Money laundering remains an enforcement and regulatory priority in the U.S. and in many regions around the world. In the U.S., the Financial Crimes Enforcement Network (FinCEN) continues to implement regulations pursuant to the Corporate Transparency Act (CTA). In addition, the U.S. is taking steps to regulate digital assets.
U.S. enforcement authorities have brought high-profile prosecutions related to cryptocurrency and digital assets, some of which have involved anti-money laundering (AML) compliance program failures.
Outside the U.S., the Financial Action Task Force (FATF) took the unprecedented step on February 24, 2023, of suspending the membership of the Russian Federation due to its invasion of Ukraine. FATF also made more changes to the international AML risk landscape, changing the risk classification of two jurisdictions in February 2023 and six at its plenary meeting in October 2022. For its part, the Wolfsberg Group issued the 2022 Financial Crime Principles for Correspondent Banking, marking its first update to that guidance in eight years.
U.S. Regulatory Developments
FinCEN’s Beneficial Ownership Registry
Since our previous issue, FinCEN has implemented additional regulations related to the beneficial ownership registry created by the CTA. In September 2022, FinCEN issued its Final Rule for Beneficial Ownership Information Reporting, which outlines beneficial ownership reporting requirements.
The Final Rule reflected minimal changes from the proposed rule, which we wrote about here. All “reporting companies” must report to FinCEN detailed information about their beneficial owners. Starting January 1, 2024, all new reporting companies will have to report beneficial ownership information to FinCEN, and existing companies must do so by January 1, 2025. “Reporting company” includes any company created in the U.S. or registered to do business in the U.S., though 23 exceptions exclude entities such as public companies, banks, insurance companies, and broker dealers, which are already heavily regulated, as well as large operating companies. An individual is a beneficial owner (and therefore must be reported to FinCEN) if he or she owns at least 25 percent of a reporting company or exercises substantial control over a reporting company. Reporting companies must update beneficial ownership information within 30 days of any change, as discussed here.
In December 2022, FinCEN issued a proposed rule governing access to the FinCEN database. Under the CTA, FinCEN is permitted to disclose beneficial ownership information to six categories of recipients:
- Federal agencies for use in national security, intelligence, or law enforcement activity
- State, local, or tribal law enforcement agencies following court order
- Foreign law enforcement agencies, prosecutors, or judges following a request from a federal agency
- Financial institutions subject to customer due diligence requirements, if the reporting company consents
- Federal functional regulators and “other appropriate regulatory agencies” overseeing financial institutions
- The U.S. Department of the Treasury (Treasury) for specific tasks, including those pertaining to tax administration
The proposed rule describes how each category of recipients could get access to the beneficial ownership information, as we described in detail here. The rule also details how information can be used after obtained from the database, as well as confidentiality requirements and penalties. FinCEN solicited comments on the proposed rule until February 14, 2023.
In January 2023, FinCEN sought comment on the reports that certain companies will need to make to provide beneficial ownership information to FinCEN. In addition to a final rule regarding use of the beneficial ownership data, a final phase of the CTA rulemaking regarding changes to the customer due diligence rule for financial institutions based on the availability of new beneficial ownership information is expected later this year.
Efforts to Regulate Digital Assets
In September 2022, the Biden administration released a comprehensive framework for responsible development of digital assets, which was a culmination of nine collaborative agency reports. The administration calls upon regulators like the Securities and Exchange Commission (SEC), Commodity Futures Trading Commission (CFTC), Federal Trade Commission (FTC), and Consumer Financial Protection Bureau (CFPB) to aggressively pursue investigations and enforcement actions. The report also suggested that further guidance would be forthcoming and described a financial literacy education campaign. According to the report, the administration seeks to promote access to safe and affordable financial services through encouraging the adoption of instant payment systems and creating a federal framework to regulate non-bank payment providers. Other aspects of the framework include: working with financial institutions to bolster capacity to mitigate cyber vulnerabilities; advancing responsible innovation through, among other things, development of a digital assets research and development agenda; possible amendments to the Bank Secrecy Act (BSA); and exploring a U.S. Central Bank Digital Currency.
