Lockdowns, Legal Changes and Leak Fatigue: the Year in AML


Read about U.K. and European AML and sanctions here.

In the waning days of 2019, when news emerged that the novel coronavirus had begun spreading beyond Wuhan, China, few grasped the scale of the human tragedy, economic catastrophe and inspiring resilience that the coming year would witness.

2020 will forever be marked by COVID-19, which has killed nearly 2 million people to date and infected tens of millions more, forced hundreds of thousands of businesses to close and pushed much of the world into unemployment, and left those of us lucky to still have jobs either marooned at home or risking exposure as frontline workers.

By August, when a deadly explosion ripped through Beirut and massive cuts to the U.S. Postal Service raised fears that votes would be suppressed, the world was firmly in the grips of a pandemic and recession. But the year ended on a hopeful note, with the first vaccinations administered in December.

2020 also ended notably for the financial services industry in the United Kingdom, Europe and especially in the United States, where more than a decade of efforts to address criminal exploitation of lax incorporation policies to hide and move illicit funds reached a milestone with congressional approval of the Anti-Money Laundering Act.


The AML Act, which U.S. lawmakers approved as part of an annual defense-spending bill, directs the Treasury Department’s Financial Crimes Enforcement Network to revise the customer due-diligence rule that took effect in 2018, expand AML requirements to antiquities dealers, and build a database of information that identifies the beneficial owners of U.S. legal entities. More

The bill also directs FinCEN to regularly query law enforcement for feedback on suspicious activity reports, or SARs, then share those findings with the institutions that filed them. Congressional discord over the value of the next round of COVID-19 stimulus payments have delayed final passage of the NDAA after the White House vetoed the bill.

“The legislation is the big story right now,” said Rob Rowe, vice president and senior counsel at the American Bankers Association. “A lot of provisions are encouraging, but some elements, such as how technology will be applied, will have to be clarified by regulators over time.”

All bills aside, the U.S. financial intelligence unit had a prolific year despite the pandemic. FinCEN’s customer due-diligence rule won favor with the Financial Action Task Force in March, when FATF assigned the U.S. a higher grade for complying with the group’s standards for screening clients and identifying beneficial owners. More

FinCEN fined Michael LaFontaine, a former senior executive at U.S. Bank, $450,000 for maintaining “woefully inadequate” AML staffing levels and failing to scrap limits on transactional alerts that delayed or prevented the filing of thousands of suspicious activity reports, or SARs. More

The bureau then sought to clarify how banks and other institutions should vet firms that produce hemp, which federal lawmakers effectively legalized two years ago by removing the strain from a list of controlled substances. More

FinCEN’s decision in July to finalize Iran’s status as a “primary money laundering concern” under the Patriot Act may herald a more aggressive use of the power, but could expose the bureau to legal challenges going forward. More

In August, FinCEN, the Office of the Comptroller of the Currency, Federal Reserve and other regulators outlined the range of punitive measures to which financial institutions expose themselves by violating the Bank Secrecy Act. More

In September, the bureau finalized a 2016 proposal to extend AML rules to certain trust companies, credit unions, savings associations and other institutions that lack a functional federal regulator. Private banks in Puerto Rico and state-chartered institutions should expect more supervision as a result. More

Also in September, the bureau proposed requiring that banks maintain “effective” AML programs that not only comply with the BSA, but also stand a “reasonable” chance of actually preventing money laundering and terrorist financing. More

The effectiveness proposal, which drew support and skepticism alike from financial institutions, came five months after regulators revised the manual that examiners in the field use to assess compliance with the BSA. More and More

FinCEN Director Ken Blanco told attendees of the ACAMS Virtual Las Vegas Conference later that month that the bureau by that point had received nearly 100,000 SARs on payments tied to the novel coronavirus pandemic. More

The bureau then drew attention to attempts by human traffickers to use prepaid cards, cryptocurrencies and peer-to-peer exchanges in combination to receive and launder payments tied to the illicit sex industry. More

Former FinCEN Director James Freis told virtual attendees of the ABA/ABA Financial Crimes Enforcement Conference in December that he saw “obvious” signs of fraud in his first two days at Wirecard, the German payment processor that collapsed this year under the weight of a massive accounting and money laundering scandal. More

In an advisory, the bureau clarified that the Patriot Act allows banks to share data on clients and transactions that appear suspicious, regardless of whether they have conclusive evidence to support such a determination. More

The bureau also clarified that third-party vendors and other firms that do not qualify as financial institutions under the Bank Secrecy Act can form “associations” and use the safe harbor under section 314(b) of the Patriot Act.

