Green Dot violated consumer law in its marketing, selling, and servicing of prepaid debit card products, and its offering of tax return preparation payment services. For example, Green Dot failed to adequately disclose the tax refund processing fee for tax preparation services offered on a third party’s website.

The firm also blocked access to accounts of legitimate customers receiving unemployment benefits and lacked reasonable policies and procedures to help those customers cure those blocks. In addition, Green Dot did not maintain effective consumer compliance risk management and anti-money laundering programs.

In response to the Fed’s announcement, Green Dot CEO George Gresham asserted that the company would strive to correct any and all deficiencies within Green Dot’s compliance program. “We have taken and will continue taking meaningful steps to correct and remediate those issues, including significant updates to our processes, our product packaging and marketing, our management team and our compliance programs,” Gresham said. “We are committed to cooperating and partnering closely with our regulators to ensure all concerns noted in the consent order are addressed and complied with and that our customers are well-served and protected on an ongoing basis.

Fed Orders Green Dot to Improve Compliance and Address Complaints

The Board is requiring the firm to take several steps to improve these programs. Green Dot is now required to hire an independent third-party to strengthen its consumer compliance risk management program and address the root causes of consumer complaints.

The firm also must develop an effective anti-money laundering program and hire an independent third-party to conduct a review of certain transaction activities to determine whether any suspicious activity conducted through the bank was properly identified and reported.

In his response, Gresham concluded by stating that the bank “remains optimistic about our financial and regulatory positions as well as our future growth potential and opportunity as we serve and empower customers directly and through our partners.”  

The post Federal Reserve Fines Green Dot for Consumer Compliance Violations appeared first on Compliance Chief 360.

According to the SEC’s complaint, Silvergate, Lane, and Fraher misled investors in stating that Silvergate had an effective BSA/AML compliance program and conducted ongoing monitoring of its high-risk crypto customers, including FTX, in part to deny public rumors that FTX had used its accounts at Silvergate to enable FTX’s misconduct. In reality, Silvergate’s automated transaction monitoring system failed to monitor more than $1 trillion of transactions by its customers on the bank’s payments platform, the Silvergate Exchange Network.

“At all times, but especially during moments of crises, public companies and their officers must speak truthfully to the investing public. Here, we allege that Silvergate, Lane and Fraher fell not only woefully, but also fraudulently, short in that regard,” said Gurbir Grewal, Director of the SEC’s Division of Enforcement. “Rather than coming clean to investors about serious deficiencies in its compliance programs in the wake of the collapse of FTX, one of Silvergate’s largest banking customers, they doubled down in a way that misled investors about the soundness of the programs. In fact, because of those deficiencies, Silvergate allegedly failed to detect nearly $9 billion in suspicious transfers among FTX and its related entities. Silvergate’s stock eventually cratered, wiping out billions in market value for investors.”

SEC Alleges Silvergate Misrepresented Its Financial Condition

The SEC’s complaint also alleges that Silvergate and Martino misrepresented the company’s bleak financial condition during a liquidity crisis and bank run following FTX’s collapse. The complaint alleges that Silvergate and Martino, in an earnings release and earnings call, understated Silvergate’s losses from expected security sales and misrepresented that it remained well-capitalized as of December 31, 2022. In March 2023, Silvergate announced it would wind down its banking operations, and its stock eventually plummeted to near $0.

The SEC charged Martino with violating certain of the antifraud and books-and-records provisions of the federal securities laws, and with aiding and abetting certain of Silvergate’s violations. The complaint also charges Silvergate, Lane, and Fraher with fraud and charges Silvergate with violating certain reporting, internal accounting controls, and books-and-records provisions.

Without admitting or denying the allegations, Silvergate agreed to a settlement ordering it to pay a $50 million civil penalty and imposing a permanent injunction to settle the charges. Lane and Fraher also settled the charges without admitting or denying the allegations, agreeing to permanent injunctions, five-year officer-and-director bars, and fines of $1 million and $250,000 respectively.