Congress has increased its own focus on digital assets. In the summer of 2022, both the Responsible Financial Innovation Act and the Digital Commodities Consumer Protection Act of 2022 were introduced in the Senate. Both bills propose providing the CFTC with jurisdiction over the digital asset market and increasing regulation of digital assets. Senator John Boozman (R-AR), ranking member of the Senate Committee on Agriculture, Nutrition, and Forestry, stated that the goal of the Digital Commodities Consumer Protection Act of 2022 is to increase federal oversight of the digital asset industry and to “create a regulatory framework that allows for international cooperation and gives consumers greater confidence that their investments are safe.”
Finally, in December 2022, FinCEN Acting Director Himamauli Das announced that FinCEN’s “key priority area” is digital asset regulation and welcomed the banking industry’s feedback on the vulnerabilities and risks that digital assets pose to its institutions. Das stated that FinCEN is examining decentralized finance’s “potential to reduce or eliminate the role of financial intermediaries that play a critical role” in combatting money laundering and financial terrorism and will determine whether additional regulations are necessary.
Other Notable U.S. Regulatory Developments
- Geographic Targeting Orders. On October 26, 2022, FinCEN announced the renewal and expansion of its Geographic Targeting Orders (GTOs) that require U.S. title insurance companies to identify the natural persons making all-cash purchases of residential real estate over $300,000. FinCEN renewed the GTOs and expanded GTOs to counties encompassing the Texas cities of Houston and Laredo, which FinCEN identified as at greater risk for illicit finance activity through non-financed purchase of residential real estate. The renewed and expanded GTOs are effective from October 27, 2022, to April 24, 2023.
- ENABLERS Act. As discussed in our previous issue, the Establishing New Authorities for Business Laundering and Enabling Risks to Security Act (ENABLERS Act) was introduced in the House of Representatives in October 2022. The ENABLERS Act proposed including “gatekeeper professions,” such as lawyers, in the BSA’s definition of “financial institutions.” In July 2022, the House passed the National Defense Authorization Act (NDAA) for Fiscal Year 2023, which included the ENABLERS Act. However, the ENABLERS Act ultimately was struck from the Senate version of the bill and was not passed in 2022.
Criminal Charges for AML Compliance Program Failings
In recent months, U.S. have charged parties with money laundering and related offenses for alleged misuse of digital assets:
- Crypto Executive Arrested for Allegedly Processing More than $700 Million Dollars’ Worth of Illicit Funds; Treasury’s First Use of Its Section 9714 Powers. On January 18, 2023, the National Cryptocurrency Enforcement Team (discussed here) charged Anatoly Legkodymov, the founder and majority shareholder of Hong Kong-based crypto exchange Bitzlato, with conducting an unlicensed money transmitting business. U.S. authorities allege that key to Bizlato’s branding was that it had “loose or non-existent” Know Your Customer (KYC) requirements. According to U.S. authorities, among other things, Bitzlato allegedly exchanged hundreds of millions of dollars with Hydra, a “darknet market” that facilitated the sale of contraband. U.S. authorities allege that Bitzlato knowingly serviced U.S. customers, conducted transactions with U.S.-based exchanges, was run using U.S. online infrastructure, and, for at least some time, was being managed by the defendant while he was in the U.S. Concurrently, and for the first time, FinCEN announced an Order pursuant to section 9714(a) of the Combating Russian Money Laundering Act identifying Bitzlato as a “primary money laundering concern,” which prohibits certain fund transfers involving Bitzlato by covered financial institutions. French and Spanish authorities are also pursuing charges against Legkodymov and other Bizlato executives. Legkodymov is a Russian citizen who primarily resides in China but was arrested by U.S. authorities while in Miami.
