Month: November 2018

On October 31, in Lee v. Securities and Futures Commission, the Hong Kong Special Administrative Region Court of Final Appeal decided that Section 300 of the Securities and Futures Ordinance (SFO), which broadly applies to securities fraud, applies to insider dealing in shares that were not listed on the Hong Kong Stock Exchange but were listed on the Taiwan Stock Exchange, provided that substantial activities constituting the crime occurred within Hong Kong.

Section 300 of the SFO states that a person

shall not, directly or indirectly, in a transaction involving securities, futures contracts or leveraged foreign exchange trading—

(a) employ any device, scheme or artifice with intent to defraud or deceive; or

(b) engage in any act, practice or course of business which is fraudulent or deceptive, or would operate as a fraud or deception.

In 2006, four persons engaged in an insider dealing scheme involving shares of Hsinchu International Bank, whose shares were listed on the Taiwan Stock Exchange and were being acquired by Standard Chartered Bank. “Betty”, a solicitor in an international law firm, “Eric,” a solicitor in another international law firm, and “Patsy” and “Stella,” two sisters of Eric, pooled more than HK$6.3 million to buy Hsinchu shares, before the tender offer was made public, through a Hong Kong-based securities firm account that Patsy had opened for the purpose of trading in shares listed in Taiwan. (All names used are the English names that the Court used in its judgments.)  Once the tender offer was made public, Patsy accepted the tender on their Hsinchu shares, making an aggregate profit of nearly HK$2.7 million.  In a civil proceeding by the Hong Kong Securities and Futures Commission (SFC), a judge found that Betty, Eric, and Patsy had contravened section 300 by engaging in their scheme and that Stella had been involved in the others’ contravention of section 300.

In his judgment, Justice Robert Tang found that the term “transaction” in section 300 “has a wide meaning” and covers the defendants’ scheme.  Although subsection 291(5) of the SFO, which specifically prohibits insider dealing, uses definitions of “listed securities” and “listed corporation” that makes that subsection inapplicable to shares listed on the Taiwan Exchange, Justice Tang wrote, the term “securities” in section 300

is defined in wide terms and . . . is not confined to shares listed in Hong Kong. It can cover shares not listed in a recognized stock exchange.  I think it would be in keeping with the purpose of the SFO and Hong Kong’s position as an international financial center, that provided “substantial activities constituting the crime” occurred within Hong Kong, s[ection] 300 should cover the insider dealing in shares listed in Taiwan. I have no doubt that substantial activities constituting the complaint under s[ection] 300 occurred in Hong Kong. (Footnotes omitted)

Note: While one law firm has opined that the outcome in was “widely anticipated,” the breadth of the Court’s construction of section 300 is certainly greater than the SFC could have expected.  In the light of the holdings on the breadth of key terms in section 300, and on the reach of section 300 beyond shares listed in Hong Kong even to “shares not listed in a recognized stock exchange,” it will not be surprising if the SFC makes increasing use of that section to pursue a broad array of insider dealing cases.  As the Court did not list or describe the types of activities that could constitute “substantial activities . . . “occurr[ing] in Hong Kong,” the SFC will need to proceed cautiously in developing insider-dealing cases involving shares listed outside Hong Kong.

During November, two developments in the long-running foreign-bribery investigation of two Australian banknote companies by the Australian Federal Police (AFP) and Commonwealth prosecutors appear to have brought that investigation to a close.  Both companies — Securency, which made the plastic base for banknotes, and Note Printing Australia (NPA), which produced the notes investigation – were owned by the Reserve Bank of Australia (RBA) at the times relevant to the investigation.

First, on November 8, the High Court of Australia, in a unanimous decision, affirmed the permanent staying of prosecutions against four unnamed NPA executives, who had been charged with violations of the Commonwealth Criminal Code (and, in some cases, the Victoria Crimes Act 1958), on abuse-of-process grounds.  The High Court’s decision stated that the Australian Crime Commission (ACC), which has statutory authority under the  Australian Crime Commission Act 2002 to investigate criminal activity, had failed to comply with key provisions of its own legislation.  Even though each of the four executives had been asked to participate in a cautioned record of interview by the AFP and had declined that request, an ACC examiner chose to use the ACC’s coercive powers to compel the executives to answer the AFP’s questions.  Because the AFP and commonwealth prosecutors gained a substantial forensic advantage from the compelled questioning, the Court agreed with the trial-level judge’s conclusion that “the continued prosecution of the appellants would bring the administration of justice into disrepute.”