All the settlements require court approval, and Silvergate’s payment may be offset by penalties paid to the Board of Governors of the Federal Reserve System (FRB) and/or the California Department of Financial Protection and Innovation (DFPI). In parallel actions, FRB and DFPI today announced settled charges against Silvergate.  

Jacob Horowitz is a contributing editor at Compliance Chief 360° 

The post Silvergate Settles SEC Charges for Compliance Failures appeared first on Compliance Chief 360.

Since implementing the Anti-Money Laundering Act of 2020, FinCEN’s highest priority has been achieving successful implementation of the beneficial ownership reporting requirements. These requirements obligate a company to disclose all individuals who formed the company. This includes any individuals who have a lot of say or control over the company through another unaffiliated company.

Companies are required to disclose the name, date of birth, and home address of every beneficial owner, along with submitting identification like a passport or driver’s license. However, FinCEN exempts certain “large” companies from the BOI reporting obligations, defining them as those with over 20 full-time employees in the U.S. and minimum gross receipts or sales of $5 million, among other criteria.

The purpose of this requirement is to filter out shell companies that are used primarily for money-laundering. These shell corporations usually consist of smaller companies with a lesser amount of financial resources. As a result of the fact that these companies are not usually current with recent regulations, these reporting requirements have received a significant amount of criticism from Congress. During the congressional hearing, Financial Services Chairman Patrick McHenry  referenced a survey conducted by the National Federation of Independent Business, revealing that 90% of small businesses are unaware of their newly imposed reporting obligations.

Andre Gacki, the head of FinCEN, addressed these criticisms in the recent congressional hearing. “I want to clearly state that FinCEN has no interest in hitting small businesses with excessive fines or penalties. The CTA penalizes willful violations of the law, and we are not seeking to take “gotcha” enforcement actions,” Gacki said. “Looking ahead, we will continue our efforts to promote compliance with the reporting requirements and ensure broad awareness of the safe, secure, and easy-to-use filing system.”

FinCEN’s Outreach Efforts

FinCEN has dedicated much time and effort into actively engaging in outreach to smaller companies in order to notify them of the BIO reporting requirements. “We have held outreach events with a wide range of small business advocacy associations, corporate service providers, third party trade associations, industry trade associations, and good governance organizations,” Gacki said her congressional hearing statement. “We have also opened channels to directly engage with small businesses and other users actively filing reports.”

FinCEN’s website also includes a direct link to their Contact Center, so users can submit their questions about filing or let the agency know of any issues they encounter with submitting their report. It is also using a ChatBot to provide businesses with an interactive tool to quickly answer any questions they may have.

Although small companies are inherently not aware of the current BOI reporting requirements, FinCEN is trying its best to notify each and every company of such rules in order to truly filter out those that have only been formed for the purpose of money-laundering and other financial crimes.

As the head of FinCEN said to the House of Representatives in the recent congressional hearing, “We know that the vast majority of the small businesses that will be impacted by this reporting requirement are law-abiding businesses that want to do the right thing, and we also know that many of them may not be familiar with FinCEN… This is why outreach has been and will continue to be a primary focus of our efforts.”

FinCEN now requires companies to complete their BOI requirements by January 1, 2025. For those who violate the requirements, they will face “civil fines of up to $500 per day that the violation continues, criminal fines of up to $10,000, and up to two years of imprisonment “according to FinCEN.  

Jacob Horowitz is a contributing editor at Compliance Chief 360°

The post FinCEN Addresses Beneficial Ownership Reporting For Small Businesses appeared first on Compliance Chief 360.

“Bank Secrecy Act and Anti-Money Laundering laws and regulations are critical national security protections, safeguarding financial markets and consumers from bad actors,” said Superintendent of Financial Services, Adrienne Harris. “Regulated institutions must be held accountable for failing to adhere to New York’s rigorous legal and regulatory standards.”

The Consent Order resolves the Department’s investigation into ICBC’s compliance failures, including multiple deficiencies in the New York branch’s BSA/AML compliance program from 2018 through 2022 including the Bank’s failure to maintain books and records, its failure to submit a report to the Superintendent upon discovering the occurrence of “embezzlement, misapplication, larceny, forgery, fraud, dishonesty, making of false entries and omission of true entries, or other misconduct.”

