Germany’s Financial Intelligence Unit Reports Substantial Increase in Suspicious Transaction Report Filings in 2019

On August 18, Germany’s Financial Intelligence Unit (FIU) announced that it had issued its Annual Report for 2019.  The Report (available here) stated that in 2019, it received 114,914 suspicious transaction reports.  That total represents an increase of 37,500 more suspicious transaction reports than the FIU received in 2018.

All in all, the FIU reported, it has seen the annual number of such reports increase almost twelve-fold since 2009.  The FIU commented that this increase “reflects the continuous awareness of those subject to the Money Laundering Act and the increasing automation at large credit institutions.”

The Report also included findings regarding the filing of suspicious transaction reports by the financial and non-financial sectors:

  • Financial Sector: The increase in the number of suspicious transaction reports applies to both the financial and non-financial sectors, as well as to authorities and other covered entities. Approximately 98 percent of all reports still come from the financial sector, from which the FIU received more than 35,000 more suspicious transaction reports than in 2018.
  • Non-Financial Sector: The absolute number of suspicious transaction reports that the FIU received from the non-financial sector increased in 2019, but still only accounts for approximately 1.3 percent of the total.  Gambling organizers and brokers were primarily responsible for the increase in the non-financial sector.  The FIU also received “[s]ignificantly more reports” from goods dealers in 2019, with a percentage increase “roughly in line with the overall trend.”  It also saw an increase in the number of reports from real estate agents and financial companies.
  • Cryptocurrencies: The FIU also saw “a slight upward trend” in the number of suspicious transaction reports relating to crypto assets.  Approximately 760 reports contained as a reason for filing “abnormalities in connection with crypto currencies.”  In particular, it deemed the forwarding of funds to trading platforms abroad to exchange the funds for crypto assets, ​​with subsequent further transfer, “abnormal.”

The director of the FIU, Christof Schulte, welcomed these developments.  He stated that the upward trend in the numbers of suspicious transaction reports being filed “shows that the FIU’s extensive awareness-raising and coordination measures are working.”

Schulte also noted that the FIU’s risk-based approach and associated legal filter function – both also included in the standards of the Financial Action Task Force (FATF) – “are of particular importance.”  As he put it, “Only the facts that are actually valuable are passed on to the responsible law enforcement authorities so that law enforcement can efficiently concentrate available resources on these facts.”

Schulte cautioned that he did not consider the reports filed by the non-financial sector to be sufficient, in light of the money laundering risks in that sector.  He further stated that in view of the increasing number of crypto-related reports, the FIU “will also increasingly investigate transactions that were carried out using new payment technologies with regard to money laundering and terrorist financing.”

Note:  This FIU report is instructive, not only for the statistical data regarding suspicious transaction report filings, but also for the comments by Director Schulte about the volume of reports from the non-financial sector and increasing FIU focus on crypto-related transactions.  Whether  the FIU’s concentration on analysis of these reports will translate into actual enforcement cases by German prosecutors remains to be seen.  As Director Schulte admitted in a recent media interview, “One problem for us is that the prosecution of money laundering in Germany isn’t traditionally well established.”

In any event, chief compliance officers at German financial institutions and other entities subject to German money-laundering legal requirements should review the FIU report closely, and share pertinent details with other senior executives in their firms.

U.S. Antitrust Division Head Announces Division Reorganization, Creation of New Units

On August 20, Makan Delrahim, Assistant Attorney General in charge of the Antitrust Division at the U.S. Department of Justice, announced a series of changes in the Division’s structure and operational responsibilities.  Those changes fall into three categories.

First, the Division is reallocating certain “commodities” (i.e., industries it review) across its civil enforcement sections.  Prior to the reallocation, the enforcement of mergers and conduct in the financial services, banking, insurance, and credit card businesses were spread across four different sections within the Division, and media, broadcast, and telecommunications were divided between two sections.  Under the reorganization, the Division will dedicate all financial services to a single section, and combine broadcast and telecommunications in a single section.  Combining the responsibilities for broadcast and cable, in Assistant Attorney General Delrahim’s view, “reflects the integration in these industries and will streamline our enforcement and review in these sectors.”

