Embedded Files
6th May – 12th May 2024
Sanctions
We’ll start this week’s sanctions news with the updates made to various sanctions regimes in the United Kingdom by the Office of Financial Sanctions Implementation (‘OFSI’). First, six additions have been made to the Global Human Rights financial sanctions regime. Those added, Neria Ben Pazi, Noam Federman, Eden Levi, Elisha Yered, Hilltop Youth, and Lehava, are Israeli settlers and organisations linked to actions taken against Palestinians. Indeed, Ben Pazi was the subject of sanctions by both the US and EU last month. Further, amendments have been made to individuals on the Russia sanctions regime. First, Sarvar Ismailov and, secondly, Said Mikhailovich Gutseriev. Gutseriev is the son of Mishail Gutseriev, the Russian billionaire. Said was sanctioned initially in 2022 for his support for the Belarusian president, Alexander Lukashenko.
To the European Union (‘EU’) now, where the noise concerning the proposed 14th round of Russian sanctions gets louder and louder, with exports of liquefied natural gas (‘LNG’) still its primary concern. Last week, it was reported that LNG was likely to be included in the next package, whereas this week indications are that the ban will be facilitated by the inclusion of EU ports and other facilities which could be used for its shipment. Further news from the EU relates to the possibility of an EU-wide ban on ‘Voice of Europe’, which is alleged to be a Russia network. The network is included alongside news agency RIA Novosti and news outlets Izvestija and Rossiyskaya Gazeta. While the confirmation has not come officially, these are being so widely-reported by the MSM, that it is very likely that they will come to pass.
Now news of coordinated action against the senior leader of the LockBit ransomware group, Dmitry Yuryevich Khoroshev, ‘a Russian national and a leader of the Russia-based LockBit group, for his role in developing and distributing LockBit ransomware. This designation is the result of a collaborative effort with the U.S. Department of Justice, Federal Bureau of Investigation, the United Kingdom’s National Crime Agency, the Australian Federal Police, and other international partners…. This designation follows several other recent U.S. Government actions against Russian cybercriminals involved in ransomware, including the disruption of the LockBit ransomware infrastructure and sanctions against LockBit group affiliates. Russia, where groups such as LockBit are free to launch ransomware attacks against the United States, and its allies and partners, continues to offer safe harbor for cybercriminals….’
In other collaboration news this week, the UK government hosted the second US-UK Strategic Sanctions Dialogue in London. It should come as no surprise that both countries ‘reaffirmed that sanctions and export controls are essential tools of national security policy. [They] discussed the uses of targeted, coordinated sanctions and export control measures to deter and disrupt malign activity and to defend international norms…. [and] intensify … coordination on United Nations and autonomous sanctions regimes, bilaterally and with other partners. This includes action to promote accountability for human rights violations and abuses, tackle corruption, counter terrorism, and weapons proliferation, and target cyber-criminal networks.’
And, finally, on sanctions this week, two stories. First, news from the US about the Office of Foreign Assets Control’s (‘OFAC’) new Sanctions List Service (‘SLS’). ‘OFAC has deployed its new [SLS]. SLS is now the primary application OFAC will use to deliver sanctions list files and data to the public. SLS includes support for all OFAC legacy and modern sanctions list data files.’ Secondly, the international law firm, Baker McKenzie, and the International Compliance Professionals Association will host a ‘Fireside Chat’ with Office of Foreign Assets Control Associate Director, Lawrence Scheinert. According to the announcement, Scheinert ‘will outline OFAC’s enforcement program and priorities. He will also share his insights on enforcement actions, multilateral coordination and cooperation with other US regulators such as BIS, FinCEN, and the DOJ, impact of enforcement actions on non-US companies, among other topics.’
Bribery and Corruption
This week’s bribery and corruption news starts with news of the 14th Annual Conference of Heads of Anti-Corruption Agencies in Commonwealth Africa on the theme of “Strengthening Institutions and Promoting Transparency: A Means of Fighting Corruption in Commonwealth Africa”. The aim of the conference was to address key priorities for achieving the 16th Sustainable Development Goal (SDGs) – Promote peaceful and inclusive societies for sustainable development, provide access to justice for all and build effective, accountable and inclusive institutions at all levels – of the 2030 Agenda for Sustainable Development, which was adopted by all United Nations Member States in 2015. The Commonwealth Secretary-General, The Rt Hon Patricia Scotland KC, said: ‘The global cost of corruption exceeds $3.5 trillion dollars each year. In developing countries, funds lost to corruption are around 10 times the amount of official development assistance. Africa loses more than $50 billion a year to illicit financial flows. Indeed, over the past 50 years, Africa’s loss to corruption has exceeded the total of all the official development assistance received during the same period. What we lose to corruption is more than enough to lift everybody out of poverty and deliver the SDGs. Tackling corruption is a priority of the highest order for the Commonwealth Secretariat because we are serious about implementing the SDGs.’
