Inadvertent Disclosure of Confidential Informant Sank Canadian E-Pirate Money Laundering Prosecution

In November 2018, as Dipping Through Geometries previously reported, the Public Prosecution Service of Canada (PPSC) stayed (i.e., discontinued) a major money laundering case stemming from Operation E-Pirate that had been brought against a British Columbia-based money-transfer business, Silver International Investments Ltd., and two individuals who ran the laundering operation that enabled organized criminals to launder drug money.  At the time, the Royal Canadian Mounted Police (RCMP) did not disclose the specific reasons for the stay, but stated generically that the charges “were stayed for several reasons that materialized during the course of the file.”

On January 9, Global News reported that the case was stayed “because federal prosecutors mistakenly exposed the identity of a police informant who they feared could have been killed if the case proceeded.” The article stated that from review of court filings and interviews of sources with knowledge about the decision to stay E-Pirate charges,

federal prosecutors mistakenly revealed the identity of a secret police informant when they released a large volume of digital files to Silver’s lawyer in a standard evidence disclosure process.

While combing through the evidence to prepare a defence, Silver’s legal team eventually noticed information that could identify a police informant. Silver’s lawyer Matthew Nathanson contacted prosecutors and alerted them to the error, and the two sides worked on a potential solution.

The exact reason why the RCMP and federal prosecutors abruptly decided in November the disclosure error could not be overcome is not clear. But as the scheduled trial date rapidly approached, time pressure to make full disclosure to defence and the sheer amount of evidence handled in the case appears to have been key issues, said sources who could not be identified.

The critical factor in the decision, Global News indicated, was that “the police informant who helped the RCMP to build its case was judged to be at ‘high risk’ for death if the case proceeded.”  Based on Canadian legal guidelines, prosecutors and the RCMP reportedly decided that protecting the informant’s life outweighed the interest in pursuing charges against Silver and the individual defendants, who operated Silver.

This case is hardly the first, in Canada or the United States, to involve reported inadvertent disclosure of an informant’s identity.  Such inadvertent disclosures can come from police, prosecutors, or even third-party agencies that had access to informant information. Moreover, the risks of inadvertent disclosure are compounded in complex cases, where (as in this case) large volumes of documents are being disclosed to defense attorneys.

In its report, Global News asserted that “both the RCMP and federal prosecutors must take responsibility” for the inadvertent disclosure.  Regrettably, while RCMP officers may have been involved in the process of reviewing documents prior to the disclosure, the ultimate responsibility must rest with the prosecutors responsible for providing the evidence containing the informant’s identity to defense counsel.  As the Supreme Court of Canada stated in its 2011 decision in R. v. Barros, the informer privilege is “almost absolute,” and the duty to protect and enforce that privilege “rests on the police, the Crown, and the courts.”  While the article does not indicate whether the stay of the case against Silver and its operators precludes any further progress in Operation E-Pirate, the basis for the stay does not bode well for that operation.

OFAC Targets Venezuelan Individuals and Companies for Sanctions Relating to PDVSA Embezzlement Scheme

On January 8, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Venezuelan individuals and companies that were involved, according to OFAC,

in a significant corruption scheme designed to take advantage of the Government of Venezuela’s currency exchange practices, generating more than $2.4 billion in corrupt proceeds.  This designation, pursuant to Executive Order (E.O.) 13850, targets seven individuals, including former Venezuelan National Treasurer Claudia Patricia Diaz Guillen (Diaz) and Raul Antonio Gorrin Belisario (Gorrin), who bribed the Venezuelan Office of the National Treasury (ONT, or Oficina Nacional del Tesoro) in order to conduct illicit foreign exchange operations in Venezuela.  In addition to Diaz and Gorrin, OFAC designated or blocked five other individuals and 23 entities, pursuant to E.O. 13850, for their roles in the bribery scheme, and identified one private aircraft as blocked property.

In remarks that accompanied the issuance of the OFAC sanctions, Secretary of the Treasury Stephen Mnuchin stated that “Treasury is targeting this currency exchange network which was another illicit scheme that the Venezuelan regime had long used to steal from its people,” and that Treasury’s actions “expose yet another deplorable practice that Venezuela regime insiders have used to benefit themselves at the expense of the Venezuelan people.”