Second, the Division has created a new office, the Office of Decree Enforcement and Compliance (ODEC).  ODEC has been given primary responsibility for enforcing judgments and settlement decrees in civil matters.  It will serve, as Delrahim put it, “as the dedicated watchdog for judgment and decree compliance,” and is charged with working with Antitrust Division attorneys, monitors, and compliance officers to ensure the effective implementation of and compliance with those civil agreements.

Third, the Division has created a Civil Conduct Task Force (CCTF) to focus full time on civil non-merger work.  The CCTF will consist of both a core group of fully dedicated attorneys and attorney designees from each of the Division’s six civil sections and three field offices.  All CCTF members are to be staffed on CCTF-lead civil conduct investigations.

The rationale for the CCTF’s creation, according to Delrahim, is “to ensure that when the Division gets busy with merger reviews with statutory deadlines, that there is still an independent group of dedicated attorneys with the mandate to execute against aggressive timelines in our non-merger cases.”  The objective is to have the CCTF “build competencies that are unique to civil conduct cases, where the key questions, and the posture of the parties under investigation, are quite different from merger investigations,” and to ensure “that these competencies are shared with the civil sections and the field offices when they lead conduct cases as well.”

Note:  Enforcement agency reorganizations and revisions ordinarily attract minimal public attention, other than from attorneys whose practices focus on those agencies.  While that is likely to be true of these Antitrust Division changes as well, antitrust practitioners should closely monitor subsequent developments stemming from the changes.

Within the next year, both Division attorneys and private practitioners should see significant benefits flowing from the consolidation of related industry sectors in a single Division section.  In contrast, it may take two or more years before the worth of the ODEC and the CCTF can be clearly established, but any measures that reduce the stop-and-start handling of certain antitrust investigations and provide more consistent oversight of antitrust decree enforcement should be welcome.

United States Seizes Iranian Petroleum Shipments, Bound for Venezuela, for Sanctions Evasion

On August 14, the U.S. Department of Justice announced “the successful disruption of a multimillion dollar fuel shipment by the Islamic Revolutionary Guard Corps (IRGC), a designated foreign terrorist organization, that was bound for Venezuela” aboard four foreign-flagged oil tankers.  These actions, according to the Department, “represent the government’s largest-ever seizure of fuel shipments from Iran.”

The genesis of these seizures was a civil forfeiture complaint that the Justice Department filed on July 2, 2020, in the U.S. District Court for the District of Columbia.  In essence, the complaint, which named the four oil tankers in question, stated, according to the Wall Street Journal, “that an Iranian businessman affiliated with the Islamic Revolutionary Guard Corps, Iran’s elite military unit designated by the U.S. as a terror group, arranged the fuel deliveries through a network of shell companies to avoid detection and evade U.S. sanctions.”

After the District Court issued the forfeiture order, unspecified U.S. forces reportedly “successfully executed the seizure order and confiscated the cargo from all four vessels, totaling approximately 1.116 million barrels of petroleum.” A senior U.S. official told the Associated Press

that no military force was used in the seizures and that the ships weren’t physically confiscated. Rather, U.S. officials threatened ship owners, insurers and captains with sanction to force them to hand over their cargo, which now becomes U.S. property, the official said.

The Justice Department credited unspecified “foreign partners” in assisting in the seizure and that the seized oil “is now in U.S. custody.”

The Department also reported that after the successful U.S. seizure, “Iran’s navy forcibly boarded an unrelated ship in an apparent attempt to recover the seized petroleum, but was unsuccessful.”  It provided a link to a short video from U.S. Central Command that it represented to be a video of the unsuccessful Iranian operation.

Note: This action by the Justice Department is noteworthy because it represents the first time that the United States has used vessel seizures to prevent Iranian oil shipments to Venezuela.  The Trump Administration undoubtedly regarded these seizures as a necessary response to the successful deliveries of gasoline to Venezuela by Iran earlier this year.  As the Journal noted, the seizure has particular force because it deprives two sanctioned regimes of much-needed resources: oil for Venezuela, and revenues for Iran.

