Episode 128

30th September – 6th October 2024

Sanctions

This week’s sanctions news starts in the US, where the Department of Justice (‘DoJ’) has announced that a Chinese national and North Korean facilitator have been extradited to the US as co-conspirators ‘in connection with a multi-year scheme to facilitate the sale of tobacco to North Korea through the U.S. financial system in violation of the sanctions imposed on North Korea.’ The DoJ has also announced the sentencing of Feliks Medvedev ‘for conducting an unlicensed money transmitting business which transferred over $150 million in Russian money.’ The Office of Foreign Asset Control (‘OFAC’) in the US has sanctioned Hilltop Youth, ‘a violent extremist group that has repeatedly attacked Palestinians and destroyed Palestinian homes and property in the West Bank.’ The State Department also designated ‘Eitan Yardeni … for his connection to violence or threats of violence targeting civilians in the West Bank [and] Avichai Suissa [who] leads Hashomer Yosh, a West Bank-based entity designated by the United States in July 2024 for having materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of individuals and entities blocked pursuant to E.O. 14115.’ OFAC has also sanctioned an ‘individual and three companies that have facilitated weapons procurement and smuggling operations for … the Houthis.’

In the UK, the Office of Financial Sanctions Implementation (‘OFSI’) has added two questions to its Financial Sanctions FAQs. ‘FAQ 121 can be found under the General licensing section, regarding General licence INT/2024/4919848. FAQ 122 can be found under the under Trust services sanctions heading.’ OFSI has also amended General Licence INT/2023/3179120 on payment to water companies for water and sewage. In news of cyber sanctions from OFSI, 16 individuals have been added to the Cyber Financial Sanctions List, all of whom are in some way allied to Evil Corp, of which there will be more later. An investigation by the National Crime Agency ‘helped map out the history and reach of Evil Corp’s criminality; from a family-centred financial crime group in Moscow that branched out into cybercrime, going on to extort at least $300 million from global victims including those within healthcare, critical national infrastructure, and government, among other sectors.‘ The action against Evil Corp was coordinated with the Office of Foreign Assets Control in the US, and the Australian Department of Foreign Affairs and Trade. Finally, OFSI has designated CJSC Alfa Bank Belarus, and amended the Belarus financial sanctions regime. The bank is now subject to an asset freeze.

Further news from the UK, following the decision of OFAC to sanction former member of Haiti’s parliament, Prophane Victor, as well as Luckson Elan, OFSI has followed suit this week and added both to the Consolidated List, making them subject to an asset freeze. And finally, the new Office of Trade Sanctions Implementation (‘OTSI’), will begin operations on 10th October 2024, with the coming into force of the Trade, Aircraft and Shipping Sanctions (Civil Enforcement) Regulations 2024. A number of law firms have published information documents on the change, and I would recommend the following from Skadden, Hill Dickinson, Arnold Porter, and MacFarlanes.

Money Laundering

On money laundering this week, the International Monetary Fund (‘IMF') has published a Report which summarises the findings and recommendations from a capacity development mission to Uganda which took place between 28th August and 1st September 2023. This visit was made at the request of the Bank of Uganda and focused on anti-money laundering and countering the financing of terrorism (‘AML/CFT’) measures. ‘Key areas of focus included reviewing the legal and regulatory frameworks, developing operational frameworks for consistent sanction application, and implementing AML/CFT risk-rating tools. Recommendations include clarifying roles, strengthening information exchange mechanisms, and enhancing resources for effective AML/CFT supervision to align with Financial Action Task Force (FATF) standards and promote financial integrity.’

In Australia, the Transaction Reports and Analysis Centre (‘AUSTRAC’) highlighted some of its recent enforcement work in the context of reminding businesses that their AML/CFT obligations are to be observed, that reporting obligations are understood, and that industry-specific guidance is embraced by relevant businesses. AUSTRAC has also published a similar case study this week on money laundering and cybercrime, highlighting the recent case of a Melbourne woman sentenced to five-and-a-half years for her role in a crime syndicate which committed widespread cybercrime.