- Coinbase Pays a Big Price for Compliance Failures and Gets a Monitor. On January 4, 2023, the New York State Department of Financial Services (NYDFS) and Coinbase, Inc. (Coinbase) entered into a Consent Order under which Coinbase, a major cryptocurrency exchange, agreed to pay a $50 million penalty and committed to invest an additional $50 million to remediate and enhance its compliance program over the next two years. Coinbase also agreed to extend a previously appointed Independent Compliance Monitor for an additional year. NYDFS identified substantial gaps in Coinbase’s KYC/customer due diligence program, problems with its transaction monitoring and AML/sanctions systems, as well as record retention issues. Notably, NYDFS cited a lack of resources and highlighted Coinbase’s significant backlog of both unreviewed transaction monitoring alerts (more than 100,000) and more than 14,000 customers requiring enhanced due diligence. Pursuant to a memorandum of understanding with NYDFS, in February 2022, Coinbase agreed to hire an independent consultant to help it remediate gaps in the day-to-day operation of its compliance program and ultimately agreed to extend the monitorship pursuant to the terms of this recent Consent Order.
- Dwyer Pleads Guilty (BitMEX). In August 2022, Gregory Dwyer, BitMEX’s Head of Business Development from 2015-2020, pled guilty to violating the BSA. The U.S. Department of Justice (DOJ) alleged that BitMEX’s founders Arthur Hayes, Benjamin Delo, and Samuel Reed (who pleaded guilty in March 2022), along with Dwyer (1) “willfully caused BitMEX to fail to establish and maintain an AML program,” (2) aided and abetted this failure “despite closely following U.S. regulatory developments” requiring such a program, and (3) were aware that BitMEX continued to operate in the U.S. According to the indictment, Dwyer and the other defendants took affirmative steps to exempt BitMEX from the application of U.S. laws by incorporating in Seychelles, rejecting the implementation of formal AML policies, procedures, controls, compliance testing, and training, and causing the company to allow customers to register and trade without providing adequate identification. The indictment alleges that, in 2015, BitMEX announced it would depart the U.S. market but created an IP address check process that was ineffective. As we described in our Spring 2022 newsletter, FinCEN issued a $100 million penalty against BitMEX for failing to implement an adequate AML program, verify customers’ identities, file Suspicious Activity Reports (SARs) in at least 588 transactions, and to implement adequate controls to ensure it did not conduct business with persons located in the U.S.
Fraud in the Digital Assets Market Leads to Money Laundering Charges
Fraud in the digital assets market also continues to be an area of focus of U.S. regulators. The probe into the collapse of FTX has already led to the guilty pleas of Caroline Ellison, the CEO of Alameda Research, Gary Wang, a co-founder and former Chief Technology Officer of FTX, and Nishad Singh, former FTX Engineering Director, for their roles in the alleged scheme to defraud FTX’s customers and investors. Ellison pleaded guilty to seven criminal charges and Wang to four charges, all relating to wire fraud, commodities fraud, and money laundering. Singh pleaded guilty to wire fraud, conspiracy to commit fraud, conspiracy to commit money laundering, and conspiracy to violate campaign finance laws. FTX’s founder and former CEO, Sam Bankman-Fried, is currently facing charges, including conspiracy to commit money laundering, for his involvement. Trial is scheduled to begin in October 2023.
In the recent months, U.S. enforcement authorities have also brought actions against other individuals where fraud related to digital assets served as a basis for money laundering charges. In June 2022, the DOJ announced four enforcement actions that charged six individuals with cross-border offenses involving cryptocurrency, Non-Fungible Tokens (NFTs), and other digital assets. While all four actions primarily involve cross-border wire fraud and securities fraud, two of the cases also include money laundering charges.
On June 30, 2022, the DOJ charged two Brazilian nationals, Emerson Pires and Flavio Goncalves, and one U.S. national, Joshua David Nicholas, in the Southern District of Florida, with conspiracy to commit securities fraud and wire fraud. Two of the defendants were also charged with conspiracy to commit money laundering. The indictment alleged that EmpiresX, a cryptocurrency investment platform founded by Pires and Goncalves, offered unregistered securities in a “global cryptocurrency-based Ponzi scheme.” Pires and Goncalves allegedly misrepresented the existence of a proprietary trading bot and their ability to generate guaranteed returns. Nichols was sentenced to 51 months in prison. The action against Pires and Goncalves, who are currently in Brazil, are ongoing.
