Category: Anti-Money Laundering

Suspicious Activity Reporting

The Securities and Exchange Commission’s Division of Examinations released a Risk Alert on Compliance Issues Related to Suspicious Activity Monitoring and Reporting at Broker-Dealers. While it spent most of the publication laying out the vague requirements of reporting suspicious activity, it took a sharp turn and listed six types of activities that the SEC would consider suspicious activity that should be reported.

  1. Large deposits of low-priced securities, followed by the near-immediate liquidations of those securities and then wiring out the proceeds.
  2. Patterns of trading activity common to several customers including, but not limited to, the sales of large quantities of low-priced securities of multiple issuers by the customers.
  3. Trading in thinly traded, low-priced securities that resulted in sudden spikes in price or that represented most, if not all, of the securities’ daily trading volumes.
  4. Trading in the stock of issuers that were shell companies or had been subject to trading suspensions or whose affiliates, officers, or other insiders had a history of securities law violations.
  5. Questionable background of customers such as the fact that they were the subject of criminal, civil, or regulatory actions relating to, among other things, securities law violations.
  6. Trading in the stock of issuers for which over-the-counter stock quotation systems had published warnings because the issuers had ceased to comply with their SEC financial reporting obligations or for which the firms relied on a “freely tradeable” legal opinion that was inconsistent with publicly available information.

I found this to be a great reference list.

Sources:

Ignoring Iranian Red Flags

There are a few places around the world that you know you can’t do business with. Iran and North Korea have very strict limitations. If it pops up that your business partner wants to ship your products to one of these countries, it’s time to get legal and compliance on the phone before you agree to that sale.

UniControl, Inc., a manufacturer of process controls, airflow pressure switches, boiler controls, and other instrumentation, based in Ohio ran into this problem and violated the Iranian Transactions and Sanctions
Regulations.

From 2013 to 2017, UniControl exported 21 shipments of air pressure switches, valued at $687,189,
to European company that were subsequently reexported the shipments to Iran. U.S. Department of the Treasury’s Office of Foreign Assets Control took action against UniControl because it failed to take appropriate steps in response to multiple warning signs that its goods were being reexported to Iran.

Early in their relationship, one of these European trade partners told UniControl that it had a significant market for UniControl’s goods in Iran and inquired whether UniControl could serve as a supplier. UniControl rightfully said “no.” It otherwise didn’t take any steps to ensure the re-shipment to Iran would not actually happen.

UniControl really screwed up when it entered into a sales representative agreement with a European trade partner that explicitly listed Iran as a target for sales. UniControl employees met with the partner at a trade conference and met with Iranian nationals at the partner’s booth.

The last step was a request from the trade partner to remove the “Made in the USA” label from the products. “The European trade partner explained that the Iranian end-user may have problems with the stated origin of the products.” The company engaged outside counsel to figure out how much trouble it was in. Sadly, it still sent some of the shipments.

What saved the company was largely self-reporting the problem and investing in a more robust compliance program.

Sources:

Corporate Transparency Act

I’m not sure what Anti-Money Laundering has to do with the United States military, but Congress included big changes to anti-money laundering law in the National Defense Authorization Act for 2021. After a veto by President Trump and an override by Congress, NDAA has become the law, including Section 6401-6403, the Corporate Transparency Act.

It’s really easy to create a corporation, limited liability company or limited partnership in the United States. There are many, many legal, reasonable and important reasons to be able to do so. From the law enforcement and government sanctions parties, they see the company structure merely as an impediment to their ability to push bad guys out of the US banking system. The government side won and it may have a dramatic impact on the creation and reporting of companies.

The Corporate Transparency Act will require companies to submit a report of their beneficial interest to the U.S. Department of the Treasury’s Financial Crimes and Enforcement Center. For new companies, this information has to be submitted at the time of formation. Existing companies will have to submit this information within two years. All companies will have to update the information for a change of ownership within one year after the change.

The reporting requirement will not apply to all companies, just to any company that fits into the definition of “Reporting Company.” That definition has a lengthy list of companies that are exceptions and fall outside the scope of the Reporting Company definition. Of the twenty-four exceptions, there are some obvious types: public companies, banks, and broker-dealers.

I really wanted to focus on the possible impact on me and private fund managers.

Section 6403 of the NDAA adds a new section 5336 to Title 31 of the US Code. I focused on this exception in 31 USC 5336(a)(11) from the definition of “Reporting Company”:

‘‘(xi) an investment adviser—
(I) described in section 203(l) of the Investment Advisers Act of 1940 (15 U.S.C. 80b–3(l)); and
(II) that has filed Item 10, Schedule A, and Schedule B of Part 1A of Form ADV, or any successor thereto, with the Securities and Exchange Commission;

So registered investment advisors that report their ownership on Form ADV are not Reporting Companies and don’t have to report ownership. Obviously, they are already reporting ownership.

