Author: Jonathan J. Rusch

On August 9, the Australian Securities & Investments Commission (ASIC) issued Report 584, which analyzed the compliance measures and controls that banks should have in place to address the risk of fraud and other risks associated with access by third parties (such as financial advisers, stockbrokers, and accountants) to customers’ money in deposit accounts.  ASIC stated in the report that its review was prompted by concerns raised about the use of adviser-operated deposit accounts by an Australian financial planner now in liquidation, Sherwin Financial Planners Pty Ltd, that was part of the Sherwin Financial Group (Sherwin Group).  By the time of its collapse in January 2013, ASIC reported, the Sherwin Group owed nearly AU $60 million to approximately 400 clients.  The founder of Sherwin Financial Planners was later convicted and sentenced in 2017 to 10 years’ imprisonment.

ASIC defined the scope of its review to include five leading Australian banks that design and promote deposit accounts to financial advisers, stockbrokers, and accountants “to allow them to transact on a customer’s behalf, including on self-managed superannuation funds (SMSFs).”  In particular, it examined eight adviser-operated deposit account products that those five banks issued.  It explained that it “looked at how the banks monitored use of the accounts to ensure customers’ money was not being placed at risk,” including review of “whether the banks offering these accounts had sufficiently robust compliance measures and controls in place to address the risk of fraud and other risks where an adviser has authority to withdraw the customer’s money.”

ASIC’s principal finding was that it “did not find widespread misconduct in relation to adviser-operated deposit accounts offered by the banks.” It went on to say that “we consider that the banks could do more to manage the risks to customers associated with third party access to money in customers’ accounts. Even though the instances of fraud are not widespread, the potential impact of fraud on individual customers is significant.”  ASIC therefore set forth ten recommendations – some of which it indicated some banks were already implementing – for banks in relation to adviser-operated deposit accounts:

• “Application forms for adviser-operated deposit accounts should more clearly state the level of access so that customers understand the extent of any authority given to the adviser to transact on the account.
• “Follow-up communications should be sent directly to the customer after an account is opened with details of any authority given to the adviser.
• “Customers should be able to easily change the level of adviser access on the account.
• “Customer contact details should be recorded accurately and separately from the adviser’s contact details.
• “Customers should receive account statements directly or have online access to their accounts.
• “Customers should be notified whenever an adviser initiates a transaction request on the account.
• “Banks should undertake initial checks and ongoing monitoring of advisers using adviser-operated deposit accounts and their transaction requests.
• “Monitoring systems should include specific triggers to detect suspicious transactions for assessment.
• “Banks should notify ASIC of suspected misconduct.
• “Where appropriate, remediation should be provided to customers who have lost money due to unauthorized transactions by their adviser.”

The ASIC made clear that some of its recommendations “are good practice guidance for banks and are not legal requirements.” Even so, banks in Australia, and even in other regions, can make good use of the report, by comparing its recommendations to their current compliance measures and controls pertaining to customer accounts that third parties can control and see whether those measures and controls are sufficiently robust.

On August 13, the U.S. Attorney’s Office for the Southern District of New York announced the filing of a Deferred Prosecution Agreement (DPA) with Zürcher Kantonalbank (ZKB), a Swiss-based financial institution, and of an information charging ZKB with one count of conspiracy to willfully and knowingly (1) defraud the IRS, (2) file false federal income tax returns, and (3) evade federal income taxes.  The DPA and the information stem from ZKB’s helping U.S. taxpayer-clients to evade their U.S. tax obligations, file false federal tax returns, and otherwise hide hundreds of millions of dollars in offshore bank accounts held at ZKB.

Under the terms of the DPA, ZKB must pay $98.5 million and cooperate with  prosecutors in providing detailed information about accounts in which U.S. taxpayers have a direct or indirect interest and in making treaty requests to Switzerland or other countries for account information.  In addition, Stephan Fellmann and Christof Reist, two ZKB bankers who are Swiss citizens and who had been indicted in 2012 on related charges, each pleaded guilty to one count of conspiracy to willfully fail to file returns, supply information, or pay tax.  A third ZKB banker, Otto Hüppi, remains a fugitive.

