Episode 124

2nd September – 8th September 2024

Sanctions

This week’s sanctions news starts in Ukraine, where sanctions have been imposed on 150 individuals and entities concerned in the supply of materials supporting Russian aviation.

In the UK, the Office of Financial Sanctions Implementation (‘OFSI’), has issued a Notice relating to the Iranian Financial Sanctions Regime which adds three individuals and one organisation to the list of designations. The Government of Jersey announced the same designations on the same day, and the Annex to the Notice provides more detail. The UK government has updated the Consolidated List. Also in the UK, the Export Control Joint Unit has suspended licences for export of certain materials to Israel over concern that they are destined for use in military operations in Gaza. In a written statement to Parliament, the Secretary of State for Business and Trade, Jonathan Reynolds stated: ‘Following a rigorous process in line with the UK’s legal obligations, the UK Government has concluded that there is a clear risk that military exports to Israel, where used for military operations in Gaza, might be used in serious violations of international humanitarian law. To continue to permit these exports would therefore be inconsistent with our Strategic Export Licensing Criteria.’ The Strategic Export Licensing Criteria were updated in 2021 and operate as guidance under section nine, Export Control Act 2002. There is a nice discussion piece on the decision on The Conversation website. And finally from the UK on sanctions this week, the Foreign, Commonwealth and Development Office (‘FCDO’) has updated its Guidance on the Russia (Sanctions) (EU Exit) Regulations 2019, SI 2019/855.

In the US this week, the Departments of State and the Treasury are understood to be drafting further sanctions against certain Venezuelan government officials in response to allegations of wrongdoing in the run-up to the election in which Nicolás Maduro won a heavily disputed victory. Nothing firm has been decided as to the date of issue. In other news from the US respecting Venezuela, the Department of Justice has announced the seizure of an aircraft ‘owned and operated for the benefit of Nicolás Maduro … and persons affiliated with him in Venezuela.’ Attorney-General, Merrick Garland stated that the aircraft was alleged to have been ‘illegally purchased for $13 million through a shell company and smuggled out of the United States for use by Nicolás Maduro and [others].’ Now, with the US Presidential election only eight weeks away, the Office of Foreign Assets Control (‘OFAC’) has announced it has taken action against ‘10 individuals and two entities as part of a coordinated U.S. government response to Moscow’s malign influence efforts targeting the 2024 U.S. presidential election. Russian state-sponsored actors have long used a variety of tools, such as generative artificial intelligence (‘AI’) deep fakes and disinformation, in an attempt to undermine confidence in the United States’ election processes and institutions. Beginning in early 2024, executives at RT—Russia’s state-funded news media outlet—began an even more nefarious effort to covertly recruit unwitting American influencers in support of their malign influence campaign. RT used a front company to disguise its own involvement or the involvement of the Russian government in content meant to influence U.S. audiences.’

In other action taken by the US against Russia, the Department of State has announced further sanctions designed to undermine Russia’s ability to operationalise the arctic LNG 2 Project. The action has targeted ‘two entities and two vessels connected to attempts to export liquefied natural gas (‘LNG’) from the U.S.-sanctioned Arctic LNG 2 project.’ Further, the Department of Justice has unsealed two indictments ‘charging Dimitri Simes … and Anastasia Simes … with two separate schemes to violate U.S. sanctions.’ The first indictment concerns allegations that both were concerned in a scheme to launder funds for the benefit of a sanctioned Russian TV station, Channel One Russia. The second is that Anastasia is alleged to have participated in a scheme for the ‘benefit of, and to receive funds from, sanctioned oligarch Aleksandr Yevgenyevich Udodov.’

And finally on sanctions this week, a little reading. First, from law firm Pinsent Masons on reducing sanctions breach risk. Secondly, a blog post by Richard Nephew on The Case for Strengthening Sanctions Regimes to Fight Corruption. Nephew was, until recently, the U.S. Coordinator on Global Anti-Corruption at the Department of State. Thirdly, and finally, a post from Chainalysis on Russia’s Cryptocurrency Pivot: Legislated Sanctions Evasion.