FinCEN then disclosed plans to lower the current $3,000 threshold at which banks and other institutions must share data on the originators and beneficiaries of international payments to $250. The new “travel rule” threshold would apply to a dramatically larger haul of transactions. More

The Office of the Comptroller of the Currency and Federal Deposit Insurance Corp. separately announced their intention to seek broader authority to exempt financial institutions from having to file SARs under certain circumstances. More

Broader exemption power would help regulators promote use of the latest technologies to detect suspicious transactions and address a gap that formed when the Treasury Department delegated that authority to FinCEN alone, the OCC and FDIC claimed in their proposal.

In December, FinCEN announced a plan to require banks, cryptocurrency exchanges and other money services businesses to collect more information on the movement of bitcoins and other digital tokens to and from private wallets. More

“FinCEN’s policy division has been more active this past year, and that’s a big change for institutions to take note of,” said Braddock Stevenson, former deputy associate director of the bureau’s enforcement wing. “Institutions need to prepare for their exams by thinking about how they can show that their AML program is effective towards achieving the goals of the BSA.”


Opinions may diverge on the extent to which COVID-19 directly affected banks and other institutions outside of forcing the bulk of their staff to work remotely, but the pandemic undoubtedly brought a wave of financial crime with it.

In March, as the disease spread across the country, financial institutions prepared for a spike of cash withdrawals and increased use of digital services, while FinCEN warned them to disclose “any potential delays in their ability to file required BSA reports.” More

Federal prosecutors warned that fraud against the Payment Protection Program would almost certainly occur on a large scale during the pandemic, and financial institutions anticipated a growth in suspicious payments involving medical transport firms. More

“I think that PPP fraud cannot be overestimated, and we can’t overestimate the amount of money that has been lost,” said Grant Rabenn, a federal prosecutor in Sacramento. “I have had several investigations in which the targets were getting $20,000, $30,000, $40,000 PPP loans and these were people who do not have legitimate businesses.”

A New England-based compliance officer’s enhanced due-diligence review of a COVID-19 loan application from the purported owners of four local restaurants led to federal bank-fraud charges against two individuals in May. More

“All of the relief packages have had an impact in various ways,” said Nicole Kitowski, chief risk officer for Associated Bank in Green Bay, Wisconsin. “We did $1 billion in PPP loans requiring program adjustments, and with EIDL [disaster loans initiated by the Small Business Administration], we had a huge burden due to many transactions that seemed anomalous with the intent, requiring SARs, account closures, and monies redirected to the SBA.”

FinCEN warned in a COVID-19 advisory in May that in addition to hoarding and price gouging of actual medical goods, financial crimes tied to the pandemic often involve sales of fake tests, vaccines, and other nonexistent healthcare supplies and services. More

FinCEN again covered COVID-19 in October by flagging several potential indicia of attempts to steal federal subsidies intended for individuals who have lost their jobs during the pandemic, such as clients receiving unemployment payments in a state where they do not work or live, withdrawing assistance in lump sums, and immediately transferring the funds overseas. More

The bureau ended the year by re-advising financial institutions to stay alert to pandemic-related fraud schemes. “Already, fraudsters have offered, for a fee, to provide potential victims with the vaccine sooner than permitted under the applicable vaccine distribution plan,” the bureau warned. More

“COVID-19 clearly presented the biggest challenge in 2020,” said Grovetta Gardineer, a senior deputy comptroller of bank supervision policy at the OCC. “We had to pivot quickly, and were able to work with the other agencies to provide relief to industry, acknowledging the challenges they faced and confirming that required filings would be delayed.”

The OCC issued more than 50 guidance documents relating to COVID-19 over the past nine months across all areas of banking, including BSA and AML, and continued to examine banks despite the pandemic, Gardineer said. “Overall, we have not seen an increase in significant problems or violations.”