To the Council of Europe now and its Group of States against Corruption (‘GRECO’), which has published two reports on Belgium, ‘assessing progress towards implementing GRECO recommendations concerning members of parliament, judges and prosecutors as well as central governments (top executive functions) and law enforcement agencies. In the first report, GRECO concludes that Belgium has implemented satisfactorily, or dealt with in a satisfactory manner, seven of the fifteen recommendations contained in GRECO’s evaluation report published in 2014 on preventing corruption in respect of members of parliament, judges and prosecutors. GRECO urged Belgium to take determined and prompt action to address the other eight recommendations, which have all been partly implemented. In the second report GRECO concludes that Belgium has only implemented satisfactorily, or dealt with in a satisfactory manner, six of the 22 recommendations contained in GRECO’s evaluation report published in 2020 on preventing corruption and promoting integrity in central governments (top executive functions) and law enforcement agencies. Of the remaining recommendations, nine have been partly implemented and seven have not been implemented. GRECO concluded that substantial efforts still need to be made to prevent and combat corruption in these areas. In both cases, GRECO asked the Belgian authorities to provide a further report on progress in implementing the remaining recommendations by 31 March 2025.’
And, finally, on bribery and anti-corruption this week, news on Ukraine and EU accession. We have reported many times over previous weeks on the efforts made by Ukraine to root out corruption across all aspects of society in the country, not only to get its house in order, but also to smooth its path to EU accession. Well, this week, a seminar hosted at Stanford University heard commentary from Maria Popova, McGill University Associate Professor of Political Science, who discussed the issue of corruption in Ukraine and compared it with three recent EU members, Bulgaria, Romania, and Croatia.
Money Laundering
The money laundering news this week starts with the Council of Europe, and its anti-money laundering body, MONEYVAL, which has published follow-up reports on Georgia and Slovenia this week. Georgia ‘has improved its measures for tackling money laundering and terrorist financing,… [and] …improved its compliance with the Financial Action Task Force’s Recommendation 12 (politically exposed persons). Overall, Georgia has made progress in addressing the technical compliance shortcomings identified in its 2020 Mutual Evaluation Report…. Notably, the amendments introduced by Georgia in 2023 to its anti-money laundering legislation have fully addressed the deficiencies previously identified regarding measures applicable to politically exposed persons.’ As a result, the country has been re-rated on recommendation 12 from “partially compliant” to “compliant”. Out of the 40 recommendations, Georgia currently has been rated:
“compliant” on seven recommendations
“largely compliant” on 22 Recommendations
“partially compliant” on 10 Recommendations, and
“non-compliant” on one recommendation.
Insofar as Slovenia is concerned, it has ‘improved its measures for tackling terrorist financing,… [finding] Slovenia …[has]… improved its compliance with the Financial Action Task Force (FATF) Recommendation 5 (terrorist financing offence).’ As a result of legislative amendments to the terrorist financing offence, the country has been re-rated on this recommendation from “partially compliant” to “largely compliant”. Overall, Slovenia has made progress in addressing the technical compliance shortcomings identified in its 2017 Mutual Evaluation Report. Out of the 40 Recommendations, Slovenia currently has:
11 Recommendations rated “compliant” and
29 Recommendations rated “largely compliant”
In other money laundering news this week, the Financial Action Task Force (‘FATF’) has undertaken its on-site inspection of Turkey, which is believed to augur well for Turkey’s removal from the FATF’s ‘grey list’ – ‘Jurisdictions under Increased Monitoring’ – which itself comes off the back of reported good progress being made by Turkey following its 2019 MER. Interesting to see the outcome of that one. In other news related to the FATF, Australia is rumoured to be so concerned about possible relegation to the ‘grey list’ that the Attorney-General, Mark Dreyfus, has indicated that the government has committed $166m to its AML/CFT regime. The funds will enable AUSTRAC (‘Australian Transaction Reports and Analysis Centre’) to implement any or all changes needed to keep Australia off the list. And, finally, on FATF-related news, there is an interesting post on the website of the Royal United Services Institute (‘RUSI’) on breaking the ‘grey-listing’ cycle for African countries.
