Regulatory Compliance & Financial Crimes Monthly Update - June 2023

Regulatory Compliance & Financial Crimes Monthly Update - June 2023

July 07, 2023

Hot Topics

Google Cloud Launches AI-Driven AML Tool

On June 21, Alphabet, the parent company of Google, announced that it will launch a new anti-money laundering (AML) tool driven by artificial intelligence. The company says it will set itself apart from other AML surveillance solutions by leveraging AI further than has been done before and requiring minimal human input to screen for money-laundering risks.

The Google Cloud product, named Anti Money Laundering AI, is currently used by HSBC, Banco Bradesco, and Lunar. Manual driven processes have long been the Achilles heel of AML programs and the main crux of large penalties and enforcement actions in the past. We are interested to see how effective the solution becomes in practice, and, more importantly, how the regulators react to an AI-driven tool. Having the weight of the Google name behind the tool will aid its acceptance into the market.

SEC Has Been Busy With Coinbase and Binance

The SEC has continued to flex its muscle and use enforcement and legal actions against Coinbase and Binance.

On June 6, the SEC charged Coinbase for operating as an unregistered securities exchange, broker, and clearing agency, as well as for the unregistered offer and sale of securities in connection with its staking-as-a-service program.

The SEC filed 13 charges against Binance entities and its founder Changpeng Zhao. Like the Coinbase charges, the charges include operating unregistered exchanges, broker-dealers, and clearing agencies; misrepresenting trading controls and oversight on the Binance.US platform; and performing the unregistered offer and sale of securities.

Binance also filed a motion in response to restrain the SEC from making public comments, which has been denied by the courts. Similarly, Coinbase filed countersuit against the SEC and made several public comments and requests for the SEC to codify laws specific to crypto and requesting the SEC to respond by explaining how and/or why a cryptocurrency is a security under SEC regulations, to which the SEC has not responded. It appears this legal battle will continue in the courts and the public eye for all to see.

Peer-to-Peer (P2P) Payment Platforms Under Pressure to Protect Customers from Fraud

On June 15, Senate Democrats sent letters to the CEOs of Paypal and Cash App outlining concerns over the companies’ ability to keep customer money safe.

In its annual report, PayPal stated that it expects users to continue to attempt money laundering, sanction evasion, and other illegal activities on Venmo, and stated that its current fraud reduction measures “may not be effective in detecting and preventing fraud, particularly new and continually evolving forms of fraud or in connection with new or expanded product offerings.”

While the companies utilize fraud detection tools and investigate potentially fraudulent activity, a Consumer Reports survey found that 9% of frequent users of P2P apps were victims of scams. In the letters, lawmakers posed a series of questions concerning the extent of fraud identified by these companies and requested that answers be provided by June 30.

Regulatory Updates

FINRA Approves First Special Purpose Broker-Dealer to Custody Crypto Asset Securities

In December 2020, the SEC introduced the Special Purpose Broker-Dealer (SPBD) regime, which authorizes the custody of digital asset securities upon FINRA approval. On May 22, 2023, Prometheum Ember Capital LLC, a registered broker-dealer, was approved to operate as an SPBD, the first SPBD authorized to serve as a qualified custodian of crypto digital assets. While traditional broker-dealers can only transact in crypto asset securities with approval from FINRA, an SPBD is permitted to both custody and transact in crypto asset securities.

This is the first time that digital asset securities will be custodied in a FINRA member firm and an SEC registered broker-dealer subject to federal securities laws. As a qualified custodian, Prometheum Ember Capital now falls under SEC Rule 15c3-3 customer protections for its crypto asset securities, which will require them to have extensive policies, procedures, and controls in place to protect customer assets, and which may differentiate them from digital asset investors who custody their crypto through platforms that do not fall under the same customer protections.

June FATF Plenary – Updates on Travel Rule Implementation and Grey List Additions

The Financial Action Task Force (FATF) plenary took place in Paris on June 21-23, 2023, the most recent plenary since February 2023. The plenary meeting covered the Mutual Evaluation for Luxembourg, with the final report’s expected publication in September 2023; the addition of Cameroon, Croatia, and Vietnam to the Grey List; the slow implementation of FATF Recommendations in the Virtual Asset Sector; and revised guidance on managing terrorist financing risks in the non-profit sector.

Pertaining to the slow implementation of the Travel Rule and FATF recommendations in the virtual asset sector, more than 50% of surveyed countries had failed to implement the rule, resulting in several loopholes in the respective countries’ virtual asset regulations.

T. Raja Kumar, President of FATF, stated, “Four years after the FATF strengthened its standards to address virtual assets and virtual asset service providers, the global implementation remains relatively poor. Based on our FATF Mutual Evaluation and follow-up reports, almost three quarters of jurisdictions are only partially or not compliant with the FATF’s requirements … This lack of regulation creates significant loopholes for criminals to exploit.”

