Episode 129

7th October – 13th October 2024

Sanctions

This week’s sanctions news starts in the US, where the Office of Foreign Assets Control (‘OFAC’) has ‘designated three individuals and one sham charity that are prominent international financial supporters of Hamas, as well as one Hamas-controlled financial institution in Gaza. OFAC also designated a longstanding Hamas supporter and nine of his businesses. These actors play critical roles in external fundraising for Hamas, often under the guise of charitable work, that finance the group’s terrorist activities.’ OFAC has also sanctioned the Sudanese Rapid Support Forces Procurement Director ‘for leading efforts to supply weapons to continue the war in Sudan.’ Finally from the US, a dual US and Iranian citizen has been arrested for alleged ‘violations of the International Emergency Economic Powers Act, conspiracy to commit bank fraud, and conspiracy to commit money laundering… [where he] conspired [with others] to unlawfully send digital and physical gift cards loaded with U.S. dollars to Iran.’

In the UK, combined effort by the Foreign, Commonwealth & Development Office, the Export Control Joint Unit, and the Office of Financial Sanctions Implementation (‘OFSI’) to update the Mali Sanctions: Guidance and the Counter-Terrorism International sanctions: guidance. OFSI has also added one individual and three entities to the Chemical Weapons Sanctions Regime, updating the Consolidated List: Chemical Weapons, and amended four entries on the Cyber Financial Sanctions Regime. It has also amended two entries under the Russia Financial Sanctions Regime, and the individuals concerned remain subject to an asset freeze. OFSI has also amended General Licence INT/2023/3749168: Israel, the Occupied Palestinian Territories and Lebanon humanitarian activity, to extend its scope to incorporate Lebanon, and extend its length by six months. It also amends the deadline for Reporting Requirements to fall on 13th November 2024 and the 14th December 2025. And finally from the UK, the government has announced the launch of Office of Trade Sanctions Implementation with the fanfare of a press release.

And finally on sanctions this week, the Council of the European Union ‘has established a new framework for restrictive measures in response to Russia’s destabilising actions abroad. This new framework will allow the EU to target individuals and entities engaged in actions and policies by the government of the Russian Federation, which undermine the fundamental values of the EU and its member states, their security, independence and integrity, as well as those of international organisations and third countries.’

Money Laundering

On money laundering this week, a noticeable up-tick in discussion around the role of crypto as a vehicle for money laundering. First, a piece from UK Finance, the trade body, recognising that while they pose a risk, management of the risk can allow for exploitation of the opportunities which they present. Indeed, there is an interesting statistic in the piece that ‘$22.2 billion was laundered globally using cryptocurrencies in 2023,… it is only a fraction of the $3 trillion believed to have been laundered globally last year.’ So, maybe cash remains ‘King’, well that is certainly the view of the other publication this week from CryptoISAC, authored by Robert Whitaker and Justine Bone. Recognising that there is some level of illicit activity taking place via crypto, the report highlights that the technology should be harnessed and that work should focus on targeting illicit use. ‘To create the safest environment possible, there needs to be international collaboration with regulators, law enforcement, and responsible players within the crypto industry. They must work together in developing standards and best practices to address and prevent illicit activities. It is only through thoughtful and proactive collaboration that the industry will remain one step ahead of the bad actors and seek to eliminate illicit activity.’

In news from global organisations this week, the Financial Action Task Force (‘FATF’) has published Mutual Evaluation Reports for Japan and Kuwait. ‘Japan is compliant on 4 Recommendations and largely compliant on 35 [and] has no Recommendations rated partially compliant.’ By contrast, ‘Kuwait has an adequate legal and supervisory framework to address illicit finance, but has serious shortcomings delivering effective outcomes, including its understanding, investigation and prosecution of money laundering and terrorist financing.’ In other global organisations news, the Council of Europe’s Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism (‘MONEYVAL’), has launched Slovenia’s evaluation process.

And finally on money laundering news this week, the Department of Justice in the US has announced TD Bank’s guilty pleas including conspiring to violate the Bank Secrecy Act and commit money laundering. The bank has agreed to a $1.8bn criminal penalty. The bank ‘pleaded guilty to conspiring to fail to maintain an anti-money laundering (AML) program that complies with the BSA [Bank Secrecy Act], fail to file accurate Currency Transaction Reports (CTRs), and launder money. [The parent company] pleaded guilty to causing its subsidiary to fail to maintain an AML program that complies with the BSA and to fail to file accurate CTRs.’ Separately, FinCEN also fined the bank $1.3bn for the violations.