Neither regime is likely to be deterred directly by the seizures, but the Administration undoubtedly expects that.  The key to the success of this stratagem by the United States will be whether the seizures “deter shipping companies from dealing with the Iranians and Venezuelans as tanker owners, brokers, insurers and other businesses see the risk as too costly.”  If the U.S. Government can dissuade legitimate shipping companies from future support, Iran and Venezuela will likely be forced to deal with far less reliable companies and less seaworthy vessels in continuing to evade sanctions.

Sonatype Report Highlights 430 Percent Increase in Open Source Supply Chain Attacks

On August 12, software development company Sonatype announced the issuance of its sixth annual State of the Software Supply Chain Report.  Key elements of the report included the following:

  • Cyberattack Trends: In the past 12 months, the number of next-generation cyberattacks aimed at actively infiltrating open source increased 430 percent over the number in the preceding four years. In February 2015 to June 2019, 216 such attacks were recorded; from July 2019 to May 2020, an additional 929 attacks were recorded.
  • Next-Generation Cyberattack Characteristics: The report stated that while legacy software supply chain exploits “prey on publicly disclosed open source vulnerabilities that are left unpatched in the wild,” next-generation software supply chain attacks “are far more sinister because bad actors are no longer waiting for public vulnerability disclosures” but “are taking the initiative and actively injecting malicious code into open source projects that feed the global supply chain.” As a result, this upstream focus allows bad actors to “infect a single component, which will then be distributed ‘downstream’ using legitimate software workflows and update mechanisms.”
  • Open-Source Vulnerabilities: Next-generation cyberattacks are possible for three reasons: (1) Because open-source projects “rely on contributions from thousands of volunteer developers,” determining whether community members have good or malicious intent “is difficult, if not impossible”; (2) Open source projects ‘ typical incorporation of “hundreds — if not thousands — of dependencies from other open source projects, which may contain known vulnerabilities”; and (3) The “shared trust” ethos “creates a fertile environment whereby bad actors can prey upon good people with surprising ease.”
  • Types of Next-Generation Cyberattacks: Typosquatting was the most common attack identified, and malicious code injection was identified as another common attack.
  • Responses to Legacy Software Supply Chain Attacks: The report urged organizations to “establish a ‘rapid upgrade posture’ so they can respond quickly to new zero-day disclosures by finding and fixing vulnerable open source dependencies in production applications.” A 2020 Sonatype survey of 679 development professionals, however, found that only 17 percent of organizations “become aware of new open source vulnerabilities within a day of public disclosure,” 35 percent “find out within one to seven days,” and the remaining 48 percent “become aware of new vulnerabilities after a week’s time.”  That survey also found that a majority of respondents (51 percent) “required more than a week to respond.”

The report also contained other findings, concerning the supply and demand for open source, that demonstrate the ubiquity and growth of open source use.  It projects, for example, that one trillion JavaScript packages will be downloaded in 2020, with the 10.7 million JavaScript developers around the world downloading an average of 93,457 packages.  It also provided extensive discussions of how to identify exemplary open source suppliers, how high-performance teams manage open source software supply chains, the trust and integrity of software supply chains, and the influences of social activism and government standards on open source software.

Note: For some time, the open source field has enjoyed a kind of “halo effect” because of its potential for lower hardware and software costs and its stability, flexibility, and security.  The Sonatype report, however , provides a timely reminder that information-security teams need to anticipate both legacy and next-generation cyberattacks on open source software, and to be prepared to respond immediately – not in one or two days or a week – when they become aware of zero-day disclosures.  Corporate information-security officers should therefore disseminate the report within their teams, and incorporate key findings into briefing and training materials for senior managers and executives.