The facts underlying these sanctions relate directly to the criminal prosecutions that the United States Department of Justice has been conducting against key members of the Venezuelan elite for their roles in a currency-exchange scheme that resulted in embezzlement of more than $1.2 billion from Venezuelan state-owned oil company Petróleos de Venezuela, S.A. (PDVSA).  In addition to the seven individuals, OFAC listed 23 companies and a Dassault Mystere private aircraft as being designated or blocked for being owned or controlled by those individuals.

Note: This latest cluster of OFAC sanctions is yet another in the continuing series of sanctions and prosecutions that the Trump Administration is directing at Venezuela’s Boliburguésia and their support network.  The Treasury announcement specifically stated that “sanctions are intended to change behavior,” and that the United States Government “has made it clear that we will consider lifting sanctions for persons designated under E.O. 13692 or E.O. 13850 who take concrete and meaningful actions to restore democratic order, refuse to take part in human rights abuses, speak out against abuses committed by the government, and combat corruption in Venezuela.

None of that, of course, is likely to take place in the near term, now that President Nicolás Maduro is about to be sworn in for a second six-year term in office.  It is also increasingly unlikely to take place in the longer term.   Even if the United States maintains its enforcement pressures in the Maduro government, and more of Venezuela’s neighbors express their dissatisfaction with the regime’s policies and their disastrous effects on the country, Russia has been demonstrating its resolve to support Maduro and his government in a variety of ways.  They reportedly include $1.5 billion in cash via loans and bailouts for the cash-starved country, in exchange for Russian ownership of significant portions of at least five Venezuelan oil fields, “30 years’ worth of future output from two Caribbean natural-gas fields,” and taking of 49.9 percent of Venezuela-owned Citgo as collateral for the loans.  They also include provision of Russian advisors who have been assisting Venezuela in avoiding bankruptcy, and who helped in the introduction of the controversial Venezuelan digital currency, the Petro.

More recently, the Russian government sent two strategic bomber aircraft capable of carrying nuclear weapons to Venezuela, in a show of support clearly intended to bolster the Maduro regime and infuriate the United States.  According to several recent reports, Venezuela has agreed to allow Russia to establish an outpost on the Venezuelan island of La Orchila where the nuclear-capable bombers could be based.  Creation of that outpost would indicate the depth of Russia’s commitment not merely to make Venezuela a long-term client state and relieve the United States’ economic and enforcement pressures on the Maduro regime, but to establish an overt military presence in Latin America whose influence, even if purely symbolic, could be felt throughout the region.

Indonesian Corruption Court Convicts, Fines Indonesian Construction Company on Corruption Charges

On January 4, the Jakarta Post reported that the Corruption Court in Jakarta convicted Indonesian construction company PT Nusa Konstruksi Enjiniring (NKE) (formerly PT Duta Graha Indah (DGI) on charges of corruption relating to several construction projects.  It also sentenced NKE to a fine of IDR (Indonesian rupiah) 700 million ($48,631), restitution of IDR 85.4 billion to the Indonesian government, and a six-month ban on NKE’s undertaking any government projects.

This conviction and sentence are significant because they are reportedly the first against any company since 2016, when the Indonesian Supreme Court issued Regulation Number 13 to address “legal ambiguities that were impeding prosecutors and investigators to pursue corporations for committing criminal offences, including corruption.”  According to the Indonesian Corruption Eradication Commission (KPK) Commissioner Laode M. Syarif, before Regulation Number 13 only two other corporations had ever been prosecuted under the Indonesian Anti Corruption Act.

The judges on the Corruption Court stated that NKE had received illicit funds totaling IDR 240.09 billion from eight construction projects, through rigged tenders with the help of former Indonesian official Muhammad Nazaruddin.  Approximately IDR 87 billion of the projects’ combined profit of IDR 239.9 billion was given to the state, and IDR 67.5 billion was transferred to Nazaruddin in spurious “fees.”  The Court accordingly ordered NKE to pay IDR 85.4 billion in restitution within one month of its ruling.  NKE’s President Director Joko Eko Suprastowo told the Court that NKE accepted the court’s ruling, and did not plan to appeal.

Note: Although the Corruption Court over the last two years has imposed substantial prison sentences on prominent former Indonesian officials, including former Speaker of the House Setya Novanto and former Constitutional Court judge Patrialis Akbar, the NKE verdict sets an important precedent for the Indonesian government’s investigation and prosecution of companies for corruption.