September ushered in the FinCEN Files, a series of stories from BuzzFeed News and the International Consortium of Investigative Journalists based on more than 2,100 SARs that together covered $2 trillion worth of payments.

Those and other news outlets largely reported that the batch of leaked SARs showed global banks continued to serve suspected criminals and handle potentially illicit funds despite spending vast resources to detect them, and may have even filed the SARs for the sole purpose of appearing vigilant to their regulators.

Moreover, rather than list the specific circumstances and factors that should compel banks to cut ties with a specific customer, U.S. AML rules and advisories instead instruct them to let their own appetites for risk—and their ability to manage that risk—guide their decisions. More and More

Federal investigators and compliance officers told that more than indicating widespread malfeasance in the financial sector, the SARs showed that the 100 banks in question fulfilled their duty to flag potential cases that U.S. law enforcement and FinCEN subsequently did not pursue. More

The FinCEN Files do not represent the first leak of confidential banking records, nor the first leak of SARs specifically.

The year began with Natalie Mayflower Sours Edwards, a four-year veteran of FinCEN’s intelligence division, pleading guilty to leaking thousands of SARs and other records to BuzzFeed News from October 2017 to January 2018. The violation carries a maximum sentence of five years in prison but prosecutors have recommended six months. More

Beginning with the Panama Papers in 2016, the Paradise Papers in 2017, and confidential documents exposing the Russian Laundromat, Troika Laundromat and Azerbaijani Laundromat, financial institutions have been the subject of millions of leaked records pertaining to secretive, if not criminal, finance.

“I think with the FinCEN Files, that still shows that with these onslaught of leaks, the public wants individuals to be held liable for BSA violations,” said Rabenn, the federal prosecutor.

New targets

2020’s marquee, headline-grabbing money laundering case arrived in August, when prosecutors accused former Trump campaign director Steve Bannon with conspiring to launder money by using a nonprofit to layer more than $1 million that he and his partners allegedly siphoned from “We Build the Wall,” a crowdfunding campaign. More

Traditional U.S. financial institutions largely remained under the enforcement radar in 2020, but new targets of investigation emerged in the cryptocurrency industry, where regulatory actions and federal prosecutions have become mainstream.

In a 30-page cease and desist order in March, the OCC ordered M.Y. Safra Bank in New York to implement AML upgrades after examiners found that the lender did not properly vet transactions to and from high-risk jurisdictions, including payments from exchanges, cryptocurrency ATMs and “crypto arbitrage trading accounts.” More

In July, a 39-year-old resident of Yorba Linda, California, admitted to federal accusations that he exchanged up to $25 million of both licit and illicit cash through face-to-face transactions and an unregistered network of Bitcoin ATMs in and around Los Angeles. More

Federal prosecutors in Washington, D.C., followed in August by taking custody of around 300 cryptocurrency wallets that blacklisted terrorists allegedly used to collect millions of dollars from global supporters who had run a number of scams to generate the funds, including sales of fraudulent coronavirus-related medical equipment. More The case marked the largest seizure of cryptocurrency to date from alleged terrorists, prosecutors said at the time.

The Justice Department disclosed in September that several cryptocurrency exchanges had rejected and frozen bitcoins and other cryptocurrencies linked to cyberthefts and other illicit schemes run by North Korea. More

In October, federal prosecutors in New York charged four individuals with failing to build an AML program at the Bitcoin Mercantile Exchange, or BitMEX, and disregarding requirements to register with FinCEN for several years. More

FinCEN that month fined Larry Harmon, of Akron, Ohio, $60 million for “deliberately” violating the BSA by failing to screen clients who funneled tens of millions of dollars in bitcoins through cryptocurrency mixers, or tumblers, that he ran from 2014 until this year. More

FinCEN and the Treasury Department’s Office of Foreign Assets Control, or OFAC, noted in parallel advisories that cyberthieves have increasingly used sophisticated malware during the COVID-19 pandemic to subvert government IT systems as well as the financial, educational and healthcare sectors. More

Firms that pay hackers cryptocurrency to decrypt their clients’ IT systems may qualify as money services businesses under the BSA, FinCEN warned.

