On February 2, the European Commission issued a fact sheet regarding its plan to strengthen the fight against terrorist financing, posing and answering questions on topic areas including, but not limited to: (i) the measures the EU has already taken to combat the financing of terrorism; (ii) how the EU addresses terrorist financing risks linked to high-risk third countries; (iii) the possibility of defining a legal framework for freezing the assets of terrorists posing a threat to EU internal security; (iv) the risks associated with prepaid cards as used by terrorists; and (v) how the EU tackles the movement of large volumes of cash across borders. The fact sheet frequently refers to the Fourth Anti-Money Laundering package, which was adopted in May 2015 and, among other things, seeks to protect credit and financial institutions against the risks associated with money laundering and terrorist financing.
On February 2, the Federal Reserve published a report titled, “Progress Report: Strategies for Improving the U.S. Payment System.” The report details “progress made and outlin[es] anticipated steps for moving forward with [the Federal Reserve’s] initiative to enhance payment system speed, efficiency, and security.” The report highlights the significance of industry collaboration among stakeholders, commenting on the creation of the Faster Payments and Secure Payments Task Forces, which are comprised of more than 500 industry members. Looking ahead, the Federal Reserve plans to continue enhancing its 2015 initiative by, among other things, (i) providing additional opportunities for stakeholders to engage in strategy efforts; (ii) publishing, in early 2017, an assessment of faster payments solution proposals brought forward by participants of the Faster Payments Task Force; (iii) developing greater end-to-end efficiency for domestic and cross-border payments by creating a “detailed plan and timeline for implementation of the ISO 20022 format for wire transfers”; and (iv) releasing operational details regarding enhancements to its payment, settlement, and risk management services.
District Court Denies Motion to Dismiss, Rules Compliance Officers Responsible for AML Program Failures
On January 8, the U.S. District Court of Minnesota ruled that individual officers of financial institutions may be held responsible for ensuring compliance with anti-money laundering laws under the Bank Secrecy Act (BSA). U.S. Dep’t of Treasury v. Haider, No. 15-cv-01518, WL 107940 (Dist. Ct. Minn. Jan. 8, 2016). In May 2015, defendant Thomas Haider filed a motion to dismiss the U.S. Department of the Treasury’s December 2014 complaint against him. The Treasury’s complaint alleged that Haider failed in his responsibility as the Chief Compliance Officer for an international money transfer company to ensure that “the Company implemented and maintained an effective AML program and complied with its SAR-filing obligations.” The complaint sought a $1 million judgment against Haider and enjoined him from working for, either directly or indirectly, any “financial institution” as defined in the BSA. In his motion to dismiss, Haider contended that the Treasury’s complaint should be dismissed because, among other reasons, 31 U.S.C. § 5318(a) permits the imposition of a penalty for AML program failures against an entity, not an individual. However, the District Court of Minnesota dismissed Haider’s motion, ruling that the BSA’s more general civil penalty provision, § 5321(a)(1), could subject a partner, director, officer, or employee of a domestic financial institution to civil penalties for violations “of any provision of the BSA or its regulations, excluding the specifically excepted provisions.” Read more…
2015 was the year that blockchain technology, initially used as the public ledger for tracking bitcoin, began to mature and expand beyond payments. While regulators focused on the risks associated with virtual currency, technology companies and financial institutions forged ahead with developing alternate uses for the blockchain.
Using blockchain technology offers many upsides, with one of the most notable being faster clearing and settlement functionality. Companies that can clear and settle transactions faster and at a reduced cost will have a competitive advantage. Thus far, however, no dominant player has emerged.