Second, during the week of November 26, a former NPA sales executive, Christian Boillot, pleaded guilty to conspiring to offer a bribe to foreign officials in Malaysia.  That result, closely following the High Court’s decision regarding the four other executives, led to the November 28 lifting of non-publication court orders in the case.  That in turn prompted the RBA to issue a statement, in which it publicly disclosed for the first time that in 2011, NPA (wholly RBA-owned) and Securency (50 percent RBA-owned at the time) entered pleas of guilty to charges of conspiracy to bribe officials in Indonesia, Malaysia, Vietnam, and Nepal in connection with banknote-related business.  Previously, in 2011 both firms had been publicly charged in the investigation, but no resolution had been reported until now.  The RBA also stated that as a result of their pleas, the two companies paid a combined total of nearly A$22.6 million (US$16.3 million) in fines and pecuniary penalties under the Proceeds of Crime Act 2002. Although Securency’s pecuniary penalty of A$19,809,772 was more than ten times the size of NPA’s pecuniary penalty of A$1,856,710, the RBA statement did not provide any explanation of the reasons for the disparity or the facts relating to the firms’ relative culpability.

Previously, four other individuals — Securency’s former chief executive and chief financial officer, a  manager, and an agent  principal of a Securency agency business in Indonesia – pleaded guilty to various charges and received suspended sentences.  It will be surprising if Boillot, who is scheduled to be sentenced December 6, receives anything but a suspended sentence as well.

Note:  As one of the first cases pursued under Australia’s foreign-bribery laws, this investigation has had as many plusses as it has minuses.  On the plus side, the AFP and the Commonwealth Director of Public Prosecutions (CDPP) deserve credit for initiating and seeing the investigation through over nearly a decade, for conducting a true joint investigation with the United Kingdom Serious Fraud Office (SFO), and for obtaining guilty pleas from NPA, Securency, and a number of top executives.  On the minus side, the SFO is the only prosecutive office that succeeded in obtaining a sentence of imprisonment in that joint investigation, and the High Court’s strong rebuke of the AFP and the CDPP has strengthened the voices of crossbench Members of Parliament advocating the creation of a federal anti-corruption body.  The investigation also called into question the adequacy of the RBA’s supervision of its own subsidiaries.  RBA Governor Philip Lowe acknowledged that  the RBA “accepts there were shortcomings in its oversight of these companies, and changes to controls and governance have been made to ensure that a situation like this cannot happen again.”

In one respect, this case could prove to be a historical artifact with respect to regulatory and law enforcement expectations about director accountability for bribery-related conduct.  The RBA’s public statement specifically said that in 2011, the CDPP ”accepted that the boards of the two companies had no involvement in, or knowledge of, the conduct in question. No evidence of knowledge or involvement by officers of the RBA, or the non-executive members of either board appointed by the RBA, has emerged in any of the relevant legal proceedings or otherwise.”  Both NPA and Securency, on the other hand, reportedly “accepted that the systems and procedures they had in place at the time of the offending were inadequate to prevent or detect the offending conduct of their senior executives.”  Since 2011, regulatory expectations in the United Kingdom and other countries about the responsibility of boards for overseeing corporate compliance have been increasingly stringent.  It seems highly likely that in future Australian investigations of corporate wrongdoing, mere denials of knowledge or involvement by board members in the alleged wrongdoing will not suffice to avoid individual director culpability, at least when multiple C-level executives and managers are implicated in the bribery scheme and the board failed to establish and maintain consistent oversight on compliance matters.

Further details regarding the sequence of events in the investigation can be found in the RBA’s chronology and an ABC News timeline.