In November, prosecutors in Northern California sought to forfeit more than 69,000 bitcoins from an unnamed suspect who allegedly stole them several years earlier from Silk Road, a now-defunct online black market. The total value of the forfeiture amounted to $1 billion. More

Federal prosecutors and the New York State Department of Financial Services, or DFS, fined Industrial Bank of Korea $86 million in April for using Excel spread sheets to monitor transactions and failing to detect a $1 billion sanctions evasion scheme in 2011 that benefited Iran. More

DFS assessed a $150 million fine against Deutsche Bank in July for handling millions of dollars in suspicious payments for billionaire financier and accused sex trafficker Jeffrey Epstein, and separately failing to vet hundreds of billions of dollars in correspondent transactions for Danske Bank Estonia and FBME Bank in Cyprus. More

But the most significant U.S. action against a traditional bank in 2020 targeted Goldman Sachs, which agreed in October to pay $3 billion to the Justice Department and other agencies for enabling the embezzlement of billions of dollars from 1MDB, and ignoring the “glaring red flag” raised by the involvement of Jho Low, the now-fugitive financier, with the state fund. More

Prosecutors accused Goldman of paying $1.6 million in bribes in Malaysia, Abu Dhabi and other nations to secure the right to administer three 1MDB bond offerings in 2012 and 2013 that brought the lender $600 million in fees.

U.S. banks have secretly blocked payments between American companies and their overseas partners as part of a campaign by OFAC to prevent North Korea from using the global financial system, sources told in February. More

OFAC’s designation of two leading members of the International Criminal Court in September “was a low point” for the White House, which has largely abandoned the multilateral approach towards sanctions under Trump, said Daniel Tannebaum, partner and Americas anti-financial crime head at Oliver Wyman, a global consulting firm in New York. More

By contrast, the Trump administration’s use of sanctions in response to the Chinese Communist Party’s violations of human rights in Xinjiang showed the U.S. leading the world on a significant issue, he said.

In November, OFAC found in an advisory that the U.S. art industry’s eagerness to maintain confidentiality and use shell companies and other intermediaries to make payments helps U.S.-designated individuals and entities launder funds. More


In June, Canada’s Finance Department began requiring banks, casinos, precious metals dealers and other firms to flag suspicious activity “as soon as practicable” rather than within a month from the date of the transaction in question. More

The new requirement was finalized as part of a broad overhaul of the nation’s AML rules in June 2019. Most of the changes, including a requirement that banks verify the origin of funds deposited by foreign officials, their relatives and other politically exposed persons, take effect in June 2021.

As COVID-19 began to take hold, the country’s financial intelligence unit, the Financial Transactions and Reports Analysis Centre of Canada, paused AML exams in March and pledged to stay “flexible and reasonable” with its examination schedule during the pandemic.

Fintrac received an average of 8,000 suspicious transaction reports, or STRs, each week from April to August 2020 during the pandemic, marking a 25 percent jump from the pervious year. More

After finding that their current strategy has led to an overlap of investigations and arrests of cash and drug middlemen rather than senior money launderers and kingpins, the Royal Canadian Mounted Police in Toronto formed plans to stop investigating organized crime independently from illicit finance. More

Justice Austin Cullen, head of an ongoing investigation into money laundering in British Columbia, accused Fintrac and other Canadian federal agencies of withholding documents that his panel required to complete their inquiry.

“It seems apparent that federal prosecutors will have valuable insight into the challenges faced by law enforcement officials and prosecutors in the handling of money laundering offenses, [but] the approach taken by Canada will not allow these issues to be explored in an effective way,” he claimed in a Dec. 10 report on the investigation.

Across the pond

In April, U.K. officials began exchanging granular financial intelligence on a weekly basis with banks and other firms to identify individual suspects tied to fraud and money laundering during the pandemic. More

“We found that the culture and risk appetite [for sharing data] may well differ between fraud and AML teams, between institutions and also across sectors, so that does lead to complexity,” Sarah Pritchard, director of the National Crime Agency’s National Economic Crime Center, said.