There is an exception for pooled investment vehicles operated or advised by investment advisers:

‘‘(xviii) any pooled investment vehicle that is operated or advised by a person described in clause (iii), (iv), (vii), (x), or (xi)

Although the definition of “pooled investment vehicle” is very specific:

(A) any investment company, as defined in section 3(a) of the Investment Company Act of 1940 (15 U.S.C. 80a–3(a)); or
(B) any company that—
(i) would be an investment company under that section but for the exclusion provided from that definition by paragraph (1) or (7) of section 3(c) of that Act (15 U.S.C. 80a–3(c));
and
(ii) is identified by its legal name by the applicable investment adviser in its Form ADV (or successor form) filed with the Securities and Exchange Commission.

Later, there is a broader exception:

‘‘(xxii) any corporation, limited liability company, or other similar entity of which the ownership interests are owned or controlled, directly or indirectly, by 1 or more entities described in clause (i), (ii), (iii), (iv), (v), (vii), (viii), (ix), (x), (xi), (xii), (xiii), (xiv), (xv), (xvi), (xvii) (xix), or (xxi);

Companies owned or controlled, directly or indirectly, by a registered investment adviser also fall outside the definition of “reporting company.”

This would seem to be good for private fund managers. The funds and fund subsidiaries seem to fall outside the definition of Reporting Company.

There is still a long path until we get to the point of having to do this reporting. FinCEN will have to establish the regulatory framework and the database to hold this information. It’s not clear how the reporting requirement will specifically interact with the various state secretaries of state who are responsible for company formation.

Sources:

Due Diligence for Politically Exposed Persons

Anti-money laundering 101 is to lookout for for terrorists, drug kingpins and oligarchs. You don’t want to do business with these people because they are on the government enforcement lists. AML 102 is to look out for “politically exposed persons.”

The international Financial Action Task Force defines a “politically exposed person as:

“an individual who is or has been entrusted with a prominent public function. Due to their position and influence, it is recognised that many PEPs are in positions that potentially can be abused for the purpose of committing money laundering offences and related predicate offences, including corruption and bribery, as well as conducting activity related to terrorist financing.”

You’re not barred from doing business with a politically exposed. You just need to be on higher alert to make sure the person is not using pilfered money or funneling money to bad people. The mayor of a small town should probably not be depositing millions of dollars in a personal account.

Last month FinCEN issued a new FAQ on client due diligence. That FAQ eschewed any bright-line testing or standards.

Two weeks ago, FinCEN joined up with the Federal Reserve, Federal Deposit Insurance Corporation, National Credit Union Administration and the Office of the Comptroller of the Currency to issue a joint statement on due diligence for politically exposed persons.

Like the earlier FAQ, this joint release adds very little to the compliance dialog.

“Banks must apply a risk-based approach to CDD in developing the risk profiles of their customers, including PEPs, and are required to establish and maintain written procedures reasonably designed to identify and verify beneficial owners of legal entity customers. More specifically, banks must adopt appropriate risk-based procedures for conducting CDD that, among other things, enable banks to: (i) understand the nature and purpose of customer relationships for the purpose of developing a customer risk profile, and (ii) conduct ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information.”

The joint statement does point out that there is no formal definition of a politically exposed person. Agreed.

The joint statement states that US public officials are not “politically exposed persons.” Disagree.

As I said above, the mayor of a small town should probably not be depositing millions of dollars in a personal account. Your financial institution should be keeping a close eye on the mayor to make sure illicit money does not come through you.

Unfortunately, this de-regulatory approach will put the burden on compliance having to push back against client relationship people. You will have to add on additional review to watch whether the politically exposed person breaks bad.

Sources:

New FinCEN FAQs on Client Due Diligence

The Financial Crimes Enforcement Network issued its latest collection of Frequently Asked Questions on the requirements for Customer Due Diligence requirements for Covered Financial Institutions. For anyone looking for decisive answers and bright-line tests, you’ll have to look elsewhere. The answers will leave you wondering why FinCEN even bothered to publish this answers.

Private fund managers and Registered Investment Advisers are not Covered Financial Institutions under the Customer Due Diligence Rule. I believe most adhere to the guidance to make sure they don’t run afoul of FinCEN.

The 2017 Customer Due Diligence Rule did create some bright-line tests on due diligence, particularly for potential investors in private funds that are not individuals. The uncertainty before the rule was how much diligence did you need to conduct on the entity. The 2017 Rule made it clear. You have to collect information on individuals who, directly or indirectly own 25% or more of the equity interests and one individual who has managerial control of the entity.

