Italian Police Disrupt Major Chinese Money-Laundering Operation

The war against money laundering, though hardly lost, has been for many years a global conflict, with many fronts whose exact contours are in constant flux.   One of the more enduring sectors along those fronts is China.  China not only is among the top 20 countries on the Basel Institute on Governance’s AML Risk Index, but has the world’s second-largest economy and largest population, and is the third-largest country in geographic size.  Its vast financial system comprises not only banking and financial markets, but a “shadow banking” system consisting of informal financial intermediaries, internal financing and trade credits, and coalitions among firms, investors, and local governments.

Unfortunately, the vastness of the Chinese economy and financial system has played an important role in China becoming what one recent report “the global hub for money laundering, not just for the Chinese but for criminals around the world.”

One example of Chinese connections to global money laundering came to light this week, as Italian authorities announced that they had successfully taken down “a complex money laundering operation and an illegal metal recycling business that had enabled criminals to transfer huge amounts of illicit cash between Italy and China.”  The police operation was the culmination of a three-year investigation that the anti-mafia prosecutor in Trieste coordinated.

The investigation revealed “a network of firms that between 2013 and 2021 sold around 150,000 tonnes of scrap metal, including copper, brass and aluminium, that came from various sources, circumventing environmental norms and evading taxes on deals estimated to be worth some €300 million (US$363 million).”  Companies in the Czech Republic and Slovenia reportedly produced falsified documents, showing that the material had been acquired in China, in order to make the metals look legitimate for end-users, and sent approximately €150 million (US$181 million) in deposits to Chinese banks as apparent payment to enhance the authenticity of the false documentation.

As part of their investigation, the Italian financial police used wiretapping, surveillance, and particularly micro-cameras.  Police surveillance operations showed, for example, that when the money was transmitted to China, certain Italian businessmen connected with the operation “received huge bundles of cash back in Italy. On one occasion, €200,000 in cash was handed over in a plastic shopping bag.”

To date, Italian police have placed 53 people under official investigation, made five arrests, and seized €66 million (US$80 million), but are continuing investigations, especially into the Chinese operations.

China certainly appears to be taking its domestic money laundering problem seriously.  Just this month, the Central Bank of China released a revised draft anti-money laundering (AML) law that would increase fines for certain offenses and expand the scope of the AML law’s coverage, and Chinese authorities reportedly arrested more than 1,100 people suspected of involvement in laundering proceeds of fraudulent schemes.

Nonetheless, the recent Italian police operation points up the need for expanded AML cooperation between Chinese and foreign law enforcement and regulatory agencies, and between leading Chinese and foreign financial institutions.  It also underscores the importance of financial firms’ AML compliance departments maintaining vigilance in identifying China-related international transactions that pose an elevated risk of money laundering.

European Public Prosecutor’s Office Begins Operations

For some time, the European Union has grappled with how best to combat financial crime directed at its budget.  As part of that effort, it has been making use of existing government bodies such as Europol (the EU’s law enforcement agency), Eurojust (the EU’s agency for criminal justice cooperation), and the European Anti-Fraud Office (OLAF) (the EU entity that investigates fraud against the EU budget, corruption, and serious misconduct within the European institutions and develops anti-fraud policy for the European Commission).

To date, however, the combined efforts of those agencies have not been making sufficient headway in combating crimes against the EU budget.  In 2019, the European Court of Auditors (ECA) issued a report that was highly critical of the European Commission’s (EC’s) existing approach to EU budget fraud.  Among other concerns, it found that between 2002 and 2016, frauds had taken at least €8.8 billion from the EU budget, and that OLAF’s administrative investigations had led to prosecution in fewer than half of its cases and resulted in recovery of less than one-third of the funds.

The ECA, however, also called attention to the creation of the European Public Prosecutor’s Office (EPPO), a new EU entity established in 2017 with powers to investigate and prosecute crimes against the EU’s financial interests.  The ECA called the EPPO’s establishment “a step in the right direction”, and noted that it would begin operations in 2020.