The investigation also concluded that a former New York branch employee, under the order of a branch employee, backdated several compliance documents and that ICBC failed to report this misconduct to the Department in a timely fashion. Finally, the investigation concluded that ICBC unlawfully disclosed confidential supervisory information to an overseas regulator.

Required ICBC Compliance Improvements

As part of its agreement with the Department, in addition to paying a $30 million penalty to New York State, ICBC will be required to create a written plan, acceptable to the Department, outlining improvements to compliance policies and procedures, corporate governance and management oversight, customer due diligence requirements, and the handling of confidential supervisory information. According to the Consent Order the Bank’s  plan is required to include updates on the following:

• A system of internal controls reasonably designed to ensure compliance with BSA/AML requirements and relevant state laws and regulations;
• Controls reasonably designed to ensure compliance with all requirements relating to correspondent accounts for foreign financial institutions;
• A comprehensive BSA/AML risk assessment that identifies and considers all products and services of the New York Branch, customer types, geographic locations, and transaction volumes, as appropriate, in determining inherent and residual risks;
• Management of the New York Branch’s BSA/AML compliance program by a qualified compliance officer, who is given full autonomy, independence, and responsibility for implementing and maintaining an effective BSA/AML compliance program that is commensurate with the New York Branch’s size and risk profile, and is supported by adequate staffing levels and resources;
• Identification of management information systems used to achieve compliance with BSA/AML requirements and relevant state laws and regulations, and a timeline to review key systems to ensure they are configured to mitigate BSA/AML risks;
• Comprehensive and timely independent testing for the New York Branch’s compliance with applicable BSA/AML requirements and relevant state laws and regulations; and
• Effective training for all appropriate New York Branch personnel and appropriate ICBC personnel that perform BSA/AML compliance-related functions for the New York Branch in all aspects of BSA/AML requirements, relevant state laws and regulations, and relevant internal policies and procedures.  

The post China Bank AML Settlement Comes with Several Compliance Requirements appeared first on Compliance Chief 360.

Binance’s founder and chief executive officer (CEO), Changpeng Zhao, a Canadian national, also pleaded guilty to failing to maintain an effective anti-money laundering (AML) program, in violation of the BSA and has resigned as CEO of Binance. According to a statement by the Department of Justice, it is the largest corporate resolution to include criminal charges for an executive.

Binance’s guilty plea is part of coordinated resolutions with the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) and Office of Foreign Assets Control (OFAC) and the U.S. Commodity Futures Trading Commission (CFTC).

“Binance became the world’s largest cryptocurrency exchange in part because of the crimes it committed. Now it is paying one of the largest corporate penalties in U.S. history,” said Attorney General Merrick Garland. “In just the past month, the Justice Department has successfully prosecuted the CEOs of two of the world’s largest cryptocurrency exchanges in two separate criminal cases. The message here should be clear: using new technology to break the law does not make you a disruptor, it makes you a criminal.” Garland is referring to the conviction of Sam Bankman-Fried, founder of crypto exchange FTX. A jury found Bankman-Fried guilty of 7 counts of fraud in early November.

“Binance turned a blind eye to its legal obligations in the pursuit of profit. Its willful failures allowed money to flow to terrorists, cybercriminals, and child abusers through its platform,” said Secretary of the Treasury Janet L. Yellen. “Today’s historic penalties and monitorship to ensure compliance with U.S. law and regulations mark a milestone for the virtual currency industry. Any institution, wherever located, that wants to reap the benefits of the U.S. financial system must also play by the rules that keep us all safe from terrorists, foreign adversaries, and crime or face the consequences.”

“From the beginning of its existence, Binance and founder Changpeng Zhao chose growth and personal wealth over following financial regulations aimed at stopping the laundering of criminal cash,” said Acting U.S. Attorney Tessa M. Gorman for the Western District of Washington. “Because Changpeng Zhao knowingly operated a financial platform without basic anti-money laundering safeguards, the company caused illegal transactions between U.S. users and users in sanctioned jurisdictions such as Iran, Cuba, Syria, and Russian-occupied regions of Ukraine – transactions for which Binance profited with significant fees.”