The U.S. Attorney’s Office’s release stated that ZKB helped U.S. taxpayer-clients evade taxes

by opening and maintaining undeclared accounts for U.S. taxpayers at ZKB, and by allowing third-party asset managers to open undeclared accounts for U.S. taxpayers at ZKB.  ZKB held approximately 2,000 undeclared accounts on behalf of U.S. taxpayer-clients, who collectively evaded over $39 million in U.S. taxes, between 2002 and 2013.

In furtherance of a scheme to help U.S. taxpayers hide assets from the IRS and evade taxes, ZKB undertook, among other actions, the following:

• ZKB entered into approximately 349 “code word agreements” with U.S. taxpayer-clients under which the bank agreed not to identify the U.S. taxpayers by name on bank documents, but rather to identify the U.S. taxpayers by code name, in order to reduce the risk that U.S. tax authorities would learn the identities of the U.S. taxpayers. ZKB understood that a primary reason why U.S. taxpayers sought these “code word” accounts was to evade detection by U.S. tax authorities.
• ZKB opened and maintained accounts for many U.S. taxpayer-clients held in the name of non-U.S. corporations, foundations, trusts, or other legal entities (collectively, “structures”), thereby helping those U.S. taxpayers conceal their beneficial ownership of the accounts. Some of the structures had no business purpose (“sham structures”), but rather, existed solely for the purpose of helping ZKB’s U.S. taxpayer-clients hide their offshore assets.
• ZKB agreed to hold bank statements and other mail relating to approximately 750 accounts of U.S. domiciled taxpayer-clients at ZKB’s offices in Switzerland, rather than send them to U.S. taxpayer-clients in the United States, which helped ensure that documents reflecting the existence of the accounts remained outside the United States and beyond the reach of U.S. tax authorities.
• ZKB solicited new business through the website http://www.swiss-bank-accounts.com, which was operated by a third party, and which resulted in the opening of accounts at ZKB for U.S. taxpayer-clients whose accounts were undeclared.

It is instructive to compare and contrast the ZKB DPA resolution with the 2016 DPA resolution of similar tax-evasion facilitation charges by the U.S. Attorney’s Office for the Southern District of New York with another Swiss financial institution, Bank Julius Baer (Julius Baer):

• Nature of Charges: Like ZKB, Julius Baer was charged with conspiring with many of its U.S. taxpayer-clients and others to help U.S. taxpayers hide billions of dollars in offshore accounts from the Internal Revenue Service (the “IRS”) and to evade U.S. taxes.
• Types of Corporate Conduct: Like ZKB, Julius Baer used “code word agreements” with U.S. taxpayer-clients and opened and maintained accounts for many U.S. taxpayer-clients held in the name of non-U.S. structures.
• Size of Penalties: Julius Baer’s penalty per its DPA was $547 million, in part because the size of Julius Baer’s assets under management (AUM) and profit associated with its undeclared U.S. taxpayer accounts was substantially greater than ZKB’s AUM and profits.
  • AUM: At their respective high-water marks in 2007 and 2008, Julius Baer had approximately $4.7 billion in AUM relating to approximately 2,589 undeclared accounts held by U.S. taxpayer-clients, while ZKB had approximately $794 million in AUM relating to undeclared accounts held by U.S. taxpayer-clients.
  • Profits: From 2001 through 2011, Julius Baer earned approximately $87 million in profit on approximately $219 million gross revenues from its undeclared U.S. taxpayer accounts, including accounts held through structures. From 2002 through 2013, ZKB earned approximately $21 million in profits on approximately $24 million gross revenues from its undeclared U.S. taxpayer accounts, including accounts held through structures.
• Extent of Banks’ Cooperation with Authorities: Julius Baer began by at least 2008 to implement institutional policy changes to cease providing assistance to U.S. taxpayers in violating their U.S. legal obligations, sought to self-report its conduct relating to U.S. taxpayers to U.S. law enforcement authorities, and took what the U.S. Attorney’s Office characterized as “exemplary actions to demonstrate acceptance and acknowledgement of responsibility for its conduct.” Those actions included a “swift and robust internal investigation” and furnishing the U.S. Government with “a continuous flow of unvarnished facts gathered during the course of that internal investigation.” It even encouraged certain of its employees — including two client-advisers who later pleaded guilty to conspiracy to defraud the IRS, to evade federal income taxes, and to file false federal income tax returns – “to accept responsibility for their participation in the conduct at issue and cooperate with the ongoing investigation.”

