Author: Jonathan J. Rusch

On August 22, Reuters reported that during the second quarter of 2018, the Swiss-based global financial institution Credit Suisse froze approximately 5 billion Swiss francs ($5 billion) of money linked to Russia to avoid running afoul of U.S. sanctions against Russia.  The Credit Suisse freeze is noteworthy for two reasons, as explained in the article.  First, “[i]t is rare for a Swiss bank to reveal such details.”  Second, “[w]hile U.S. sanctions do not apply to neutral Switzerland, its banks are obliged to follow suit because they depend on access to the dollar and could be blackballed by the United States for any missteps.”  The article, citing Russian central bank data, reported that approximately $6.2 billion (14 percent of total Russian cross-border outflows) “went to Switzerland in 2017 — almost three times as much as went to the United States.”

The Swiss Financial Market Supervisory Authority (FINMA) publicly states that “Switzerland implements and enforces internationally imposed sanctions against states, individuals and legal entities,” using the Embargo Act as its legal basis.  With regard to sanctions by individual countries, FINMA has shown, notably in its 2014 enforcement action against BNP Paribas (Suisse) SA, that it considers Swiss banks to have a duty to identify, limit, and monitor the risks involved in making transactions with business partners in countries subject to U.S. sanctions and will hold a bank responsible for exposing itself “to unduly high legal and reputational risks.”

Amidst the continuing turmoil within the Australian government’s senior leadership, two developments this week highlight the extent of the Australian public’s trust in government and concerns over corruption.  On August 20, Griffith University announced the results of a Global Corruption Barometer survey that Griffith University and Transparency International Australia jointly conducted:

• Trust and confidence in all levels of government decreased over the last year to 46 percent for federal and state levels and 51 percent for local government nationally.
• Fewer than 2 percent of respondents indicated that they had experienced bribery, but 62 percent indicated concerns about officials or politicians using their position to benefit themselves or their families, and 56 percent indicated concerns about officials favoring businesses and individuals in return for political donations or political support.
• A surprising 85 percent of respondents indicated that at least “some” federal Members of Parliament are corrupt, and 18 percent indicated that “most/all” Members are corrupt.
• Only 37 percent indicated that the federal government is doing a “good job”, and only 25 percent indicated that that state government is doing a “good job”, in fighting corruption.
• In contrast, 67 percent — especially in Victoria, New South Wales, and South Australia — support the idea of creating a new federal anti-corruption body, and respondents “strongly supporting” the idea outnumber respondents “strongly opposing” it by a 4-to-1 margin.

On August 21, Griffith University announced the issuance of a paper reviewing options for a national integrity commission. The paper, titled Strengthening Australia’s National Integrity System: Priorities for Reform, has Griffith University Professors A J Brown and Professor Janet Ransley as lead co-authors.  It sets forth three options for a national integrity commission:

• Option 1: An Integrity & Anti-Corruption Coordination Council. This option, which would be closest to the existing multi-agency system, would report to the Prime Minister or Attorney-General and provide improved, more formalized coordination between the existing agencies involved.
• Option 2: An Independent Commission Against Corruption. This option “would involve a best-practice independent, broad-based anti-corruption commission for the Commonwealth,” based on lessons from experience in states such as New South Wales.
• Option 3: A custom-built Commonwealth Integrity Commission model. This option, the most comprehensive of the three proposals, “would represent a major development in an effort to help address all the main weaknesses of the existing multi-agency system.”  “It would involve a best-practice independent, broad-based public sector anti-corruption commission for the Commonwealth, including lessons from State experience, but also with a broader range of functions relevant to the Commonwealth’s role and present needs – jurisdictionally, nationally and internationally.”

In conclusion, the paper states that “a comprehensive approach [to integrity and anti-corruption] is needed.” It notes that such an approach “requires the Commonwealth to take a leadership role, even if not the sole role, to help ensure that subnational anti-corruption bodies are properly coordinated, share information, participate in the type of improved framework envisaged by Option 3, and help identify where strategic oversight and vigilance by Commonwealth agencies will help make the most difference.”  It further states that “this is also the right opportunity for the Commonwealth, through the Attorney-General’s Department, to resume the unfinished task of a comprehensive national strategic plan to combat corruption.”

