Author: Jonathan J. Rusch

On December 21, Reuters reported that the Criminal Court in Paris announced that it had fined Total S.A. €500,000, in a criminal case in which Total was charged with paying $30 million to obtain access to Iranian oil fields between 1997 and 2005.  French prosecutors reportedly had sought €750,000, as well as confiscation of €250 million — equivalent to the potential benefit that Total received from the bribe – from Total.

The charges in this case dated back to 2013, when the United States Department of Justice announced that Total was the subject of the first coordinated action by French and U.S. law enforcement in a major foreign bribery case.  In brief, according to the Justice Department, in 1995 Total sought to re-enter the Iranian oil and gas market by attempting to obtain a contract with the National Iranian Oil Company to develop the Sirri A and E oil and gas fields.  Eventually, between 1995 and 2004, at the direction of an Iranian official later identified as Medhi Hashemi Rafsanjani (the son of Iran’s former president Akbar Hashemi Rafsanjani), Total corruptly made approximately $60 million in bribe payments for the purpose of inducing the Iranian official to use his influence in connection with Total’s efforts to obtain and retain lucrative oil rights in the Sirri A and E and South Pars oil and gas fields.

In 2013, in coordinated enforcement actions, the Justice Department concluded a deferred prosecution agreement with Total that involved Total’s payment of a $245.2 million monetary penalty to resolve Foreign Corrupt Practices Act charges, the United States Securities and Exchange Commission entered a cease-and-desist order against Total that required Total to pay an additional $153 million in disgorgement and prejudgment interest, and French authorities stated “that they had requested that Total, Total’s Chairman and Chief Executive Officer, and two additional individuals be referred to the Criminal Court for violations of French law, including France’s foreign bribery law.”

Since then, Total’s Chief Executive Officer (CEO), Christophe de Margerie, died in an airplane crash, and Total’s current Chairman and CEO Patrick Pouyanne recently stated that none of the other individuals under investigation were still living.  Total had contested the prosecution on the basis “that the payments had been necessary to ensure the success of the French bid” and “that, since the bribes were paid outside France, the case had no place before a French court.”

After the fine, which one media report characterized as “symbolic,” Pouyanne stated that Total would not pursue the matter further, “given the specific circumstances of this case, which has been already judged in the U.S. and in which none of the individuals can defend themselves.”  He added that anyone who knew de Margerie “knows that he would never be involved in any type of corruption.”

Note: The French Criminal Court’s fine is indeed symbolic, in two unfortunate respects.  First, while the court undoubtedly was well aware that Total had already paid nearly $400 million to U.S. authorities to resolve related charges, those payments pertained specifically to violations of United States criminal and civil law.  By levying a fine equivalent to 0.0038 percent of Total’s alleged $150 million in profits from the scheme, or 0.000054 percent of Total’s 2017 adjusted net income of $10.6 billion , the court conveyed the strong impression that it regarded Total’s violation of French criminal law as unworthy of anything more than a token sanction.

Second, the court’s token fine also could be construed as a tacit endorsement of Total’s assertion that foreign bribery was necessary to ensure the success of its bid.  Such an argument is contrary to the letter and the spirit of anti-corruption conventions that France has ratified as well as various national anti-corruption laws (including France’s 2016 Sapin II legislation), and deserves to be given short shrift in future French prosecutions under Sapin II.

On December 26, 2018, the U.S. Securities and Exchange Commission (SEC) announced that JPMorgan Chase Bank N.A. had agreed to pay more than $135 million to settle charges of improper handling of “pre-released” American Depositary Receipts (ADRs).  As the SEC explained,

ADRs – U.S. securities that represent foreign shares of a foreign company – require a corresponding number of foreign shares to be held in custody at a depositary bank.  The practice of “pre-release” allows ADRs to be issued without the deposit of foreign shares, provided brokers receiving them have an agreement with a depositary bank and the broker or its customer owns the number of foreign shares that corresponds to the number of shares the ADR represents.