Today, the U.S. Department of Justice announced the unsealing of an indictment in the District of New Jersey, charging two Iranian nationals, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, with conducting a 34-month-long international computer hacking and extortion scheme involving the deployment of sophisticated ransomware against more than 200 victims, including hospitals, municipalities, and public institutions.  Both defendants are charged with conspiracy to commit wire fraud, conspiracy to commit fraud and related activity in connection with computers, intentional damage to a protected computer, transmitting a demand in relation to damaging a protected computer.

According to the indictment, the defendants, acting from inside Iran, authored malware, known as “SamSam Ransomware,” that was capable of forcibly encrypting data on the computers of victims.  Beginning in December 2015, the defendants allegedly accessed the computers of victim entities without authorization through security vulnerabilities, and installed and executed the SamSam Ransomware on the computers, which resulted in the encryption of data on the victims’ computers.  In committing their attacks, the defendants allegedly used overseas computer infrastructure and sophisticated online reconnaissance techniques (e.g., scanning for computer network vulnerabilities), and conducted online research in order to select and target potential victims.  In some cases, they would also disguise their attacks to look like legitimate network activity.

Once SamSam was deployed on targeted computers, the defendants allegedly

would then extort victim entities by demanding a ransom paid in the virtual currency Bitcoin in exchange for decryption keys for the encrypted data, collecting ransom payments from victim entities that paid the ransom, and exchanging the Bitcoin proceeds into Iranian rial using Iran-based Bitcoin exchangers.  The indictment alleges that, as a result of their conduct, Savandi and Mansouri have collected over $6 million USD in ransom payments to date, and caused over $30 million USD in losses to victims.

Note:  Financial-crimes compliance and information-security officers should use this indictment as an opportunity to remind corporate officers and employees, at all levels, of the risks that ransomware can pose to their companies’ capacity to conduct critical operations, as well as their obligation to comply fully with corporate cybersecurity requirements.  As cybersecurity firm Malwarebytes previously observed, to gain initial access SamSam uses not only sophisticated exploitation of vulnerabilities in remote desktop protocols, Java-based web servers, and file transfer protocol servers, but also the unsophisticated but still effective approach of “brute force” attacks against weak passwords.

The consequences of failing to guard against ransomware such as SamSam on all fronts has been catastrophic to various businesses. Among other SamSam victims, the City of Atlanta, which reportedly refused to pay the ransom, may need as much as $17 million to remediate the damage, and an Indiana hospital, which reportedly chose to pay the ransom, nonetheless was reduced at one point to working with pen and paper before systems could be restored.  Because the cybersecurity community by now is well aware of the vectors and techniques behind SamSam, chief information security officers need to ensure that their companies’ ransomware defenses are robust and timely updated.

In his remarks concerning the indictment, Assistant Attorney General for the Criminal Division Brian A. Benczkowski stated that “the Criminal Division and its law enforcement partners will relentlessly pursue cybercriminals who harm American citizens, businesses, and institutions, regardless of where those criminals may reside.” That statement is more than high-sounding rhetoric.  The unsealing of the indictment and the FBI’s issuance of a “Wanted by the FBI” for both men indicate that the Department, as it has done in other serious criminal cases involving defendants in foreign jurisdictions, is prepared to be patient and wait – for years if necessary – for an opportunity to apprehend and extradite the defendants.

On November 23, the Kenyan newspaper Daily Nation reported that detectives with the Kenyan Ethics and Anti-Corruption Commission (EACC) arrested three senior Chinese officials and four Kenyan counterparts who work for the China Road and Bridge Corporation (CRBC) in Kenya.  The arrests were for attempting to bribe investigators looking into possible corruption associated with the Standard Gauge Railway (SGR).

The SGR line, which connects Nairobi with East Africa’s main port, Mombasa, was funded by China as part of its One Belt One Road (OBOR) Initiative and is one of the largest infrastructure projects of Ugandan President Uhuru Kenyatta.  The CRBC reportedly operates the SGR service at a cost of KES1 billion ($9.7 million) per month.  According to Voice of America News, the project already “has been tarnished by allegations of corruption and racism, and concerns about its economic viability” due to its $3 billion cost.  In 2015, two CRBC officials were arrested for allegedly bribing officials of the Kenya National Highways Authority in order to avoid sanctions for overloaded vehicles.  In August 2018, , Mohammed Abdalla Swazuri, the chairman of Kenya’s National Land Commission (which manages public land), and Atanas Kariuki Maina, managing director of the Kenya Railways Corporation, were arrested in connection with allegations “that officials siphoned taxpayer money through phoney compensation claims for land used for the railway.”

