Author: Jonathan J. Rusch

On January 8, the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Venezuelan individuals and companies that were involved, according to OFAC,

in a significant corruption scheme designed to take advantage of the Government of Venezuela’s currency exchange practices, generating more than $2.4 billion in corrupt proceeds.  This designation, pursuant to Executive Order (E.O.) 13850, targets seven individuals, including former Venezuelan National Treasurer Claudia Patricia Diaz Guillen (Diaz) and Raul Antonio Gorrin Belisario (Gorrin), who bribed the Venezuelan Office of the National Treasury (ONT, or Oficina Nacional del Tesoro) in order to conduct illicit foreign exchange operations in Venezuela.  In addition to Diaz and Gorrin, OFAC designated or blocked five other individuals and 23 entities, pursuant to E.O. 13850, for their roles in the bribery scheme, and identified one private aircraft as blocked property.

In remarks that accompanied the issuance of the OFAC sanctions, Secretary of the Treasury Stephen Mnuchin stated that “Treasury is targeting this currency exchange network which was another illicit scheme that the Venezuelan regime had long used to steal from its people,” and that Treasury’s actions “expose yet another deplorable practice that Venezuela regime insiders have used to benefit themselves at the expense of the Venezuelan people.”

The facts underlying these sanctions relate directly to the criminal prosecutions that the United States Department of Justice has been conducting against key members of the Venezuelan elite for their roles in a currency-exchange scheme that resulted in embezzlement of more than $1.2 billion from Venezuelan state-owned oil company Petróleos de Venezuela, S.A. (PDVSA).  In addition to the seven individuals, OFAC listed 23 companies and a Dassault Mystere private aircraft as being designated or blocked for being owned or controlled by those individuals.

Note: This latest cluster of OFAC sanctions is yet another in the continuing series of sanctions and prosecutions that the Trump Administration is directing at Venezuela’s Boliburguésia and their support network.  The Treasury announcement specifically stated that “sanctions are intended to change behavior,” and that the United States Government “has made it clear that we will consider lifting sanctions for persons designated under E.O. 13692 or E.O. 13850 who take concrete and meaningful actions to restore democratic order, refuse to take part in human rights abuses, speak out against abuses committed by the government, and combat corruption in Venezuela.

None of that, of course, is likely to take place in the near term, now that President Nicolás Maduro is about to be sworn in for a second six-year term in office.  It is also increasingly unlikely to take place in the longer term.   Even if the United States maintains its enforcement pressures in the Maduro government, and more of Venezuela’s neighbors express their dissatisfaction with the regime’s policies and their disastrous effects on the country, Russia has been demonstrating its resolve to support Maduro and his government in a variety of ways.  They reportedly include $1.5 billion in cash via loans and bailouts for the cash-starved country, in exchange for Russian ownership of significant portions of at least five Venezuelan oil fields, “30 years’ worth of future output from two Caribbean natural-gas fields,” and taking of 49.9 percent of Venezuela-owned Citgo as collateral for the loans.  They also include provision of Russian advisors who have been assisting Venezuela in avoiding bankruptcy, and who helped in the introduction of the controversial Venezuelan digital currency, the Petro.

More recently, the Russian government sent two strategic bomber aircraft capable of carrying nuclear weapons to Venezuela, in a show of support clearly intended to bolster the Maduro regime and infuriate the United States.  According to several recent reports, Venezuela has agreed to allow Russia to establish an outpost on the Venezuelan island of La Orchila where the nuclear-capable bombers could be based.  Creation of that outpost would indicate the depth of Russia’s commitment not merely to make Venezuela a long-term client state and relieve the United States’ economic and enforcement pressures on the Maduro regime, but to establish an overt military presence in Latin America whose influence, even if purely symbolic, could be felt throughout the region.

On January 4, the Jakarta Post reported that the Corruption Court in Jakarta convicted Indonesian construction company PT Nusa Konstruksi Enjiniring (NKE) (formerly PT Duta Graha Indah (DGI) on charges of corruption relating to several construction projects.  It also sentenced NKE to a fine of IDR (Indonesian rupiah) 700 million ($48,631), restitution of IDR 85.4 billion to the Indonesian government, and a six-month ban on NKE’s undertaking any government projects.

This conviction and sentence are significant because they are reportedly the first against any company since 2016, when the Indonesian Supreme Court issued Regulation Number 13 to address “legal ambiguities that were impeding prosecutors and investigators to pursue corporations for committing criminal offences, including corruption.”  According to the Indonesian Corruption Eradication Commission (KPK) Commissioner Laode M. Syarif, before Regulation Number 13 only two other corporations had ever been prosecuted under the Indonesian Anti Corruption Act.