Although the setup of the EPPO took longer than initially expected, on June 1 the EPPO formally launched its operations at its offices in Luxembourg.   The EPPO’s mandate is “to investigate, prosecute and bring to judgment crimes against the EU budget, such as fraud, corruption or serious cross-border VAT fraud.”  As currently organized, the EPPO’s Chief Prosecutor is Laura Codruța Kövesi, the former chief prosecutor of Romania’s National Anticorruption Directorate and former Romanian Prosecutor General.  The remaining EPPO staff consists of two Chief Deputies and other prosecutors drawn from the 22 EU countries participating in the EPPO.  (Denmark, Ireland, Hungary, Poland and Sweden are not participating in the EPPO, although Sweden reportedly plans to join the EPPO in 2022.)

The EPPO already faces a considerable body of work, with some 3,000 cases already submitted to it.  According to Kövesi, the first new reports of alleged fraud against the EU budget, submitted from Germany and Italy, came in within hours of the EPPO’s online reporting system going “live.”

At the outset, Kövesi is evidently focusing on the use of EU funds for purposes other than their original intended purpose, corruption, and money laundering.  At the same time, she will need to manage public expectations about the EPPO’s progress and accomplishments with some care.  In a recent media interview, she acknowledged that the EPPO has no authority to pursue offenses committed in non-EU countries unless the alleged fraud has a clear connection with one of the 22 EPPO country participants.  As she put it, “We can look to see if there is a link with the member state… (but otherwise) it will depend on the national prosecutor and the European Anti-Fraud Office (OLAF). They will continue to be investigated by the national prosecutor.”  Some fairly early successes would certainly be helpful to the EPPO’s cause, but the complexity of the cases it will be pursuing makes quick successes unlikely.

Justice Department Announces Agreement on Divestiture of Branches for Huntington Bancshares Acquisition of TCF Financial Corporation

Under the Hart-Scott-Rodino Act, both the U.S. Department of Justice and the Federal Trade Commission have authority not only to review most proposed mergers and acquisitions that take place in the United States for possible antitrust concerns, but to halt such a proposed transaction if they believe that the deal would “substantially lessen competition.”  Both agencies, however, may also approve a particular merger or acquisition on the condition that the acquiring or acquired entity divest itself of certain businesses or operations.

In the latest example of this conditional-approval authority, on May 25 the Justice Department announced that it had reached agreement with Huntington Bancshares Incorporated and TCF Financial Corporation to have the companies sell 13 branches in the state of Michigan (with approximately $872.3 million in deposits), to resolve antitrust concerns arising from Huntington’s planned acquisition of TCF Bank. The divested assets include all of the deposits and loans associated with the 13 divested branches, as well as the physical assets.

Key provisions of the financial institutions’ agreement with the Justice Department include:

  • Divestiture of the 13 branches in 9 counties and the City of Midland;
  • The companies’ agreement “to suspend existing, and not to enter into new, non-compete agreements with branch managers and loan officers located in the divestiture counties for a period of 180 days following the consummation of their merger”;
  • The companies’ agreement that any traditional branches that are located in any overlap market in Michigan and Ohio and that are closed within three years of the merger’s closing “will be sold or leased to an insured depository institution that offers deposit and credit services to small businesses.”

As a result of the acquisition, Huntington, which currently has approximately $120 billion in assets, will become the 25th largest bank holding company based on assets.

It should be noted that the 13 branches to be divested represent a vanishingly small percentage of the total number of branches that Huntington and TCF have.  Currently, Huntington has 839 full-service branches across seven Midwestern states, and TCF has 475 branches primarily located in Michigan, Illinois, and Minnesota.  The 13 branches therefore represent less than one percent of the total number of Huntington and TCF branches.

On its face, the divestiture of so small a number of bank branches would not seem to make much of a difference in avoiding the “substantia[l] lessen[ing of] competition.”  In this case, however, the Federal Reserve Board, noted – after analyzing such competitive factors as the number and strength of competitors that would remain in the relevant markets and the current and expected increased concentration levels of market deposits — that the divestitures that Huntington and TCF proposed in four banking markets are “significant” and “ensure that the proposed transaction will present no competitive concerns under the [Bank Holding Company] Act or Section 7 of the Clayton Act.”

While the transaction still requires final approval by the Board, the Justice Department has advised the Board that the Department

“will not challenge the merger provided that the parties divest branches in certain areas of overlap and agree that any traditional branches in Michigan and in the five overlapping counties in Ohio that are closed within three years following the merger, will be marketed to an institution with a demonstrated record of providing services and loans to the local community.”