There are a number of companies that are working on creating blockchain platforms for financial institutions to use to clear and settle trades. Below are just a few of note: Read more…
On December 7, the DOJ announced that a former Secret Service agent was sentenced to 71 months in prison on charges of money laundering and obstruction of justice. Between 2012 and 2014, the former agent conducted forensic computer investigations from the Northern District of California to locate, identify, and prosecute persons involved in operating Silk Road, a covert online marketplace for illicit goods, as part of the Baltimore Silk Road Task Force. As part of his guilty plea, the agent admitted to using account information from a January 2013 search and arrest of a Silk Road customer support representative to “reset passwords and pins of various accounts on Silk Road and move approximately 20,000 bitcoin, at the time worth approximately $350,000, from those accounts into a bitcoin ‘wallet’ [he] controlled.” The former agent also admitted to (i) moving stolen bitcoin money into an account on a Japan-based online digital currency exchange; (ii) liquidating the bitcoin into $820,000 in U.S. currency and transferring those funds into a personal investment account in the U.S.; (iii) using the customer support representative’s access to Silk Road to steal bitcoin, which limited the investigation of Silk Road; and (iv) making false and misleading statements to both prosecutors and investigators involved in the San Francisco grand jury investigation into his activity. In addition to the prison sentence, the court ordered the former agent to forfeit more than $650,000. The Secret Service agent is the second federal agent to be sentenced this year in connection with the Baltimore Silk Road Task Force’s investigation into the Silk Road.
On December 1, the SEC announced that it charged two Connecticut-based Bitcoin mining companies and their founder with allegedly running a Ponzi scheme, from approximately August 2014 through December 2014, to defraud investors by purportedly offering shares of a digital Bitcoin mining operation. The companies offered shares in mining profits via investment contracts called “Hashlets,” which entitled the investor to a portion of the profits from the defendants’ calculated “hashing power.” The SEC’s complaint alleges that the “defendants sold far more Hashlets worth of computing power than they actually had in their computer centers,” and that the investors ultimately paid for a share of “hashing power” that did not exist. The SEC further alleged that the defendants misrepresented to investors the potential of their virtual currency mining operations by making false statements about the profitability and life-span of Hashlets and how the payouts for Hashlets were derived, among other things. The defendants earned approximately $19 million in revenue from selling Hashlets to more than 10,000 investors. The SEC’s complaint seeks permanent injunctive relief and the disgorgement of the defendants’ ill-gotten gains, plus pre-judgment interest.
On November 18, the FTC announced that it approved, by a 3-1 vote, final amendments to the Telemarketing Sales Rule (TSR) that ban telemarketers from using certain payment methods that are commonly used by scammers. Per the amendments, telemarketers are prohibited from (i) using specific types of checks and “payment orders” that are remotely created by the telemarketer or seller and which permit direct access to consumers’ bank accounts; (ii) receiving payments through traditional “cash-to-cash” money transfers, which allow scammers to easily obtain consumer funds anonymously and without the ability to reverse the transaction; and (iii) accepting as payment “cash reload” mechanisms. The FTC concluded that the aforementioned payment methods constituted abusive practices because they caused or were likely to cause “substantial injury to consumers that is neither reasonably avoidable by consumers nor outweighed by countervailing benefits to consumers or competition.” Finally, according to the FTC, “the amendments address changes in the financial marketplace to ensure consumers remain protected by the TSR’s antifraud provisions, but are narrowly tailored to allow for innovations with respect to other payment methods that are used by legitimate companies.”
