative assessment of customer risk, evaluating the strength of the match between a customer account and a watchlist entity. It focuses on identifying matches that merit immediate attention, ensuring a more targeted and efficient risk management process.

As the wellness of sanctions screening and AML programs faces ongoing pressures and emerging threats, innovative, more holistic approaches to screening are necessary. By leveraging the latest technology and engaging a high-quality, dynamic, and global data organization can enhance their match precision and prioritized risk ranking, resulting in a more accurate and effective screening process.

Forward-thinking organizations will gain stronger control over false positives and be able to achieve the much-needed balance between strong compliance posture and operational efficiency.

Grayson Clarke is senior vice president of LexisNexis Risk Solutions.

The post Sanctions Screening and AML Programs: Embracing a More Holistic Approach appeared first on Compliance Chief 360.

How can businesses, including banks and finance companies, balance effective anti-money laundering (AML) efforts, know your customer (KYC) workflows, customer due diligence (CDD), and third-party risk rating workflows with the levels of efficiency that today’s competitive market and contentious geopolitical climate demand?

The answer can be found through automation. Automating critical due diligence activities helps center a financial compliance program at the intersection of efficiency and effectiveness.

Converging Challenges Are Complicating Compliance

Businesses are dealing with a convergence of due diligence challenges stemming from digital acceleration, geopolitical volatility, and renewed regulatory focus. Resource-strained compliance teams also face increased budget scrutiny as the global economic outlook increasingly reflects inflation pressures, supply chain problems, and the impact of Russia’s invasion of Ukraine.

Regulators and enforcement agencies are also increasing activity levels. Enforcement actions from the Financial Crimes Enforcement Network (FinCEN), for example, were edging back up in 2022 and some recent fines are retroactive. FinCEN is showing little tolerance for anti-money laundering programs that do not pair business growth with compliance capabilities.

Zero tolerance equally characterizes today’s digital consumers whose expectations for instant transactions are at an all-time high. Due diligence delays and productivity lags at onboarding can quickly add up to consumer abandonment and lost revenue.

The unprecedented volume, velocity, and scope of sanctions and regulatory actions stemming from Russia’s invasion of Ukraine add another layer of complexity and resource demands to due diligence workflows. It is an understatement to say doing much more with less is turning into a daily compliance struggle for many organizations.

The Marriage of Efficiency and Effectiveness

An efficient due diligence workflow is meaningless if it doesn’t underpin a highly effective, risk-based approach to compliance. However, effective due diligence shouldn’t erode the speed of day-to-day business operations or customer experience. There are many ways automation can help answer the efficient and effective conundrum.

Automation tools and technologies, such as application program interfaces, machine learning, and artificial intelligence, can help accelerate risk assessment and decisions at key points in due diligence workflows. It is important to evaluate the operational advantages a business can achieve with automation within the framework of regulatory requirements and expectations. These include:

• Automating the collection of the documentation needed during onboarding. This reduces workflow delays while also contributing to effectiveness by raising the level of process consistency and providing a way to record and prove the collected documents as needed.
• Automating AML and KYC screening enables a business to prioritize accounts that need further investigation or enhanced due diligence and provides a higher level of traceability to help demonstrate the effectiveness of risk-based policies.

Automation helps businesses segment workflows more effectively. Organizations can redeploy human capital resources to focus on higher value compliance decisions and activities by automating more routine due diligence processes.

Finding Balance on the Risk/Control Continuum

Digital acceleration and today’s rapidly evolving regulatory climate are creating dynamic due diligence risks. Static due diligence approaches, siloed functions, and disparate data limit an organization’s ability to outpace risk. Missed status changes in customer and supplier relationships can be detrimental in today’s real-time economy.

Leveraging automation to support a continuous approach to risk-based due diligence helps better align enterprise resources to support the execution of internal policies around customer risk rating and ongoing monitoring. Automation facilitates the ability to capture a more holistic and end-to-end view of due diligence risk that enables an organization to responsively manage the inherent customer and supplier risks in a controlled framework. The technology fueling automation also underpins improved compliance effectiveness by providing a clear framework to document, demonstrate, and defend compliance policies and risk controls.