The judges on the Corruption Court stated that NKE had received illicit funds totaling IDR 240.09 billion from eight construction projects, through rigged tenders with the help of former Indonesian official Muhammad Nazaruddin.  Approximately IDR 87 billion of the projects’ combined profit of IDR 239.9 billion was given to the state, and IDR 67.5 billion was transferred to Nazaruddin in spurious “fees.”  The Court accordingly ordered NKE to pay IDR 85.4 billion in restitution within one month of its ruling.  NKE’s President Director Joko Eko Suprastowo told the Court that NKE accepted the court’s ruling, and did not plan to appeal.

Note: Although the Corruption Court over the last two years has imposed substantial prison sentences on prominent former Indonesian officials, including former Speaker of the House Setya Novanto and former Constitutional Court judge Patrialis Akbar, the NKE verdict sets an important precedent for the Indonesian government’s investigation and prosecution of companies for corruption.

At the same time, it should be noted that the NKE fine and restitution reportedly were well below the recommendation by the KPK prosecutor that NKE be fined IDR 1 billion and pay IDR 188.7 billion in restitution.  While the circumstances and the underlying laws are different, based on initial reports the KPK sentence appears especially moderate when compared with the almost-simultaneous ruling by the Indonesian Supreme Court that upheld fines of IDR 1 trillion ($69 million) against plantation company PT National Sago Prima for causing forest fires in 2015.  Further reporting and future corporate prosecutions by the KPK will be necessary to establish the NKE sentence’s long-term significance.

In December, the Malaysian government, in close succession, filed three sets of criminal charges against a number of key individuals and entities, including subsidiaries of global financial services firm Goldman Sachs, that pertain to the scandal surrounding sovereign wealth fund 1Malaysia Development Berhad (1MDB).

First, on December 4, Today Online reported that charges were filed against the key figure in the 1MDB scandal, financier Low Taek Jho (also known as Jho Low), and four other individuals described in that report as Low’s four “lieutenants,” including former 1MDB general counsel Jasmine Loo Ai Swan.  The charges stem from unsuccessful efforts by the Malaysian Anti-Corruption Commission (MACC) this summer to locate the four individuals for questioning concerning the massive alleged embezzlement from 1MDB.

Second, on December 11, Bloomberg reported that charges were filed against former Malaysian Prime Minister Najib Razak and former 1MDB President Arul Kanda for their alleged roles in tampering with a state audit report into 1MDB.  Earlier in 2018, Razak had already been the subject of nearly 40 criminal charges of abuse of power, breach of trust, and money laundering relating to 1MDB.   In the audit-tampering case, according to charging records, Razak allegedly altered the report on the government audit into 1MDB “to protect himself from criminal, civil or regulatory action, while Arul is accused of abetting him.”

Third, on December 17, Malaysian Attorney General Tommy Thomas announced that criminal charges under Malaysian securities laws had been filed against subsidiaries of Goldman Sachs, former Goldman Southeast Asia Chairman Tim Leissner, former Goldman managing director and Leissner deputy Roger Ng Chong Hwa, Jasmine Loo, and Low.  Thomas stated that these charges arose from the commission and abetment of false or misleading statements by all of the defendants in order to dishonestly misappropriate $2.7 billion from the proceeds of three bonds that 1MBD subsidiaries issued, “which were arranged and underwritten by Goldman Sachs.”  He also stated that Leissner and Ng conspired with Low, Loo, and others to bribe Malaysian public officials in order to procure the selection, involvement, and participation of Goldman Sachs in those bond issuances.

Thomas also made clear that prosecutors would seek severe sentences under Malaysia law for the defendants upon conviction:

Malaysia considers the allegations in the charges against all the accused to be grave violations of our securities laws, and to reflect their severity, prosecutors will seek criminal fines against the accused well in excess of the USD2.7 billion misappropriated from the Bonds proceeds and USD600 million in fees received by Goldman Sachs, and custodial sentences against each of the individual accused: the maximum term of imprisonment being 10 years. Their fraud goes to the heart of our capital markets, and if no criminal proceedings are instituted against the accused, their undermining of our financial system and market integrity will go unpunished.

