Month: December 2018

On December 13, the U.S. Department of Justice announced that its Antitrust Division had reached a settlement with Nexstar Media Group Inc., one of the largest owners of television stations in the United States, as part of the Division’s ongoing investigation into exchanges of competitively sensitive information in the broadcast television industry.  According to the amended complaint that the Antitrust Division filed against Nexstar and six other television broadcasting companies, Nexstar and other entities agreed

in many metropolitan areas across the United States to exchange revenue pacing information, and also engaged in the exchange of other forms of non-public sales information in certain metropolitan areas.  Pacing compares a broadcast station’s revenues booked for a certain time period to the revenues booked in the same point in the previous year.  Pacing indicates how each station is performing versus the rest of the market and provides insight into each station’s remaining spot advertising for the period.

By exchanging pacing information, Nexstar and other broadcasters were better able to anticipate whether their competitors were likely to raise, maintain, or lower spot advertising prices, which in turn helped inform their stations’ own pricing strategies and negotiations with advertisers.  As a result, the information exchanges harmed the competitive price-setting process.

The proposed settlement would prohibit the direct or indirect sharing of such competitively sensitive information, as the Justice Department determined “that prohibiting this conduct would resolve the antitrust concerns raised as a result of Nexstar’s conduct.”  It also would require Nexstar to cooperate in the Department’s ongoing revenue-pacing investigation and to adopt “rigorous antitrust compliance and reporting measures to prevent similar anticompetitive conduct in the future.”

Per the Antitrust Procedures and Penalties Act (also known as the Tunney Act), notice of the proposed settlement, as well as the Justice Department’s competitive impact statement in the case, was published in the Federal Register on January 14, for public notice and comment for a 60-day period.  At the conclusion of the comment period, the U.S. District Court for the District of Columbia, with which the settlement is filed, “may enter the final judgment upon a finding that it serves the public interest,” according to the Department.  In light of the uncertainly about the duration of the current federal government shutdown, the timing of the District Court’s decision after the 60-day period is uncertain.

Note:  This announcement provides a timely reminder to senior management and corporate compliance officers that their companies’ antitrust compliance programs, including training, need to extend beyond core criminal-liability concerns such as price-fixing.  While most companies understand that directly exchanging or fixing of prices is a live wire for antitrust enforcement, some companies may think that if they do not directly exchange such data, but merely exchange other data from which they can infer their competitors’ prices and pricing practices, that will insulate them from liability.

The Antitrust Division’s revenue-pacing  investigation and settlements demonstrates that that will not be the case.  Antitrust-compliance policies and training should therefore certainly address core concerns for Sherman Act criminal liability, but also should point out that the Antitrust Division will be attentive to any intraindustry practices by competitors that have the necessary effect of sharing what the Division terms “competitively sensitive information” or affecting the competitive price-setting process.

On December 27, Vatican News reported that the Holy See Press Office issued a statement announcing that on December 17, Angelo Proietti had been convicted of money laundering and sentenced to 2 ½ years’ imprisonment and confiscation of more than €1 million.  The conviction is significant because it reportedly represents the first time in the Vatican’s history that a person has been tried and found guilty of money laundering under a 2010 Vatican law.

Proietti, a construction magnate in Rome, had reportedly siphoned off approximately €11 million from two companies that pushed them into bankruptcy.  According to a 2016 release by the Holy See’s Press Office, authorities of the Holy See and the Vatican City State initiated the investigation in 2013, based on Suspicious Transaction Reports that related to Proietti and accounts he had at the Vatican bank, the Institute for Works of Religion (IOR).  Subsequently, in 2014 the Vatican seized more than €1 million tied to Proietti, and in 2016 Proietti negotiated a 3-year, 3-month prison sentence with Italian authorities for his fraud.  The December 27 release credited the Vatican Office of the Promoter of Justice, the Vatican Financial Intelligence Authority (AIF), the Vatican City State Gendarmerie, and Italy for collaboration in the investigation.

Note:  In the past, the Council of Europe’s Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism (MONEYVAL) had called on the Vatican “to deliver effective results in terms of prosecutions, convictions and confiscation.”  This first prosecution is only a beginning, but it is a beginning, which the Vatican acknowledged “assumes fundamental importance” in its anti-money laundering/counter-terrorism financing (AML/CTF) efforts.

This prosecution should also be regarded as a milestone on the Vatican’s sometimes tortuous path since 2009 toward an effective AML/CTF regime.  Even after Pope Benedict XVI issued an Apostolic Letter in 2010 to comply with European anti-money-laundering directives, the overall pace of reform initially was slow – owing in part to contention within Vatican ranks over how transparent the IOR’s operations should be.  By 2017, however, Italy placed the Vatican on its “white list” of states with cooperative financial institutions, and MONEYVAL noted that the Vatican had made progress in the previous two years and that the AIF was working efficiently as both a financial intelligence unit and as supervisor of the IOR.  In addition, the IOR – which in 2011 reportedly had approximately 33,000 accounts and 20,772 clients (68 percent of whom were members of the clergy), and $8.2 billion in assets under management – closed thousands of accounts belonging to people who no longer qualified.