Bribery and Corruption

The bribery and corruption news sends us back to Ukraine, where a row appears to have broken out between Gizo Uglava, first deputy chief of the National Anti-Corruption Bureau of Ukraine (‘NABU’), who has accused NABU chief, Semen Kryvonos, of allegedly being compromised in the decision which brought about Uglava’s removal from office. The allegations made against Uglava have been denied, while for his part, Uglava has asked NABU to investigate Kryvonos for alleged violation of anti-corruption laws. This has not stopped the dismissal of Uglava, but I do not think that will be the end of it.

From Lebanon, it is reported that the former governor of the Central Bank of Lebanon, Riad Salameh, has been detained for alleged embezzlement and money laundering. Salameh was questioned for a number of hours and the investigation will continue. It is alleged that he benefited from $110m which was laundered through a brokerage firm in Lebanon.

In Australia, with the imminent coming into force of the new offence of failure to prevent foreign bribery, under the Crimes Legislation Amendment (Combatting Foreign Bribery) Act 2024, the Attorney-General’s Department has issued guidance on the defence of having in place adequate procedures designed to prevent the offence. The offence comes into force today, Sunday 8th September 2024. If summary explainers are your thing, then the best one I have found is one from the global law firm, Norton Rose Fulbright.

Money Laundering

The money laundering news this week starts with a mixture of stories concerning the Financial Action Task Force (‘FATF’), where it is being reported from Argentina that it risks falling onto the list of Jurisdictions Under Increased Monitoring – the so-called ‘grey list’ – because of action taken by the government of President Javier Milei. Argentina passed a major investment scheme whereby an amnesty would be imposed on capital repatriation. The FATF is understood to have concerns around the scheme, such that it may be considering moving the country onto the ‘grey list’, with some even suggesting that it is a done deal. Not only is Argentina purportedly on the brink of the ‘grey list’, but also across the news this week is a story relating to Lebanon and its failure to address anti-money laundering failings which means that its placement on the list is also under consideration. Now, a FATF story from Iran, where it is being reported that the Council of Deputy Ministers of Iran’s Ministry of Economic Affairs and Finance discussed joining the FATF, with those matters necessary for joining being on the agenda at a recent meeting. If this were to happen, it would be significant, especially as Iran is currently on the FATF’s High-Risk Jurisdictions subject to a Call for Action – the so-called ‘black list’ – having been on the list since February 2020. The last one on a busy week for the FATF, but it is being reported that following last week’s news that the Nigerian government has committed to see that the country is removed from the ‘grey list’, the CEO of the Nigerian Financial Intelligence Unit (‘NFIU’), Hafsat Bakari, is to head a delegation to meet with the FATF.

In New York, the Department of Financial Services (‘DFS’) has announced that agreement has been reached with Nordea Bank Abp (‘Nordea’) whereby Nordea will pay $35 million in penalties ‘for significant compliance failures with respect to Bank Secrecy Act/Anti-Money Laundering (“BSA/AML”) requirements and the Bank’s failure to conduct proper due diligence of its correspondent bank partners.’ The action was taken in consequence of Nordea’s role in ‘helping hundreds of its customers create tax-sheltered companies using offshore accounts’ as revealed by the Panama Papers. Nordea has issued a press release in response, stating that it ‘is a different bank today’ and those interested are urged to read how committed it is now to preventing financial crime.

In the UK, the Financial Conduct Authority (‘FCA’) has published statistics for September 2024 on applications for registration by cryptoasset companies together with some feedback on making an application drawn from experience. In relation to the three rejected applications in the last month, they 'didn’t include key components necessary for [the FCA] to carry out an assessment, or the poor quality of key components meant the submission was invalid.’

In the UAE, the Cabinet has agreed a new National AML/CFT/CPF Strategy 2024-2027. There is little detail either on the Cabinet website or on the website of the National Anti-Money Laundering and Combatting Financing of Terrorism and Financing of Illegal Organizations Committee, but more is sure to come out in coming days and weeks. Continuing the theme of anti-money laundering regime amendments, in New Zealand, the government has released Cabinet papers proposing amendments to its existing anti-money laundering regime.

And finally on money laundering news this week, some directed reading. First, the European Union has published a Briefing Paper on its new anti-money laundering package: ‘Understanding the EU's response to money laundering: New EU anti-money laundering package’. Briefing Papers should be brief, and this one is certainly that, and at only seven pages is worth the read, even if it does set out a rather orthodox perspective on the process of money laundering as occurring in three distinct stages. Secondly, The United Nations Office on Drugs and Crime has provided a neat explainer on ‘Removing the veil of secrecy and understanding beneficial ownership transparency.’