Bribery and Anti-Corruption

The bribery and corruption news starts in Australia, and a story which harks back to episode 108 of the podcast with news that an IT executive with the Commonwealth Bank of Australia has been sentenced to six years and eight months for accepting bribes. Jon Waldron accepted bribes in return for awarding IT contracts with the bank. He will be eligible for parole on 13th July 2028.

News from the US next, where the Department of Justice has announced that the ‘former comptroller general of Ecuador was sentenced today to 10 years in prison and ordered to forfeit $16.5 million for his role in a multimillion-dollar international bribery and money laundering scheme in which he received over $10 million in bribes and laundered those bribes payments in South Florida…. Carlos Ramon Polit Faggioni,… solicited and received over $10 million in bribe payments from Odebrecht S.A., the Brazil-based construction conglomerate. Polit, in his position as Comptroller General of Ecuador, was responsible for protecting public funds against fraud and rooting out corruption. Instead, Polit took bribes from Odebrecht in exchange for removing fines and not imposing fines on Odebrecht’s projects in Ecuador.’

In the UK, the Crown Prosecution Service (‘CPS’) has, according to reports, offered plea discussions with suspects from Entain plc as the prosecutor is set to make charging decisions by the end of the year. More on this to come.

Fraud

The fraud news this week starts in the UK, where the Association of British Insurers (‘ABI’) has said that latest figures reveal ‘£1.1 billion worth of fraudulent claims were detected last year, up 4% on 2022. Insurers identified 84,400 fraudulent claims in 2023, 11,800 more than the previous year, and the average value was £13,000.’ The press release from the ABI provides a list of examples, with some vague attempts at humour in each summary.

Staying in the UK, the National Crime Agency (‘NCA’) has announced that former solicitor, Philip Shiner, has pleaded guilty to three counts of fraud. ‘Shiner was the Principal Solicitor of the law firm Public Interest Lawyers. He made an application to the Legal Services Commission (‘the Commission’) in 2007 in which he sought up to £200,000 of Legal Aid funding for his firm to represent clients including Khuder Al-Sweady, in an application for Judicial Review…. In making the application, the Defendant failed to disclose to the Commission that an agent acting on his behalf and with his knowledge had been cold calling and making unsolicited approaches [to] potential clients in Iraq. He also failed to disclose that he was paying referral fees. This practise was not permitted as part of gaining a Legal Aid Contract. He was also convicted for providing a witness statement to the Commission in support of his application which was again gained by an unsolicited approach. As a result of the failure to disclose this information, Shiner was able to gain a valuable legal aid contract to enable him to pursue the judicial review.’ He will be sentenced on 2nd December.

The Financial Conduct Authority (‘FCA’) in the UK has announced a guilty plea in the case of an individual who operated an illegal crypto ATM network. Olumide Osunkoya ‘illegally operated a network of at least 11 crypto ATMs which processed more than £2.6m in crypto transactions between 29 December 2021 and 8 September 2023. He continued to operate and grow the crypto ATM network in local convenience shops across the UK despite being refused for registration with the FCA in 2021. Mr Osunkoya completed no customer due diligence or source of funds checks on those who used the crypto ATMs. The court heard evidence that those likely committing money laundering or tax evasion were using his machines. Mr Osunkoya is suspected to have made substantial profit from the operation.’ The date for sentencing has not been set.

In other fraud news this week, the Social Market Foundation has published a report (and two-minute summary) assessing the scale of the global fraud problem. In conducting research across 15 countries, it found that five per cent of people were fraud victims at least once between 2021 and 2023. While the typical loss was £1,060, it varied from country-to-country. According to the Fraud Threat Prevalence Index, the highest fraud threat was from Singapore. ‘Given the global scale of the fraud threat, there was a widespread consensus among the experts … interviewed that governments’ approach to fraud needs to reflect the interdependency between countries, but collective action problems have prevented the necessary collaboration from taking place. There was a considerable degree of support across all countries for making organisations across the “fraud chain” share liability for the financial impact of fraud and for enhanced security checks around payments. Support for data and intelligence sharing to help address fraud among private companies and between those companies and law enforcement outweighed opposition. This was also the case for slower payments and transfers.’