Ng in fact was not charged until December 19, owing to a misunderstanding by Malaysian prosecutors about the need for Ng’s presence at a December 19 hearing concerning his extradition to the United States.  On November 1, the United States Department of Justice announced the unsealing of an indictment charging Ng and Low with money laundering- and Foreign Corrupt Practices Act (FCPA)- offenses pertaining to the alleged laundering of billions of dollars embezzled from 1MDB, and the guilty plea of Leissner to an information charging him with conspiring to launder money and to violate the FCPA by paying bribes to Malaysian and Abu Dhabi officials and circumventing Goldman’s internal accounting controls during his employment there.  Accordingly, the Justice Department has been seeking Ng’s extradition to stand trial in the United States.  To date, Low remains at large.

Note: One media report speculated that Ng “could be stuck in the middle of a tug-of-war” between the United States and Malaysia, because both countries have charged him relating to the same conduct, and  commented that “[i]t is unclear how prosecutors on both sides will cooperate on charges relating to Ng and others.” That speculation is open to question, on two grounds.

First, when the Justice Department announced the charges against Low and Ng and Leissner’s plea in November, it specifically stated that it “also appreciates the significant assistance provided by the Attorney General’s Chambers of Malaysia, the Royal Malaysian Police, the Malaysian Anti-Corruption Commission,” and other prosecutive and police authorities in Singapore, Switzerland, and Luxembourg.  As a matter of agency practice, the Department does not credit foreign law enforcement or regulatory agencies with “significant assistance” unless that assistance was, in fact, significant.  “Significant assistance” can also signify active coordination and cooperation between the Department and the named foreign authorities in parallel investigations.

Second, because Low remains at large, at the moment both Malaysia and the United States must pursue their respective cases with the defendants they have in custody.  One possible sequence of actions on which the Justice Department and Malaysian authorities could have reached broad agreement would be as follows:

• On January 7, the Kuala Lumpur Sessions Court rejected Ng’s application for bail pending his extradition proceeding. Ng’s extradition process therefore will continue, further efforts to resist extradition to the United States will likely fail, and thereafter he will be promptly extradited to the United States.  There, Justice Department prosecutors will confront him with the reality that his former superior, Leissner, is already cooperating with them, and that Ng’s conviction at trial in the United States would subject Ng to dozens of years of imprisonment.
• If Ng agrees to cooperate with both the United States and Malaysia, he too will plead guilty to FCPA and money laundering charges in the United States, and provide testimony and information that Malaysia could use in its case against Goldman’s subsidiaries (and other individual defendants if available) and that both countries could use against Low should he be apprehended.

If anyone is likely to become the basis for a tug of war between Malaysian and U.S. prosecutors at some point, it would be Low.  That tug of war, however, is not likely to arise for some time.

On January 1, employees of the State of Victoria in Australia received the unwelcome distinction of receiving what appears to be the first data-breach notification of 2019.  According to ABC News, employees received an email on January 1 informing them that on December 22, 2018, “an unauthorized third party accessed and downloaded a partial copy of the Victorian government employee directory, which identified approximately 30,000 public service staff and contractors.  It appears the third party accessed the list after compromising an employee’s email account.”

The email also stated that the list is available to Victorian government employees and contains work emails, job titles, and work phone numbers, and that their mobile phone numbers may have also been accessed if they were in the directory.  As a result of the breach, employees were further informed, “you may experience increased phishing, spam and social engineering attempts via your work email address and telephone numbers,” adding ,”As always, you should be aware of these risks and remain vigilant when it comes to unsolicited communications via email and telephone.”

Note: In response to the breach, the Victorian Premier’s Department stated that it had referred the breach to Victoria police, police, the Australian Cyber Security Centre, and the Office of the Victorian Information Commissioner for investigation.  A Department spokesperson stated that the Government “will ensure any learnings from the investigation are put in place to better protect against breaches like this in the future.”

The Victorian government, however, should not wait for the investigation’s conclusion to take action.  At a minimum, given the statement that the hacker had compromised an employee’s email account and then accessed the employee list, it needs to send a reminder to all government employees that forcefully stresses the importance of always refraining from clicking on links in emails from sources unknown to them.  To be sure, internalizing that message can be difficult for people in any organization who receive hundreds of emails each day at work.  Moreover, anyone who is not knowledgeable about current cybercrime exploits and techniques may find it difficult to believe that a moment’s carelessness can lead to compromise of an entire network or database.

For that reason, the government should consider special training, such as a webinar required for employees in all Victorian departments, that can show people how easily such compromises can occur and how severe the consequences can be for themselves, their colleagues, and their department.  In addition, even though the employee list reportedly did not include employee banking or financial information, the government needs to act sooner rather than later in placing tighter access controls around that list.  Chief information security officers and chief counsels in all Victorian departments need to coordinate their efforts in deciding on and implementing such controls to reduce the risks of future breaches.