Lack of Controls

According to court documents, Binance admitted to prioritizing growth and profits over compliance with U.S. law. Binance launched in 2017 and focused on attracting high-volume customers, including U.S.-based customers. Binance quickly became the largest cryptocurrency exchange in the world, with the greatest share of its customers coming from the United States. As a result of serving U.S. customers, Binance was required to register with FinCEN as a money services business and to implement an effective AML program that was reasonably designed to prevent Binance from being used to facilitate money laundering. Binance chose not to comply with U.S. law and failed to implement controls and procedures to prevent money laundering. Binance also did not implement controls that would have prevented U.S. customers from conducting transactions with customers in sanctioned jurisdictions, despite knowing that the system it used to match customers for transactions would necessarily cause transactions in violation of IEEPA.

Instead of complying with U.S. law, in 2019, Binance announced that it would block U.S. customers and launched a separate U.S. exchange, Binance.US. Despite this announcement, Binance took steps to maintain a substantial number of U.S. customers. In particular, Binance focused on retaining valuable “VIP” customers, which were responsible for a large portion of Binance’s trading volume and revenue. These VIP customers were critical to Binance’s business because they helped provide the necessary liquidity to facilitate trades of digital assets. For example, Binance executives, including Zhao, made a plan to contact VIP customers and help the VIP register a new account for an offshore entity and transfer holdings to that account. Binance employees also called U.S. VIPs to encourage them to provide information that suggested the customer was not located in the United States.

No Effective AML Program

Binance also did not implement the core components of an effective AML program: Binance did not implement comprehensive know-your-customer (KYC) protocols or systematically monitor transactions, and Binance never filed a suspicious activity report (SAR) with FinCEN. For years, Binance allowed users to open accounts and trade without submitting any identifying information beyond an email address. Binance began requiring all users to provide KYC information in August 2021 but allowed users who had not provided KYC to continue trading on the exchange until May 2022. Between August 2017 and October 2022, U.S. users, including VIPs, conducted trillions of dollars in transactions on the platform, generating over $1.6 billion in profit for Binance.

As Binance’s internal communications showed, Binance’s compliance employees recognized that Binance did not have protocols to flag or report transactions for money laundering risks, which employees recognized would attract criminals to the exchange. As one compliance employee wrote, “we need a banner ‘is washing drug money too hard these days – come to binance we got cake for you.’” Due in part to Binance’s failure to implement an effective AML program, illicit actors used Binance’s exchange in various ways, including conducting transactions for mixing services that obfuscated the source and ownership of cryptocurrency; transferring illicit proceeds from ransomware variants; and moving proceeds of darknet market transactions, exchange hacks, and various internet-related scams.

Violation of Sanctions Laws

Binance also knew that U.S. sanctions laws prohibited U.S. persons – including its U.S. customers – from trading with its customers subject to U.S. sanctions, including customers in comprehensively sanctioned jurisdictions, such as Iran. Binance knew that it had a significant number of users from comprehensively sanctioned jurisdictions and a substantial number of U.S. users and that its matching engine would necessarily cause U.S. users to transact with users in sanctioned jurisdictions in violation of U.S. law. Nonetheless, Binance did not implement controls that would prevent U.S. users from trading with users in Iran; and, because of this intentional failure, between January 2018 and May 2022, Binance willfully caused over $898 million in trades between U.S. users and users ordinarily resident in Iran.

Details of the Plea Agreement

As part of the plea agreement, Binance has agreed to forfeit $2,510,650,588 and to pay a criminal fine of $1,805,475,575 for a total financial penalty of $4,316,126,163. Binance has also agreed to retain an independent compliance monitor for three years and remediate and enhance their anti-money laundering and sanctions compliance programs. Binance separately has also reached agreements with the CFTC, FinCEN, and OFAC, and the Department will credit approximately $1.8 billion toward those resolutions.