And, finally, on money laundering news this week, we reported last week on how the Wolfsberg Group has provided its response to the FATF’s consultation on changes to recommendation 16 and its interpretive note. Well, this week the American Bankers’ Association has published its response to the consultation.
Market Abuse
On market abuse news this week, the Financial Conduct Authority (‘FCA’) in the UK has published ‘Market Watch 79’. Issue 79 focuses on failures of market abuse surveillance generated by issues with factors such as data and automated alerts. In addition, there is also news of its peer review of firms’ testing of front-running surveillance models. The publication notes that ‘[over] the past few years, [the FCA ha] become aware of problems with surveillance alerts not working as intended and assumed by the firm. Sometimes, this has come about because of faulty implementation. At others, bugs have inadvertently been introduced when making changes. In other cases, for various reasons, all the required data for successful monitoring has not been ingested,’ with the impact of the failure varying across firms, with examples including that: ‘An entire section of a firm’s activity, such as a segment of business sent to a particular exchange, might not be monitored; an alert scenario could be partially effective, generating alerts, but not for all instances where it is intended to; an alert scenario for a specific type of market abuse could be completely ineffective, with alert generation impossible, due to inadequate testing before and after implementation. In an example provide, an unnamed firm, for a period of over three years, no news stories were being considered by its system, and these were required for the insider dealing scenario to operate.’
And, finally, on market abuse news this week, Gary Gensler, Chair of the U.S. Securities and Exchange Commission, delivered a keynote at the 11th Annual Conference on Financial Market Regulation. It is an interesting and broad-ranging speech on Issuer Disclosure, Market Participant Disclosure, and Market Transparency.
Other Financial Crime News
In other news, in the UK, the House of Lords Financial Services Regulation Committee has announced that it is to launch an inquiry into the Financial Conduct Authority’s (‘FCA’) decision to publicise enforcement investigations. The FCA plan, in the form of a Consultation Paper, was covered in episode 97 of the podcast where we said that the Authority ‘plans to announce corporate investigations earlier and produce periodic updates, in order to deter corporate wrongdoing.’ The Committee has raised concerns with the regulator in a letter dated 18th April 2024, and which has now been published on the Committee’s website. The letter provides: ‘In [the Committee’s] view, this proposal risks having a disproportionate effect on firms named in investigations, where those firms are subsequently cleared of any wrongdoing, particularly given the length of many investigations. This also risks the overall integrity of the market, including through possible unwarranted impacts on share prices for example. Additionally, individuals, whether named or not, may have their reputations unfairly tarnished through association with a publicised investigation. The severity of these impacts will depend on the length of time before a firm or individual is exonerated, where that is the outcome.’ The Committee is seeking views on the FCA’s proposals in a Call for Evidence, with a deadline for submissions of 11.59pm on Tuesday 4 June.
Cyber Crime
We end this week’s financial crime news with a round-up of cyber-attack news. The first story is a prominent one, and it relates to attacks across several European nations originating from Russia. Poland, Germany, and Czech Republic have all complained of cyber-attacks on political, state, and democratic institutions, as well as defence and aerospace firms. Certainly in the case of Germany, Russia has been promised consequences from its actions. In other news of cyber-attacks against defence, news from the UK this week that China is suspected as the likely source of a cyber-attack which accessed a database which held personal data of armed forces personnel. The attack was on a defence contractor, and not on the Ministry of Defence itself. While the Defence Secretary, in announcing the attack and the response to parliament this week, did not commit to a likely perpetrator, the mainstream media has been less reticent and named China. The Chinese authorities have denied responsibility. The Information Commissioner’ Office in the UK has issued a press release in response to the news, but it does not provide much in the way of detail. Now, in a piece of timely news, the National Cyber Security Centre in the UK has just published a blog post on what happens after a ransomware attack where an organisation loses control of data.
In other news, not of cyber-attacks, but of threatened cyber-attacks. As we reported in episode 92 of the FCWP, Interpol has highlighted cyber-attacks as a prominent threat. As I said at the time, ‘cybercrime is the most prominent threat to the Paris Olympics which get underway on 26th July this year. Reflecting on the news that the pandemic-delayed Tokyo games suffered some 450m cyber-attacks, there is a sense in which, given the destabilised geo-political system may result in even more cyber-attacks. Russian athletes are likely to be banned from these games and when banned from the winter games in South Korea in 2018, a malware attack on the cyber systems of the games, believed to be sourced from Russia, was released.’ Well, as we get closer to the event, it is reported that organisers are preparing for a likely surge in state-sponsored cyber-attacks. Law enforcement, France’s data protection agency, and cybersecurity experts, are working to see that where the attacks are identified they are, where they can be, neutralised and, if they do get through, then the response is swift and appropriate.