Now to the US, where there is more Covid-19 news. First, a lab owner from Chicago has pleaded guilty to a $14m Covid-19 fraud scheme. ‘Zishan Alvi,… owned and operated a laboratory in Chicago that performed testing for COVID-19. From February 2021 through February 2022, Alvi caused claims to be submitted to the Department of Health and Human Services’ Health Resources and Services Administration (‘HRSA’) for COVID-19 tests that were not performed as billed. As part of the scheme, the laboratory released negative COVID-19 test results to patients, even though the laboratory either had not actually tested the specimens or the results were inconclusive. Alvi knew that the laboratory was releasing negative results for tests that were not performed or were inconclusive, but still caused the laboratory to submit claims to HRSA for those tests. HRSA paid the laboratory over $14 million as a result of the fraudulent claims Alvi caused to be submitted to HRSA.’ Secondly, two businesses and their owner have consented to a judgment against them of $850,000 for fraud perpetrated by them which ‘involved misappropriating funds from two different COVID-19 Relief Programs: the Paycheck Protection Program (PPP) and Economic Injury Disaster Loan (EIDL) program.’ Thirdly, a woman from Florida has admitted ‘fraudulently obtaining $465,489 in COVID-19 relief funding after submitting fraudulent applications to victim lenders.’

And finally on fraud news this week, a little light reading from global law firm, Pinsent Masons, on how civil courts might be utilised to recover assets and losses where an employee has committed fraud against an employer.

Market Abuse

On market abuse news this week, the Securities and Exchange Commission (‘SEC’) has been the prime mover again. First, the SEC has charged 'U.K. citizen Robert B. Westbrook for hacking into the computer systems of five U.S. public companies to obtain material nonpublic information about their corporate earnings and using that information to make approximately $3.75 million in illicit profits by trading in advance of the companies’ public earnings announcements. [It is alleged that] between approximately January 2019 and August 2020, Westbrook gained unauthorized access into the public companies’ computer systems—prior to the companies’ earnings announcements—by resetting passwords of senior level executives’ accounts. As a result of these hacks, Westbrook deceptively obtained material nonpublic information that he used to trade in the securities of the five public companies prior to the release of at least 14 earnings announcements.’ Secondly, the SEC has settled charges 'against Austin Kauh ... for insider trading in advance of the December 2021 announcement (the 'Announcement') that Kauh’s employer, Chewy, Inc. ('Chewy'), had entered into a strategic partnership with Trupanion, Inc. ('Trupanion'). [In] the period leading up to the Announcement, Kauh was part of Chewy’s due diligence team, and, in this role, he learned about plans for a partnership that would allow Trupanion to offer an exclusive suite of pet health insurance and wellness plans to more than 20 million Chewy customers. Between June 10, 2021 and August 25, 2021, in violation of his duties to his employer, Kauh purchased Trupanion stock using this material nonpublic information. Kauh conducted this trading in his personal account and in an account held in the name of another person. When Trupanion’s stock price rose by approximately 39% following the Announcement, Kauh generated ... gains of $4,344 in his personal account and $12,093 in the other account.’

In other news from the US, ‘TD Securities…, a securities firm based in New York, has entered into a resolution with the Justice Department to resolve criminal charges concerning a scheme to defraud that involved hundreds of episodes of unlawful trading in the secondary (cash) market for U.S. Treasuries.’ ‘According to court documents and admissions, [Jeyakumar] Nadarajah, a former director and head of the TD Securities U.S. Treasuries trading desk, engaged in a scheme to defraud in connection with the purchase and sale of U.S. Treasuries in the secondary market. In hundreds of instances, Nadarajah placed orders to buy and sell U.S. Treasuries with the intent to cancel those orders before execution. Nadarajah did so in an attempt to profit by injecting false and misleading information concerning the existence of genuine supply and demand for U.S. Treasuries, thereby deceiving other market participants and fraudulently inducing those participants to trade at prices, quantities, and times that they otherwise would not have traded.’ Under the terms of the deferred prosecution agreement, ‘TD Securities will pay over $15.5 million in a criminal monetary penalty, forfeiture, and victim compensation. Under the DPA, TD Securities will pay the equivalent of the statutory maximum criminal fine in connection with the offense (approximately $9.4 million) and will ensure that victims of the offense are made whole through a claims administration process (approximately $4.7 million in victim compensation).’ The lack of oversight and controls was also a significant part of the focus of the SEC’s input to this action in that TD Securities ‘violated an antifraud provision of the federal securities laws and  failed to reasonably supervise the trader.’