As part of the SEC’s ongoing investigation into what it termed “abusive ADR pre-release practices,” the SEC order in the case found that JP Morgan Chase Bank

improperly provided ADRs to brokers in thousands of pre-release transactions when neither the broker nor its customers had the foreign shares needed to support those new ADRs.  Such practices resulted in inflating the total number of a foreign issuer’s tradeable securities, which resulted in abusive practices like inappropriate short selling and dividend arbitrage that should not have been occurring.

JPMorgan Chase Bank, without admitting or denying liability, agreed to pay disgorgement of more than $71 million in ill-gotten gains, $14.4 million in prejudgment interest, and a $49.7 million penalty, which totaled more than $135 million in monetary relief.  In addition, the SEC order stated that the bank acknowledged “that the Commission is not imposing a civil penalty in excess of $49,728,857.83 based upon its cooperation and agreement to cooperate in a Commission investigation and related enforcement action.”

Note: Although the lede of the SEC’s press release referred to “improper” actions by JPMorgan Chase Bank, a senior SEC official stated that “[w]ith these charges against JPMorgan, the SEC has now held all four depositary banks accountable for their fraudulent issuances of ADRs into an unsuspecting market” (emphasis supplied).

This resolution constitutes the eighth action against a bank or broker, and the fourth action against depositary bank, resulting from the SEC’s ongoing investigation into ADR pre-release practices.  It also involves the highest penalty of the four depositary banks that have now settled with the SEC: Citibank ($38.7 million), BNY Mellon (more than $54 million), and Deutsche Bank Trust Co. Americas (DBTCA) (nearly $73.3 million).

The order against JPMorgan Chase does not directly explain the reasons for its markedly greater total penalties.  Not surprisingly, a comparison of the four banks’ SEC orders indicates that the penalty differences are driven by differences in the banks’ net revenues from the improper transactions:

• JPMorgan Chase: That order stated that “[f]rom at least November 2011 through early 2015,” JPMorgan improperly pre-released ADRs “in thousands of transactions,” and that those improper pre-releases resulted in revenues of approximately $71 million.
• Citibank: That order stated that “[f]rom at least August 2011 through November 2016,” Citibank improperly pre-released ADRs “in thousands of transactions,” and that those improper pre-releases resulted in net revenues of approximately $20.9 million.
• BNY Mellon: That order stated that “[f]rom at least June 2011 through June 2016,” BNY Mellon improperly pre-released ADRs “in thousands of transactions,” and that those improper pre-release transactions resulted in net revenues of approximately $29 million.
• DBTCA:  That order stated that “[f]rom at least June 2011 through September 2016,” DBTCA improperly pre-released ADRs “in thousands of transactions,” and that those improper pre-releases resulted in net revenues of approximately $44.5 million.

The SEC release in this case contains no indication that the SEC’s investigation into ADR pre-release practices is anywhere near its end.

On December 13, the U.S. Department of Justice announced that its Antitrust Division had reached a settlement with Nexstar Media Group Inc., one of the largest owners of television stations in the United States, as part of the Division’s ongoing investigation into exchanges of competitively sensitive information in the broadcast television industry.  According to the amended complaint that the Antitrust Division filed against Nexstar and six other television broadcasting companies, Nexstar and other entities agreed

in many metropolitan areas across the United States to exchange revenue pacing information, and also engaged in the exchange of other forms of non-public sales information in certain metropolitan areas.  Pacing compares a broadcast station’s revenues booked for a certain time period to the revenues booked in the same point in the previous year.  Pacing indicates how each station is performing versus the rest of the market and provides insight into each station’s remaining spot advertising for the period.

By exchanging pacing information, Nexstar and other broadcasters were better able to anticipate whether their competitors were likely to raise, maintain, or lower spot advertising prices, which in turn helped inform their stations’ own pricing strategies and negotiations with advertisers.  As a result, the information exchanges harmed the competitive price-setting process.

The proposed settlement would prohibit the direct or indirect sharing of such competitively sensitive information, as the Justice Department determined “that prohibiting this conduct would resolve the antitrust concerns raised as a result of Nexstar’s conduct.”  It also would require Nexstar to cooperate in the Department’s ongoing revenue-pacing investigation and to adopt “rigorous antitrust compliance and reporting measures to prevent similar anticompetitive conduct in the future.”