The Department reached its resolution with Binance based on a number of factors, including the nature, seriousness, and pervasiveness of the offense, as a result of which Binance processed billions of dollars of cryptocurrency transactions for U.S. persons and caused U.S. customers to engage in transactions in violation of U.S. sanctions. Binance did not make a timely and voluntary disclosure of wrongdoing, but it received partial credit for its cooperation with the Department’s investigation, and it has taken steps to remediate its compliance program. Binance did not receive full credit for its cooperation because it delayed producing relevant evidence, including recorded meetings in which Binance executives discussed U.S. legal requirements. Accordingly, the total criminal penalty reflects a 20% reduction off the bottom of the applicable U.S. sentencing guidelines fine range.

In addition, according to court documents, Zhao, Binance’s founder, owner, and CEO, admitted that he understood that Binance served U.S. users and was thus required to register with FinCEN and implement an effective AML program. Zhao knew that U.S. users were essential to Binance’s growth and were a significant source of revenue and knew that an effective AML program would include KYC protocols that would mean that some customers would choose not to use Binance. Zhao told employees it was “better to ask for forgiveness than permission,” and prioritized Binance’s growth over compliance with U.S. law. Without an effective AML program, Binance caused transactions between U.S. users and users in jurisdictions subject to U.S. sanctions. These illegal transactions were a clear and foreseeable result of Zhao’s decision to prioritize Binance’s profit and growth over compliance with the BSA.  

The post Crypto Exchange, CEO Plead Guilty to AML Violations; Will Pay $4.3 Billion appeared first on Compliance Chief 360.

“The discussions with U.S. and Danish authorities related to the Estonia matter are now at a stage where Danske Bank can reliably estimate the total financial impact of a potential coordinated resolution amounting to a total of DKK 15.5 billion,” said Danske Bank Chief Executive Officer Carsten Egeriis. In addition to booking a provision of DKK 1.5 billion in 2018, Danske Bank booked an additional provision of DKK 14 billion (US $1.9 billion) in the third quarter of 2022.

While the bank did not rehash details of its alleged criminal conduct in its Oct. 27 interim financial report for the first nine months of 2022, it is widely known to have engaged in one of the largest money laundering scandals in the world. It ranks third, after Wachovia Bank’s $390 billion money-laundering scandal and Standard Chartered’s $265 billion money-laundering scandal.

In Danske Bank’s case, the criminal activity occurred from February 2007 through January 2016, in which the bank allowed 200 billion euros (US$228 billion) of illicit funds to be laundered from several countries, including Russia, Azerbaijan, and Moldova, and Russia.

For several years, the bank at the group level believed it had robust AML procedures in place, until receiving a whistleblower report from the Estonia branch in 2013 and audit letters from group internal audit in 2014 concerning “insufficient and inadequate” processes in all three lines of defense, including compliance and internal audit.

These findings and more were revealed in a damning report published in 2018 by law firm Bruun & Hjejle, which had been commissioned by the bank to look into the allegations. That report described in detail the bank’s “major deficiencies in controls and governance that made it possible to use Danske Bank’s branch in Estonia for criminal activities such as money laundering.”

Among the findings described in the report, the whistleblower’s allegations were never properly investigated; there was insufficient knowledge of customers, their beneficial owners and controlling interests, and of sources of funds; screening of customers and payments had mainly been done manually and had been insufficient; and there had been lack of response to suspicious customers and transactions.”

As for the current state of the investigation, “Our dialogue with the authorities is ongoing,” said Egeriis, “and while there is still uncertainty that a resolution will be reached, we hope that a resolution will be concluded before the end of this year.” 

Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.

PHOTO BY RICHARD LAWRENCE, USED UNDER CC BY-SA 4.0.

The post Danske Bank Books $2.1B in Potential Estonia Money Laundering Settlement appeared first on Compliance Chief 360.

On Sept. 13, the CBI announced that it fined Danske over the bank’s failure “to ensure that its automated transaction monitoring system monitored the transactions of certain categories of customers of its Irish branch for a period of almost nine years, between 2010 and 2019.”