OFAC’s Focus on Sanctions Violations and Money Laundering in the Digital Assets Ecosystem
In August 2022, OFAC sanctioned Tornado Cash, a virtual currency mixer. As a mixer, Tornado Cash offers anonymity to cryptocurrency transactions by mixing (and thereby obscuring the origin of) funds from various transaction streams before transmitting the funds to the designated recipients. OFAC found that Tornado Cash was used in a number of multi-million-dollar virtual currency thefts, including a $455 million heist by a Democratic People’s Republic of Korea (DPRK) state-sponsored hacking group, Lazarus Group. In total, OFAC determined that since Tornado Cash was created in 2019, it laundered over $7 billion in virtual currency. In issuing the designation, OFAC indicated that Tornado Cash had failed to institute controls to prevent its involvement in money laundering transactions. In response to lawsuits challenging OFAC’s designation, in November 2022, OFAC delisted and redesignated Tornado Cash for enabling malicious cyber activities that support the DPRK’s weapons program.
Guilty Plea Leads to DOJ’s Largest Crypto Seizure
Federal authorities are seizing digital assets, including those tied to fraud and money laundering schemes. On November 4, 2022, James Zhong pled guilty to committing wire fraud for unlawfully obtaining over 50,000 Bitcoin from the Silk Road dark web internet marketplace. Law enforcement seized approximately 50,000 Bitcoin, then valued at over $3.36 billion from a hidden computer found in Zhong’s Georgia home. The seizure represented the largest cryptocurrency seizure in the history of the U.S. Department of Justice and remains the Department’s second largest financial seizure ever. Zhong is scheduled to be sentenced on April 14, 2023.
DOJ Targets “Blue Dollar Peso Exchangers”
On October 24, 2022, the DOJ’s Money Laundering and Asset Recovery Section filed a civil forfeiture action in the U.S. District Court of the Southern District of New York against approximately $105,825 held in an account in the name of Partners Capital Investments (PCI). The money at the center of this in rem proceeding was seized in December 2020. The current action seeks to forfeit funds involved in an alleged unlicensed money transmitting business, or blue dollar peso exchange, where PCI misrepresented itself to a U.S. bank in connection with the account and enabled transfers between U.S. dollars and Argentine pesos in amounts prohibited by Argentine laws aimed at reducing capital flight from Argentina. “Blue dollar” is a commonly used euphemism in Argentina for dollars bought in breach of foreign exchange laws and regulations.
DOJ claimed that PCI, incorporated in the British Virgin Islands as a mutual fund, never actually acted as a mutual fund or invested in securities, and functioned as an unlicensed money transferring vehicle to “orchestrate, among other things, capital flight out of Argentina and other countries.” Under the alleged scheme, PCI moved funds between both countries without the use of international wire transfers. Instead, using a U.S. bank account, PCI transferred U.S. dollars in the U.S. after a client or third party delivered Argentine pesos to a blue dollar exchange located in Argentina and vice versa. This permitted monetary conversions in excess of Argentinian laws.
Updated Financial Crime Principles for Correspondent Banking
The Wolfsberg Group (the Group), an association of 13 global banks which aims to develop frameworks and guidance for the management of financial crime risks, particularly with respect to KYC, AML, and Combatting the Financing of Terrorism (CFT) policies, has released the 2022 Financial Crime Principles for Correspondent Banking (2022 Principles). The 2022 Principles mark the retirement of the 2014 Anti-Money Laundering Principles for Correspondent Banking (2014 Principles) after eight years.
The 2022 Principles are broader than the 2014 Principles in that they apply to the entire Financial Crime Program in correspondent banking, which includes not only AML, CFT, and sanctions considerations, but also those related to bribery and corruption and fraud.