And, finally, on cyber-attacks this week, a report from EY, the consultancy firm, on the concern US firms and their workers feel around the issue of cybersecurity. The report indicates that concerns ‘are growing among US employees about escalating cybersecurity threats in the workplace, with 53% worried their organization will be the target of a cyber attack and a third (34%) worried that they may be the ones leaving their organization vulnerable due to their actions….’ A particular concern is felt by Gen Z and Millenials that they will expose their organisation to cyber-attack since they feel less well-prepared ‘to identify and respond to cyber threats compared to their older colleagues.’ While it is not entirely clear why they think they are especially susceptible, it does seem largely down to the fact that they are ‘more likely to not fully understand what their organization’s process is to report suspected cyber attacks, even though their organization has a process in place (39% Gen Z and 29% Millennials vs. 19% Gen X and 15% Baby Boomers),’ and the fear of the sack.
References
American Bankers Association, ABA Letter to FATF re: R.16 Revision Proposal.
Baker McKenzie, US: Sanctions Enforcement in 2024: A Fireside Chat with OFAC Associate Director, Lawrence Scheinert.
Council of Europe, Council of Europe evaluates anti-corruption progress in Belgium.
Council of Europe (MONEYVAL), Council of Europe anti-money laundering body: Georgia strengthened preventive measures applicable to politically exposed persons, further progress needed.
Council of Europe (MONEYVAL), Slovenia has improved its criminal legislation against terrorist financing, says Council of Europe body.
Europol, New series of measures issued against the administrator of LockBit.
Financial Action Task Force, Türkiye.
Financial Conduct Authority, Market Watch 79.
Financial Conduct Authority, CP24/2: Our Enforcement Guide and publicising enforcement investigations - a new approach.
Financial Services Regulation Committee, Committee examining FCA consultation CP24/2 on publicising enforcement investigations.
Information Commissioner’s Office, Statement in response to reports of a cyber breach at the Ministry of Defence.
National Crime Agency, LockBit leader unmasked and sanctioned.
National Cyber Security Centre, Blog Post: What's happened to my data?
Office of Financial Sanctions Implementation, Financial Sanctions Notice: Global Human Rights.
Office of Financial Sanctions Implementation, Guidance: Financial sanctions, Global Human Rights.
Office of Financial Sanctions Implementation, Consolidated List.
Office of Financial Sanctions Implementation, Financial Sanctions Notice: Russia.
Office of Financial Sanctions Implementation, Guidance: Financial sanctions, Russia.
Office of Financial Sanctions Implementation, Financial Sanctions Notice: Russia.
Office of Financial Sanctions Implementation, Financial Sanctions Notice: Cyber.
Office of Financial Sanctions Implementation, Guidance: Financial sanctions, Cyber.
Office of Financial Sanctions Implementation, Guidance: Who is subject to financial sanctions in the UK?
Office of Financial Sanctions Implementation, Guidance: Financial sanctions guidance for ransomware.
Office of Foreign Assets Control, United States Sanctions Senior Leader of the LockBit Ransomware Group.
Office of Foreign Assets Control, Formal Launch of New OFAC Sanctions List Service Application.
Office of Foreign Assets Control, Sanctions List Service.
Royal United Services Institute, The FATF Gains Momentum in Breaking Africa's Cycle of Grey Listing.
Securities and Exchange Commission, "Adam Smith, the SEC, Data, and the Public Good" Prepared Remarks Before the 11th Annual Conference on Financial Market Regulation.
Stanford Freeman Spogli Institute for International Studies, Corruption in Ukraine and EU Accession.
The Commonwealth, Landmark anti-corruption conference in Ghana.
United Nations, Sustainable Development Goals.
UK government, Second US-UK Strategic Sanctions Dialogue: joint statement.
US Department of Justice, U.S. Charges Russian National with Developing and Operating LockBit Ransomware.
US Department of State, Joint Statement by the U.S. Department of State and UK Foreign, Commonwealth and Development Office: Second U.S.-UK Strategic Sanctions Dialogue.
Page updated
Report abuse