DOJ Unseals Indictment Against Individuals for Alleged Involvement in Hacks Against Various U.S. Institutions
On November 10, the DOJ unsealed an indictment against three individuals, Gery Shalon, Joshua Samuel Aaron and Ziv Orenstein, for allegedly orchestrating and committing computer hacking crimes against U.S. financial institutions, brokerage firms, and financial news publishers. According to the DOJ, “these three defendants perpetrated one of the largest thefts of financial-related data in history – making off with the sensitive information of literally thousands” of Americans. The DOJ alleges that, from approximately 2012 to mid-2015, Shalon and Aaaron hacked financial institutions to steal the personal information of more than 100 million customers, and then manipulated the price of certain U.S. publicly traded stocks, seeking to “market the stocks, in a deceptive and misleading manner, to customers of the victim companies whose contact information they had stolen in the intrusion.” Additionally, Shalon engaged in illegal businesses with Orenstein between 2007 and July 2015, allegedly operating (i) unlawful internet gambling businesses; (ii) multinational payment processors for illegal pharmaceutical suppliers, counterfeit and malicious software distributors, and unlawful internet casinos; and (iii) Coin.mx, a Bitcoin exchange company that violated federal anti-money laundering laws. Read more…
Texas Department of Banking Issues Supervisory Memorandum to Money Services Business License Holders
On October 29, the Texas Department of Banking (the Department) issued a supervisory memorandum to Money Services Business (MSB) license holders. The purpose of the memorandum “is to provide license holders with industry best practices regarding the documentation of [authorized delegate] and agent compliance monitoring efforts.” According to the Department, agents and Authorized Delegates (AD) pose substantial compliance risks to MSBs, with agent and AD file review comprising “a significant component of the examination process for assessing compliance with AML Program requirements and Texas law.” The memorandum provides MSBs with industry guidance on how to meet regulators’ expectations for maintaining documentation in compliance with agent and AD oversight. The Department identifies various documents that support effective agent and AD on-boarding due diligence, including: (i) agent and AD BSA policies and procedures; (ii) approval by foreign regulators to conduct money transmission; (iii) evidence of initial AML/BSA training; and (iv) credit review and approval documents, such as financials and credit reports. Moreover, the memorandum indicates that on-going due diligence requires MSBs to maintain, among other things, evidence to support (i) periodic BSA training; (ii) agent compliance with independent AML review requirements; and (iii) the license holder’s review of updated BSA/AML Program policies and procedures.
October 2015 represents a significant milepost in the migration of U.S. payments products to EMV chip technology. It also serves as a useful evaluation point as to what the technology achieves and where it falls short. By now, many U.S. cardholders have been issued EMV chip cards, the microprocessor-equipped cards that store the specific cardholder data on the embedded chip. For decades, U.S. payment cards stored cardholder data on a magnetic stripe on the back of the card, instead of a chip. Indeed most cards in the marketplace, including EMV cards, still contain the familiar “magstripe.” Unfortunately, the static nature of the data contained on the magstripe makes the production of counterfeit magstripe cards relatively easy. Once the cardholder data for a particular person is obtained, through “skimming” or other means, a usable counterfeit magstripe card can be produced and readily used at the point-of-sale, until the cardholder realizes that his or her data has been compromised. In contrast, EMV chip cards use a dynamic system of authentication at the point-of-sale, which makes the production of a counterfeit card with EMV chip technology much more difficult. As a result, merchants can safely conclude that an EMV chip card presented for payment in a point-of-sale transaction is authentic and not counterfeit, and card issuers should similarly experience smaller fraud losses.
The four major U.S. payment networks (Visa, MasterCard, American Express and Discover) have long-recognized the fraud-reduction potential of EMV chip cards and, individually and through their jointly-controlled EMVCo. consortium, have pushed for the implementation of EMV technology in the U.S. As part of their efforts to encourage increased EMV chip card issuance by card issuers and acceptance by merchants, beginning in October 2015 the networks shift liability for card-present fraud losses to the party (i.e., merchant, merchant acquirer or issuer) that is least compliant with EMV requirements. For example, if fraud loss results from the use of a counterfeit magstripe card at point-of-sale, where the merchant maintains certified EMV chip terminals but the card issuer has not reissued its magstripe cards as EMV chip cards, the loss will be assigned to the card issuer. On the other hand, card issuers that have issued EMC chip cards may be able to avoid liability that arises from fraudulent transactions where the accepting merchant lacks a EMV chip terminal to be used to process the transaction. Read more…
On September 28, the Federal Reserve, the FDIC, and the OCC announced that the latest outreach meeting under the Economic Growth and Regulatory Paperwork Reduction Act (EGRPRA) will be held on October 10 in Chicago, Illinois. The meeting will feature panel presentations from industry insiders and consumer advocates. Senior officials from the Federal Reserve, OCC, and FDIC are also scheduled to attend. This meeting will be the fifth of six outreach meetings focused on identifying outdated or burdensome regulatory requirements imposed on financial institutions. The sixth and final meeting is expected to take place on December 2 in Washington, D.C. Previous InfoBytes coverage on EGRPRA can be found here.