Fraud

On fraud news, we start in the UK where the National Crime Agency (‘NCA’) has announced guilty pleas in the case of three men who ran a website which allowed criminals to circumvent bank anti-fraud checks. The website ‘www.OTP.Agency was run by Callum Picari,… Vijayasidhurshan Vijayanathan,… and Aza Siddeeque… Criminals were charged a monthly subscription fee which helped them socially engineer bank account holders into disclosing genuine one-time-passcodes, or give other personally identifiable information. A basic package costing £30 a week allowed multi-factor authentication to be bypassed on platforms such as HSBC, Monzo, and Lloyds so that criminals could complete fraudulent online transactions. An elite plan cost £380 a week and granted access to Visa and Mastercard verification sites.’ They will be sentenced in November.

Staying in the UK, the Financial Ombudsman Service (‘FOS’) FOS has said this week that fraud and scam complaints are at highest ever level, with more than 8,700 cases in the first quarter of this financial year (1st April – 30th June 2024), ‘of which over half were in relation to customer approved online bank transfers, also known as authorised push payment (APP) scams.’ This is an increase of 43.3 per cent on the same period in 2023/24. Interestingly, as I said, and for a story I will come to in a moment, of that 8,700, over half – 4,752 – were customer approved online bank transfers, otherwise known as authorised push payment (‘APP’) fraud scams. Of these 4,752 cases of APP fraud, 2,734 were not covered by the voluntary Contingent Reimbursement Model Code (‘CRM’). The Ombudsman is optimistic about the new rules on recovery in APP fraud cases which are due to be introduced in October 2024: ‘The introduction of new upcoming rules should also speed up the time it takes to be reimbursed. These reimbursement rules, which will apply to all firms, are being brought in by the Payment Systems Regulator (PSR) and put the onus on financial providers to reimburse customers who are victims of scams unless the customer has been grossly negligent. The new reimbursement rules cover many APP scams up to £415,000 with some exceptions – such as the payment being made abroad.’ So far, so good, or so we thought, for in an instance of strikingly fortuitous timing, the Payment Systems Regulator (‘PSR’) has announced a review and consultation on that £415,000 figure this week. Drawing on responses to the review first published in December 2023, of over 250,000 cases 'there were 18 instances in 2023 of people being scammed for more than £415,000, and 411 instances of more than £85,000. The analysis also highlighted that almost all high value scams are made up of multiple smaller transactions, reducing the effectiveness of transaction limits as a tool to manage exposure. The PSR also considered additional evidence from the industry and FCA about the maximum liability amount.... If confirmed, this would bring the cap in line with the Financial Services Compensation Scheme limit.... This would still ensure enhanced consumer protections against APP scams, with clear incentives on financial firms to continue doing all they can from preventing fraud from happening in the first instance.... The proposed new cap will still see over 99% of claims (by volume) covered....’ I don’t want to suggest that this is a fait accompli or anything, but that is the view being widely expressed in the mainstream media. If you want to get involved in the consultation, then it closes on 18th September 2024, so you need to get cracking.

Nice publication this week from the global law firm, Norton Rose Fulbright, on the failure to prevent fraud offence in the UK. It is an explainer, with a bit of a nod to getting some business, which also includes links to other useful resources. A range of government departments collaborated in a Policy Paper on the offence, which was introduced in the Economic Crime and Corporate Transparency Act 2023.

And finally on fraud news this week, three individuals from New Jersey have been indicted for Covid-19 Relief fraud to a value of around $3m, while in the UK an individual has been banned as a director for 15 years for making false applications for business grants from at least 21 local authorities for his firm, as well as providing misleading information for the purposes of securing a Bounce Back Loan.

Market Abuse

On market abuse news this week, in Hong Kong, ‘Ian Charles McWalters, a former Justice of Appeal of the Court of Appeal of the High Court, and Mr Michael Victor Lunn, a former Vice-President of the Court of Appeal of the High Court, [have been appointed] as Chairmen of the Market Misconduct Tribunal (MMT) and the Securities and Futures Appeals Tribunal (SFAT), for a term of three years from October 1, 2024, and January 1, 2025, respectively.’