INTERPOL Report Shows “Alarming” Rate of Cyberattacks During COVID-19

On August 4, the International Criminal Police Organization (INTERPOL) announced the results of its report of the impact of the COVID-19 pandemic on cybercrime.  The report found that cybercriminals – in the words of INTERPOL Secretary General Jürgen Stock – “are developing and boosting their attacks at an alarming pace, exploiting the fear and uncertainty caused by the unstable social and economic situation created by COVID-19.”

Key findings in the INTERPOL report included the following:

  • Volume of COVID-19 Cybercrime Activity: One of INTERPOL’s private-sector partners found that in just one four-month period, from January to April 2020, it detected approximately 907,000 spam messages, 737 incidents related to malware, and 48,000 malicious URLs, all related to COVID-19.
  • Online Scams and Phishing: The report showed that threat actors had revised their usual online scams and phishing schemes. Approximately two-thirds of INTERPOL-member countries that responded to INTERPOL’s global cybercrime survey “reported a significant use of COVID-19 themes for phishing and online fraud since the outbreak.”  Cybercriminals have been able to influence victims into providing their personal data and downloading malicious content “[b]y deploying COVID-19 themed phishing emails, often impersonating government and health authorities.”
  • Disruptive Malware (Ransomware and Distributed Denial of Service Attacks): Tyhe report commented that cybercriminals “are increasingly using disruptive malware against critical infrastructure and healthcare institutions, due to the potential for high impact and financial benefit.”  It observed that in the first two weeks of April 2020, there was a spike in ransomware attacks by multiple threat groups which had been relatively dormant for the past few months.”  It also found a noteworthy refinement in ransomware attacks: that “the majority of attackers estimated quite accurately the maximum amount of ransom they could demand from targeted organizations.”
  • Data Harvesting Malware: The report saw an increased deployment “of data harvesting malware such as Remote Access Trojan, info stealers, spyware and banking Trojans by cybercriminals,” using COVID-19 related information to infiltrate systems.
  • Malicious Domains: The report also identified “a significant increase of cybercriminals registering domain names containing keywords, such as ‘coronavirus’ or ‘COVID” to take advantage “of the increased demand for medical supplies and information on COVID-19.”, there has been. An INTERPOL private-sector partner received reports indicating that from February to March 2020, there has been a 569 per cent growth in malicious registrations, including malware and phishing, and a 788 per cent growth in high-risk registrations.
  • Misinformation: The report stated that an “increasing amount of misinformation and fake news is spreading rapidly among the public. Unverified information, inadequately understood threats, and conspiracy theories have contributed to anxiety in communities and in some cases facilitated the execution of cyberattacks.”  The INTERPOL global survey revealed that nearly 30 per cent of responding countries “confirmed the circulation of false information related to COVID-19. Within a one-month period, one country reported 290 postings with the majority containing concealed malware.”  The report also mentioned “reports of misinformation being linked to the illegal trade of fraudulent medical commodities” and “scams via mobile text-messages containing ‘too good to be true’ offers such as free food, special benefits, or large discounts in supermarkets.”

The report also identified four future areas of concern:

  • Further Cybercrime Increase: A further increase in cybercrime “is highly likely in the near future,” as cybercriminals seek to exploit vulnerabilities “related to working from home and the potential for increased financial benefit.”
  • Use of COVID-19 Themes: Threat actors “are likely to continue proliferating coronavirus-themed online scams and phishing campaigns to leverage public concern about the pandemic.”
  • Business Email Compromise (BEC) Schemes: BEC schemes “will also likely surge due to the economic downturn and shift in the business landscape, generating new opportunities for criminal activities.”
  • Availability of COVID Vaccine: “When a COVID-19 vaccination is available, it is highly probable that there will be another spike in phishing related to these medical products as well as network intrusion and cyberattacks to steal data.”

Note:  Although there has been extensive reporting with regard to the exploitation of COVID-19 for various types of cyberattacks, the report provides significant data to document how great the explosion of such cyberattacks has been during 2020.  Information-security and corporate-compliance officers in public- and private-sector entities should provide excerpts of the report’s key findings to senior executives in their organizations, and incorporate selected information into in-house information-security trainings and briefings.