And finally on market abuse news this week, the Financial Conduct Authority (‘FCA’) in the UK has charged two individuals, Matthew and Nikolas West, with ‘conspiracy to deal in four stocks while having inside information. Matthew West has additionally been charged with insider dealing in relation to two stocks. He has been charged with disclosing to and encouraging Nikolas West to deal in two stocks, and Nikolas West has been charged with dealing in those same two stocks based on that insider information. The alleged offending took place between 2016 and 2020. Matthew and Nikolas West made a profit of around £110,000.’ They will appear at Southwark Crown Court on 31st October 2024.

Other Financial Crime News

In other financial crime news this week, Companies House in the UK has warned companies of the consequences of non-compliance with their responsibilities given the new penalties which are being introduced. This is the latest stage in the ‘implementation of the Economic Crime and Corporate Transparency Act 2023 which gave Companies House greater powers to help improve corporate transparency and tackle economic crime.’

In other news from the UK, the Financial Conduct Authority (‘FCA’) has fined Starling Bank Ltd almost £29m for ‘shockingly lax’ financial crime controls, including its anti-money laundering regime and its financial sanctions screening. Its controls did not keep pace with its growth with the consequence that accounts were opened for high-risk customers. Indeed, in respect of its financial sanctions screening, between 2017 and 2023, ‘its automated screening system had only been screening the names of new and existing customers against a fraction of the names on the Consolidated List.’ The fine of £28,959,426 was reduced from £40,959,426 to account for Starling’s agreement to resolve the matter.

And finally on other financial crime news this week, more research conducted by the Centre for Cybercrime and Economic Crime at the University of Portsmouth, this time alongside Perpetuity Research. The report highlights how law enforcement is failing to leverage private and not-for-profit sector resources. ‘The private sector, particularly banks, insurance companies, and other financial institutions, employ thousands of professionals dedicated to anti-fraud efforts. Similarly, not-for-profit organisations offer specialised knowledge and tools that could bolster police forces, representing a massive, wasted opportunity in the fight against economic crime. Yet, this wealth of expertise remains largely invisible and untapped by police forces, representing a massive, wasted opportunity in the fight against economic crime. The authors point out that, to their knowledge, no central repository of this information existed before they mapped it out as part of their research.’ The report highlights that while there are some joint efforts, these are limited ‘to basic data sharing.’ Deeper level collaboration is hampered by ‘divergent objectives, mistrust, and a general reluctance to share information due to concerns about breaching Data Protection regulations and jeopardising competitive advantage.’ The report concludes that ‘law enforcement agencies must move beyond their traditional policing models and silos and engage with external partners in a more strategic and collaborative way. Only by harnessing the full range of available resources can they hope to effectively combat the escalating threat of economic crime.’ Now, while we are on the subject of data sharing, Meta, which owns Facebook and Instagram, has agreed to partner with more UK banks in the Fraud Intelligence Reciprocal Exchange (‘FIRE’) data-sharing scheme. The aim of the scheme is to reduce, but ideally eliminate, scams conducted across social media.

Cyber Crime

We end this week’s financial crime news with a round-up of cyber crime news, where the main news this week is from the US, where the State Department and the Office of Foreign Assets Control (‘OFAC’) have imposed sactions on malign Iranian actors seeking to influence the outcome of the US election. As the OFAC press release provides, in relation to the 2020 and 2024 presidential elections, ‘Iranian state-sponsored actors undertook a variety of malicious cyber activities, such as hack-and-leak operations and spear-phishing, in an attempt to undermine confidence in the United States’ election processes and institutions and to interfere with political campaigns.’ In addition, the State Department has offered 'a reward of up to $10 million for information on three malicious cyber actors associated with Iran’s Islamic Revolutionary Guard Corps (IRGC), the IRGC’s interference in U.S. elections, or associated individuals and entities.’