Using automation to integrate due diligence intelligence across core enterprise processes delivers time savings and cost efficiencies while contributing to a more responsive compliance program.

Perfecting the efficiency and effectiveness equation can result in a due diligence workflow that respects an organization’s risk appetite and reflects evolving market and regulatory realities. 

Camilla Yellets is director, financial crime compliance, at LexisNexis Risk Solutions.

The post Achieving Compliance Efficiency Through Automation appeared first on Compliance Chief 360.

As CCO, Laura Akahoshi was responsible for overseeing Rabobank’s Bank Secrecy Act and anti-money laundering (BSA/AML) compliance program, supervising the bank’s BSA/AML officer, and advising the board of directors on compliance and regulatory matters, the OCC stated.

Akahoshi also was responsible for “‘ensuring clear communications between the bank and national and international regulatory authorities,’ as well as for ‘providing advice to executive management and the board on matters that could impact how the bank is perceived by its regulator,’” the OCC said.

Withholding Information

In November 2012, the OCC conducted an on-site examination of the bank’s BSA/AML compliance program. According to the OCC’s allegations, Akahoshi “improperly withheld information from OCC examiners” during its on-site examination.

See related article, “Former Chief Compliance Officer Gets Three Years in Prison for Wire Fraud.”

In December 2012, the bank engaged Crowe Horwath to perform a BSA/AML program assessment, in which Crowe uncovered “significant deficiencies in the bank’s BSA/AML compliance program.”

According to the OCC, throughout communications with the OCC, enforcement counsel characterized Akahoshi’s communications as “evasive and misleading,” while Akahoshi characterized her communications as “reflecting an honest effort to summarize information gathered from bank officers—such as CEO Ryan and GC Weiss—who had more direct knowledge of the Crowe engagement.”

Rabobank CCO Case Dismissed

While the events at issue “occurred during a short three-week period in 2013, its considerable and lengthy procedural history… has extended the matter to the present day,” the OCC said. Fast-forward a decade later, in dismissing the $30,000 penalty against Akahoshi, the OCC said, “upon scrutiny,” it became “evident” the administrative law judge in the case did not fully address certain documents and testimony favoring Akahoshi. Thus, she was not fully able to defend herself.

“While the Comptroller does not condone [Akahoshi’s] alleged actions…the delay in this action would likely make it difficult for witnesses to accurately recall the events in question and their attendant states of mind,” the OCC said in its order. “More than 10 years have passed since the events that gave rise to this matter. Accordingly, in an exercise of his plenary discretion over remedies, the Comptroller hereby orders that the action be terminated and the outstanding Notice of Charges and Assessment be dismissed. Because this action is now dismissed, the remaining issues raised in the Parties’ exceptions and any pending motions are moot.”

In February 2018, Rabobank N.A. pleaded guilty and agreed to forfeit $369 million “as a result of allowing illicit funds to be processed through the bank without adequate BSA or AML review.” It was also assessed a $50 million penalty by the OCC for deficiencies in its BSA/AML compliance program. 

Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.

The post Regulator ‘Reluctantly’ Dismisses Action Against Ex-Rabobank CCO appeared first on Compliance Chief 360.

The final rule, which implements the registration and reporting requirements of the Corporate Transparency Act (CTA), will require “tens of millions” of companies doing business in the United States to report information about their beneficial owners to FinCEN.

“Designed to protect U.S. national security and strengthen the integrity and transparency of the U.S. financial system, the rule will help to stop criminal actors, including oligarchs, kleptocrats, drug traffickers, human traffickers, and those who would use anonymous shell companies to hide their illicit proceeds,” FinCEN said.