The new FAQ answers questions in three broad general areas about whether you must conduct additional diligence at opening, risk ratings for customers, and ongoing diligence requirements.

The answers all are squishy answers. It’s up the financial institution to develop policies based on risk. One example:

“There is no categorical requirement that financial institutions update customer information on a continuous or periodic schedule. The requirement to update customer information is risk based and occurs as a result of normal monitoring.”

I’m going to guess that the answers to the questions are not going make compliance officers feel any better. It might just confirm that what they are doing is okay, or at least, not wrong.

Sources:

OFAC Issues a Framework for Compliance Commitments

The Department of the Treasury’s Office of Foreign Assets Control (OFAC) is published A Framework for OFAC Compliance Commitments. OFAC wants to provide organizations its perspective on the essential components of a sanctions compliance program.

“As the United States continues to enhance our sanctions programs, ensuring that the private sector implements strong and effective compliance programs that protect the U.S. financial system from abuse is a key part of our strategy.”

Sigal P. Mandelker, Under Secretary for Terrorism and Financial Intelligence.

The United States has increasingly used its financial system to penalize countries it dislikes as well as drug kingpins and terrorists. The dollar has been the standard for international business. That may change if the US continues to weaponize the dollar against countries it disfavors.

OFAC has decided to coin the initialism “SCP” for Sanctions Compliance Program. An SCP has five essential components:

1. Management Commitment

  • Senior management has reviewed and approved the SCOP
  • Senior management delegate sufficient authority and provided direct reporting lines
  • Senior management has given adequate resources to the SCP
  • Senior management promotes a culture of compliance
  • Senior management recognizes the seriousness of deficiencies and violations

2. Risk Assessment

  • Organization has conducted an OFAC risk assessment
  • Organization has a methodology to identify and address the risks it identifies

3. Internal Controls

  • Written policies and procedures
  • Internal controls based on risk assessment
  • Enforces policies and procedures
  • Adequate record-keeping
  • Corrects discovered weaknesses
  • Communicates policies and procedures to relevant staff
  • Personnel appointed to integrate policies and procedures into corporate operations.

4. Testing and Auditing

  • Testing and auditing is accountable to senior management
  • Testing and auditing are appropriately sophisticated
  • Takes corrective actions after a negative result.

5. Training

  • OFAC Training provides adequate information
  • Training scope is appropriate
  • Training frequency is appropriate based on risk profile
  • Updates training after a negative result
  • Training provides easily accessible resources.

The Framework includes a short appendix that offers some analysis of some of the causes of sanctions violations that OFAC identified during its investigative process.

Sources:

A Focus on Residential Real Estate and Money Laundering

The Financial Crimes Enforcement Network announced the issuance of revised Geographic Targeting Orders. The threshold for reporting has been reduced down to $300,000 for all-cash purchases of residential real estate. The geographic scope has been expanded to now include nine cities: Boston; Chicago; Dallas-Fort Worth; Honolulu; Las Vegas; Los Angeles; Miami; New York City; San Antonio; San Diego; San Francisco; and Seattle.

The GTO requires U.S. title insurance companies to identify the natural persons behind all-cash purchases of residential real estate over that dollar threshold in those markets.

“All cash” means “[s]uch purchase is made, at least in part, using currency or a cashier’s check, a certified check, a traveler’s check, a personal check, a business check, or a money order in any form, a funds transfer, or virtual currency.”

I have no problem with virtual currency purchases having to be reported when used by a company buying residential real estate.

I think that threshold is going to be too low for those jurisdictions and overwhelm the FinCEN reporting structure.

I’m speaking a bit from personal experience. The GTO now covers my town. The definition of “Boston” includes all of Middlesex and Suffolk County. Suffolk is Boston proper and its various neighborhoods. Middlesex County, I assume, is targeted to Cambridge. But Middlesex county includes over fifty towns, stretching from Hopkinton, to Newton, to Ashby to Lowell.

There are lots of old houses and lots of developers buying those old houses and fixing them up. Like any good business, they use entities to limit liability and to meet lender single-purpose entity requirements.

Almost any residential purchase ends up using a check to cover part of the final purchase price. I expect the GTO will sharply increase the reports flowing into FinCEN. More so than expected.

I just think the GTO is too broad geographically and the dollar amount is too low. That can be fixed.

The GTO is effective. A study found a 95 percent drop in how much cash shell companies and other corporate entities spent on homes. The decline began immediately after the fist GTO rule took effect in March 2016. Before the rule, corporate entities bought an average of $111 million worth of homes with cash in Miami-Dade per week, or 29 percent of all residential transactions, according to the study. But almost immediately after the reporting requirement began, that number plummeted to $5 million per week, or 2 percent of all transactions.