On August 14, Kaspersky Lab issued its quarterly report on spam and phishing trends in the second quarter of 2018.  Among other findings, the report addressed the following trends that may be of interest to corporate compliance and information-security professionals:

• GDPR-Oriented Phishing Attacks: The report noted a surge in email attacks, using the General Data Protection Regulation (GDPR) as the subject matter, that were directed at customers of financial organizations and information technology service providers. The emails falsely “notified email recipients that they were switching to a new GDPR-compliant policy and asked them to confirm permission to store and process personal information . . . and to update their account information. To do this, customers had to click on the link provided and enter the requested data, [which the phishers directly received].”
• Malicious IQY Attachments: Researchers observed “never-before-seen IQY (Microsoft Excel Web Query) attachments [to malicious spam]. Attackers disguise these files as invoices, order forms, document copies, etc., which is a known ploy that is still actively used for malspamming. The From field contains addresses that look like personal emails, and names of attachments are generated in accordance with the following template: the name of the attachment, and then either a date or a random number sequence. . . . When the victim opens the IQY file, the computer downloads several trojan-downloaders, which install the Flawed Ammyy RAT backdoor.” The report added that “[i]t is rather difficult to detect these attachments because these files look like ordinary text documents which transfer web-inquiry data transfer parameters from remote sources to Excel spreadsheets.”
• Data Leaks: These included previously reported instances of large-scale data leaks, such as the hacking and theft of personal information of 27 million Ticketfly customers.
• Cryptocurrency Schemes: The report stated that cybercriminals “continue using the names of new ICO projects to collect money from potential investors that are trying to gain early access to new tokens. Sometimes phishing sites pop up before official project sites.”
• World Cup 2018 Schemes: Cybercriminals used the World Cup 2018 “in many traditional scamming methods using social engineering.”
• HTTPS: The reported observed that “more and more phishing pages are now found on certified domains.”
• Vacation-Oriented Schemes: Cybercriminal used vacation-oriented fake websites, including airline-ticketing and hotel-booking sites.
• Distribution Channels: The report stated that “most large-scale attacks were found in messengers and on social networks.”
• WhatsApp: Cybercriminals are using WhatsApp more frequently to distribute their content.
• Twitter and Instagram: Twitter “has recently become a breeding ground for fake celebrity and company accounts,” the most popular technique being cryptocurrency giveaways on behalf of celebrities. Fake accounts also were found on Instagram.
• Search Results: Ads with malicious content and links to phishing sites in the search results pages of major search engines “has recently become a popular method of advertising fake ICO project websites.”
• New Spammer Tricks: New tricks that spammers used to evade filters included double email headers and automatic mailing list subscription confirmations.
• Other Trends:
  • Proportion of Spam in Email Traffic: The average percentage of spam in world mail traffic is 49.66 percent, which was 2.16 percentage point lower than the preceding quarter.
  • Sources of Spam by Country: The five leading source countries were China (14.36 percent), the United States (12.11 percent), Germany (11.12 percent), France (4.42 percent), and Russia (4.34 percent).
  • Geography of Phishing Attacks: The five countries with the highest percentage of users attacked by phishing were Brazil (15.51 percent), China (14.77 percent), Georgia (14.44 percent), Kyrgyzstan (13.60 percent), and Russia (13.27 percent).  The United States was not among the top ten countries.
  • Types of Organizations Attacked: The top five types of organizations under attack were global Internet portals (25.01 percent), financial and e-pay organizations and bank (21.10 percent), IT companies (13.83 percent), online stores (8.17 percent), and government and taxes (8.17 percent).

On August 15, the Bank of Ghana, Ghana’s central bank (Bank), announced that it was taking additional regulatory actions to address the failure of seven Ghanaian banks whose licenses had been revoked during the past year.  The Bank stated that

persons whose actions contributed to the collapse of the 7 banks will not be shielded, but will be made to face the full rigour of the relevant laws of Ghana. The Bank of Ghana will pursue administrative and civil action against such persons, and will liaise with relevant investigative and prosecutorial agencies of the State to take appropriate action as needed.

The Bank’s Deputy Governor, Elsie Awadzi, added that “[w]e are working very hard on submitting a dossier on each of these banks to the law enforcement agencies . . . to further investigate criminal behaviour or what could potentially be criminal behaviour and to prosecute.”

Since August 2017, when it revoked the licenses of UT Bank Ltd. and Capital Bank Ltd. due to severe deficiencies in capital and liquidity, the Bank initiated additional investigations into five additional banks: Unibank, Royal Bank, Beige Bank, Sovereign Bank, and Construction Bank.  On August 1, 2018, the Bank appointed a receiver to manage the assets of all five banks and revoked their licenses because they had become insolvent.