At the same time, it should be noted that the NKE fine and restitution reportedly were well below the recommendation by the KPK prosecutor that NKE be fined IDR 1 billion and pay IDR 188.7 billion in restitution.  While the circumstances and the underlying laws are different, based on initial reports the KPK sentence appears especially moderate when compared with the almost-simultaneous ruling by the Indonesian Supreme Court that upheld fines of IDR 1 trillion ($69 million) against plantation company PT National Sago Prima for causing forest fires in 2015.  Further reporting and future corporate prosecutions by the KPK will be necessary to establish the NKE sentence’s long-term significance.

Malaysia Files Criminal Charges Against Key Individuals, Goldman Sachs Subsidiaries in 1MDB Cases

In December, the Malaysian government, in close succession, filed three sets of criminal charges against a number of key individuals and entities, including subsidiaries of global financial services firm Goldman Sachs, that pertain to the scandal surrounding sovereign wealth fund 1Malaysia Development Berhad (1MDB).

First, on December 4, Today Online reported that charges were filed against the key figure in the 1MDB scandal, financier Low Taek Jho (also known as Jho Low), and four other individuals described in that report as Low’s four “lieutenants,” including former 1MDB general counsel Jasmine Loo Ai Swan.  The charges stem from unsuccessful efforts by the Malaysian Anti-Corruption Commission (MACC) this summer to locate the four individuals for questioning concerning the massive alleged embezzlement from 1MDB.

Second, on December 11, Bloomberg reported that charges were filed against former Malaysian Prime Minister Najib Razak and former 1MDB President Arul Kanda for their alleged roles in tampering with a state audit report into 1MDB.  Earlier in 2018, Razak had already been the subject of nearly 40 criminal charges of abuse of power, breach of trust, and money laundering relating to 1MDB.   In the audit-tampering case, according to charging records, Razak allegedly altered the report on the government audit into 1MDB “to protect himself from criminal, civil or regulatory action, while Arul is accused of abetting him.”

Third, on December 17, Malaysian Attorney General Tommy Thomas announced that criminal charges under Malaysian securities laws had been filed against subsidiaries of Goldman Sachs, former Goldman Southeast Asia Chairman Tim Leissner, former Goldman managing director and Leissner deputy Roger Ng Chong Hwa, Jasmine Loo, and Low.  Thomas stated that these charges arose from the commission and abetment of false or misleading statements by all of the defendants in order to dishonestly misappropriate $2.7 billion from the proceeds of three bonds that 1MBD subsidiaries issued, “which were arranged and underwritten by Goldman Sachs.”  He also stated that Leissner and Ng conspired with Low, Loo, and others to bribe Malaysian public officials in order to procure the selection, involvement, and participation of Goldman Sachs in those bond issuances.

Thomas also made clear that prosecutors would seek severe sentences under Malaysia law for the defendants upon conviction:

Malaysia considers the allegations in the charges against all the accused to be grave violations of our securities laws, and to reflect their severity, prosecutors will seek criminal fines against the accused well in excess of the USD2.7 billion misappropriated from the Bonds proceeds and USD600 million in fees received by Goldman Sachs, and custodial sentences against each of the individual accused: the maximum term of imprisonment being 10 years. Their fraud goes to the heart of our capital markets, and if no criminal proceedings are instituted against the accused, their undermining of our financial system and market integrity will go unpunished.

Ng in fact was not charged until December 19, owing to a misunderstanding by Malaysian prosecutors about the need for Ng’s presence at a December 19 hearing concerning his extradition to the United States.  On November 1, the United States Department of Justice announced the unsealing of an indictment charging Ng and Low with money laundering- and Foreign Corrupt Practices Act (FCPA)- offenses pertaining to the alleged laundering of billions of dollars embezzled from 1MDB, and the guilty plea of Leissner to an information charging him with conspiring to launder money and to violate the FCPA by paying bribes to Malaysian and Abu Dhabi officials and circumventing Goldman’s internal accounting controls during his employment there.  Accordingly, the Justice Department has been seeking Ng’s extradition to stand trial in the United States.  To date, Low remains at large.

Note: One media report speculated that Ng “could be stuck in the middle of a tug-of-war” between the United States and Malaysia, because both countries have charged him relating to the same conduct, and  commented that “[i]t is unclear how prosecutors on both sides will cooperate on charges relating to Ng and others.” That speculation is open to question, on two grounds.