In Sri Lanka, the Securities and Exchange Commission (‘SEC’) has acquired a market surveillance system from Nasdaq, in order to demonstrate the strengthening of its commitment to market monitoring and alignment with global standards. In other news allied to market monitoring, the Financial Conduct Authority (‘FCA’) in the UK has published its Market Cleanliness Statistics 2023/24. This data relates to ‘takeover announcements in the UK equity markets …[and examines]… the proportion of corporate takeover events for which we observed a significant abnormal movement in share price before the takeover announcement.’ Spoiler alert: the abnormal trading volume was 5.6 per cent, which represents a fall on the 2022 figure.

And finally, on market abuse news this week, the trial date of Andrew Left, who we reported in episode 119 of the podcast has been charged with ‘engaging in a $20 million multi-year scheme to defraud followers by publishing false and misleading statements regarding his supposed stock trading recommendations…,’ has been set for 30th September 2025.

Other Financial Crime News

In other financial crime news this week, the Cambridge International Symposium on Economic Crime is taking place this week, so the internet is crawling with published keynotes from the event. This year, keynotes were provided by the Interim Chief Capability Officer at the Serious Fraud Office, Freya Grimwood, and by the Attorney-General and Minister for Justice of Ghana, Godfred Yeboah Dame.

Staying in the UK, grim news for the Serious Fraud Office (‘SFO’). I reported in episode 119 of the podcast on the publication by the SFO of its Annual Report and Accounts for 2023-2024. The Report provided that the agency had made special payments provision in relation to the civil action brought by ENRC which determined the agency was liable, in part, for losses from the aborted investigation into the company. It was also reported that the SFO had sought permission to appeal that decision. Well, this week, the SFO was refused permission to appeal the decision, so it seems likely that ENRC’s action will proceed, as the Report indicated, ‘to Phase 2 trial, likely to be in late 2025 or early 2026, to determine ENRC losses as a result of the opening of the SFO’s criminal investigation (the period April 2013 to August 2023) and what share the SFO and other Defendants should respectively pay.’

In other news from the UK, the Financial Conduct Authority (‘FCA’) has warned banks about financial inclusion obligations, the Consumer Duty, and denying certain sectors account provision, in what appears to be a policy of overly-defensive compliance. ‘The FCA has asked account providers to review their overall approach to account denials and closures – and particularly to ensure that vulnerable consumers aren’t losing out.’ In addition to its report, ‘UK Payment Accounts Access and Closures: Update’, published this month, the FCA has also released some independent qualitative research commissioned on its behalf – ‘Exploring financial exclusion: Research report; September 2024’ – produced by Revealing Reality. In its own report, the FCA highlights adult entertainment as one sector where service provision is, at best, patchy, but that the example of pawnbroking is one example where work with trade bodies can reduce instances of account termination. As the report provides: ‘Firms’ financial crime risk tolerances, meanwhile, appeared to often lead to certain business sectors (such as pawnbrokers, defence companies, and adult entertainment companies) being treated as higher risk or being designated as ineligible for a payment account with the firm. With regard to the adult entertainment example, several firms noted that they would, in theory, onboard customers from the sector. However, in practice, we have seen examples of those firms denying or terminating adult entertainment business accounts. The rationales given by firms for these exits were usually based on financial crime or reputational grounds. But, as adult entertainment industry representatives explained to us, these account denials or terminations could lead to significant harm for individuals running those businesses, particularly if they then had to rely on cash or personal bank accounts for their work, with the latter revealing their name to their clients and therefore exposing them to blackmail…. Some firms highlighted that they can find it difficult to balance compliance with anti-money laundering (AML) regulations with financial inclusion, and reflected that their controls may need to be ‘recalibrated’ to reduce the risk of them inadvertently excluding consumers from the adult entertainment industry who meet their account opening criteria. The pawnbrokers industry … and banks have worked together, through the Pawnbrokers’ Association and UK Finance, to address financial crime concerns to enable better provision of payment accounts. The Pawnbrokers’ Association has reported that this has reduced instances of banks terminating accounts, but it has not sufficiently addressed the denials of new accounts. [The FCA] engaged the Pawnbrokers’ Association and UK Finance to support improved outcomes.’ Just before moving on, one more piece from the FCA this week, which has also published its Enforcement Data 2023/2024.

