DOJ Brings Civil Enforcement Action to Compel Steve Wynn to Register under FARA
On May 17, 2022, the United States Department of Justice filed a civil enforcement action in the U.S. District Court for the District of Columbia, in order to force Stephen A. Wynn, the former CEO of Wynn Resorts, to register under the Foreign Agents Registration Act (FARA) as agent of the People’s Republic of China (PRC) and a senior official of the PRC’s Ministry of Public Security (MPS). The DOJ allegedly advised Wynn on three occasions to register as an agent, but he declined to do so.
The DOJ has said the complaint is the first affirmative civil lawsuit under FARA in more than 30 years, a signed of increased enforcement efforts under FARA.
The Complaint’s Allegations
The complaint alleges that, from at least June 2017 through at least August 2017, Wynn communicated with the then-President Donald Trump and members of his administration to transmit the PRC’s request to cancel the visa or otherwise remove from the U.S. a Chinese businessperson who left in China, was later charged with corruption by the PRC, and applied for political asylum in the U.S. Allegedly at the request of Sun Lijun, then-Vice Minister of the MPS, Wynn communicated the request directly to President Trump over dinner and telephonically. He also had multiple discussions with President Trump and senior officials at the White House and National Security Council about organizing a meeting with Sun and other PRC government officials.
During the time in which Wynn allegedly engaged in this conduct, his company owned and operated casinos in Macau, a special administrative region in the PS. According to the DOJ, Wynn acted at the request of the PRC in order to protect his business interests in Macau.[1] In 2016, shortly before engaging in the alleged lobbying, the Macau government restricted the number of gaming tables and machines that the Defendant’s casino could operate. Public reporting showed that Wynn was scheduled to renegotiate his licenses to operate casinos in Macau in 2019.[2]
The DOJ alleges it notified Wynn of the obligation to register under FARA in letters dated May 16, 2018, October 27, 2021, and April 13, 2022. However, Wynn refused to register.[3]
According to the complaint, “(i)n approximately May 2017, during a meeting coordinated by foreign national Low Taek Jho, Sun asked businessperson and former finance chair of the Republican National Committee (“RNC”) Elliot Broidy, hip-hop artist Prakazrel Michel, and businessperson Nickie Lum Davis to lobby then-President Trump and the Trump Administration to convey the PRC’s request to cancel the visa of or otherwise remove from the United States a PRC businessperson…”[4]
In approximately June 2017, Broidy, on behalf of Sun, solicited Wynn’s assistance in the lobbying effort. Wynn served as the RNC finance chair from January 2017 through January 2018 and met Broidy through that work. Broidy believed that Wynn’s RNC experience and his business dealings in the PRC and friendship with then-President Trump, would be useful in obtaining access to Trump Administration officials.[5]
Analysis
On October 20, 2020, Broidy pleaded guilty of violating FARA. One of the charges concerned the same case as the Complaint charges Wynn with lobbying.[6]
The Complaint illustrates the fact that the DOJ has strengthened its efforts to enforce FARA. Most likely, the DOJ will use the investigative evidence collected against Broidy and endeavor to obtain his cooperation in the Complaint against Wynn.
The Complaint and the guilty plea of Broidy also illustrate the terrible state of enforcement cooperation between the U.S. and the PRC, since the PRC is employing lobbyists to communicate with the DOJ concerning enforcement cases. Normally, the counterparts of the DOJ do this directly with the DOJ on a regular basis.
[1] Complaint, paragr. 18
[2] Id., paragr. 29.
[3] Id. paragr. 4.
[4] Id., paragr. 16.
[5] Id., paragr. 17.
[6] DOJ, Elliott Broidy Pleads Guilty for Back-Channel Lobbying Campaign to Drop 1MDB Investigation and Remove a Chinese Foreign National, Oct. 20, 2020.