In a major news announced by Europol, action has been taken ‘against LockBit actors, which involved 12 countries and Eurojust and led to four arrests and seizures of servers critical for LockBit’s infrastructure. A suspected developer of LockBit was arrested at the request of the French authorities, while the British authorities arrested two individuals for supporting the activity of a LockBit affiliate. The Spanish officers seized nine servers, part of the ransomware’s infrastructure, and arrested an administrator of a Bulletproof hosting service used by the ransomware group. In addition, Australia, the United Kingdom and the United States implemented sanctions against an actor who the National Crime Agency had identified as prolific affiliate of LockBit and strongly linked to Evil Corp. The latter comes after LockBit’s claim that the two ransomware groups do not work together. The United Kingdom sanctioned fifteen other Russian citizens for their involvement in Evil Corp’s criminal activities, while the United States also sanctioned six citizens and Australia sanctioned two.’

In a round-up of cyber-incidents now, the sensitive personal data of around 58,000 individuals may have been breached after a cyber-attack on the University of Michigan Health System. No claim of responsibility, with individuals affected being warned to be hyper-vigilant. Staying in the US, the Department of Justice has indicted ‘Russian national Aleksandr Viktorovich Ryzhenkov with using the BitPaymer ransomware variant to attack numerous victims in Texas and throughout the United States and hold their sensitive data for ransom.’ In Europe, global news agency, Agence France-Presse (‘AFP’), has announced that an attack was detected on its systems on Friday of last week which affected the delivery of its news assets. In the UK, the University of Edinburgh has suffered a system compromise, but it has been labelled as a cyber-incident rather than an attack. Certain online services were taken offline. Finally in this round-up, a team from NATO’s Science for Peace and Security Programme ‘was in Baku, Azerbaijan to review practical scientific cooperation and kick off a new research project focused on protecting critical infrastructure from cyber-attacks.’

Now to a poll which discusses the recovery period for cyber-attacks on schools. In the UK, the Office of Qualifications and Examinations Regulation (‘Ofqual’), has found that 34 per cent of schools experienced a cyber incident in the 23/24 academic year, which is understandable given that research from ‘a Teacher Tapp survey found 1 in 3 secondary teachers did not have cyber security training, in the last academic year.’ Of the cyber security incidents, the most common are phishing attacks, experienced by 23 per cent of schools. Interestingly, in terms of recovery, 20 per cent could not recover immediately, with four per cent taking more than half a term to recover. Nine per cent of headteachers said that where there was a cyber-attack, it was critically damaging. This is interesting research, and well-worth reading. It seems to me that this is one area were the Department of Education should ensure that there is compulsory cyber security training for all academic, professional, and support staff, as well as governing body membership, across all sectors of compulsory education.

And finally on cyber-attack news this week, a direction to four interesting articles. First, 10 lessons to learn from the cyber-attack on the British Library. The Library continues to recover from the attack as we approach the one-year anniversary this month. The consequences of this attack are a reminder of the scale of the problem cyber-crime poses, as well as the importance of appropriate defensive systems being in place, which should include educating the workforce to be aware of the issue. The second piece worth reading is from the World Economic Forum with 10 things we need to know about cybersecurity in 2024. It’s a gentle reminder of the significant cyber-events throughout the year. Thirdly, the fourth International Counter Ransomware Initiative has taken place where members ‘reaffirmed [their] commitment to develop collective resilience to ransomware, support members if they are faced with a ransomware attack, pursue the actors responsible for ransomware attacks and not allow safe haven for these actors to operate within [their] jurisdictions, counter the use of virtual assets as part of the ransomware business model, partner with the private sector to advise and support CRI members, and forge international partnerships so [they] are collectively better equipped to counter the scourge of ransomware.’ In addition to the statement, a Fact Sheet has also been published. And finally, fourthly, Horizon, the EU Research and Innovation Magazine has looked at the issue of protecting Europe’s electricity supply against increasingly sophisticated cyber-attacks. Attacks on critical infrastructure have increased globally, and policymakers are aware of the challenges the sector faces as it looks to respond to the threat.