Episode 102

1st April – 7th April 2024

Sanctions

The sanctions news this week starts with the wider impact of the Russian invasion of Ukraine and the geo-political realignment which has occurred since February 2022. The UN, which has imposed sanctions on North Korea since 2006 over its nuclear weapons programme, has also used a panel of experts to monitor sanctions observance. However, this week, Russia, as a permanent member of the UN Security Council, used its veto to block the renewal of the panel’s mandate. This is the first time Russia has used its veto in this way. While the action by Russia has been condemned, it can come as no surprise that the veto has been used, especially given the ever-closer ties between Russia and North Korea as Russia looks to replenish military hardware depleted by its invasion of Ukraine. In response to the veto, the US and its allies are looking to coordinate oversight of sanctions enforcement, but whether this will be as effective as the panel remains to be seen.

Other sanctions news this week is, first, from the US, where the Office of Foreign Assets Control (‘OFAC’), which has announced ‘additional action against Iranian military revenue generation, targeting Oceanlink Maritime DMCC for facilitating the shipment of Iranian commodities on behalf of Iran’s Armed Forces General Staff (‘AFGS’) and Ministry of Defense and Armed Forces Logistics (‘MODAFL’). OFAC is also identifying 13 vessels managed by Oceanlink Maritime DMCC as blocked property. The Oceanlink Maritime DMCC-managed vessel HECATE recently loaded Iranian commodities valued at over $100 million dollars via a ship-to-ship (STS) transfer from another sanctioned tanker, the DOVER, on behalf of Iran’s Sepehr Energy Jahan Nama Pars (Sepehr Energy), which OFAC sanctioned in November 2023 for its role selling Iranian commodities for the AFGS and MODAFL…. OFAC is also updating the Specially Designated Nationals and Blocked Persons List (SDN List) to reflect that the name of OFAC-sanctioned vessel YOUNG YONG (IMO: 9194127) has been changed to the SAINT LIGHT, possibly to obfuscate its identity. The SAINT LIGHT, which is also operating under the name STELLAR ORACLE, conducted an STS transfer on March 27, 2024 with a sanctioned vessel operated by the National Iranian Tanker Company (NITC), the HAWK (IMO: 9362061), from which it loaded over $100 million worth of Iranian commodities. The HAWK had loaded the same cargo on March 22, 2024 via an STS transfer from the vessel KOHANA (IMO: 9254082), which OFAC sanctioned on February 27, 2024 for its role in attempting to ship MODAFL-owned commodities.’

And finally, on sanctions this week, from the Office of Financial Sanctions Implementation (‘OFSI’) in the UK, which has announced it is holding a Q&A on the Oil Price Cap to support, further, ‘industry and provide an updated overview of circumvention methods the Price Cap Coalition is taking action against.’ This session will take place on Wednesday 24 April at 10.30AM GMT and those interested in attending should email oilpricecap.OFSI@hmtreasury.gov.uk for further details.

Bribery and Corruption

This week’s bribery and corruption news starts in the US. First, the Department of Justice has announced that Trafigura Beheer B.V. (‘Trafigura’), the international commodities trader, has pleaded guilty to violation of the Foreign Corrupt Practices Act 1977. It will pay over $126m to resolve the investigation. This consists of a criminal fine of $80,488,040 and forfeiture of $46,510,257. Credit will be given of up $26,829,346 of the criminal fine because of what Trafigura has paid to resolve an investigation by law enforcement authorities in Brazil for related conduct. As the press release provides, ‘…between approximately 2003 and 2014, Trafigura and its co-conspirators paid bribes to Petrobras officials in order to obtain and retain business with Petrobras. Beginning in 2009, Trafigura and its co-conspirators, who met in Miami to discuss the bribery scheme, agreed to make bribe payments of up to 20 cents per barrel of oil products bought from or sold to Petrobras by Trafigura and to conceal the bribe payments through the use of shell companies, and by funneling payments through intermediaries who used offshore bank accounts to deliver cash to officials in Brazil. Trafigura profited approximately $61 million from the corrupt scheme.’

In other bribery and corruption news from the US this week, the Anti-Bribery and Corruption Unit of the Securities and Exchange Commission (‘SEC’) is believed to have sent letters to tech companies in an effort to assess the degree of possible corruption which may be conducted between those companies and its distributors and business partners outside the US. Difficult to locate anything on the SEC website, but this is so widely-reported in the trade press that there must be legs to it, so it is certainly something which it is worth following.