“For too long, it has been far too easy for criminals, Russian oligarchs, and other bad actors to fund their illicit activity by hiding and moving money through anonymous shell companies and other corporate structures right here in the United States,” said Acting FinCEN Director Himamauli Das. “This final rule is a significant step forward in our efforts to support national security, intelligence, and law enforcement agencies in their work to curb illicit activities.”

Beneficial owner defined
Under the rule, a beneficial owner includes any individual who exercises “substantial control” over the reporting company or owns or controls at least 25 percent of the ownership interests of a reporting company.

An individual exercises “substantial control” if such individual serves as a senior officer (excluding the corporate secretary and treasurer); has authority to appoint or remove any senior officer or a majority of the board; or directs or has substantial influence over “important decisions made by” the reporting company.

Under the rule, five categories of individuals are exempt from the definition of beneficial owner:

• minors;
• nominees, intermediaries, custodians, and agents;
• certain employees who are not senior officers,
• heirs with a future interest in the company; and
• certain creditors.

Reporting companies
The final rule describes two distinct types of reporting companies that must file reports with FinCEN: domestic reporting companies and foreign reporting companies. Domestic reporting companies include any entity that is created by the filing of a document with a secretary of state or similar office in any U.S. state or tribal jurisdiction. A foreign reporting company is any entity created under the law of a foreign jurisdiction that is registered to do business in any U.S. state or tribal jurisdiction.

Exempt companies
The final rule exempts 23 categories of entities from the definition of “reporting companies,” including “money services businesses” and “large operating companies.” The final rule defines “large operating companies” as those that have an operating presence at a physical office within the United States; have more than 20 full-time employees in the United States; and that have more than $5 million in gross receipts or sales from sources inside the United States. Responding to some comments submitted, FinCEN declined to allow companies to consolidate employee headcount across affiliated entities for purposes of meeting the 20 full-time employee threshold.

Additionally, under the final rule, a “subsidiary exemption” exists for entities that are owned entirely by one or more specified exempt entities.

Reports due
Reporting companies created or registered before Jan. 1, 2024, will have until Jan. 1, 2025, to file their initial reports, while reporting companies created or registered after Jan. 1, 2024, will have 30 days after their creation or registration to file their initial reports. “Once the initial report has been filed, both existing and new reporting companies will have to file updates within 30 days of a change in their beneficial ownership information,” FinCEN said.

The final rule clarifies that a person “fails to report” complete or updated beneficial ownership information to FinCEN if the “person either causes the failure or is a senior officer of the entity at the time of the failure.” FinCEN said in the final rule it believes that “the approach of holding individuals in these specific positions of authority responsible for ensuring that the information filed with FinCEN is correct and up-to-date provides additional clarity and certainty and appropriately rests that obligation with those in charge of an entity.” 

Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.

The post FinCEN Issues Final Rule on Beneficial Ownership Reporting Requirement appeared first on Compliance Chief 360.

According to the FCA’s Oct. 12 decision notice, between June 2014 and July 2017, Gatehouse “failed to conduct sufficient checks on its customers in countries with a higher risk of money laundering and terrorist financing” and “failed to undertake the correct checks when some of the customers were classed as Politically Exposed Persons (PEPs).”

The FCA also said in its decision notice that Gatehouse’s compliance function was under-resourced and, “although Gatehouse had adopted a three-lines-of-defense model, this did not operate effectively, meaning that frontline relationship managers did not appropriately screen customers, and an overburdened compliance function was left to remedy deficiencies in the quality of due diligence information collected.”

In one instance, Gatehouse opened an account for a company based in Kuwait to pool the customers of this company’s funds for a prospective real estate investment. However, Gatehouse relied on the Kuwait company to carry out customer due diligence of the investors, “a large number of whom were high risk, high-net worth customers,” according to the FCA notice.

“Gatehouse took inadequate measures to confirm the quality of this company’s AML checks and did not require it to collect information about customers’ source of wealth and source of funds,” the FCA said. Consequently, for two years, Gatehouse accepted $62 million into the account without properly vetting the funds for financial crime risks, according to the FCA notice.