On September 10, the Federal Reserve announced the appointment of Federal Reserve Bank of Chicago Senior Vice President Todd Aadland as its Payments Security Strategy Leader. Aadland will also continue to serve as a Senior Vice President and Chief Information Officer within the Federal Reserve Bank of Chicago’s Customer Relations and Support Office. In his new role, Aadland will lead the Federal Reserve System’s initiatives to address fraud risk, and promote the safety and security of the U.S. payment system. In addition, Aadland will serve as chairman of the Secure Payments Task Force, a group comprised of more than 170 payments stakeholders representing academia, government, and industry. Aadland’s appointment follows a Federal Reserve announcement naming a Faster Payments Strategy Leader tasked with improving the speed and efficiency of current and emerging payment systems.
Federal Reserve Bank of Boston’s Payment Strategies Team Provides Snapshot of Mobile Banking Landscape
On August 17, the Federal Reserve Bank of Boston published a report that outlines the results of a 2014 survey intended to capture “a point-in-time snapshot of mobile banking and payments at [financial institutions]” across five Federal Reserve bank districts. One of the largest U.S. surveys completed on mobile banking and payment services at financial institutions, the collected data mostly came from banks and credit unions – a combined total of more than 600 – with less than $500 million in assets. The survey showed that with the rise of smartphones, consumers are more easily able to use mobile devices for payments, and they demonstrate “growing comfort with mobile and digital wallets as well as willingness to pay with mobile-based solutions.” As competing mobile technologies emerge, such as non-bank technology service providers, the report found the need for financial institutions to “create mobile banking and payment strategies to respond to [the] changing environment” becomes more relevant. The report highlighted that roughly 75 percent of the financial institutions surveyed offer the following mobile services, with a majority of the remaining 25 percent planning to offer them by 2016: (i) checking balances; (ii) transferring funds between a single owner’s account; (iii) viewing statements and transaction history; (iv) ATM / branch locator; and (v) bill payment. The report further suggested that financial institutions should “keep pace” with the growing mobile banking market and “be proactive and help make the best solutions succeed.”
FinCEN Determines That Issuing a Digital Certificate Evidencing Ownership in Precious Metals, and Buying and Selling Precious Metals, Are Subject to The BSA
On August 14, FinCEN issued an Administrative Ruling, FIN-2015-R001, determining that a company who: i) provides Internet-based brokerage services between buyers and sellers of precious metals; ii) buys and sells precious metals on its own account; and iii) holds precious metals in custody, opens a digital wallet, and issues a digital proof of custody certificates evidencing ownership of such metals, is subject to the BSA.
FinCEN determined that, as a broker or dealer in e-currencies and e-precious metals, the company did not fall under the e-currencies or e-precious metals trading exemption from money transmission: “when the Company issues a freely transferable digital certificate of ownership to buyers, it is allowing the unrestricted transfer of value from a customer’s commodity position to the position of another customer of a third-party, and it is no longer limiting itself to the type of transmission of funds that is a fundamental element of the actual transaction necessary to execute the contract for the purchase of sale of the currency or the other commodity.” As such, it is acting as a convertible virtual currency administrator (the freely transferable digital certificates being the commodity-backed virtual currency). Further, the purchases and sales of precious metals made on its own account render the Company a dealer in precious metals (subject to certain monetary thresholds and other considerations), and thus a financial institution for purposes of the BSA.
On August 7, OCC Comptroller Thomas Curry delivered remarks at the Federal Home Loan Bank of Chicago, which was hosting a conference highlighting the future of financial services. Specifically, Curry discussed innovation in the emerging financial technology industry, or “fintech,” noting the risks and benefits associated with mobile payments, virtual currency, and peer-to-peer lending products within the U.S. banking system. With respect to virtual currency, Curry stressed how important it is for financial institutions to implement adequate procedures to deter money laundering and terrorist financing. Curry also recognized that the OCC is “still early in the process” of evaluating a regulatory framework to examine some new and innovative products and services. Rounding out his remarks, Curry expressed his growing concerns with so called “neobanks,” which operate primarily online but provide similar services to brick and mortar retail branch banks, including the heightened privacy risks that neobanks present in light of recent cybersecurity attacks.