Now to a round-up of other news. In India, Arvind Kejriwal has been arrested on allegations of corruption. Kejriwal has been Dehli’s Chief Minister since 2015, and a strong advocate for anti-corruption throughout his political life. The US Department of Justice (‘DoJ’) has brought civil forfeiture proceedings against Sukhbataar Batbold, the former prime minister of Mongolia and still a member of the parliament, for alleged international corruption in the award of Mongolian mining contracts which allowed the purchase of two apartments in New York. In Australia, the South Korean ambassador, Lee Jong-sup, has resigned following allegations that he attempted improperly to influence a probe into the death of a marine when he was the defence minister. The allegations are denied, but the investigation continues. From South Africa, a story which we looked at last week, the former Speaker of the South African parliament, Nosiviwe Mapisa-Nqakula, has been charged with corruption and money laundering in relation to allegations of bribery when she was defence minister. Mapisa-Nqakula has been released on bail. And finally, the National Anti-Corruption Commission (‘NACC’) in Thailand has issued ‘new guidelines for the prevention and suppression of corruption with a view to creating an environment to support the confidence of foreign investors formal guidelines to both local and international investors regarding the practice of preventing and suppressing corruption in doing business and among government officials with an objective to reduce corruption’ in the country.

Money Laundering

The limited money laundering news this week concerns, first, the publication by the Financial Action Task Force (‘FATF’) of its implementation status of recommendation 15 (R.15) made by all FATF members, plus 20 jurisdictions with are considered materially important virtual asset service providers (‘VASP’). ‘These jurisdictions were identified based on two criteria: trading volume and userbase, based on open-source datasets from January to December 2022 and cross-checked against data from blockchain analytics companies. Of the 20 …non-FATF jurisdictions met the criteria for inclusion: 11 non-FATF jurisdictions met the first criterion (trading volume (> 0.25% of global virtual asset trading volume)), 5 met the second criterion (user base (1 million or more virtual asset users)), and 4 met both criteria…. A jurisdiction’s inclusion in the table … carries no indication – either positive or negative – regarding that jurisdiction’s degree of risk or its level of compliance. The purpose of this exercise is to identify jurisdictions with materially important virtual asset sectors, so that the FATF network can better support them in regulating and supervising VASPs for AML/CFT purposes.’

The other money laundering news this week comes, first, from the UK with news that the Gambling Commission has fined Bet365 the sum of £582,120 for corporate social responsibility and anti-money laundering failings. Anti-money laundering failures included:

‘having enhanced customer due diligence and know your customer triggers that were ineffective at managing money laundering risk;
failing to undertake financial sanctions checks on new customers prior to their first deposits;
failing to undertake independent verification checks and over relied on customers’ annual self-verification of know your customer information, such as identification documents;
its procedure document contained inadequate detail as to who would be deemed “at risk” and “not at risk” for customer risk profiling.’

The other news is from France, where Najib Mikati, Lebanon’s caretaker prime minister, has denied allegations of money laundering after a complaint was filed with France’s National Financial Prosecutor’s office by French anti-corruption non-governmental organization, Sherpa, and the Collective of Victims of Fraudulent and Criminal Practices. Little detail on this one at the moment, so certainly more to come out.

Market Abuse

There’s a decent range of market abuse news this week, and it starts in the US. First, the Securities and Exchange Commission (‘SEC’) has announced charges against a further defendant for the role which they are alleged to have played in a ‘free-riding’ scheme. ‘[From] approximately July 2020 through January 2022, [Travis Treusch] aided and abetted [Eduardo Hernandez] and [Christopher Flagg] (the “Principals”) in a free-riding scheme, in which the Principals opened and used unfunded brokerage accounts (the loser accounts) to generate trading profits in other brokerage accounts that they also controlled (the winner accounts). The complaint alleges the Principals maintained the loser accounts at a broker that provided an instant deposit credit, which they used to fund trades at manipulated prices. The complaint alleges that in doing so, the Principals essentially transferred the credit provided by the broker from the loser accounts to the winner accounts, accumulating guaranteed profits at the broker’s expense. The complaint alleges that Treusch opened a loser account himself and recruited others to do the same for use in the scheme, and then provided the Principals with the account login credentials so the Principals could access and control the loser accounts in the names of those recruited, thereby deceiving the brokers. The SEC alleges that Treusch also recruited at least two individuals to set up accounts and cede control of them to Hernandez, who used them as winner accounts in the scheme. According to the complaint, Treusch was compensated for each account he secured for the scheme.’