Figure: Geographic Footprint of Huntington Bancshares Branches (As Of February 13, 2021) [Public Domain]

Bizarro Malware Expanding Reach to European and South American Banks

Over the last several years, Brazil has continued to maintain its reputation as a hotspot for cybercrime.  According to the APWG, there were 48,137 recorded phishing attacks in 2020 – a nearly 100 percent increase over 2019.

Recently, a leading cybersecurity firm, Kaspersky Labs, reported that a new banking malware that originated in Brazil, called “Bizarro”, is targeting 70 banks in Argentina, Chile, France, Germany, Italy, Portugal, and Spain.   In brief, Bizarro is a banking Trojan that is distributed when email users click on links in spam emails.

Among other features, Bizarro creates a backdoor (a secret portal allowing remote access to a computer) that Kaspersky reports “contains more than 100 commands and most of them are used to display fake pop-up messages to users. Some of them are even trying to mimic online banking systems.”  In addition, “Bizarro is using affiliates or recruiting money mules to operationalize their attacks, doing the cashout or simply helping with translations.”

Information-security and financial crime officers in financial institutions – and not just in Europe and South America — should take note of these details regarding Bizarro and incorporate them into internal briefings and training on cybercrime trends.  While the Kaspersky report highlighted Bizarro’s expansion into Europe and South America, it is more than conceivable that the group behind Bizarro will try to expand their reach to financial institutions in North America and Asia.  If it has the will and skill to find money mules and translators who can write in Spanish and other European languages, it may adopt the same approach to find accomplices sufficiently fluent in English or Asian languages.

(Note: Technical details regarding the operation of Bizarro are available on the Kaspersky and Securelist sites.)

Singapore Authorities Working to Unravel Massive Nickel Fraud Scheme

At a time when media reports are calling attention to large-scale cybercrime schemes such as the Colonial Pipeline attack, in which coordinated actions by multiple individuals result in vast financial losses, it is necessary to remember that lone actors can also carry out massive frauds.  Over the years, rogue traders such as Nick Leeson and Jérôme Kerviel and Ponzi masterminds such as Bernard Madoff have shown that individuals, with little or no help, can successfully conduct fraud schemes resulting in millions, even billions, of dollars in losses.

The latest example of such lone-actor fraud schemes may be Ng Yu Zhi, now former managing director at Envy Global Trading Pte Ltd and Envy Asset Management Pte Ltd in Singapore.  Since March 2021, Singapore prosecutors have been filing charges against Ng for alleged cheating and fraud in connection with a nickel-trading scheme that raised at least S$1 billion (US$746 million) from investors. 

According to prosecutors, Envy Asset Management had deceived investors into lending the firm money between January 2018 and March 2020 to purchase nickel from Australian-listed firm Poseidon Nickel. Although investors were reportedly promised varying returns, averaging 15 per cent over three months, no such commodity trades were made.  Prosecutors also said, in seeking bail of S$3 million and electronic tagging for Ng, told the Singapore district court “that the outstanding funds invested with the two firms amounted to at least S$1 billion for the purported financing of nickel trading activities.”

At that time, investigators believed that approximately S$700 million was paid to investors and S$300 million was transferred to Ng’s personal account, but that approximately S$200 million remained unaccounted for. Singapore police also seized assets valued at S$100 million from Ng. 

Subsequently, Singapore authorities brought two additional charges against Ng, for fraudulently making false electronic records.  One of the charges alleges that Ng made a false record of a US$60 million transfer from Envy Asset Management Trading’s Citibank account to another account in February 2021.  The other alleges that Ng made a false record of a combined balance of US$303 million in Envy Asset Management Trading’s Citibank accounts in March 2021.

Ng is now faced with a total of 18 criminal charges involving cheating, fraudulent trading, and forgery.   The most recent charges, filed May 17, allege that between September 2020 and January 2021, Ng deceived “seven individuals and companies into buying some receivables from Envy Global Trading’s purported sale of nickel to a firm called Raffemet, but there was no such transaction.”

While the case against Ng has yet to be proved, corporate compliance teams can use the information reported so far in reviewing the scope and coverage of their fraud monitoring and other internal controls.  Some internal fraud “red flags”, such as indications of an employee’s living above his or her means, may need to be recalibrated for high-level employees, who have high salaries and greater authority to authorize substantial expenditures and transactions.  And the broader that discretion, the greater the need for the company to watch for abuses of that discretion that could lead to substantial company and client losses.