In marked contrast, after Fellmann, Reist, and Hüppi were charged in the Southern District of New York in 2012  with conspiracy to defraud the United States and the IRS for their role in ZKB’s offense, ZKB officials took a series of actions that, based on the description by the U.S. Attorney’s Office, smack of endeavors to obstruct justice:

• “Although ZKB retained independent U.S. counsel for the bankers, beginning in 2013 and continuing through 2015, ZKB’s in-house counsel and, at times, ZKB employees from the Human Resources department and other departments, regularly met with FELLMANN and REIST. At those meetings, which were not attended by FELLMANN and REIST’s independent U.S. counsel, ZKB, among other things, made statements that caused FELLMANN and REIST to feel dissuaded from reaching out to the U.S. Attorney’s Office in order to explore the possibility of cooperating.  In addition, ZKB’s in-house counsel suggested to FELLMANN that he did not have any information of value to contribute to the U.S. Attorney’s Office’s ongoing investigation.  Furthermore, based on conversations with ZKB, FELLMANN and REIST felt that their continued employment at ZKB and ZKB’s ongoing payment of their legal fees would be threatened should they take steps that were viewed by ZKB as inconsistent with the bank’s own interests.  Due in part to these discussions with ZKB, FELLMANN and REIST did not seek to cooperate with the investigation until the summer of 2015, approximately two and a half years after being indicted.”

Fellmann and Reist are scheduled to be sentenced on November 30, 2018.

For some time, anti-corruption professionals and scholars have been aware of the linkage between corruption and piracy on the high seas, most frequently reported in recent years for the waters in or near Southeast Asia, West Africa, and Somalia.   The Washington Post, however, reported yesterday that there is an upsurge in piracy in Latin America and the Caribbean.  According to a nonprofit organization, Oceans Beyond Piracy, there were 71 major piracy incidents in the region in 2017 (the vast majority occurring in Caribbean waters), including robberies of merchant vessels and attacks on yachts.  That total represents a 163 percent increase over 2016.

The most notable surge in the region’s piracy has been off the coast of Venezuela, which is suffering from inflation nearing 1 million percent, spreading malnutrition, rampant disease, failing power grids, police and military abandoning their posts, and increased repression and corruption.  The Post observed that often these acts of piracy in the region “appear to be happening with the complicity or direct involvement of corruption officials,” particularly in the waters off Venezuela.

Some pirates in the region have been satisfied simply to rob other vessels or hold people for ransom. Other attacks have reportedly involved extreme violence against the victims.  The Post reported that in April 2018, for example, masked men boarded four Guyanese fishing boats 50 miles off the coast of Guyana.  “The crews, according to survivors’ accounts, were doused with hot oil, hacked with machetes and thrown overboard, then their boats were stolen.  Of the 2 victims, five survived; the rest died or were left unaccounted for.”

Further details about this regional trend, as well as trends in high-seas piracy elsewhere, are available in Oceans Beyond Piracy’s The State of Maritime Piracy 2017, and in the six-part 2016-17 National Geographic series Lawless Oceans.