U.S. Justice Department Starts Task Force to Enforce Russian Sanctions against Russian Oligarchs
On March 2, 2022, U.S. Attorney General Merrick B. Garland announced the start of Task Force KleptoCapture to enforce sanctions, export restrictions, and economic countermeausres the U.S. has issued, in coordination with U.S. allies, in response to Russia’s military invasion of Ukraine. Task Force KleptoCapture will aim to enforce these actions that are designed to isolate Russia from global markets. In particular, the U.S. restrictions target the crimes of Russian officials, government-aligned elites, and persons who help or conceal their unlawful conduct.
Andrew C. Adams, co-chief of the Money Laundering and Transnational Criminal Enterprise Unit in the Office of the U.S. Attorney for the Central District of New York, will manage the Task Force.[1] The Task force leadership will include Deputy Directors from both the National Security and Criminal Divisions, and more than a dozen attorneys from these divisions, as well as the Tax Division, Civil Division, and U.S. Attorneys’ Offices across the country. It will be staffed with prosecutors, agents, analysts, and professional staff across the Department of Justice who are experts in sanctions and export control enforcement, anti-corruption, asset forfeiture, anti-money laundering, tax enforcement, national security investigations, and foreign evidence collection. The Task force will strengthen DOJ’s abilities and authorities against efforts to evade or undermine the restrictions the U.S. government has imposed in response to Russian military aggression.[2]
The Task Force’s mission will include the following: investigating and prosecuting violations of new and future sanctions imposed in response to the Ukraine invasion, and sanctions imposed for prior instances of Russian aggression and corruption; combating unlawful efforts to subvert restrictions imposed on Russian financial institutions, including the prosecution of persons who attempt to evade know-your-customer and anti-money laundering measures; targeting efforts to use cryptocurrency to evade U.S. sanctions, launder proceeds of foreign corruption, or evade U.S. response to Russian military aggression; and using civil and criminal asset forfeiture authorities to seize assets belonging to sanctioned individuals or assets identified as the proceeds of unlawful conduct.[3]
The Task Force will be able to use the most cutting-edge investigative techniques, including data analytics, cryptocurrency tracing, foreign intelligence sources, and information from financial regulators and private sector partners, to identify sanctions evasion and related criminal misconduct.[4]
In addition to arrests and prosecution, the Task Force will employ asset seizures and civil forfeitures of unlawful proceeds, including personal real estate, financial, and commercial assets to deny resources that enable Russian aggression. When appropriate, the Task Force will share information obtained in its investigations with interagency and foreign partners to help the identification of assets that are covered by the sanctions and new economic countermeasures.
The Task Force KleptoCapture will complement the work of the transatlantic task force under President Biden and leaders of the European Commission, France, Germany, Italy, the United Kingdom, and Canada on February 26. The transatlantic task force has a mission to identify and seize the assets of sanctioned individuals and companies around the world.[5]
The Task Force will involve agents and analysts from various law enforcement agencies, including the FBI; U.S. Marshal Service; U.S. Secret Service; Department of Homeland Security; IRS-Criminal Investigation; and the U.S. Postal Inspection Service.
Meanwhile, on March 2 the Independent Commission for the Reform of International Corporate Taxation (ICRICT) issued a statement in support of the call by Italian Prime Minister Mario Draghi’s for an international public register of wealth for Russian oligarchs with more than €10 million in assets.
Analysis
If the US Task Force and the law enforcement authorities of its allies cooperate in terms of intelligence, evidence gathering, and extradition, they will exert pressure on the oligarchs. President Biden announced the creation of the Task Force in his state of the union speech on March 1. The initial one-third of the address dealt with the response by the U.S. and its allies to the Russian invasion. President Biden said:
“Tonight, I say to the Russian oligarchs and the corrupt leaders who’ve bilked billions of dollars off this violent regime: No more.
The United States — I mean it. The United States Department of Justice is assembling a dedicated task force to go after the crimes of the Russian oligarchs.
We’re joining with European Allies to find and seize their yachts, their luxury apartments, their private jets. We’re coming for your ill-begotten gains.”