According to the CBI, the “root cause” of this failure was “historic data filters” Danske applied within its groupwide automated transaction monitoring system that led the bank to exclude certain categories of customers from monitoring, “including some customers rated by Danske as high and medium risk,” the CBI stated. These compliance failures constituted violations of Ireland’s Criminal Justice (Money Laundering and Terrorist Financing) Act (CJA).

A May 2015 internal audit report alerted Danske to the inadequacies in its monitoring system and the nature of the risks they posed, and yet Danske failed to notify the bank’s Irish branch or the CBI of this issue and take action until nearly four years later. Between August 2015 and March 2019, an estimated 348,321 transactions (approximately 2.43 percent of all transactions) processed through the Irish branch were not monitored for money laundering and terrorist financing risk, according to the financial regulator.

It was not until October 2018, when the Irish branch identified the issue, that steps were taken to rectify the compliance gaps, according to the CBI. Those remedial measures were completed in March 2019.

“However, the Central Bank was not informed of the issue until February 2019,” said CBI Director of Enforcement and Anti-Money Laundering Seana Cunningham. “The failures to rectify the issue and to notify the Central Bank promptly are aggravating factors in this case.”

The CBI determined the appropriate fine against Danske to be €2.6 million (U.S. $2.6 million) but reduced the fine by 30 percent for Danske’s early cooperation.

Danske Statement
In a statement, Danske said it “acknowledges the seriousness of the issues identified in the CBI’s investigation” and that it “deeply regrets and apologizes” for them.

Danske said it arranged for a third party to carry out a “lookback” review of transactions for the period 2016 to 2019, the outcome of which showed a “very low” financial crime risk for those transactions, “giving rise to only one Suspicious Transaction Report (STR) in relation to Irish branch customers,” the bank stated.

Additionally, Danske said it has allocated “significant resources to ensure successful financial crime prevention, including 3,600 full-time employees dedicated to fighting financial crime.” Danske further noted, between 2018 and the end of this year, it will have spent approximately 12 billion Danish kroner (U.S. $1.61 billion) on maintaining and improving its overall financial crime risk management framework, including AML controls.

Wider Compliance Lessons
“The importance of transaction monitoring in the global fight against money laundering and terrorist financing cannot be overstated,” Cunningham said. “It is imperative that firms implement robust transaction monitoring controls that are appropriate to the money laundering risks present and the size, activities, and complexity of their business.”

“These controls must be applied to all customers, irrespective of their risk rating, as they enable firms to detect unusual transactions or patterns of transactions and where required apply enhanced customer due diligence to determine whether the transactions are suspicious,” he added.

Cunningham continued, “The Central Bank recognizes that, while firms may rely on automated solutions for transaction monitoring, they must ensure that systems employed for this purpose are appropriately monitored and calibrated correctly to take account of the actual money laundering or terrorist financing risk to which the firm is exposed.”

He concluded by stating that CBI “expects firms to bring failures to its attention at the earliest opportunity and to act expediently to address identified errors” and further warned that AML/CFT compliance “will remain a key priority for the Central Bank,” and that the financial regulator will not hesitate to pursue enforcement actions and impose sanctions where firms fail in their AML/CFT compliance obligations. 

Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.

The post Danske Bank Fined $1.82M For Transaction Monitoring Failures appeared first on Compliance Chief 360.

Among the $7 billion in laundered money, over $455 million was stolen by the Lazarus Group, a Democratic People’s Republic of Korea (DPRK) state-sponsored hacking group sanctioned by the United States in 2019 in the largest known virtual currency heist to date (worth almost $620 million).

As a virtual currency mixer, Tornado Cash “operates on the Ethereum blockchain and indiscriminately facilitates anonymous transactions by obfuscating their origin, destination, and counterparties, with no attempt to determine their origin,” OFAC stated in its press release. “Tornado receives a variety of transactions and mixes them together before transmitting them to their individual recipients.”

“Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian Nelson. “Treasury will continue to aggressively pursue actions against mixers that launder virtual currency for criminals and those who assist them.”