In other news from the US, Michael and Gerald Shvartsman, brothers from Florida, pleaded guilty to participation in an insider trading scheme linked to the merger of Digital World Acquisition Corporation (‘DWAC’) and Trump Media & Technology Group (‘Trump Media’). They are said to have made more that $22m, along with another, by use of material, non-public information relating to the merger. In other news from the US, Joe Lewis, has avoided a prison sentence after pleading guilty to insider trading in January this year. Instead, a Manhattan court imposed a fine of $5m and three years’ probation. While federal guidelines in such cases suggest a custodial sentence, both the defence and prosecution had urged leniency on grounds of his guilty plea, cooperation, and overall poor health.

In a round-up of other market abuse news, in the UK, a site manager at a UK plastics manufacturer has been found guilty of insider dealing. In advance of the acquisition of British Polythene Industries (‘BPI’) by RPC Group plc (‘RPC’), Stuart Bayes traded heavily in BPI shares, encouraging another to do the same. Bayes made a profit of £132,000. He will be sentenced on 26th April 2024. In the Netherlands, the chief executive of Alax Football Club, Alex Kroes, has been suspended from his post after allegations of insider dealing was made against him. In a statement made by Ajax’s Supervisory Board, ‘the decision was made after the … Board learned that Kroes purchased over 17,000 shares of Ajax a week before his intended appointment was announced on August 2, 2023. The Supervisory Board sought external legal advice, which indicates that he likely engaged in insider trading.’ And finally, the European Securities and Markets Authority (‘ESMA’) has published the latest edition of its ‘Spotlight on Markets’ newsletter. The usual array of interesting stories, including the consultation on rules for External Reviewers of EU Green Bonds, the first rules on crypto-asset service providers, the third consultation package under Markets in Crypto-Assets Regulation (‘MiCA’), and a fine of €2,197,500 for Scope Ratings GmbH because of breaches of conflicts of interest obligations under the Credit Rating Agencies Regulation.

Other Financial Crime News

In other financial crime news this week, the main news comes from Europe with the publication by Europol of a new report entitled ‘Decoding the EU’s most threatening criminal networks’. Drawing on data from all EU Member States and 17 of Europol’s partner countries, the report identifies the most threatening criminal networks in Europe. The dataset of 821 of the highest-risk criminal networks, has allowed the development of the ‘ABCD framework’, with ABCD standing for Agile, Borderless, Controlling, and Destructive. It ‘offers valuable insights into their modus operandi, structures, and operational patterns.’

On agility, these most threatening networks ‘exhibit a remarkable agility to adapt their criminal business processes to opportunities and challenges, including those challenges posed by law enforcement. They are able to extensively infiltrate and misuse legal business structures,… [which] …allows them to launder their criminal profits and shields them from detection. 86 % of the most threatening criminal networks make use of legal business structures, the vast majority in the EU.’ In terms of other key facts, 34% of the most threatening criminal networks have been active for more than 10 years and that cohesion ‘is present in networks no matter how they are organised. The most threatening criminal networks have an organisational set-up that includes all possible variations on the spectrum of vertical and horizontal, and small to large. The majority of the most threatening criminal networks are vertical and hierarchical in nature, with a layered power structure, strong system of internal control and central leadership. Criminal networks organised more horizontally, around a core group of central figures or in a decentralised manner, are also found in this group. The most threatening criminal networks can range from very few to many members. While an exact membership count is often not feasible, they often range between 8 and 38 members.’

In terms of being borderless, ‘the most threatening criminal networks run borderless criminal operations. Their activities touch upon many countries in the world, and their composition is very international, with network members from many countries in the EU and the world. A total of 112 nationalities were represented among the members of the 821 most threatening criminal networks, with 68% of the networks composed of members of multiple nationalities. However, looking at the locations of their core activities, the vast majority maintain a strong geographical focus and do not extend their core activities too broadly. The report also found that 76% of the most threatening criminal networks are present or active in two to seven countries, while 32% have members from only one country.’

On the controlling aspect, ‘the highest-risk criminal networks exert strong control and focus over their criminal operations. They tend to specialise in one main criminal business; truly poly-criminal networks are the exception rather than the norm. The leadership of 82% of the most threatening criminal networks is settled either in the main country of activity, or the country of origin of the key members.’ Interestingly, ‘nearly all (96 %) networks launder their criminal proceeds themselves.’

Finally, in terms of the destructive operation of these criminal networks, their ‘criminal activities and corrupt practices inflict significant damage to the EU’s internal security, rule of law and economy. Half of the most threatening criminal networks are involved in drug trafficking as the/a main criminal activity. More than 70 % of networks engage in corruption to facilitate criminal activity or obstruct law enforcement or judicial proceedings. 68% of networks use violence and intimidation as an inherent feature of their modus operandi.’