Finally, other Australian state governments, as well as Commonwealth departments, should take this opportunity to disseminate similar messages to their employees and to review the adequacy of their own data-protection procedures and processes and cybersecurity training.  The challenge in this case, as with any data breach, is not identifying the most important lessons to be learned, but rather communicating those lessons in ways that effect meaningful changes in employee behavior.

On December 19, the United States Attorney for the Southern District of New York, Geoffrey S. Berman, announced that his office had filed criminal charges under the Bank Secrecy Act (“BSA”) against U.S. broker-dealer Central States Capital Markets, LLC (“CSCM”), based on CSCM’s willful failure to file a suspicious activity report (“SAR”) regarding the illegal activities of one of its customers.  The announcement noted that the charges constitute the first criminal BSA charge ever brought against a U.S. broker-dealer.

The announcement also stated that CSCM had agreed to enter into a Deferred Prosecution Agreement (DPA) with CSCM.  Under the terms of the DPA, CSCM stipulated to the accuracy of an extensive Statement of Facts, and agreed to pay a $400,000 penalty and continue to enhance its BSA/Anti-Money Laundering (“AML”) compliance program.

The criminal charges pertained to the activities of a CSCM customer, Scott Tucker, who had been convicted at trial in 2017 along with his attorney, Timothy Muir, of racketeering, wire fraud and money laundering for their roles in perpetrating a massive payday lending scheme.  The jury found that from in or about the late 1990s through in or about 2013, through various payday-lending companies that he owned and controlled, Tucker extended short-term, high-interest and unsecured loans — commonly referred to as “payday loans” — to people around the country at interest rates as high as 700 percent or more and in violation of the usury laws of numerous states, including New York.  Tucker reportedly sought to insulate himself from applicable usury laws by entering into a series of sham relationships with certain Native American tribes (“Tribes”) in order to conceal his ownership and control of the payday-lending companies and claim the protection of tribal sovereign immunity, which is a legal doctrine that generally prevents states from enforcing their laws against Native American tribes.  In order to effectuate his scheme, Tucker assigned nominal ownership of his payday lending companies to certain corporations created under the laws of the tribes (the “Tribal Companies”).

According to the U.S. Attorney’s Office,

CSCM failed to follow its written customer identification procedures and did not act upon red flags prior to opening investment accounts for the Tribal Companies, which were in fact controlled by Tucker.  CSCM discussed opening these accounts exclusively with Scott Tucker and his brother Blaine (the “Tuckers”).  Although CSCM received account opening documents signed by tribal officials granting only Blaine Tucker authorization over the accounts, CSCM routinely dealt with and took direction from Scott Tucker concerning the management of funds in the Tribal Companies’ accounts based solely on Scott Tucker’s oral assertions that he was a “consultant” to the Tribes.  At no point did CSCM obtain written verification of Tucker’s authority over the accounts.

CSCM also disregarded red flags that were known prior to opening the accounts, failed to act on additional red flags, and failed to monitor any transactions using the AML tool that had been provided to CSCM for that purpose.  In addition, numerous suspicious transactions relating to Tucker – including 18 wire transfers totaling $40,518,000  to Tucker’s personal CSCM account — went undetected and unreported by CSCM.  Finally, even though CSCM produced documents in connection with the U.S. Attorney’s Office’s criminal investigation and was aware of the indictment against Tucker, it did not file a SAR, according to that Office, “until long after Tucker was convicted at trial.”

Note: The financial penalty associated with the CSCM DPA is only a small fraction of the nine-figure penalties that Rabobank and U.S. Bancorp agreed to pay earlier this year in connection with their own DPAs for BSA violations.  Even so, this case should provide chief compliance officers with broker-dealers with an opportunity to remind senior management that the BSA applies to more than just banks, and that their firms need to take BSA/AML obligations, including timely filing of BSA-related SARs, seriously.

The case also includes information that that reminder should convey to the Chief Executive Officer and other C-level executives.   In CSCM’s case, the U.S. Attorney’s Office specifically noted that before CSCM opened the accounts for Tucker, Tucker gave CSCM’s CEO a false and misleading explanation of the reasons for opening the accounts, and neither the CEO nor anyone else at CSCM attempted to verify Tucker’s explanation.  It also specifically stated that when CSCM was confronted with additional red flags, “CSCM, including its CEO, did not act upon these red flags” because Tucker assured CSCM that a then-pending FTC action against Tucker and the Tribal Companies for engaging in unfair business practices “would soon be resolved and all challenges brought by state regulators had been unsuccessful due to sovereign immunity.”