In announcing the revocations of the latter five banks, the Bank reported severe improprieties regarding each of the banks:

• Unibank: “Shareholders, related and connected parties had taken amounts totaling GH¢3.7 billion [US$782,550,000] which were neither granted through the normal credit delivery process nor reported as part of the bank’s loan portfolio. In addition, amounts totaling GH¢1.6 billion [US$338,400,000] had been granted to shareholders, related and connected parties in the form of loans and advances without due process and in breach of relevant provisions of Act 930 [the Banks and Specialised Deposit-Taking Institutions Act, 2016]. Altogether, shareholders, related and connected parties of uniBank had taken out an amount of GH¢5.3 billion [US$1.12 billion] from the bank, constituting 75 percent of total assets of the bank.”
• Royal Bank: “A number of the bank’s transactions totaling GH¢161.92 million [US$34,246,080] were entered into with shareholders, related and connected parties, structured to circumvent single obligor limits, conceal related party exposure limits, and overstate the capital position of the bank for the purpose of complying with the capital adequacy requirement.”
• Sovereign Bank: “. . . Sovereign Bank’s licence was obtained by false pretences through the use of suspicious and nonexistent capital.”
• Beige Bank and Construction Bank: “[B]oth banks obtained their banking licences under false pretences through the use of suspicious and non-existent capital.”

In its August 15 release, the Bank also stated that its regulatory actions include an overhaul of the Bank’s supervisory framework and processes.  As part of that overhaul, the Bank established a new office called the Office of Ethics and Internal Investigations.  Significantly, it noted that the new Office was to “investigate all allegations of misconduct by staff including any role in respect of the collapse of the defunct banks.”  Finally, it stated that it issued a number of directives to strengthen corporate governance, risk management, and the capital base of banks.

Israeli Prime Minister Benjamin Netanyahu is to face a final round of questioning today in the so-called “Bezeq” (also known as “Case 4000”) corruption investigation, according to the Times of Israel.  The Bezeq investigation is one of four corruption investigations by Israeli police in which the Prime Minister is either a target or a suspect:

• “Case 1000”: In this investigation, the Prime Minister allegedly “’systematically’ demand[ed] benefits worth about NIS 1 million ($282,000) from billionaire benefactors, including [Israeli businessman and film producer] Arnon Milchan and Australian resort owner James Packer, in exchange for favors.”
• “Case 2000”: In this investigation, the Prime Minister allegedly had an “illicit quid-pro-quo deal . . . [with] Yedioth Ahronoth newspaper publisher Arnon Mozes that would have seen the prime minister weaken a rival daily, the [American businessman] Sheldon Adelson-backed Israel Hayom, in return for more favorable coverage from Yedioth.”
• “Case 3000”: In this investigation, Israeli state officials allegedly “were paid bribes to influence a decision to purchase four patrol boats and three Dolphin-class submarines costing a total of 2 billion euros from German shipbuilder ThyssenKrupp, despite opposition to the deal by the Defense Ministry.” Although the Prime Minister has given testimony in this investigation, both Israeli Attorney General Avichai Mandelblit and Israeli police have stated that the Prime Minister is not a suspect in the case.
• “Case 4000”: In this investigation, the Times reported that “[i]nvestigators suspect Netanyahu advanced regulatory decisions benefiting Shaul Elovitch, the controlling shareholder in Bezeq, the country’s largest telecommunications firm — despite opposition from the Communication Ministry’s career officials — in exchange for positive coverage from Elovitch’s Walla news site.”

Israeli police reportedly are leaning toward recommending indictment of the Prime Minister in Case 4000.  In June 2018 testimony before a Knesset Committee, however, Attorney General Mandelblit said that police recommendations to indict the Prime Minister on bribery charges in both cases 1000 and 2000 “would ‘absolutely not’ necessarily lead to indictments.”   He explained that investigations of this complexity take time, and that the Case 4000 investigation had caused reexamination of the previous cases.

The Times also reported that Attorney General Mandelblit, who will make the final decision whether to indict the Prime Minister, “intends to examine all three cases [1000, 2000, and 4000] at the same time — which will be possible only after he receives the state attorney’s conclusions on the three cases.  That is likely to happen only rather late in 2019, possibly after the next Knesset elections — currently slated for November 2019 but which may very well be held earlier.”