On July 19, the United Kingdom Financial Conduct Authority (FCA) published its annual report on Anti-Money Laundering (AML) for 2017-2018 (year ending March 31).  As the conduct regulator for more than 58,000 financial services firms and financial markets in the United Kingdom and the prudential regulator for more than 18,000 of those firms, the FCA plays a leading role in overseeing and ensuring AML compliance in the United Kingdom financial sector.

Key points in the FCA report include the following:

• Policy Developments: With regard to the Money Laundering, Terrorist Financing and Transfer of Funds (Information on the Payer) Regulations 2017 (MLRs 2017), which came into effect on June 26, 2017, the FCA issued a policy statement, consulted on updating its guidance for industry to reflect those changes, and published guidance on how firms that the FCA supervises that are subject to the requirements of the MLRs 2017 should treat customers who meet the definition of a politically exposed person (PEP).
• OPBAS: In 2017, the United Kingdom Government announced its decision to create an Office for Professional Body Anti-Money Laundering Supervision (OPBAS) to oversee professional body supervisors (PBSs) for AML. As the report notes, OPBAS, housed within the FCA, is intended to “ensur[e] a robust and consistently high standard of AML supervision across the legal and accountancy sectors.”  The FCA reported that it published a sourcebook about OPBAS for PBSs, completed introductory visits to the PBSs, and conducted a comparative review of the data returns that the professional bodies submitted to UK Treasury.  It added that it began “an initial round of visits to all PBSs to assess their approach to supervision and will take action where we find weaknesses,” before moving to a risk-based approach for its oversight. [Note: DTG will discuss OPBAS at greater length in the near future.]
• AML Supervision: The FCA stated that it continues to take a risk-based approach to AML supervision.
• Findings and Outcomes: The FCA highlighted a number of accomplishments in its supervisory work:
  • Systematic AML Programme (SAMLP): The SAMLP, which began in 2012, is the FCA’s program of “regular, thorough scrutiny” of 14 major retail and investment banks operating in the United Kingdom and overseas operations which have higher risk business models or are strategically important.  The FCA reported that it began conducting second-round reviews of those firms in 2017-18. Notably, in all of its second-round reviews, the FCA reported that it “found weaknesses in firms’ anti-bribery and corruption framework. This may be because they have been focusing on their AML controls. We made clear to them that they must ensure they manage and mitigate all their financial crime risks at all times.”
  • Regular AML inspections of other high risk firms: The FCA stated that it continued “to find deficiencies, some serious, in some firms, mostly smaller overseas banks.” These deficiencies included ineffective application of enhanced due diligence, flaws in firms’ design of processes and allocations of responsibilities to staff, and failure of firms’ internal auditors to test the effectiveness of AML controls over high risk business.
  • Financial Crime Risk Assurance Programme: The FCA reported that this pilot program — which involved making AML and sanctions visits to, or desk-based reviews of, 100 firms from sectors that it considered presented lower inherent money laundering risk – has now been made permanent.
  • Thematic and multi-firm work: With regard to enforcement, the FCA reported that it is currently investigating around 75 firms and individuals for AML issues, and that many of those investigations are using both FCA civil and criminal powers under the Financial Services & Markets Act and the MLRs 2017.
  • Financial crime data return: The most recent financial crime data return, which all firms subject to the MLRs 2017 (including all deposit takers, but excluding all other firms with revenue of less than £5 million), must complete, shows the following breakdown of customers (total and by region):
    • Total: 548,678,586
    • Region: Europe – 542,734,646; Asia – 1,846,279; North America – 1,104,322; Oceania – 1,033,250; Middle East and Africa – 921,599; South America – 850,564; Central America – 187,926
• Working with Partners to Combat Money Laundering: The FCA summarized its collaboration with domestic law enforcement agencies, Government, and other regulators to support its investigations, develop operational and strategic analysis, and identify risk.  It also noted its contributions to the work of multi-agency groups, such as the Panama Papers Taskforce’s Joint Financial Analysis Centre (JFAC) and the Joint Money Laundering Intelligence Taskforce (JMLIT), and its involvement in the design of the National Economic Crime Centre (NECC) that was created at the end of 2017.