And finally on other financial crime news this week, first, Europol has published its EMPACT (‘European Multidisciplinary Platform Against Criminal Threats’) factsheets for 2023. Secondly, in the UK, a report has been published which indicates that real terms per person public funding for the criminal justice system has fallen by 22.4 per cent since 2009/2010. The Report, ‘Justice short changed: Public funding of the justice system in England and Wales, 2009/10 to 2022/23’, was commissioned for the Bar Council of England and Wales. Thirdly, Sarah Pritchard, executive director, markets and executive director, international, at the FCA has delivered a speech entitled ‘A targeted and outcomes-based approach to tackling financial crime’ at The International Financial Crime Summit, and the text has now been published. Fourthly, and finally, the FCA has published its Annual Report and Accounts 2023/24.

Cyber Crime

We end this week’s financial crime news with a round-up of cyber-attack news, starting in London where the transport agency, Transport for London (‘TfL’), has admitted that it has suffered a cyber-attack. There is no claim of responsibility, and it is understood that no customer data has been compromised. The usual agencies have been alerted. In more transportation-related cyber-attacks, it is being reported that German sea-ports are the subject of sustained cyber-attacks, especially since the Russian invasion of Ukraine. Germany’s unequivocal and vocal support for Ukraine since the invasion is well-known and makes it a primary target for Russian hacking groups.

The security solutions corporation, KnowBe4, has announced the findings of research indicating that critical infrastructure endured more than 420m cyber-attacks in the 12 months from January 2023. The research compounds the already concerning picture of the vulnerability of critical infrastructure to cyber-attack. It is an issue which state agencies globally are alive to, and one where the threat does not look likely to lapse any time soon.

In Australia, the Cyber Security Centre, which is part of the Australian Signals Directorate, has issued an alert on information stealer malware. The alert provides guidance and ‘threat activity and mitigation advice for organisations and their employees.’

In episode 121 of the podcast, we reported the cyber-attack against the Iranian Central Bank. Well, this week it is being reported that a ransom of $3m has been paid by an unnamed company, despite the authorities in Iran failing to acknowledge the attack.

And finally on cyber-attack news this week, coordinated action has been taken against several defendants who are believed to have committed cyber-attacks before the Russian invasion of Ukraine, as well as targeting NATO countries. For the UK’s part in the action, the National Cyber Security Centre (‘NCSC’) stated the allies have ‘…exposed a unit of Russia’s military intelligence service for a campaign of malicious cyber activity targeting government and critical infrastructure organisations around the world …[revealing]… the tactics and techniques used by Unit 29155 of the Russian GRU to carry out cyber operations globally. Unit 29155 is assessed to have targeted organisations to collect information for espionage purposes, caused reputational harm by the theft and leaking of sensitive information, defaced victim websites and undertaken systematic sabotage caused by the destruction of data.’ A joint advisory has also been issued. For its part, the US Department of Justice has also unsealed an indictment charging six computer hackers, ‘all of whom were residents and nationals of the Russian Federation, with conspiracy to commit computer intrusion and wire fraud conspiracy. Five of the defendants were officers in Unit 29155 of the Russian Main Intelligence Directorate (‘GRU’), a military intelligence agency of the General Staff of the Armed Forces. The sixth individual was a civilian already under indictment for conspiracy to commit computer intrusion and is now also charged with wire fraud conspiracy…. The indictment alleges that these GRU hackers and their co-conspirator engaged in a conspiracy to hack into, exfiltrate data from, leak information obtained from and destroy computer systems associated with the Ukrainian Government in advance of the Russian invasion of Ukraine…. The defendants’ targets included Ukrainian Government systems and data with no military or defense-related roles. Later targets included computer systems in countries around the world that were providing support to Ukraine, including the United States and 25 other North Atlantic Treaty Organization (‘NATO’) countries.’ A reward of $10m is being offered for information on defendants’ location or their cyberactivity. Just as a final word on NATO and the cyber-threat, ‘senior cyber policy experts from NATO Allies and Asia-Pacific partners gathered at the Cyber Champions Summit in Sydney, Australia, to discuss current cybersecurity challenges and explore new avenues for cooperation.’