The most recent allegations pertain to a suspected multi-million-shilling ticketing fraud scheme, in which insiders are skimming a significant portion of revenue from each trip on the SGR.  All seven of those arrested reportedly were participants in the scheme.  Kenya’s director of public prosecutions Noordin Haji said, in a written statement, that the three Chinese officials would be charged with bribery for giving a bribe of approximately $5,000.

Note:  These latest allegations should prompt regional anti-bribery and corruption compliance teams to pay closer attention to CRBC-connected transactions and expenses, but should surprise no one who has been following developments with China’s One Belt One Road (OBOR) Initiative.  Since 2013, in a massive bid to expand its soft power globally, China has reportedly invested more than $700 billion of its own money in more than 60 countries, largely for “large-scale infrastructure projects and loans to governments that would otherwise struggle to pay for them.”  In fact, some governments that originally accepted China’s seemingly generous lending terms have found the debt they assumed to be crushing.  For example, the CRBC construction of a highway across Montenegro has already raised that country’s public debt to 83 percent of Gross Domestic Product, and Malaysian President Mathahir Mohamad  recently canceled more than $22 billion of Chinese-funded Belt and Road projects because “we cannot afford . . . [or] repay [them] and also because we don’t need these projects for Malaysia at this moment.”  In addition, because “China does not require its partners to meet stringent conditions related to corruption, human rights, or financial sustainability[, t]his no-strings approach to investment has fueled corruption.”

In 2017, two commentators expressed concern that the OBOR Initiative would create a risk for China’s “associating itself with rampant corruption in the autocratically ruled countries of Central Asia.” That assessment, unfortunately, was not only too late but beside the point.  By choosing not to require anti-corruption commitments from countries to which it offered massive infrastructure projects, Chinese officials –who no doubt were well-informed about which countries posed greater bribery and corruption risks — assumed the risk of becoming embroiled in corruption to further and complete OBOR projects.  If anything, as other countries seek to pull out of or scale back their own OBOR projects, CRBC officials in those countries are likely to encounter increasing temptation to engage in in-country bribery to maintain and complete those projects.  What happened in Kenya, in short, is likely to happen in more countries with OBOR projects.

On November 19, Dutch police conducting a search in a purportedly unoccupied house in Amsterdam found a washing machine containing €350,000, as well as a money-counting machine, several mobile phones, and a firearm.  Police arrested one individual, who was on the premises at the time, on suspicion of money laundering.  While the report spawned a brief flurry of international media attention because of the literalness of the washing machine-money laundering connection, this report may be of broader interest to global and regional anti-money laundering (AML) compliance teams, for two  reasons.

First, it provides a concrete example, for basic AML in-house training, of the challenge that criminals face every day in managing bulk cash they receive from retail criminal transactions (including drug trafficking, fraud, and corruption).  When a country’s AML-related criminal offenses include anti-structuring provisions, daily receipts of criminal proceeds – especially in smaller denominations such as the €20 and €50 notes that the Dutch police found — can back up and reach substantial volumes until criminals can devise a scheme to structure their cash deposits to a wider range of financial institutions or smuggle out the bulk cash (also risky).  As a result, criminals often choose simple ways of storing the bulk cash in residences, including buckets, ceilings, cupboards, toilet tanks, and walls, that are insecure but allow quick access.

Second, for European compliance teams’ situational awareness, this search is an example of the Dutch police’s use of the Spookburgeractie (ghost citizen operation) in combating criminal operations.  In this type of operation, which at least one Dutch court has approved, the police seek to identify individuals who live in Amsterdam but are not registered anywhere, and locate houses that are vacant or reflect other indications of criminal activity.  Where a search finds indications of criminal activity on the premises, including significant quantities of contraband such as cash or drugs, the police file an administrative report with Amsterdam city authorities.  On the basis of that report, municipal authorities can take administrative measures such as temporary closure of the house.