Earlier this year, the AIF reported that in 2017 it had submitted eight reports to the Office of the Promoter of Justice for further investigation, and had signed 19 Memoranda of Understanding with  counterpart agencies in other jurisdictions and exchanged information in 268 cases.  While that information suggests that the Vatican has quickened its pace in anti-financial crime implementation, the Vatican will need to show in 2019 that it is sustaining that pace.

Three recently published reports provide different, but complementary, perspectives on cybercrime trends of which information-security and financial-crimes compliance officers should take note:

1. APWG: First, on December 12, the APWG (formerly the Anti-Phishing Working Group) issued its Phishing Activity Trends Report for the third quarter of 2018. That report contained the following key points:

• The number of brands targeted for phishing attacks steadily increased, from 231 in July) to 260 in August to 286 in September. (P. 3)
• The total number of phish that APWG detected in 3Q 2018 was 151,014 – a 43 percent decrease from 2Q (233,040) and a 57 percent decrease from 1Q (263,538). (P. 4)
• Phishing attacks that targeted cloud storage and file hosting sites fell substantially, from 11.3 percent of all attacks in Q1 to 9 percent in Q2 and to 6.5 percent in Q3. Payment processing was by far the sector most targeted for phishing attacks (38.2 percent), followed by Software as a Service (SAAS)/Webmail) (20.1 percent) and financial institutions (15.7 percent).  (P. 5)
• While phishing remains most prevalent in the old, large global top-level domains (gTLD), such as .com, it is higher than normal in the new gTLDs and in repurposed ccTLDs. (P. 6)
• Phishers are increasingly using “repurposed” domains – i.e., domains for which management rights have been granted to third parties, who have then “commercialized the TLDs as a way of hiding their phishing sites from detection.” (P. 7)
• The number of phishing web sites using SSL/TLS encryption increased in 3Q to 49.4 percent, a significant increase from 35.2 percent in 2Q. (P. 8)
• In Brazil, phishing attacks against Brazilian e-commerce sites decreased 53 percent from April to June 2018 after the FIFA World Cup, and decrease through 3Q, while attacks against Brazilian banks and credit unions slightly increased. (P. 9)

2.  McAfee: On December 19, McAfee issued its McAfee Labs Threats Report: December 2018, which examined activity “in the cybercriminal underground and the evolution of cyber threats” in 3Q 2018. The report contained the following findings:

• McAfee stated that McAfee Labs “McAfee Labs saw an average of 480 new threats per minute and a sharp increase in malware targeting [Internet of Things (IoT)] devices.”
• “The ripple effect of the takedowns of the Hansa and AlphaBay dark web markets were still apparent in Q3. Competing marketplaces, such as Dream Market, Wall Street Market, and Olympus Market eagerly filled the gap left by law enforcement actions last year.” (P. 4)
• McAfee saw “numerous mentions of Common Vulnerabilities and Exposures [(CVEs)]. The most recently published CVEs were hot topics in discussions of browser exploit kits—RIG, Grandsoft, and Fallout—and of ransomware, especially GandCrab. . . . These [and other] threads show that cybercriminals are eager to weaponize both new and old vulnerabilities. The popularity of these topics in underground forums should warn organizations to make vulnerability management a priority in their cyber resilience plans.” (P. 5)
• “Large-scale credit card theft has shifted from point-of-sale systems to (third-party) payment platforms on large e-commerce sites.” (P. 5)
• “We saw an increase in discussions of mobile malware, mostly targeting Android and focused on botnets, banking fraud, ransomware, and bypassing two-factor authentication.” (P. 7)
• “Although we have seen a decline in the number of unique families during recent months, ransomware remained active in Q3. The decline in new families may be due to many ransomware actors switching to a more lucrative business model: cryptomining.” (P. 8)
• “Mining cryptocurrency via malware is one of the big stories of 2018. Total “coin miner” malware has grown more than 4,000% in the past year.” (P. 10)
• “In Q3, the Advanced Threat Research team recorded more than 35 publicly known targeted attacks. Cyber espionage was the biggest motivator for these attacks.” (P. 20)

3.  Police Scotland: Finally, on December 17, The Times published an article providing a timely reminder that sometimes wholly benign activities, such as expansion of Internet connectivity, can affect the incidence of cyberfraud in certain jurisdictions.  The article reported that according to Police Scotland, fraud in the Scottish islands — thanks to the growth of Internet banking, online shopping, and the installation of broadband in rural areas — had risen by as much as 700 per cent, as residents become victims of cybercriminals.  The fastest-growing method of cyberfraud was reportedly “vishing” – i.e., fraudsters’ contacting people by telephone to persuade them to send money or to disclose information such as website passwords.

On December 21, the Washington Post reported that according to intelligence officials and terrorism experts, the Islamic State, despite the loss of its caliphate, “is sitting on a mountain of stolen cash and gold that its leaders stashed away to finance terrorist operations and ensure the organization’s survival years into the future.”  This horde of cash and gold – “nearly all of it looted from banks or acquired through criminal enterprises” – is estimated to be about $400 million.

