News

With the chairs stacked, luggage zipped, goodbyes given and a taxi waiting to speed us to the airport, ACAMS moneylaundering.com reflects on another entertaining and educational three-day get-together in Las Vegas, and shares some of what we learned with our readers.

During the question-and-answer segment of Tuesday’s opening panel, attendees asked federal regulators to advise them on the steps they should take when vetting cryptocurrency platforms and other virtual asset service providers as potential clients, and afterwards managing the anti-money laundering risks those companies present.

Lisa Arquette, associate director of AML at the Federal Deposit Insurance Corp., recommended carefully monitoring any communications VASPs make to their own customers. “If there’s a misrepresentation that there’s deposit insurance associated with [a VASP-offered financial product], you’ll see something from the FDIC,” she said.

Suzanne Williams, deputy associate director of the Federal Reserve Board, added that banks should also ask VASPs to demonstrate how they screen transactions and customers for sanctions-compliance purposes, and identify “who will be screening for suspicious activity.” Overly complicated answers and unclear technological processes “could be a red flag,” she said.

With the first of three beneficial ownership-related rules now finalized, completing the remaining two and advising financial institutions on how to implement a list of national financial-crime priorities mandated by the AML Act are at the top of FinCEN’s agenda, said Jay Song, director of the bureau’s office of compliance.

On Wednesday, in response to ACAMS moderator and moneylaundering.com editor-in-chief Kieran Beer’s question on what financial institutions should expect from Treasury’s ongoing review and possible streamlining of U.S. suspicious activity reporting, FinCEN Acting Director Himamauli Das answered that “the conversation has been around thresholds, what the right value is [and] whether they should be adjusted for inflation,” and other “criteria and factors.”

Current and former investigators said in Wednesday’s “Rock SARs” panel that a well-written report is specific and gets right to the point.

“If I don’t know what’s going on within the first two sentences, I’m just not that interested,” said Meryl Lutsky, former chief of money laundering investigations at the New York Office of the Attorney General. “It doesn’t mean it’s not a good SAR, it’s just something that I don’t have the resources to put into,” Lutsky said, noting that investigators sometimes review dozens of SARs a day.

Jim Candelmo, a senior compliance officer at PNC Bank, agreed. “Cut to the chase,” he said.

Speaking on the use of cryptocurrency in financial crime, Kevin Lowell, a criminal trial attorney at the U.S. Justice Department, said Wednesday that in the absence of industry-specific legislation, federal officials will continue translating their existing authority into enforcement actions.

“I think what you have seen over the past 12 months is each of the major civil enforcement agencies, the SEC, the CFTC and FinCEN—as well as the criminal investigating agencies—all carving out their respective lanes in the crypto space.”

Businesses sending recurring, round-dollar payments to individuals through peer-to-peer systems represents one of the hallmarks of organized retail-theft rings, and may indicate efforts by crew leaders to compensate “boosters” who steal over-the-counter medication and other high-value goods on their behalf, said Kevin Toth, senior manager of special investigations at Capital One.

“You may have seen organized retail crime and just didn’t know it,” he said, adding that multiple, related rentals of trucks and storage units may indicate the involvement of a fencer in such operations.

Brian Nelson, Treasury Under Secretary for Terrorism and Financial Intelligence, said Tuesday morning that a Western-imposed price ceiling on petroleum from Russia has raised questions and concerns from compliance professionals. U.S. officials aim to publish guidance for financial institutions that service oil shippers, refiners and traders before the price cap takes effect Dec. 5.

“Compliance sanctions professionals recognize that this is quite different from other oil sanctions programs,” he said. “Here, the objective is to limit the revenue flowing to Putin, while also allowing this oil to continue to reach the global market.”

The conference’s closing panel Thursday featured government officials and senior compliance officers discussing the challenges that investigators and financial institutions alike face in trying to observe and enforce the current mismatch of sanctions against Russian oligarchs, and identify and seize their assets.

Individuals designated by the United States, for example, may keep the bulk of their funds in the United Kingdom, where no such sanction applies, said Jessica Bartlett, head of financial crime-legal at Barclays.

“It would be great to run a global program … but you run into barriers,” she said.

Oleg Pobereko, a senior analyst with IRS–Criminal Investigations, said investigators “have to get creative” when stumbling blocks appear. In the quasi-hypothetical scenario that his co-panelist described, for example, U.S. authorities would seek help from the United Kingdom’s HM Revenues & Customs to seize properties and accounts tied to U.S.-blacklisted individuals in Britain.

Cooperation emerged as a theme in a Thursday morning discussion on tackling “Oceans 11-style” networks of highly specialized, otherwise disparate criminals, including hackers, malware coders and money launderers who work together to pull off largescale ransomware attacks and other heists.

To counter the threat, financial institutions should coordinate with each other and law enforcement to get a complete picture of a criminal enterprise. “It takes a network to bring down a network,” Markus Schulz, a senior compliance executive at ING in Amsterdam, told attendees.

Discussing the state of play of online illicit activity Thursday, Bryan Smith, section chief of the FBI’s cybercriminal section, said multi-factor authentication—the process of, for example, texting a numerical code to a legitimate customer so that he or she can authenticate their password-protected login–has proven effective in blocking account takeovers, but remains underused.

“Best practice is to make it standard, unless someone opts out,” he said.

Compliance chiefs questioned whether FinCEN’s introduction of a new, federally administered database of beneficial owners will create a new verification burden for financial institutions that discover incorrect information on the register.

“There’s a lot of uncertainty,” Heather Allen, a senior compliance officer at Truist Financial Corp. told attendees Thursday. “What is our responsibility, and how often do we have to be refreshing?”

Asked whether the risk banks incur when serving marijuana businesses will subside now that White House has pardoned individuals convicted of simple possession, Schultz, the compliance executive at ING voiced skepticism.

“I’m here in Amsterdam … and 30 years ago it was a big topic. Twenty years ago: big topic. Today: big topic. So don’t expect that to go anywhere soon.”

And that’s a wrap.

Safe travels home, and see you in Toronto!

Contact Colby Adams at cadams@acams.org and Fred Williams at fwilliams@acams.org