Per the Antitrust Procedures and Penalties Act (also known as the Tunney Act), notice of the proposed settlement, as well as the Justice Department’s competitive impact statement in the case, was published in the Federal Register on January 14, for public notice and comment for a 60-day period.  At the conclusion of the comment period, the U.S. District Court for the District of Columbia, with which the settlement is filed, “may enter the final judgment upon a finding that it serves the public interest,” according to the Department.  In light of the uncertainly about the duration of the current federal government shutdown, the timing of the District Court’s decision after the 60-day period is uncertain.

Note:  This announcement provides a timely reminder to senior management and corporate compliance officers that their companies’ antitrust compliance programs, including training, need to extend beyond core criminal-liability concerns such as price-fixing.  While most companies understand that directly exchanging or fixing of prices is a live wire for antitrust enforcement, some companies may think that if they do not directly exchange such data, but merely exchange other data from which they can infer their competitors’ prices and pricing practices, that will insulate them from liability.

The Antitrust Division’s revenue-pacing  investigation and settlements demonstrates that that will not be the case.  Antitrust-compliance policies and training should therefore certainly address core concerns for Sherman Act criminal liability, but also should point out that the Antitrust Division will be attentive to any intraindustry practices by competitors that have the necessary effect of sharing what the Division terms “competitively sensitive information” or affecting the competitive price-setting process.

On December 27, Vatican News reported that the Holy See Press Office issued a statement announcing that on December 17, Angelo Proietti had been convicted of money laundering and sentenced to 2 ½ years’ imprisonment and confiscation of more than €1 million.  The conviction is significant because it reportedly represents the first time in the Vatican’s history that a person has been tried and found guilty of money laundering under a 2010 Vatican law.

Proietti, a construction magnate in Rome, had reportedly siphoned off approximately €11 million from two companies that pushed them into bankruptcy.  According to a 2016 release by the Holy See’s Press Office, authorities of the Holy See and the Vatican City State initiated the investigation in 2013, based on Suspicious Transaction Reports that related to Proietti and accounts he had at the Vatican bank, the Institute for Works of Religion (IOR).  Subsequently, in 2014 the Vatican seized more than €1 million tied to Proietti, and in 2016 Proietti negotiated a 3-year, 3-month prison sentence with Italian authorities for his fraud.  The December 27 release credited the Vatican Office of the Promoter of Justice, the Vatican Financial Intelligence Authority (AIF), the Vatican City State Gendarmerie, and Italy for collaboration in the investigation.

Note:  In the past, the Council of Europe’s Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism (MONEYVAL) had called on the Vatican “to deliver effective results in terms of prosecutions, convictions and confiscation.”  This first prosecution is only a beginning, but it is a beginning, which the Vatican acknowledged “assumes fundamental importance” in its anti-money laundering/counter-terrorism financing (AML/CTF) efforts.

This prosecution should also be regarded as a milestone on the Vatican’s sometimes tortuous path since 2009 toward an effective AML/CTF regime.  Even after Pope Benedict XVI issued an Apostolic Letter in 2010 to comply with European anti-money-laundering directives, the overall pace of reform initially was slow – owing in part to contention within Vatican ranks over how transparent the IOR’s operations should be.  By 2017, however, Italy placed the Vatican on its “white list” of states with cooperative financial institutions, and MONEYVAL noted that the Vatican had made progress in the previous two years and that the AIF was working efficiently as both a financial intelligence unit and as supervisor of the IOR.  In addition, the IOR – which in 2011 reportedly had approximately 33,000 accounts and 20,772 clients (68 percent of whom were members of the clergy), and $8.2 billion in assets under management – closed thousands of accounts belonging to people who no longer qualified.

Earlier this year, the AIF reported that in 2017 it had submitted eight reports to the Office of the Promoter of Justice for further investigation, and had signed 19 Memoranda of Understanding with  counterpart agencies in other jurisdictions and exchanged information in 268 cases.  While that information suggests that the Vatican has quickened its pace in anti-financial crime implementation, the Vatican will need to show in 2019 that it is sustaining that pace.