This larder of cash and gold, according to analysts, “is partly intended . . . to fund a future resurgence of the Islamic State . . . .”  While some of this total reportedly was buried in the desert or hidden away, officials said that Islamic State leaders ”have laundered tens of millions of dollars by investing in legitimate businesses throughout the Middle East over the last year.”  Investigators recently traced millions of Islamic State-linked dollars “through banking networks with links to Turkey and the United Arab Emirates as well as Iraq and Syria.”  Moreover, those funds led “to an astonishing array of legitimate commercial enterprises, including real estate companies, hotels and automobile dealerships,” and even shares in a carwash business.  One analyst was quoted as saying that that there were indications of people “’moving money through cutouts and proxies into correspondent banks, mostly in southern Turkey’.”

In addition, the article reported that one Iraq-based financial services business, the al-Rawi Network, reportedly “moved up to $500,000 a day to operatives in Turkey.”  In October 2018, Iraqi commandos and Kurdish counter-terrorism forces arrested ten members of the network.

Note: It should be no surprise to anti-money laundering compliance officers that the Islamic State continues to seek to launder funds in the EMEA region to support their activities.  The U.S. Department of the Treasury  has sanctioned a key individual and three money services businesses for moving Islamic State funds: in 2016, financier Fawaz Muhammad Jubayr al-Rawi (later killed in Syria), and two currency exchanges in Iraq and Syria; and in 2018, another Iraq-based money services business.

This article indicates that AML compliance teams need to remain attentive to indications that funds flowing through their own institutions or correspondent banks are linked to the Islamic State.  They should read the article for the strategic information that it contains, and monitor open-source reporting in the new year for updated reporting on Islamic State laundering.

Every day, corporate-compliance and ethics officers and agency Inspectors General are faced with the task of identifying and acting on potentially unethical or corrupt activity in their organizations, often by inference from financial or statistical data.  But would it be possible to detect indications of whether a particular person is corrupt just by looking at them?  A paper recently published in Psychological Science, “Inferring Whether Officials Are Corruptible From Looking at Their Faces,” provides some evidence of that possibility.

The paper’s authors, Chujun Lin, Ralph Adolphs, and R. Michael Alvarez (respectively a graduate student and professors at the California Institute of Technology), first noted that

[t]he possibility that corruptibility inferences from faces might be associated with real-world measures of corruption is raised by three areas of previous research.  First, theories of self-fulfilling prophecy argue that the impressions and expectations a face creates (e.g., how corruptible an official looks) influence how other people interact with the face bearer (e.g., how likely others would be to bribe the official) and that those recurrent interactions in turn shape the face bearer’s behavior so as to confirm other people’s impressions and expectations . . . .  Second, analyses of sentencing decisions show that evaluations of guilty and recommendations of punishment are influenced by the defendant’s facial appearance . . . .  These findings suggest that officials who look more corruptible might be more likely to be accused, prosecuted, and convicted.  Third, some studies have argued that the face contains a kernel of truth about a person’s nature – such as personality and criminal inclinations . . . – even though the diagnostic validity and the causal mechanisms remain obscure.

Given that prior research, the authors hypothesized “that elected officials’ corruption records would be associated with traits, such as corruptibility, inferred from their facial appearances.”

To test their hypothesis, the authors conducted a total of four studies.  The first three studies used various arrays of photographs of Caucasian males who had held federal, state, or local offices in the United States; half of the officials in each study had clean records, while the other half had been convicted of political corruption-related offense.  Participants in those studies were told only “that they would view a series of politician photos and that they should judge how corruptible, dishonest, selfish, trustworthy, and generous these politicians looked to them.”  They then completed five blocks of experiments, in which each block corresponded  to judging one trait for all faces, and “were instructed to make their decisions as quickly and precisely as possible.”  The fourth study explored whether officials with wider faces were judged more negatively on corruptibility-related traits than officials with clean records.

In brief, the authors’ main conclusions included the following:

• In Studies 1-3, they found evidence “supporting the hypothesis that trait-specific inferences, such as corruptibility, made from photographs of officials’ faces are associated with real-world measures of political corruption and violation. This association was replicated across officials at different levels of government.”
• In Study 4, they found “that an official was perceived as more corruptible when his face was manipulated [in photographs] to be slightly wider and less corruptible when his face was manipulated to be slightly slimmer, even though participants did not detect such manipulation of the facial identity.”

They also speculated that “people who look corruptible might be more likely to be approached by others with the intent to corrupt them, which in turn results in the mutual behaviors required for corruption to occur . . . , but cautioned that there were important limitations to the generalizability of their study.

Note:  The immediate value of this study to day-to-day corporate-compliance work is, and should be, limited; for example, compliance officers are better off conducting robust monitoring of corporate data than scrutinizing employee photos to determine whether someone “looks corrupt.”  At the same time, it indicates additional and intriguing paths for future cognitive- and social-psychology research into corruption and the traits of those who engage in corrupt acts.  The rigorous design and reproducibility of this study should help to encourage other researchers to explore those paths.