“Gatehouse Bank’s failures exposed itself to the risk that it might be used as part of a laundering process for illegal funds,” said Mark Steward, Executive Director of Enforcement and Market Oversight. “While not deliberate, there can be no excuse for failures as serious as this. The FCA will continue to hold firms to account for poor anti-money laundering systems and controls.”

In deciding the civil penalty, the FCA said it considered Gatehouse’s remedial measures in fixing the deficiencies in its AML controls. “In particular, between June 2014 and August 2016, Gatehouse undertook a compliance review to remediate customer files” and “invested in improving its AML systems and controls, including engaging external consultants to assist it and to advise on the overhaul of its AML systems and controls,” the FCA said in the notice.

Additionally, the FCA noted, “from mid-2016 to mid-2017, Gatehouse established and implemented a new suite of AML and financial crime related policies and procedures which addressed the deficiencies.”

Because Gatehouse cooperated and settled at an early stage of the investigation, it qualified for a 10 percent reduction off the original penalty of £2.26 million ($2.6 million). 

Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.

The post U.K. Financial Conduct Authority Fines Gatehouse $1.8M for AML Lapses appeared first on Compliance Chief 360.

On Sept. 13, the CBI announced that it fined Danske over the bank’s failure “to ensure that its automated transaction monitoring system monitored the transactions of certain categories of customers of its Irish branch for a period of almost nine years, between 2010 and 2019.”

According to the CBI, the “root cause” of this failure was “historic data filters” Danske applied within its groupwide automated transaction monitoring system that led the bank to exclude certain categories of customers from monitoring, “including some customers rated by Danske as high and medium risk,” the CBI stated. These compliance failures constituted violations of Ireland’s Criminal Justice (Money Laundering and Terrorist Financing) Act (CJA).

A May 2015 internal audit report alerted Danske to the inadequacies in its monitoring system and the nature of the risks they posed, and yet Danske failed to notify the bank’s Irish branch or the CBI of this issue and take action until nearly four years later. Between August 2015 and March 2019, an estimated 348,321 transactions (approximately 2.43 percent of all transactions) processed through the Irish branch were not monitored for money laundering and terrorist financing risk, according to the financial regulator.

It was not until October 2018, when the Irish branch identified the issue, that steps were taken to rectify the compliance gaps, according to the CBI. Those remedial measures were completed in March 2019.

“However, the Central Bank was not informed of the issue until February 2019,” said CBI Director of Enforcement and Anti-Money Laundering Seana Cunningham. “The failures to rectify the issue and to notify the Central Bank promptly are aggravating factors in this case.”

The CBI determined the appropriate fine against Danske to be €2.6 million (U.S. $2.6 million) but reduced the fine by 30 percent for Danske’s early cooperation.

Danske Statement
In a statement, Danske said it “acknowledges the seriousness of the issues identified in the CBI’s investigation” and that it “deeply regrets and apologizes” for them.

Danske said it arranged for a third party to carry out a “lookback” review of transactions for the period 2016 to 2019, the outcome of which showed a “very low” financial crime risk for those transactions, “giving rise to only one Suspicious Transaction Report (STR) in relation to Irish branch customers,” the bank stated.

Additionally, Danske said it has allocated “significant resources to ensure successful financial crime prevention, including 3,600 full-time employees dedicated to fighting financial crime.” Danske further noted, between 2018 and the end of this year, it will have spent approximately 12 billion Danish kroner (U.S. $1.61 billion) on maintaining and improving its overall financial crime risk management framework, including AML controls.

Wider Compliance Lessons
“The importance of transaction monitoring in the global fight against money laundering and terrorist financing cannot be overstated,” Cunningham said. “It is imperative that firms implement robust transaction monitoring controls that are appropriate to the money laundering risks present and the size, activities, and complexity of their business.”

