Connect ► twitter| youtube|  Log In ► Members Only  |  Corporate One Safekeeping  |  Search

BSA/AML/OFAC hot topics: Paris attacks bring new AML/OFAC scrutiny

By Jennifer Morrison,VP, Senior Risk Manager

January 21, 2016 -- As we welcome the holiday season, it is appropriate for all of us to remember those who lost their lives senselessly in the Paris attacks of November 13, 2015, and in San Bernardino within so few weeks. The Paris attacks were allegedly perpetrated by members of the Islamic State while the California attacks appear, at least in part, to be inspired by the group’s ideology.

Unfortunately, the attacks highlight for compliance professionals around the world the inability of existing systems, in many cases, to identify financial flows supporting such attacks in advance. In an article on ACAMS’ (Association of Certified Anti-Money Laundering Specialists), compliance officers at American financial institutions have since Paris reportedly notified federal investigators of their intent to file suspicious activity reports (SARs) on accounts tied to the alleged attackers, according to Jerry Roberts, section chief of the FBI’s counterterrorism division.1

Similarly, following the January Charlie Hedbo attacks, financial institutions provided significant leads to investigators (albeit the leads were after the fact).

BSA/AML professionals watching the investigation following San Bernardino will know that the money trail includes at least one currency transaction report and a loan from the peer-to-peer lender Prosper. Yet, the time lapse between the Prosper loan and the attacks fell within the 30-day SAR reporting window. Even if one or more financial institutions suspected something, the SAR filing deadline was still days from the initial deposit of the loan proceeds on November 18.

While these reports are largely retrospective, there is good news. Recent transactional information can be used to immediately obtain subpoenas and can support the identification of close associates, which can help prevent future terrorist activities.

According to FinCEN Director Jennifer Shasky Calvery in a meeting with reporters at the ABA/ABA (American Bankers Association and American Bar Association) Money Laundering Enforcement Conference, financial institutions have been filing approximately 1,000 SARs per month on transactional activity possibly linked to Islamic State. The tips have proved “useful” to American and foreign officials in understanding the financial workings of the militant group and other terrorists. And, understanding the financial support of terrorist organizations can prove useful in stemming the flow of funds and might predict and/or prevent future terrorist attacks.

Important things your credit union should be doing

As perpetrator names are released following such events, it is appropriate to review your membership and transactional data for possible matches. Names will also be communicated to financial institutions through 314(a) search requests, including special requests.

In addition, look for updates to OFAC’s list of Specially Designated Nationals (SDN) and Blocked Persons. If you haven’t already, sign up to receive U.S. Department of the Treasury e-mails for notice of OFAC changes.

You should be testing your OFAC vendor to ensure timely SDN and Blocked Persons list updates. Upon receipt of the aforementioned e-mail notification, select from the additions to the list, key-enter a random SDN name in a new account opening and payment system, and see if you get a “hit.” If you do not, make sure to work with your vendor to ensure compliance; the penalties for OFAC failures can be extremely serious and expensive.

And remember, changes to the SDN and Blocked Persons list can occur multiple times in a given day. Changes can be tracked from 1/1/15 to current at the following link: Additions related to Syria sanctions were made on 11/25/15, and these additions could be related to the Paris attacks.

SAR Stats reviews aggregated filing activity

FinCEN just released the second edition of SAR Stats, FinCEN’s annual review of aggregated SAR filing activity. SAR Stats has replaced the SAR Activity Review and continues to provide critical trends, tips and guidance for BSA/AML officers.

In the October 2015 issue, SAR Stats shared SAR filings March 1, 2012, through December 31, 2014. While terrorist, financing-related SARs are a small percentage of total SAR filings, recent disclosure of U.S. account activity potentially linked to the attack coincided with recent testimony before the U.S. House Committee on Foreign Affairs on the primary funding mechanisms relied upon by Islamic State. These include an increased reliance on private donations, stolen artifacts, and kidnapping ransoms to fund operations. Financiers are increasingly moving items through Lebanon, Greece, Cyprus, and Bulgaria and then into the European Union’s passport-free Schengen Area.

Crowdfunding as a possible source of illegal financial activity

In this SAR Stats issue, FinCEN also (ironically) identified crowdfunding as a possible source of illegal financial activity. Rewards-based crowdfunding has seen a 171% increase in SARs filed through May 2015 over total SARs filed through 2013. Rewards-based crowdfunding is a funds-pooling method that relies heavily on internet campaigns to solicit contributions or “donations” from a large number of individuals, most of whom are previously unknown to the campaign creator, to raise money for a specific business venture, personal cause or project. Kickstarter, typically viewed as the leading rewards-based crowdfunding platform, funded 22,252 projects in 2014 with more than $500 million raised from 3.3 million backers.