Fraud

The fraud news this week starts in the US with more Covid-19 fraud. The Department of Justice has announced the sentencing of ‘Michael … and Tiffany Fullerton, ...[who]… along with two other co-conspirators, used one existing and three dormant and expired business names to submit six fraudulent PPP loan applications for a total exceeding $3.5 million. Five of those applications were funded, allowing the defendants to receive approximately $3 million in PPP funds. The funds were used in an attempt to start a business in Oklahoma consisting of a marijuana grow and dispensary, a bar and grill, and an auto/boat repair shop. Additionally, the funds were used to purchase a motor home, luxury watches, a boat, and other personal expenditures.’

In the UK, the Serious Fraud Office has announced the recovery of a further £295,000 form an individual prosecuted in 2008 for their role in an international metal trading scam.

Staying in the UK, the Chartered Trading Standards Institute (‘CTSI’) has issued a statement on the recently implemented Authorised Push Payment (‘APP’) Reimbursement Scheme. You will recall that the Payment Systems Regulator recently announced, following consultation, that the figure for reimbursement would be reduced from the initial figure proposed of £415,000 to £85,000. Well, the CTSI is less than pleased expressing ‘significant concerns’ at the reduction. ‘This change came after lobbying from sections of the payments industry, despite a lack of clear evidence supporting the need for such a drastic reduction. CTSI believes this new cap could leave many victims—particularly those caught in high-value frauds like investment and property scams—struggling to recover their full losses.‘

And finally on fraud this week, the target is cryptocurrency where, in the US, eighteen individuals and entities ‘have been charged for widespread fraud and manipulation in the cryptocurrency markets…. According to the charging documents, the defendants who created cryptocurrency companies made false statements about their cryptocurrencies (“tokens”) and executed sham trades in those tokens (“wash trades”) to create the appearance of trading activity that would make the tokens look like good investments. These deceptive tactics allegedly attracted new investors and purchasers, which resulted in an increase in the tokens’ trading prices. The defendants are then alleged to have sold their tokens at the artificially inflated prices, a fraud commonly known as a “pump and dump.” The largest of these cryptocurrency companies, Saitama, at one point had a multi-billion-dollar market value. The cryptocurrency companies also allegedly hired financial services firms ( “market makers”) to wash trade their tokens in exchange for payment….’ In other related news, the FBI has published local data from the 2023 cryptocurrency fraud report indicating that ‘California experienced the highest cryptocurrency-related losses in the nation, totaling $1.15 billion. Within the FBI San Francisco Field Office’s territory, losses amounted to $260,313,902, with 1,226 victims across 15 counties….’

Other Financial Crime News

In other financial crime news this week, the Home Office in the UK has published Guidance on the information sharing measures in the Economic Crime and Corporate Transparency Act 2023.

Now to news relating to the Serious Fraud Office (‘SFO’) and one of the civil actions brought by ENRC following the former’s failed criminal probe into the mining conglomerate. This civil action – which concerned alleged leaks from investigators to media outlets about the corruption investigation it was undertaking - was due to start next week, but the High Court heard this week that the matter has been settled for an amount which has not been disclosed. The other claim, where the SFO induced ENRC’s former legal representative into disclosing details of an internal investigation, is unaffected, but I would be willing to put money on that going the same way as the ‘leaks’ litigation. There’s nothing on the SFO website about it, but I didn’t really expect there to be anything at this stage.

Cyber Crime

We end this week’s financial crime news with a round-up of cyber crime news. Now, you may remember that in last week’s market abuse news, we reported that the SEC has charged a British citizen with gaining material non-public information about several corporations by gaining unauthorised access to systems and resetting passwords of senior level executives’ accounts. Well, I have noticed a trend over recent weeks in the number of articles referencing the cybersecurity risk posed by senior management. Not only are they a valuable target in that they typically have access to sensitive information, but that it seems that they do not get sufficiently amplified cybersecurity training. A report by FGS Global has highlighted how CEOs do not demonstrate sufficient understanding of the risks presented by a cyber-incident, while research by GetApp indicates that 72 per cent of senior executives are the target for cyber-attacks, but almost 40 per cent offer no additional protection or a superadded form of security training, merely the typical training which is offered within a firm. It would seem that a higher level of risk management is needed around senior management, with added commitment to defined training over and above standard cybersecurity training available to all staff.

In other cybercrime news this week, it is being widely reported that the National Health Service in the south-east of England region, which was affected by a cyber-attack in June, has broadly recovered. ‘The final stages of recovery following the cyber attack on pathology services provider Synnovis in June are almost complete, which means nearly all services are now up and running.’ Sticking with emergency services, it is being widely reported that the London Fire Brigade has been targeted by 340,000 cyber-attacks over the last year. While most attacks were Spam-type scams, the usual suspects of malware, phishing, etc., were also part of the attack team. In the US, American Water has announced it has been the subject of a cyber-attack and closed down its systems. Finally, in Russia, Ukrainian hackers attacked Russian State TV, but it does not seem to have had a significant impact on its operations.