“These controls must be applied to all customers, irrespective of their risk rating, as they enable firms to detect unusual transactions or patterns of transactions and where required apply enhanced customer due diligence to determine whether the transactions are suspicious,” he added.

Cunningham continued, “The Central Bank recognizes that, while firms may rely on automated solutions for transaction monitoring, they must ensure that systems employed for this purpose are appropriately monitored and calibrated correctly to take account of the actual money laundering or terrorist financing risk to which the firm is exposed.”

He concluded by stating that CBI “expects firms to bring failures to its attention at the earliest opportunity and to act expediently to address identified errors” and further warned that AML/CFT compliance “will remain a key priority for the Central Bank,” and that the financial regulator will not hesitate to pursue enforcement actions and impose sanctions where firms fail in their AML/CFT compliance obligations. 

Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.

The post Danske Bank Fined $1.82M For Transaction Monitoring Failures appeared first on Compliance Chief 360.

Among the $7 billion in laundered money, over $455 million was stolen by the Lazarus Group, a Democratic People’s Republic of Korea (DPRK) state-sponsored hacking group sanctioned by the United States in 2019 in the largest known virtual currency heist to date (worth almost $620 million).

As a virtual currency mixer, Tornado Cash “operates on the Ethereum blockchain and indiscriminately facilitates anonymous transactions by obfuscating their origin, destination, and counterparties, with no attempt to determine their origin,” OFAC stated in its press release. “Tornado receives a variety of transactions and mixes them together before transmitting them to their individual recipients.”

“Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian Nelson. “Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them.”

Tornado Cash has been added to OFAC’s Specially Designated Nationals (SDN) and Blocked Persons List, meaning all property and interests in property associated with Tornado Cash in the United States or in the possession or control of U.S. persons is blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.

“All transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons are prohibited unless authorized by a general or specific license issued by OFAC, or exempt,” OFAC stated.

Broader Industry Threat
“While most virtual currency activity is licit, it can be used for illicit activity, including sanctions evasion through mixers, peer-to-peer exchangers, darknet markets, and exchanges,” OFAC stated. “This includes the facilitation of heists, ransomware schemes, fraud, and other cybercrimes.”

According to the Treasury Department’s “2022 National Money Laundering Risk Assessment” report, criminals have increased their use of anonymity-enhancing technologies, including mixers, to help hide the movement or origin of funds.

OFAC’s action against Tornado Cash was taken pursuant to Executive Order 13694, as amended. The action follows OFAC’s first-ever sanctions, announced May 6, against a virtual currency mixer, Blender.io (Blender). In that case, Blender was used by the DPRK “to support its malicious cyber activities and money-laundering of stolen virtual currency,” including the processing of $20.5 million in illicit proceeds stolen by the Lazarus Group, according to OFAC.

OFAC’s enforcement activity targeting virtual currency mixers is being conducted in concert with other local and foreign enforcement agencies. For example, the Financial Crimes Enforcement Network (FinCEN) in October 2020 assessed a $60 million civil money penalty against the owner and operator of virtual currency mixer Helix for BSA violations—FinCEN’s first ever enforcement action against a bitcoin mixer.

Sanctions Compliance Takeaways
From a sanctions compliance standpoint, compliance officers in the virtual-currency industry play a critical role in complying with Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) and sanctions obligations to prevent sanctioned persons and other illicit actors from exploiting virtual currency to undermine U.S foreign policy and national security interests.

“As part of that effort, the industry should take a risk-based approach to assess the risk associated with different virtual currency services, implement measures to mitigate risks, and address the challenges anonymizing features can present to compliance with AML/CFT obligations,” OFAC stated.

As the Tornado Cash action and others like it demonstrates, OFAC stated, “mixers should, in general, be considered a high risk by virtual currency firms, which should only process transactions if they have appropriate controls in place to prevent mixers from being used to launder illicit proceeds.” 

Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.

The post OFAC Sanctions Tornado Cash For Money Laundering appeared first on Compliance Chief 360.