Three recently published reports provide different, but complementary, perspectives on cybercrime trends of which information-security and financial-crimes compliance officers should take note:

1. APWG: First, on December 12, the APWG (formerly the Anti-Phishing Working Group) issued its Phishing Activity Trends Report for the third quarter of 2018. That report contained the following key points:

• The number of brands targeted for phishing attacks steadily increased, from 231 in July) to 260 in August to 286 in September. (P. 3)
• The total number of phish that APWG detected in 3Q 2018 was 151,014 – a 43 percent decrease from 2Q (233,040) and a 57 percent decrease from 1Q (263,538). (P. 4)
• Phishing attacks that targeted cloud storage and file hosting sites fell substantially, from 11.3 percent of all attacks in Q1 to 9 percent in Q2 and to 6.5 percent in Q3. Payment processing was by far the sector most targeted for phishing attacks (38.2 percent), followed by Software as a Service (SAAS)/Webmail) (20.1 percent) and financial institutions (15.7 percent).  (P. 5)
• While phishing remains most prevalent in the old, large global top-level domains (gTLD), such as .com, it is higher than normal in the new gTLDs and in repurposed ccTLDs. (P. 6)
• Phishers are increasingly using “repurposed” domains – i.e., domains for which management rights have been granted to third parties, who have then “commercialized the TLDs as a way of hiding their phishing sites from detection.” (P. 7)
• The number of phishing web sites using SSL/TLS encryption increased in 3Q to 49.4 percent, a significant increase from 35.2 percent in 2Q. (P. 8)
• In Brazil, phishing attacks against Brazilian e-commerce sites decreased 53 percent from April to June 2018 after the FIFA World Cup, and decrease through 3Q, while attacks against Brazilian banks and credit unions slightly increased. (P. 9)

2.  McAfee: On December 19, McAfee issued its McAfee Labs Threats Report: December 2018, which examined activity “in the cybercriminal underground and the evolution of cyber threats” in 3Q 2018. The report contained the following findings:

• McAfee stated that McAfee Labs “McAfee Labs saw an average of 480 new threats per minute and a sharp increase in malware targeting [Internet of Things (IoT)] devices.”
• “The ripple effect of the takedowns of the Hansa and AlphaBay dark web markets were still apparent in Q3. Competing marketplaces, such as Dream Market, Wall Street Market, and Olympus Market eagerly filled the gap left by law enforcement actions last year.” (P. 4)
• McAfee saw “numerous mentions of Common Vulnerabilities and Exposures [(CVEs)]. The most recently published CVEs were hot topics in discussions of browser exploit kits—RIG, Grandsoft, and Fallout—and of ransomware, especially GandCrab. . . . These [and other] threads show that cybercriminals are eager to weaponize both new and old vulnerabilities. The popularity of these topics in underground forums should warn organizations to make vulnerability management a priority in their cyber resilience plans.” (P. 5)
• “Large-scale credit card theft has shifted from point-of-sale systems to (third-party) payment platforms on large e-commerce sites.” (P. 5)
• “We saw an increase in discussions of mobile malware, mostly targeting Android and focused on botnets, banking fraud, ransomware, and bypassing two-factor authentication.” (P. 7)
• “Although we have seen a decline in the number of unique families during recent months, ransomware remained active in Q3. The decline in new families may be due to many ransomware actors switching to a more lucrative business model: cryptomining.” (P. 8)
• “Mining cryptocurrency via malware is one of the big stories of 2018. Total “coin miner” malware has grown more than 4,000% in the past year.” (P. 10)
• “In Q3, the Advanced Threat Research team recorded more than 35 publicly known targeted attacks. Cyber espionage was the biggest motivator for these attacks.” (P. 20)

3.  Police Scotland: Finally, on December 17, The Times published an article providing a timely reminder that sometimes wholly benign activities, such as expansion of Internet connectivity, can affect the incidence of cyberfraud in certain jurisdictions.  The article reported that according to Police Scotland, fraud in the Scottish islands — thanks to the growth of Internet banking, online shopping, and the installation of broadband in rural areas — had risen by as much as 700 per cent, as residents become victims of cybercriminals.  The fastest-growing method of cyberfraud was reportedly “vishing” – i.e., fraudsters’ contacting people by telephone to persuade them to send money or to disclose information such as website passwords.