Sources:

Selective Selection to Sanctions List to Sow Suspicion

According to a story by Franco Ordonez, the United States has been selectively using its sanctions regime in Venezuela in an effort to destabilize the government.

“For over a year, Diosdado Cabello, the former military commander and vice president of Venezuela’s governing United Socialist Party, escaped sanctions that hit more than 50 other Venezuelan officials, including [President] Maduro, on corruption and other charges.”

The plan was to plant seeds in Venezuela that Cabello was taking to the United States or, worse, acting as agent of the US. The plan was eventually abandoned after Senator Rubio pressed the administration to subject Cabello to sanctions.

I find this story interesting from a diplomatic perspective, but troubling from an ALM/KYC perspective.

That period of time where a foreign person should have been on the sanctions list, but was not placed due to some Washington trickery, means that companies may have been doing business with him. When he is suddenly added to the list, those companies are then in trouble.

Of course, he likely would have been identified as Politically Exposed Person. But that just means caution, not a ban on a business relationship.

What may have been a fun exercise for Foggy Bottom spies, creates a minefield for ALM/KYC practitioners.

Sources:

Frequently Asked Questions Regarding Customer Due Diligence Requirements for Financial Institutions

On April 3, the Financial Crimes Enforcement Network published Frequently Asked Questions Regarding the Customer Due Diligence Requirements for Financial Institutions. The questions are about Customer Due Diligence Requirements for Financial Institutions, published on May 11, 2016, as amended on September 29, 2017. FinCEN is labeling it the CDD the Rule.

The CDD Rule requires financial institutions to identify and verify a legal entity’s “beneficial owners” when an accounts is opened. The CCD Rule’s mandatory compliance date is May 11, 2018.

I don’t think the CDD Rule applies specifically to the investors in private equity funds or to investment advisers in general. But the SEC has been threatening to impose a know-your-customer, anti-money-laundering, Customer Due Diligence requirement on investment advisers. I think it’s worth looking at the rule to see how the broader industry is addressing this.

The big change is for legal ownership of entities. The CDD requires the identification of anyone who directly or indirectly owns more than 25% of the equity interest in the entity and at individuals who have managerial control of the entity. The new FAQ makes it clear that a financial institution can dig deeper than 25%.

For banks, the CDD process has to be run each time a new account is opened. Each time a loan is renewed or a certificate of deposit is rolled over, the bank is establishing another banking relationship and a new account is established. Covered financial institutions are required to obtain beneficial ownership information of a legal entity that opens a new account or renews a product, even if the legal entity is an existing customer. For financial services or products established before May 11, 2018, Covered financial institutions must obtain certified beneficial ownership information of the legal entity customers of the new or renewed products.

The FAQ goes deep. It’s worth reading to think about how your firm should amend its AML procedures.

Sources:

Paper as a Sanctions Violation

The United States has a long arm in imposing financial restrictions. U.S. companies cannot assist their foreign subsidiaries or affiliates with sales to sanctioned countries or persons on the blocked persons list. A US company got caught doing this.

White Birch was accused of facilitating the sale and shipment of Canadian paper from White Birch’s Canadian subsidiary to Sudan. Sudan was subject to a U.S. embargo under the Sudanese Sanctions Regulations, 31 C.F.R. part 538. The Office of Foreign Asset Control determined that White Birch personnel from both its U.S. headquarters and Canadian subsidiary “were actively involved in discussing, arranging, and executing the export transactions to Sudan.” Assistance is prohibited under OFAC’s regulations that bar U.S. persons from “facilitating” transactions between non-U.S. companies (such as foreign subsidiaries) and sanctioned countries.

I’m not sure “discussing” by itself is enough to trigger a sanctions violation. Many companies discuss how to deal with potential transactions that implicate sanctions. The discussion will generally end in “no.” It was taking the steps to help with arranging and executing that are the problem.

This was not a little paper. It was over 500 metric tons of paper worth over $300,000 when the sale and shipment happened in 2013.

As with the recent diamond case, FinCEN was short on details. The enforcement information did note that White Birch tried to conceal the ultimate destination of the paper shipment from its bank. The bank was involved as the confirming bank on the letter of credit for the export. I would assume that the bank would have filed a suspicious activity report that caught FinCEN’s attention.

FinCEN brought the charges even though the Sudan ban has now been lifted. Effective January 17, 2017, all transactions prohibited under the Sudanese Sanctions Regulations are authorized pursuant to the general license (31 C.F.R. § 538.540). In the enforcement action, FinCEN made it clear that this general license does not affect past, present, or future OFAC enforcement investigations or actions related to any apparent violations of the Sudanese Sanctions Regulations relating to activities that occurred prior to the effective date of the general license.

Sources: