Singapore Charges Five Defendants for Money Laundering-Related Offenses Involving Shell Companies

Singapore has long prided itself on its status as a leading financial, business, and trade center in Asia, in part because of the ease of doing business there.  One element of Singapore’s business environment that many legitimate businesses have found attractive is the use of shell companies.  Because shell companies are often used to conceal criminal transactions and activities, however, the Monetary Authority of Singapore and the Singapore Police Force (SPF) have been increasingly attentive to the use of shell companies for money laundering.

On April 8, the SPF announced that five individuals have been charged in Singapore “for their involvement in seven shell companies which were suspected to be used, or intended to be used, to launder monies obtained from criminal conduct.”  Between 2016 and 2019, the SPF’s Commercial Affairs Department received eight police reports from victims who alleged that they had been deceived into wiring a total of more than USD $1.67 million into the corporate bank accounts of six Singapore-registered shell companies.  In a seventh case, an attempted transfer of more than HKD $3.2 million (USD $417.000) to a seventh Singapore-registered shell company failed because the shell company’s bank account was closed.

The SPF investigations of these allegations found that a director of DM Advisory Pte Ltd, a company that provided corporate secretarial services, had assisted and taken instructions from a person known only as “George Clarke”, who was believed to be engaged in criminal conduct, to incorporate shell companies in Singapore for the purpose of setting up corporate bank accounts.  That director then allegedly engaged a second individual, who was working as a bank officer at the time, to recruit local nominee directors — including three other individuals — to incorporate the shell companies mentioned above and set up the associated bank accounts. Thereafter, control over the corporate bank accounts were believed to be handed over to “George Clarke” via the bank officer and one of the nominee directors.

In March and April 2021, the DM Advisory director, the bank officer, and three of the recruited local nominee directors were charged with various offenses related to money laundering and fraud.  The DM Advisory director was charged with entering into an arrangement to assist “George Clarke” to retain benefits from criminal conduct under Section 44(1)(a) of the Singapore Corruption, Drug Trafficking and Other Serious Crimes (Confiscation of Benefits) Act, Chapter 65A (“CDSA”).

Under Section 44(1)(a) of the CDSA, “a person who enters into or is otherwise concerned in an arrangement, knowing or having reasonable grounds to believe that, by the arrangement[,] the retention or control by or on behalf of . . . that other person’s benefits of criminal conduct is facilitated”, and “knowing or having reasonable grounds to believe that that other person is a person who engages in or has engaged in criminal conduct or has benefited from criminal conduct”, may be punished by a maximum of 10 years’ imprisonment, a fine not exceeding SGD $500,000 (USD $374,000,) or both.

The bank officer and one of the nominee directors were charged in court with entering into an arrangement to assist “George Clarke” to retain benefits from criminal conduct under Section 44(1)(a) of the CDSA.  The bank director was also charged with abetting two of the nominee directors to fail to act honestly and exercise reasonable diligence as company directors under Section 157(1) of the Singapore Companies Act, Chapter 50 (“CA”), read with Section 109 of the Penal Code, Chapter 224.  Finally, all three nominee directors were charged with failing to act honestly and exercise reasonable diligence as company directors under Section 157(1) of the CA.

Under Section 157(1) of the CA, a director who fails to act honestly and use reasonable diligence in the discharge of the duties of his office may be punished by a maximum of 12 months’ imprisonment, a fine of SGD $5,000 (USD $3,700), or both.

It is too much to hope that the elusive “George Clarke” will be found and brought to justice.  In any event, these prosecutions should remind companies doing business in Singapore of the need to conduct risk-based due diligence if, any point in the course of a planned transaction or payment, they find that the transaction involves a Singapore-registered shell company.

UAE Actions Signal Continuing Commitment to Combat Money Laundering

Since April 2020, when the Financial Action Task Force reported that the United Arab Emirates (UAE) was failing to do enough to combat money laundering, the UAE has embarked on a series of actions that indicate the seriousness of its commitment to dealing with money laundering.  In November 2020, the UAE announced the development of a strategic plan to support efforts to combat money laundering, established an Anti-Money Laundering Department within the Ministry of Economy, set up a series of special federal courts across the UAE to address the issue of money laundering, temporarily suspended 100 law firms in the UAE from practicing, and fined seven other law firms AED 100,000 ($27,229) each for anti-money laundering violations.

Soon thereafter, in December 2020, the UAE Cabinet approved the creation of the Executive Office of the Anti-Money Laundering and Countering the Financing of Terrorism (Executive Office).  That office is established to track the UAE’s performance with reference to international anti-money laundering (AML) requirements, and to ensure the UAE’s active collaboration with companies and partners across the world.

Three recent developments in the UAE indicates that the UAE continues to demonstrate its commitment to its AML obligations.  First, on March 17, Gulf Business reported that the Anti-Money Laundering and Tax Evasion Court within the Abu Dhabi Judicial Department (ADJD) convicted four individuals, all Filipino nationals, and a UAE jewelry company of committing money laundering and fraud against 4,000 people.  The court sentenced each of the individual defendants to five years’ imprisonment, deportation, and a fine of AED 10 million ($2.7 million), and fined the jewelry company AED 50 million ($13.6 million).  In addition, the court ordered the confiscation from the company of approximately 7,430 grams of 18 Karat gold, worth more than AED 1.37 million ($372,900).

According to the official UAE news agency WAM, the four individuals conducted an Internet fraud and pyramid scheme, in which they established a website labeled “Gold Empire Management” and used advertisements, videos, and contests posted on the site and social media to attract prospective investors in their company.  The defendants charged each would-be investor a fee of AED 2,000 ($544), but reportedly encouraged victims to persuade others to participate in the spurious investment and offered them AED 1,000 ($272) for each new investor they brought in.

Second, on March 17, the UAE Financial Intelligence Unit (FIU) and the Israeli Money Laundering and Terror Financing Prohibition Authority signed a Memorandum of Understanding to promote the exchange of financial intelligence between the two agencies and strengthen the cooperation between those agencies, the UAE, and Israel to improve the joint activity against money laundering and terrorism financing.

Third, on March 24, the Executive Office announced a number of new AML measures and tools, including new restrictions on the movement of cash and precious metals.  Those measures and tools include:

  • (1) a “goAML: tool to submit and analyze suspicious banking reports for authorities to take legal action;
  • (2) an “IEMS” platform to exchange messages between the UAE FIU, the private sector, and law enforcement entities in the UAE;
  • (3) a “Fawri Tech” program to facilitate immediate action on financial issues that relate to combating the proliferation of weapons of mass destruction;
  • (4) a unified e-customs platform that is directed, in the long term to controlling illicit trafficking and smuggling operations in the UAE; and
  • (5) a “Declare” program to restrict the movement of cash, precious stones, and metals before and after their arrival in the UAE in connection with the movement of passengers across customs borders.

The Executive Office stated that through the adoption of these technical controls, it “hopes to strengthen the UAE’s efforts to curb illicit flows of funds, promote asset recovery, and combat all forms of transnational financial crime.”

National Security Agency and Cybersecurity & Infrastructure Security Agency Release Joint Guidance on Using Protective Domain Name System (PDNS) Service

On any given day, some five billion people worldwide use the Internet.  Only a vanishingly small fraction of those people is even aware of, let alone understands the importance of, a critical component of Internet use: the Domain Name System (DNS).  The DNS system has been defined as “a hierarchy of duplicated database servers worldwide” that begin with so-called “root servers” for top-level domains such as .com, .net, .and org and converts alphabetic names into numeric Internet Protocol (IP) addresses.

Because the DNS system is so critical to the effective operation of the Internet and Internet communications, DNS has become “an increasingly targeted threat vector for attackers.”  Cyberattackers routinely use a variety of techniques to exploit the DNS system and gain unauthorized access to command-and-control systems and exfiltrate large volumes of sensitive data. 

On March 4, the U.S. National Security Agency (NSA) and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) released a joint information sheet that provides guidance on selecting a protective Domain Name System (PDNS) service “as a key defense against malicious cyber activity.”  As the information sheet explains, the DNS “is central to the operation of modern networks”, but “was not built to withstand abuse from bad actors intent on causing harm.”  It explains that a PDNS is “different from earlier security-related changes to DNS in that it is envisioned as a security service – not a protocol – that analyzes DNS queries and takes action to mitigate threats, leveraging the existing DNS protocol and architecture.”

The information sheet makes clear that it provides an assessment of several commercial PDNS providers based on reported capabilities, but that that assessment “is meant to serve as information for organizations, not as recommendations for provider selection.”  It advises that users of these services “must evaluate their architectures and specific needs when choosing a service for PDNS and then validate that a provider meets those needs.”

Chief Information Security Officers at companies and government agencies need to peruse the NSA-CISA guidance closely and give serious consideration to acquiring some form of PDNS.  Because DNS-based attacks are highly likely to increase during 2021, particularly from hostile state actors and professional cybercrime organizations, every enterprise must take seriously the need to protect itself from such attacks.

Ransomware Attacks on French Hospitals Accelerate French Government Cybersecurity Responses

Over the past year, hospitals in multiple cities and towns across France have been the target of ransomware attacks by unknown adversaries.  Within the last ten days, two more French hospitals – the Villefranche-sur-Saône hospital complex in the Southwest Landes Département, and the Dax hospital in the eastern Rhone Département – suffered ransomware attacks, and a third hospital in the Dordogne Département preemptively broke connections with an information technology provider.

Neither of the two most recent cyberattacks appeared to have resulted in any harm to patients.  The French Ministry of Health, however, stated that the attack on the Dax hospital had “paralysed . . . almost all information systems” in the hospital, and the Villefranche hospital reported that the attack on it “strongly impact[ed]” three of its locations.

This recent spate of ransomware attacks in the French healthcare sector may constitute a significant change in targeting by ransomware criminal groups.  As recently as December 2020, the German Federal Office of Information Security and the French National Agency for the Security of Information Systems (ANSSI) issued a joint report stating that “the overall threat level for a cyber-attack on the healthcare sector has not risen above levels observed before the COVID-19 pandemic.”

In response to the latest cyberattacks, on February 18 French President Emmanuel Macron publicly stated that the attacks had put the hospitals in a position of “vulnerability.”  He called cybersecurity a “priority,” and promised to accelerate cyberdefense measures that reportedly include “boosting police and judicial cooperation, earmarking around €500 million ($600 million) to help companies and public authorities boost their cyber defences, and funding research and development.”  He also noted that later in 2021 he would open a new cyberdefense center in Paris’s financial district, to be staffed by 1,500 researchers and others working for private firms or for the government.

These latest reports should come as no surprise to information security officers in the healthcare sector.  Last October, the New York Times reported that Russian hackers had been trading a list of more than 400 hospitals that they planned to target.  Even before the latest French hospital attacks, the Wall Street Journal reported this month that hackers “are increasing their attempts to break into health-care companies.”

While COVID-related financial pressures may have made it exceedingly difficult for many hospitals to fund cybersecurity improvements, it is imperative for hospitals to bolster their cyberdefenses, particularly for ransomware attacks, while they can.  Although no hospital patient has yet died as a direct result of ransomware-caused loss of electricity or system functionality, hospitals need to understand that ransomware groups are indifferent to the possibility that their attacks may one day result in such deaths.

Brazilian President Bolsonaro Disbands Operation “Lava Jato” Task Force

Since his electoral campaign in 2018, Brazilian President Jair Bolsonaro has repeatedly and publicly demonstrated his commitment to the issue of corruption.  That commitment, however, has devolved from rooting out corruption to rooting out law enforcement officials and agencies dedicated to combating corruption.

After selecting Judge Sérgio Moro – a national hero for overseeing the multiyear anticorruption investigation known as Operation Lava Jato (Car Wash) — as his Attorney General, Bolsonaro proceeded in 2020 to fire Maurício Valeixo, the chief of the Brazilian national police, as investigators reportedly were investigatng a number of Bolsonaro’s supporters, including Bolsonaro’s son, Senator Flavio Bolsonaro.  Valeixo’s firing precipitated the resignation of Judge Moro, as well as charges by Moro that Bolsonaro was seeking improperly to politicize the Ministry of Justice.

Despite the political and popular outcry that followed, Bolsonaro has remained resolute in undermining Brazilian law enforcement’s efforts to uncover corruption.  In October 2020, even while he himself was under investigation by the Brazilian Supreme Court for alleged misconduct, Bolsonaro stated that he had “ended” Lava Jato, declaring, “There isn’t any more corruption in the government.”

Although the Lava Jato team evidently tried to continue its investigative work, on February 3 it “announced its termination after several of its investigators were seconded to another federal anti-organised crime task force.”  Moro’s successor as Attorney General, Augusto Aras – who had once said that Moro’s allegations against Bolsonaro, if true, “would reveal the practice of illegal actions” – dismissed the disbanding of the task force as amounting to no more than a change of name.

Risk and compliance officers at companies doing business in Brazil should not underestimate the significance of Bolsonaro’s latest action.  By snuffing out the Car Wash investigation altogether, he has not only eliminated the most effective anti-corruption force in Brazil, but signaled to his supporters and to other Brazilian politicians that corruption carries no consequences – at least if they continue to support or remain silent about his and his administration’s malversations.  As Bolsonaro has another two years in his current term of office, and is likely to seek reelection in 2022, it is equally likely that Brazil will return to the levels of pervasive corruption in Brazilian government and business that preceded Bolsonaro’s election.