As the report concludes on the ABCD approach, it ‘highlights important elements to guide policy and operational action, especially in respect of collaboration in investigation and operational matters. Law enforcement must strengthen their partnerships with other actors to form comprehensive, all-encompassing approaches that tackle the roots of serious and organised crime, such as the administrative approach.’ It’s an interesting report, and worth reading.

In the UK, the Home Office has announced the findings of a consultation into conferring investigatory powers under the Proceeds of Crime Act 2002. With one unarticulated objection, the overwhelming sense from the consultation was that the organisations identified in the consultation, the Security Industry Authority, the Food Standards Agency, the Environment Agency, the Public Sector Fraud Authority, and the Department for Work and Pensions, should be given the powers listed in the consultation document. The government has made an order which will come into force on 26th April 2024.

Cyber Crime

The cyber-attack news this week concerns a range of attacks on public sector organisations. First, the University of Winnipeg has urged staff and students to reset passwords following a cyber-attack on a range of its systems. In terms of impact, exams have been pushed back by a fortnight, so let’s hope the students seize this opportunity for extra revision time. In the US, a joint letter to State Governors from the Environmental Protection Agency (‘EPA’) and a National Security Adviser, has warned of the threat to water and wastewater systems from a cyber-attack. The letter highlights to recent attacks originating in Iran and China which impacted critical infrastructure. On the particular theme of the letter, ‘[drinking] water and wastewater systems are an attractive target for cyberattacks because they are a lifeline critical infrastructure sector but often lack the resources and technical capacity to adopt rigorous cybersecurity practices.’ The letter urges Governor support ‘to ensure that all water systems in [the Governor’s] state comprehensively assess their current cybersecurity practices to identify any significant vulnerabilities, deploy practices and controls to reduce cybersecurity risks where needed, and exercise plans to prepare for, respond to, and recover from a cyber incident.’ Finally, on public sector cyber-attacks, hackers have threatened to publish the data taken from a cyber-attack on a local National Health Service (‘NHS’) provider in Scotland.

In other cyber-attack news this week, in the US, a cyber-attack on AT&T has compromised the data of 73m individuals, with the information being leaked online. The cyber-attack is believed to have affected current and former customers. Staying with the US, the Director of the FBI has given a speech in which he documented the efforts of the Bureau to counter cyber-attacks. In particular, they have been targeting ransomware administrators, affiliates, and facilitators; cybercriminal group “infrastructure—like their servers and botnets;” and, the cryptocurrency wallets cybercriminals use to “stash their ill-gotten gains, hire associates, and lease infrastructure”. And, finally, from the US, a Federal report has reprimanded Microsoft for what the report describes as ‘the cascade of Microsoft’s avoidable errors that allowed this intrusion to succeed.’ The Cyber Safety Review Board’s Review of the Summer 2023 Microsoft Exchange Online Intrusion is scathing of the circumstances which allowed Chinese cyber operators to access email accounts of senior US officials.

And finally, on cyber-attack news this week, in the UK, current and former employees of WH Smith, the high street newsagent, have been affected by a cyber-attack on its systems. And, finally, Scullion Law, a Scottish law firm with offices across Scotland, as well as one in Madrid, has fallen victim to the Black Basta cyber-gang. The incident has been reported to the Information Commissioner’s Office, the Law Society of Scotland, and is being investigated by Police Scotland.

References

Ajax, Supervisory Board suspends Alex Kroes due to strong indications of insider trading.

Cyber Safety Review Board, Review of the Summer 2023 Microsoft Exchange Online Intrusion.

Cyber Safety Review Board, Cyber Safety Review Board Releases Report on Microsoft Online Exchange Incident from Summer 2023 (press release).

Department of Justice, Swiss Commodities Trading Company Pleads Guilty to Foreign Bribery Scheme.

Department of Justice, Justice Department’s Investigation into International Commodities Trading Companies’ Foreign Bribery Schemes Results in Six Corporate Resolutions and 20 Individuals Convicted.

Department of Justice, United States Seeks Forfeiture of Former Mongolian Prime Minister's Luxury New York City Apartments Purchased with Proceeds of Corruption Scheme.

Department of Justice, Justice Department Seeks Forfeiture of $14 Million Manhattan Apartments Purchased with Proceeds of Mongolian Corruption Scheme.

Department of Justice, U.S. Attorney Announces Charges In Four Separate Insider Trading Cases Against 10 Individuals, Including Drug Company Employees, Investment Firm Executive Director, And SPAC Investors.

European Securities and Markets Authority, ESMA publishes latest edition of its newsletter (press release).

European Securities and Markets Authority, Spotlight on Markets.

Europol, Europol report identifies the most threatening criminal networks in the EU (press release).