In July, the U.K. outlined the contours of its first autonomous sanctions regime since leaving the EU by designating almost 50 parties accused of human rights abuses in Russia, Saudi Arabia, North Korea and Myanmar. Britain then imposed sanctions on Belarusian officials involved in a violent crackdown on political protesters. More and More

European governments busied themselves with implementing the EU’s latest AML directive, 5AMLD, but several nations encountered domestic hurdles in trying to create public databases of beneficial ownership information and expand AML rules to cryptocurrency firms by the January deadline. More

In February, the European Commission launched infringement cases against Spain, the Netherlands and six other countries for failing to transpose 5AMLD into national laws and regulations by the deadline. More

Even as nations worked to implement 5AMLD, the European Union inched towards more substantial AML reform that would see the bloc scrap its system of directives in favor of direct regulations, and establish a new, EU-wide supervisor. The EU vowed in the same breath to strengthen its position within FATF. More, More and More

The proposal for a more uniform AML rulebook across the bloc drew support from Europe’s largest banking lobbyist, but EU nations want the proposed supervisory agency to first focus on supervising banks and other traditional financial institutions, as well as cryptocurrency firms, and operate under strict limitations that may preclude it from intervening when national oversight falls short. More and More

“The largest compliance challenge financial institutions have faced this year is a product of the EU’s outdated AML framework, which is characterized by regulatory fragmentation and a tick-the-box approach,” said Roger Kaiser, senior AML adviser at the European Banking Federation in Brussels. “The rules that govern banks’ obligations as gatekeepers are implemented and interpreted very differently from one member state to another.”

Baltic exposure

The fallout from the money laundering scandals of previous years in Latvia and Estonia continued to spread across Europe in 2020, leaving the spotlight on compliance lapses by Nordic lenders who moved into the Baltics more than 10 years ago.

“We’ve continued to see data leaks on so-called laundromats, and in several cases seen the nexus with the Baltic states reappear,” Tom van de Laar, global head of AML and sanctions at Rabobank in Utrecht, the Netherlands, said. “In many of those publications, the link is clearly made with correspondent relationships and trade finance.”

The leaks forced many banks to reconsider their relationships with certain clients, and sever ties with some of them, he said. “These [leaks] provide valuable insight into typologies and red flags, and regulators are increasingly interested in how banks follow them up in their own investigations.”

European banks, especially in Latvia, Switzerland, the Netherlands and Britain, also featured prominently in the FinCEN Files. More

Moneyval, FATF’s affiliate in Europe, recommended that nations allow their FIUs to begin restraining suspicious funds after the cache of SARs revealed trillions of dollars worth of possibly illegal transactions, including correspondent payments by European lenders. More

In March, Sweden’s financial regulator fined Swedbank a record €360 million for failing to address serious AML deficiencies and cooperate with domestic and Estonian regulators. More

Clifford Chance, the U.K. law firm that Swedbank hired in 2019 to investigate the extent of the lender’s exposure to illicit finance, found that staff at Swedbank’s nonresident branch in Estonia concealed beneficial ownership data from their AML compliance department for years as the lender completed tens of billions of euros worth of suspicious transactions. More

Clifford Chance also identified 586 transactions worth $4.8 million combined at Swedbank that may have violated U.S. sanctions. Nearly all of the payments involved a vessel owned by an individual based in Crimea who held accounts with the lender’s affiliate in the Baltics. More

In June, Sweden’s financial supervisor fined the country’s second-largest bank, Skandinaviska Enskilda Banken, or SEB, €95 million for handling large volumes of suspicious funds from Russia and other former Soviet states from 2015 to 2019. More

Philippe Vollot, chief compliance officer at Danske Bank, one of the first Nordic lenders engulfed by a major Baltic money-laundering scandal in 2018, told that his department has grown from 200 to more than 500 staff over the past two years.

“I truly believe we’ve managed to make financial crime well-understood across the bank – making fighting financial crime a topic for the entire workforce of the bank, not just the compliance function,” Vollott said. “The level of awareness across the group has matured, and we now have a good, frequent dialogue with the business function and staff functions.”