Among the most notable updates in the 2022 Principles are:
- Extending the correspondence banking relationship and activity definition to the new banking reality, to apply the 2022 Principles not only to banks but also to Non-Bank Financial Institutions (NBFIs) and Payment Service Providers (PSPs), such as Money Services Businesses (MSBs) and Money or Value Transfer Services (MVTS), financial technology companies (fintechs), Virtual Asset Service Providers (VASPs), and new payment method (NPM) companies. Those correspondent relationships “may be facilitating transactions that represent the same or greater risk and Institutions should determine whether to apply these principles to those relationships.”
- Regarding the principle of “Responsibility and Oversight,” the report stresses the need for responsible personnel to have “relevant experience and have undergone training on the risks involved in Correspondent Banking,” and the importance for an Institution to monitoring these activities and define an acceptable risk appetite approved by the board or similar senior stakeholders.
- The Group has developed a Correspondent Banking Due Diligence Questionnaire (CBDDQ) “which should be used to collect the related customer due diligence information” and has published extensive other guidance on the topic of due diligence.
- The report adds a new principle named “Ongoing Review of Correspondent Banking Relationships Institutions,” which refers to the importance of the correspondent bank reviewing the relationship it has with the Respondents on an ongoing basis to assess that the relationships remain “within the risk appetite.” This review includes “measuring the effectiveness of the Respondent’s FCC program on a risk-based approach” and determining if it can “demonstrate that its FCC program is commensurate to the nature, scale, size, and complexity of its business, between others.”
FATF Updates Its Lists Identifying Jurisdictions with Deficiencies
On February 24, 2023, FATF determined for the first time in its history to suspend the membership of the Russian Federation in connection with Russia’s invasion of Ukraine. Despite the suspension, FATF stressed that Russia remains obligated to meet its financial obligations and will remain a member of the Global Network as a member of the Eurasian Group on Money Laundering (EAG). FATF announced that it would reconsider the restrictions imposed on Russia at each of its plenary meetings.
After its plenary meeting on February 23 and 24, 2023, FATF issued updates to its list of “jurisdictions under increased monitoring” (the grey list), and its list of “high-risk jurisdictions subject to a call for action” (the black list). As we previously reported, in March 2022, the grey list identifies jurisdictions with “strategic deficiencies” in their AML/CFT/Countering Proliferation Financing (CPF) regimes but that have committed to resolve those deficiencies “swiftly.” The black list, by contrast, identifies jurisdictions with “significant strategic deficiencies” in their AML/CFT/CPF regimes. In February, FATF removed Cambodia and Morocco from the grey list and made no changes to its black list. Morocco and Cambodia were praised for addressing deficiencies noted in 2019 and 2021, respectively. Previously, after its plenary meeting in Paris on October 20 and 21, 2022, FATF had removed Nicaragua and Pakistan from the grey list and added to it the Democratic Republic of the Congo (DRC), Mozambique, and Tanzania. At the same meeting, FATF added Myanmar to its black list, where it joined the DPRK and Iran.
Editors: Ian A. Herbert, Leah Moushey, Ann Sultan, William P. Barry, Kirby D. Behre
Contributors: Maame Esi Austin, Alexandra Beaulieu, Facundo Galeano,* Francisco Grosso,** Ivo K. Ivanov, Therese J. Kuester, Helen Mitsuko Marsh, Connor Wilson, Surur Fatema Yonce
**Visiting law clerk
The information contained in this communication is not intended as legal advice or as an opinion on specific facts. This information is not intended to create, and receipt of it does not constitute, a lawyer-client relationship. For more information, please contact one of the senders or your existing Miller & Chevalier lawyer contact. The invitation to contact the firm and its lawyers is not to be construed as a solicitation for legal work. Any new lawyer-client relationship will be confirmed in writing.
This, and related communications, are protected by copyright laws and treaties. You may make a single copy for personal use. You may make copies for others, but not for commercial purposes. If you give a copy to anyone else, it must be in its original, unmodified form, and must include all attributions of authorship, copyright notices, and republication notices. Except as described above, it is unlawful to copy, republish, redistribute, and/or alter this presentation without prior written consent of the copyright holder.