Interagency Guidance on Third-Party Relationships: Risk Management

The Board, FDIC, and OCC (collectively, the agencies) are issuing final guidance on managing risks associated with third-party relationships. The final guidance offers the agencies’ views on sound risk management principles for banking organizations when developing and implementing risk management practices for life cycle stages of third-party relationships.

The new guidance emphasizes a principles-based approach to third-party risk management that can be adapted to a wide range of relationships and scaled for banking organizations of various sizes and complexity. The supervisory guidance does not impose any new requirements on banking organizations but instead includes key principles that organizations can leverage when developing and implementing risk management processes tailored to the risk profile and complexity of their third-party relationships.

CFTC Approves Cboe Digital to Launch Margin Trades on Crypto Futures Exchange

On June 7, Cboe Global Markets, the exchange operator that runs the Cboe Digital trading platform, announced that the Commodities Futures Trading Commission (CFTC) had granted regulatory approval to offer leveraged derivative products, such as margined Bitcoin and Ether futures contracts. This allows its clients to trade crypto futures with less collateralized capital upfront. Prior to the approval, Cboe Digital could offer fully collateralized trading of crypto futures, requiring users to provide the full amount of a contract prior to initiating a trade. This will allow for more traders to be involved in crypto futures due to the lower collateral requirements, with more options to manage risk. This will also allow traditional financial firms to trade in crypto futures more easily, as the physical settlement of the assets can occur without intermediaries so they will not have to take custody or touch the assets to trade them.

Enforcement Updates

OFAC Settles With Swedbank Latvia for $3,430,900 Related to Apparent Violations of Sanctions on Crimea

On June 20, 2023, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced a settlement with Swedbank Latvia AS, an international financial institution in Riga, Latvia, for $3,430,900 to settle its potential civil liability for violations of OFAC’s sanctions against the Crimea region of Ukraine.

Prior to Russia’s invasion of the region in 2014, Swedbank Latvia onboarded a shipping industry client in Crimea which owned three special purpose companies (SPCs), each with an account at the bank. Between February 2015 and October 2016, the client initiated 386 payments totaling $3,312,120 from accounts belonging to the SPCs, which were processed through U.S. correspondent banks. In March 2016, a U.S. correspondent bank rejected payments attempted by the client from an IP address in Crimea and alerted Swedbank Latvia. Swedbank Latvia requested information from its client, who falsely indicated that the payments did not involve Crimea. Despite the bank having reason to believe that its client’s claims were incorrect, a relationship manager at Swedbank Latvia rerouted the rejected payments through another U.S. correspondent bank, which processed the transactions. Swedbank Latvia did not integrate the IP address data it had collected into its sanctions screening process, which would have indicated that the client was located in Crimea at the time the payments were initiated.1

U.S. Treasury Office of Foreign Assets Control Settles With Murad, LLC and U.S. Person Over Iran Sanction Violations

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has reached settlements in two cases involving violations of sanctions on Iran. Murad, LLC has agreed to pay a $3,334,286 settlement for an apparent violation related to the conspiracy of exporting goods from the U.S to Iran between 2009 and 2018. OFAC deemed Murad’s violation as egregious despite its voluntary self-disclosure. Additionally, a natural U.S. person, referred to as U.S. Person-1, agreed to settle for $175,000 regarding three apparent violations of OFAC’s Iran sanctions, which occurred between 2016 and 2017. U.S. Person-1’s violations were also deemed egregious, and no voluntary self-disclosure was made.2

Court Awards Historic $279 Million Whistleblower Settlement in Ericsson Bribery Case

The Securities and Exchange Commission (SEC) awarded a record $279 million whistleblower award in a bribery case against Ericsson, a telecommunications company. The award is related to a $1.1 billion settlement Ericsson reached with U.S. authorities in 2019, alleging illegal payments to secure business in five countries. The SEC did not disclose the enforcement action or the whistleblower’s identity due to protection rules. Ericsson agreed to plead guilty and pay an additional $207 million fine in March for breaching its deferred prosecution agreement. The charges involved bribery in Djibouti, China, Vietnam, Kuwait, and Indonesia. The SEC award exceeds the previous record of $114 million issued in 2020. Ericsson’s sanctions are among the highest imposed for Foreign Corrupt Practices Act violations, which prohibit bribing foreign officials.3

Final Thoughts

We continue to see the expansion of AI in the marketplace for AML solutions. Key factors to watch include how institutions adopt the technology and how quickly they can implement and upscale their usage, and how the regulators accept or reject the speed at which firms implement AI. There are several use cases for AI in the transactions monitoring and sanctions screening processes, but firms need to remain cognizant of how much they lean on AI, how impactful the human element of an investigation is, and the speed at which regulators are willing to move forward in this arena.

  1. Settlement Agreement between the U.S. Department of the Treasury's Office of Foreign Assets Control and Swedbank AS (Latvia)
  2. Settlement Agreements between the U.S. Department of the Treasury’s Office of Foreign Assets Control; Murad, LLC, and an Individual
  3. Record $279 Million Whistleblower Award Went to a Tipster on Ericsson