Some crowdfunding sites restrict donations to business or entrepreneurial pursuits while others allow donations for virtually any reason. Some sites provide a utility for the campaign creator(s) that offers some kind of reward to anyone making contributions while others simply provide a method of pooling funds with no additional benefits to backers.

Crowdfunding-related SARs included incidents of account takeovers, including stolen credit card information, fraud, “copycat” crowdfunding sites made to look like legitimate campaigns, and money laundering. While the links to terrorist financing in crowdfunding SARs is limited to date, foreign funds flows have been reported. San Bernardino attackers may have used Prosper, a peer-to-peer lender, to purchase the weapons used in their attack.

Monitor account activity for crowdfunding transactions, typically via debit and credit cards. Keep abreast of crowdfunding sites by periodically using internet searches to obtain names of such entities. Donations are generally one time, so repetitive transactions to the same campaign should be viewed with suspicion.

Learning from San Bernardino

Investigations of the money trail leading up to the San Bernardino attacks highlight a couple of key signals. First, a government source reported to Reuters that the couple followed a pattern set by other militants: they drained their bank accounts and exhausted their credit lines before embarking on what they believed would be a suicide mission.

It also appears that the male suspect transferred funds to his mother’s account through a series of three $5,000 transfers in the days prior to the attack. The size of each transaction appears to be designed to not raise suspicion. Do you routinely consider transfers between family members to be above suspicion?

Finally, some of the loan proceeds were withdrawn in an amount of cash that appears to have triggered a Currency Transaction Report (CTR), apparently filed by the bank in question (due to the shorter deadline than that of a SAR).

Knowing what we know now, the series of transactions looks to be suspicious. But would you have identified the money trail, and would you have been prepared to file a SAR?

Bitcoins: another possible funding source

Bitcoins were prominently mentioned in the press as a possible funding source for the Paris terrorists, though no proof has been provided. By definition, bitcoins are anonymous (really pseudonymous). Its public ledger, known as the blockchain, provides a trail of transactions that can be analyzed to find the bad actors. It is also possible to connect a bitcoin address (an alphanumeric string) to a person or entity through network analysis, surveillance, or by simply conducting an internet search on the address.

The issue is that bitcoin enthusiasts see the freedom of financial transactions as inextricably linked to freedom of speech. Bitcoin enthusiasts specifically seek wallets that provide as much privacy as possible while acknowledging that the bitcoin ledger is a public record.

Financial institutions like Barclays and Silicon Valley Bank are looking at serving bitcoin exchanges and wallet providers.

The Bank for International Settlements (BIS) in a recent paper argued that AML compliance will be key in keeping criminal behavior at bay. To meet KYC/AML requirements, financial institutions serving bitcoin-related businesses will need to look at the source and destination of funds and determine if these are parties the financial institution wants to do business with. The metrics will need to be very high-level in order to understand what the person or entity is up to.

But in driving high-risk activities like bitcoin further underground, does it become increasingly untracked? This is akin to the repeated argument against de-risking generally. Some financial institutions will need to serve high-risk businesses such as MSBs, marijuana-related businesses, and now bitcoin exchanges, or the financial system loses the monitoring of their activities entirely.

The Paris attacks followed steps taken by France in September 2015 to impose new terrorism-related reporting duties on its financial institutions. France has also called upon EU nations to toughen laws and better fund initiatives related at combatting terrorist financing. The new duties include limits on cash purchases by French nationals and monthly reporting of larger cash withdrawals.

New Year’s resolutions for BSA/AML/OFAC

Corporate One continues to include among our strategic initiatives efforts to help our members remain compliant with the BSA/AML/OFAC Examination Guidelines for frontline training as articulated by FFIEC. With the close of 2015, we will cease offering our BSA/AML webinar “on demand” training; however, keep watching our website under Events Calendar for our 2016 webinar schedule, as well as additional training opportunities across our products and services. 

Happy New Year. May 2016 bring health, happiness, and prosperity.; Roberts spoke at the ABA/ABA Money Laundering Enforcement Conference in Washington, D.C. 11/17/15.
2Note the updating protocol used by your OFAC vendor (after the close of a business day versus real-time) and test appropriately.