Tornado Cash has been added to OFAC’s Specially Designated Nationals (SDN) and Blocked Persons List, meaning all property and interests in property associated with Tornado Cash in the United States or in the possession or control of U.S. persons is blocked and must be reported to OFAC. In addition, any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.

“All transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or otherwise blocked persons are prohibited unless authorized by a general or specific license issued by OFAC, or exempt,” OFAC stated.

Broader Industry Threat
“While most virtual currency activity is licit, it can be used for illicit activity, including sanctions evasion through mixers, peer-to-peer exchangers, darknet markets, and exchanges,” OFAC stated. “This includes the facilitation of heists, ransomware schemes, fraud, and other cybercrimes.”

According to the Treasury Department’s “2022 National Money Laundering Risk Assessment” report, criminals have increased their use of anonymity-enhancing technologies, including mixers, to help hide the movement or origin of funds.

OFAC’s action against Tornado Cash was taken pursuant to Executive Order 13694, as amended. The action follows OFAC’s first-ever sanctions, announced May 6, against a virtual currency mixer, Blender.io (Blender). In that case, Blender was used by the DPRK “to support its malicious cyber activities and money-laundering of stolen virtual currency,” including the processing of $20.5 million in illicit proceeds stolen by the Lazarus Group, according to OFAC.

OFAC’s enforcement activity targeting virtual currency mixers is being conducted in concert with other local and foreign enforcement agencies. For example, the Financial Crimes Enforcement Network (FinCEN) in October 2020 assessed a $60 million civil money penalty against the owner and operator of virtual currency mixer Helix for BSA violations—FinCEN’s first ever enforcement action against a bitcoin mixer.

Sanctions Compliance Takeaways
From a sanctions compliance standpoint, compliance officers in the virtual-currency industry play a critical role in complying with Anti-Money Laundering/Countering the Financing of Terrorism (AML/CFT) and sanctions obligations to prevent sanctioned persons and other illicit actors from exploiting virtual currency to undermine U.S foreign policy and national security interests.

“As part of that effort, the industry should take a risk-based approach to assess the risk associated with different virtual currency services, implement measures to mitigate risks, and address the challenges anonymizing features can present to compliance with AML/CFT obligations,” OFAC stated.

As the Tornado Cash action and others like it demonstrates, OFAC stated, “mixers should, in general, be considered a high risk by virtual currency firms, which should only process transactions if they have appropriate controls in place to prevent mixers from being used to launder illicit proceeds.” 

Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.

The post OFAC Sanctions Tornado Cash For Money Laundering appeared first on Compliance Chief 360.

NYDFS discovered RHC’s compliance deficiencies following a supervisory examination and a subsequent investigation. In its consent order, the NYDFS stressed that “RHC’s overall approach to its compliance obligations substantially contributed to such [BSA/AML and cybersecurity] deficiencies.”

Starting in May 2019, when RHC commenced operations of its regulated business activity in New York and at least throughout 2020 (the time period relevant to this Consent Order), “RHC was not fully compliant with New York State regulations and failed to address some of the particular risks associated with operating a cryptocurrency trading platform,” the agency stated.

It added, “RHC was reliant on its parent and affiliates for substantial aspects of its compliance program. Although such reliance is not inherently violative of DFS requirements, in this case, such reliance proved to be a weakness because the programs of the parent (RHM) and affiliate (RHF) were not compliant with New York State regulations, and they failed to address all the particular risks applicable to licensed virtual currency businesses.”

BSA/AML compliance failures
According to the NYDFS, RHC’s BSA/AML compliance program was “inadequately staffed; failed to timely transition from a manual transaction monitoring system that was inadequate for RHC’s size, customer profiles, and transaction volumes; and did not devote sufficient resources to adequately address risks specific to RHC.”

NYDFS said it similarly found “critical failures in RHC’s cybersecurity program,” including that the program “did not fully address RHC’s operational risks, and specific policies within the program were not in full compliance with several provisions of the Department’s Cybersecurity and Virtual Currency Regulations.

According to NYDFS, such deficiencies resulted from “significant shortcomings in the management and oversight of RHC’s compliance programs, including a failure to foster and maintain an adequate culture of compliance. The Department also discovered that adequate resources were not devoted to RHC’s compliance programs, particularly as it grew, which exacerbated these issues.”