To some extent the Biden speech and the Garland announcement mix persons who violate past, current and future sanctions against Russia with persons who have or are laundering proceeds of foreign corruption or U.S. responses to Russian military moves, such as export control and other restrictions. In particular, the announcement of the Task Force mentions false statements to a financial institution, bank fraud, tax offenses, and money laundering. In addition, as demonstrated by the non-compliant assessment in FATF’s 2006 and 2016 evaluation of the U.S. and the recent comments to the proposed CTA regulations, U.S. gatekeepers do not meet international standards and remain opposed to complying with the new regulations. As a result, notwithstanding the Task Force KleptoCapture, U.S. law and culture prevent proactive law enforcement cooperation.
Whether the Russian oligarchs will have any influence on Vladimir Putin remains to be seen. However, the sanctions and the emphasis on enforcement follow a recent trend of the U.S. since the Obama Administration: the emphasis on criminal and quasi-criminal enforcement of U.S. sanctions. The rest of world is following this trend. Actual close collaboration among law enforcement authorities and international organizations, informal groups (i.e., G7), and non-governmental organizations will help make sanctions enforcement more effective.
On March 1, Putin signed a decree that prohibits taking more than $10,000 worth of foreign currency in cash and “monetary instruments” out of Russia. The move responds to the sanctions imposed on Russia over its invasion of Ukraine.
As the U.S. is trying to adopt regulations to make its Corporate Transparency Act operational, increasingly the European legislative and executive branches are debating making their corporate and trust registries more publicly accessible without cost and broadening the registries to include not only beneficial ownership of companies and trusts, but diverse assets, such as art, real property, crypto assets, and linking the registries, so that regulators and law enforcement have easy access. One gap is that, since the U.S. has not yet implemented the Corporate Transparency Act, does not fully reciprocate on information exchange pursuant to FATCA Intergovernmental Agreements and does not participate in the Common Reporting Standard, wealth structures have moved to the U.S. both for anonymity and to take advantage of the lucrative U.S. economic market.
[1] Katie Banner, Justice Department Announces Task Force to Go After Russian Oligarchs, N.Y. Times, Mar. 3, 2022.
[2] DOJ, Attorney General Merrick B. Garland Announces Launch of Task Force KleptoCapture, Press Rel. 22-179, Mar. 2, 2022.
[3] Id.
[4] Id.
[5] Id.
France’s Conseil d’Etat Upholds €100 Million Fine Against Google for Advertising Cookie-Related Data Protection Violations
By Jonathan J. Rusch[1]
It should be no surprise to any company doing business in the European Union that if it wants to use “cookies” – small text files stored in an Internet user’s computer to identify that user — for advertising purposes, it must abide by the provisions of EU law pertaining to data privacy. Recitals 26 and 28 of the General Data Protection Regulation (GDPR) make clear that any data that can be used to identify an individual either directly or indirectly is considered personal data. Moreover, for more than a decade the EU E-privacy Directive has recognized that users have a right to refuse cookies when an entity’s website seeks to place cookies on the users’ computers.
Even so, in 2020 the French Data Protection Authority (CNIL) imposed a total of €100 million on fines on a world-leading technology company, Google, for failure to comply with the obligation to obtain users’ consent before it installed advertising cookies or other tracking devices. The CNIL did so pursuant to Article 82 of the French Data Protection Act, which transposes the E-privacy Directive. Google then appealed to the French Conseil d’État, the highest French court for cases involving public administration, in an effort to annul the fines.
On February 1, the Conseil d’État rejected Google’s position and affirmed the CNIL fines. In its decision, the Conseil d’Etat confirmed that the CNIL had the power to intervene as it did. It also found that Google had failed to provide users with clear and complete information or to obtain their prior consent to cookie placement, and had a defective cookie refusal procedure. The Conseil took note of the fact that an audit that the CNIL conducted in March 2020 disclosed “that seven cookies were automatically installed on users’ computers as soon as they visited the site, four of which were only used for advertising purposes.” During that audit procedure, Google “modified its practices in August 2020, but continued not to inform the user directly and explicitly about the purposes of its cookies and the means of objecting to them.”
The Conseil further noted that the amount of the fines that the CNIL imposed did not exceed the limit set by the French Data Protection Act, and that the fines were not disproportionate in view of the significant profits generated by the data collected through advertising cookies, and of Google’s dominant market share in France (more than 90 percent, which equates to approximately 47 million users).