Those who track cybercrime and cybersecurity developments might be forgiven for thinking that the United States is an indispensable player in successful multinational law enforcement operations against cybercrime.  The U.S. Department of Justice, of course, has for many years been a leader in numerous aspects of transnational cybercrime enforcement, ranging from its participation in drafting the Council of Europe Cybercrime Convention to its aggressive pursuit of international cybercrime networks, as recent indictments against members of the Infraud and FIN7 organizations have shown.

Cybersecurity and compliance teams, however, should be careful in gathering threat intelligence not to fall victim to what psychologists term the “availability heuristic” (i.e., a mental shortcut involving people’s evaluation of the likelihood of events based on the ease of recalling recent events).  Because cyberattacks and data breaches against U.S.-based companies and U.S. law enforcement operations against cybercriminals typically dominate media coverage here and in other countries, it can be easy to overlook other cybercrime developments outside the United States that receive less coverage.

One recent example is “Operation Warenagent.”  Publicly disclosed on July 20, 2018, Warenagent is a multinational operation that the German Prosecutor’s Office of Dresden, the Saxon State Office of Criminal Investigation, the Lithuanian Police, and the Lithuanian Prosecutor’s Office, together with Europol (the European Union’s (EU’s) Police Office) and Eurojust (the EU’s Judicial Cooperation Unit), successfully conducted in June and July 2018 against members of an online fraud network that caused €18 million in damage.  According to Europol, since 2012 the network had conducted more than 35,000 detected instances of online fraud.   The scheme involved using fraudulently obtained credit-card data to order high-quality goods through a network of “package mules” (i.e., individuals who received the goods as intermediaries) who were mostly recruited in Germany.  After receiving the goods, the package mules, who may have received a commission for their services, sent the packages to new addresses, primarily in Eastern Europe.  The fraud network’s methods of operation included the use of codenames and encrypted access in the network, and settling payments with the help of cryptocurrencies. Other participants in the network provided IT infrastructure, recruited package mules, coordinated criminal activity, and laundered money.

Warenagent, which required six years to prepare and coordinate, is noteworthy for two reasons. First, it involved the establishment of a Joint Investigative Team (JIT) with the support of Europol and Eurojust.  Under the terms of the EU’s 2000 Convention on Mutual Assistance in Criminal Matters and the EU Council’s 2002 Framework Decision on Joint Investigation Teams, a JIT can operate in any of the EU member states.  Its leader is a JIT member from the country in which the JIT is based, and its membership can include law enforcement officers, prosecutors, judges, and other personnel.  In this case, the JIT, which included eight participating European countries, had five coordination meetings at Eurojust and frequent information exchange and analysis by Europol.

Second, Warenagent succeeded in conducting a series of successful enforcement actions against network members over nine months, despite the members’ efforts to conceal their identities and operations.  In October 2017, according to Eurojust, Lithuanian and German police officers conducted 11 searches in various Lithuanian cities, which led to the arrest of 5 suspects.  Ultimately, the investigators identified and located the key target in Cyprus.  From June 12-15, 2018, authorities reportedly conducted 31 house searches in Cyprus, Estonia, Finland, Germany, Latvia, Lithuania, Switzerland, Ukraine, and the United Kingdom; detained the alleged head of a criminal organization in Cyprus, as well as four individuals in Latvia and Finland respectively, two criminals in the United Kingdom, and one individual each in Estonia, Lithuania, Switzerland, and Ukraine. Over the course of the investigation, four other individuals were detained in Germany.  In addition, between June 26 and 29, 2018, authorities conducted two further actions in Lithuania, with 4 arrests and 10 searches.

The crimes with which network members are charged consist of crimes related to tax evasion, money laundering, participation in a criminal organization, production of counterfeit electronic means of payment, forgery of genuine electronic means of payment, and unlawful possession of electronic means of payment or data thereof.