After a damning mutual evaluation in 2018, Latvia escaped the Financial Action Task Force’s gray list of jurisdictions with deficient controls against financial crime by completing AML upgrades, prioritizing sanctions implementation, asset freezes and money laundering investigations. More

Across the channel

Plans by lenders in the Netherlands to tackle complex international money-laundering schemes jointly won support from regulators after a seven-month inquiry to gauge the Dutch financial sector’s involvement in the scandal that engulfed Danske Bank Estonia. More

The head of the Dutch FIU told in April that institutions should vet payments associated with the procurement of medical products and government subsidies, and thoroughly screen large cash transactions to prevent criminals from exploiting the novel coronavirus pandemic for financial gain. More

In December, a Dutch court opened the door for former ING chief executive Ralph Hamers to stand trial for systemic AML violations that occurred during his tenure at the bank. More

European crime syndicates may have faced only limited delays in ferrying cash across borders or laundering funds through restaurants and other cash-intensive businesses during the pandemic. COVID-19 may have also created new opportunities for criminals to funnel funds through small and medium-sized firms starving for cash. More and More

“It became clear quite early on that criminals were adapting very quickly to exploit the situation,” Bert Langerak, head of criminal investigations at the Dutch Fiscal Intelligence and Investigation Service, or FIOD, said. “So [FIOD] decided to look less rigidly at our usual responsibilities … and work on investigations involving fraud with protective equipment, for example.”

The same challenges criminals have encountered in moving cash during lockdowns may also have given law enforcement agencies unprecedented opportunities for seizing it.

London’s Metropolitan Police seized 250 percent more cash during the lockdown after Dutch and French authorities managed to hack into Encrochat, an encrypted messaging platform used by thousands of U.K. criminals. More

Record seizures of drug cash in Eindhoven and Antwerp prompted speculation among Belgian authorities that the lockdown has forced traffickers to sit on their illicit banknotes and hunt for new avenues to launder them, including real estate. More

COVID-19’s impact was also felt by Europe’s largest economy. North Rhine-Westphalia, the most populous of Germany’s 16 states, suspended pandemic-related assistance after scammers cloned a government website to steal the private data of struggling entrepreneurs and use their identities to apply for financial aid. More

German authorities conducted an unprecedented raid of the FIU in July amid suspicions that staff at the agency withheld STRs filed on a suspected money-laundering scheme from investigators. More

Wirecard filed for insolvency in June in the wake of a €2 billion fraud. The accounting scandal exposed gaps in Germany’s supervision and prompted the country’s finance minister, Olaf Scholz, to give the FIU new authorities and broader access to confidential data to prevent a scandal of such magnitude from being repeated. More

In addition to paying tens of millions of dollars in penalties for its ties to Epstein and the Baltics, Deutsche Bank also incurred a $583,000 fine from OFAC for handling funds linked to a blacklisted Russian oligarch and failing to vet more than 60 wires to Krayinvestbank following that lender’s designation. More

Tracfin, France’s FIU, ordered real estate agents and notaries in May to conduct enhanced due diligence on all transactions, regardless of their respective levels of risk. More reported in June that Jyske Bank, Denmark’s third-largest lender, processed hundreds of transactions for Rifaat Assad, an uncle of Syrian President Bashar Assad, despite obvious signs of illicit finance. A court in Paris sentenced Assad to six years in prison for embezzling hundreds of millions of euros from Syria and laundering the funds into Europe. More

Gaps in French law and poor compliance and awareness by French firms may have kept financial crime in France’s real estate and art sectors unusually high in 2020, even as new threats emerged in the form of disruptive financial technology. More

“Money laundering networks that used to operate through the traditional banking system are now turning towards payment and electronic money service providers,” a Tracfin official said. “The supervision of PSPs may encounter difficulties, particularly when those firms operate under the freedom to provide services on French territory.

Like other nations, the COVID-19 pandemic and the worsening economic situation in France attracted fraudsters, the official said.

The pandemic may have also had an unintended but beneficial effect by prompting French authorities to communicate and coordinate their activities more impactfully.

“Two taskforces have been set up specifically to respond to the challenges posed by the pandemic,” Thomas de Ricolfis, director of France’s new Anti-Financial Crimes Sub-directorate, told “One is dedicated to major financial-crime cases … the other to smaller, everyday frauds.”

Topics : Anti-money laundering , Counterterrorist Financing , Know Your Customer , Sanctions , Info. Security/Cybercrime , Cryptocurrencies
Source: U.S.: Congress , U.S.: Department of Treasury , U.S.: FinCEN , U.S.: White House/U.S. President , European Union , United Kingdom , U.S.: OFAC , Canada , Canada: FINTRAC , Latvia , Estonia , Netherlands , Sweden , Germany , France
Document Date: December 31, 2020