First, when the Justice Department announced the charges against Low and Ng and Leissner’s plea in November, it specifically stated that it “also appreciates the significant assistance provided by the Attorney General’s Chambers of Malaysia, the Royal Malaysian Police, the Malaysian Anti-Corruption Commission,” and other prosecutive and police authorities in Singapore, Switzerland, and Luxembourg.  As a matter of agency practice, the Department does not credit foreign law enforcement or regulatory agencies with “significant assistance” unless that assistance was, in fact, significant.  “Significant assistance” can also signify active coordination and cooperation between the Department and the named foreign authorities in parallel investigations.

Second, because Low remains at large, at the moment both Malaysia and the United States must pursue their respective cases with the defendants they have in custody.  One possible sequence of actions on which the Justice Department and Malaysian authorities could have reached broad agreement would be as follows:

  • On January 7, the Kuala Lumpur Sessions Court rejected Ng’s application for bail pending his extradition proceeding. Ng’s extradition process therefore will continue, further efforts to resist extradition to the United States will likely fail, and thereafter he will be promptly extradited to the United States.  There, Justice Department prosecutors will confront him with the reality that his former superior, Leissner, is already cooperating with them, and that Ng’s conviction at trial in the United States would subject Ng to dozens of years of imprisonment.
  • If Ng agrees to cooperate with both the United States and Malaysia, he too will plead guilty to FCPA and money laundering charges in the United States, and provide testimony and information that Malaysia could use in its case against Goldman’s subsidiaries (and other individual defendants if available) and that both countries could use against Low should he be apprehended.

If anyone is likely to become the basis for a tug of war between Malaysian and U.S. prosecutors at some point, it would be Low.  That tug of war, however, is not likely to arise for some time.

“Happy New Year! Your Personal Data Have Been Hacked.”

On January 1, employees of the State of Victoria in Australia received the unwelcome distinction of receiving what appears to be the first data-breach notification of 2019.  According to ABC News, employees received an email on January 1 informing them that on December 22, 2018, “an unauthorized third party accessed and downloaded a partial copy of the Victorian government employee directory, which identified approximately 30,000 public service staff and contractors.  It appears the third party accessed the list after compromising an employee’s email account.”

The email also stated that the list is available to Victorian government employees and contains work emails, job titles, and work phone numbers, and that their mobile phone numbers may have also been accessed if they were in the directory.  As a result of the breach, employees were further informed, “you may experience increased phishing, spam and social engineering attempts via your work email address and telephone numbers,” adding ,”As always, you should be aware of these risks and remain vigilant when it comes to unsolicited communications via email and telephone.”

Note: In response to the breach, the Victorian Premier’s Department stated that it had referred the breach to Victoria police, police, the Australian Cyber Security Centre, and the Office of the Victorian Information Commissioner for investigation.  A Department spokesperson stated that the Government “will ensure any learnings from the investigation are put in place to better protect against breaches like this in the future.”

The Victorian government, however, should not wait for the investigation’s conclusion to take action.  At a minimum, given the statement that the hacker had compromised an employee’s email account and then accessed the employee list, it needs to send a reminder to all government employees that forcefully stresses the importance of always refraining from clicking on links in emails from sources unknown to them.  To be sure, internalizing that message can be difficult for people in any organization who receive hundreds of emails each day at work.  Moreover, anyone who is not knowledgeable about current cybercrime exploits and techniques may find it difficult to believe that a moment’s carelessness can lead to compromise of an entire network or database.

For that reason, the government should consider special training, such as a webinar required for employees in all Victorian departments, that can show people how easily such compromises can occur and how severe the consequences can be for themselves, their colleagues, and their department.  In addition, even though the employee list reportedly did not include employee banking or financial information, the government needs to act sooner rather than later in placing tighter access controls around that list.  Chief information security officers and chief counsels in all Victorian departments need to coordinate their efforts in deciding on and implementing such controls to reduce the risks of future breaches.

Finally, other Australian state governments, as well as Commonwealth departments, should take this opportunity to disseminate similar messages to their employees and to review the adequacy of their own data-protection procedures and processes and cybersecurity training.  The challenge in this case, as with any data breach, is not identifying the most important lessons to be learned, but rather communicating those lessons in ways that effect meaningful changes in employee behavior.