Moreover, RHC improperly certified compliance with the Department’s Transaction Monitoring Regulation and Cybersecurity Regulation. Under those regulations, companies should only be certifying to DFS if their programs are fully compliant with the applicable regulation. “In light of the program’s deficiencies, RHC’s 2019 certifications to the Department attesting to compliance with these Regulations should not have been made and, thus, violated the law,” the agency stated.

The agency also said RHC “failed to comply with certain consumer protection requirements by not maintaining a distinct, dedicated phone number on its website for the receipt of consumer complaints.” It also violated certain reporting requirements pursuant to its bespoke Supervisory Agreement with the Department.

According to NYDFS, Robinhood violated the Department’s Virtual Currency Regulation (23 NYCRR Part 200), Money Transmitter Regulation (3 NYCRR Part 417), Transaction Monitoring Regulation (23 NYCRR Part 504), and Cybersecurity Regulation (23 NYCRR Part 500). 

Under the terms of the settlement, in addition to the penalty, RHC also must retain an independent consultant that will perform a “comprehensive evaluation” of the firm’s compliance with the Department’s Regulations and its remediation efforts of identified deficiencies and violations.

Other enforcement actions
This is the third enforcement action against Robinhood that required the hiring of an independent consultant for compliance failures. In December 2020, the Securities and Exchange Commission fined Robinhood Financial $65 million “for repeated misstatements that failed to disclose the firm’s receipt of payments from trading firms for routing customer orders to them” and for “failing to satisfy its duty to seek the best reasonably available terms to execute customer orders.”

In June 2021, the Financial Industry Regulatory Authority (FINRA) fined Robinhood Financial a record $70 million for negligently communicating false and misleading information to its customers concerning a “variety of critical issues, including whether customers could place trades on margin, how much cash was in customers’ accounts, how much buying power or “negative buying power” customers had, the risk of loss customers faced in certain options transactions, and whether customers faced margin calls,” FINRA stated.

Robinhood Financial further “failed to exercise due diligence before approving customers to place options trades,” the agency said. 

Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.

The post NYDFS Fines Robinhood Crypto $30M For BSA/AML Compliance Failures appeared first on Compliance Chief 360.

The Bank Secrecy Act (BSA) and regulations issued by the Treasury Department’s Financial Crimes Enforcement Network require broker-dealers to file SARs for transactions suspected to involve fraud or a lack of an apparent lawful business purpose.

The SEC’s enforcement action marks the second BSA action against Wells Fargo Advisors in the last five years. In November 2017, the SEC ordered Wells Fargo Advisors to pay a $3.5 million penalty for failing to file at least 50 SARs on time.

According to the latest SEC order, between April 2017 and October 2021, Wells Fargo Advisors “did not timely file at least 25 SARs related to suspicious transactions in its customers’ brokerage accounts involving wire transfers to or from foreign countries that it determined to be at a high or moderate risk for money laundering, terrorist financing, or other illegal money movements,” the SEC stated.

System Failure
Failure to file the suspicious activity reports was “due to Wells Fargo Advisors’ deficient implementation and failure to test a new version of its internal anti-money laundering (AML) transaction monitoring and alert system adopted in January 2019,” the SEC stated. Thus, “the system failed to reconcile the different country codes used to monitor foreign wire transfers.”

The SEC further found, beginning in April 2017, Wells Fargo Advisors “failed to timely file at least nine additional SARs, due to a failure to appropriately process wire transfer data into its AML transaction monitoring system in certain other situations.”

For those reasons, the SEC’s order found Wells Fargo Advisors violated Section 17(a) of the Securities Exchange Act and Rule 17a-8. Wells Fargo Advisors did not admit or deny the SEC’s findings. 

Jaclyn Jaeger is a contributing editor at Compliance Chief 360° and a freelance business writer based in Manchester, New Hampshire.

The post SEC charges Wells Fargo Advisors for Failing to Report Suspicious Activity appeared first on Compliance Chief 360.