Google reportedly is already looking ahead to replacing its advertising cookies with “a new system called Topics, in which advertisers will place ads via a limited number of topics determined by users’ browser activity.” At other firms doing business in the EU, however, Chief Privacy Officers and Chief Compliance Officers should take note of the Conseil d’État decision and compare the Conseil’s findings against their own cookie policies and practices. Although certain aspects of data-protection law can be exceptionally complex, providing clear guidance to internet users about prior consent to or refusal of cookies should not be.
[1] Jonathan J. Rusch is Adjunct Professor and Co-Director of the U.S. and International Anti-Corruption Law Program at American University Washington College of Law and Adjunct Professor at Georgetown University Law Center.
Treasury Initiative Targets Anonymous Real Estate Purchases and Proceeds of Corruption
On December 7, 2021, the Financial Crimes Enforcement Network (FinCEN) issued an Advance Notice of Proposed Rulemaking (ANPRM) with respect to soliciting public comments on potential requirements under the Bank Secrecy Act (BSA) for certain persons involved in real estate transactions to collect, report, and retain information.
FinCEN’s ANPRM expressed concern about the systemic money laundering vulnerabilities in the U.S. real estate sector. It observed that the ability of illicit actors to launder criminal proceeds through the purchase of real estate threatens U.S. national security and the integrity of the U.S. financial system. As a result, FinCEN will start the rulemaking process to address such vulnerabilities. As the initial step in this rulemaking process, FinCEN is issuing the ANPRM to seek initial public comment on questions that will assist FinCEN in the consideration and preparation of a proposed rule.
FinCEN is considering how best to focus its regulatory attention on residential and commercial real estate transactions. FinCEN observes that money laundering risks arise from transactions in both the commercial and residential real estate sectors. Hence, both merit appropriate regulatory treatment. Simultaneously, FinCEN recognizes that a repetitious approach may be required due to the complexities and differences between different market sectors and the potential burdens that new reporting and recordkeeping requirements may have for businesses.
FinCEN is considering to initially focus on residential real estate, followed by later issuing regulations covering the commercial real estate sector, as well as any other regulatory gaps that may exist with money laundering vulnerabilities concerning real estate.
Areas for Which Comments Are Requested
FinCEN seeks comment to help it in preparing a potential proposed rule that would seek to impose nationwide recordkeeping and reporting requirements on certain persons participating in transactions involving non-financed purchases of real estate. Until now, FinCEN has not imposed the BSA’s general recordkeeping and reporting requirements on businesses involved in non-financed real estate transactions. However, FinCEN has imposed more specific transaction reporting requirements on title insurance companies in the form of time-limited Geographic Targeting Orders under 31 U.S.C. 5326(a). The ANPRM requests public comment on whether FinCEN should impose a similar, ongoing, and expanded reporting requirement through regulations, specifically under 31 U.S.C. § 5318(g)(1) and related program requirements under 31 CFR 5318(h) .
In particular, FinCEN requests comment on the potential scope of any such regulations, including, among other things, (1) the persons who should be subject to the requirements; (2) which types of real estate purchases should be covered; (3) what information should be reported and retained; (4) the geographic scope of such a requirement; and (5) the appropriate reporting dollar-value threshold.
Analysis
The ANPRM coincides with the organizing and hosting of President Biden’s Summit for Democracy on December 9, in which representatives of more than 100 countries will gather virtually. Combating corruption abroad starts with combating at home. Hence, the ANPRM aims to expose the owners of shell companies and other illicit funds. The initiative complements the Corporate Transparency Act, enacted as part of the Anti Money Laundering Act of 2020.
The current issue of the IELR will have a more comprehensive discussion of the implications of the ANPRM.
EU Commission Proposes Major Revisions for Countering Money Laundering and Terrorism Financing
On July 20, 2021, the European Commission presented a significant set of legislative proposals to strengthen the EU’s anti-money laundering and countering terrorism financing (AML/CFT) rules. The proposal will establish a new EU authority to combat money laundering. The proposals aim to improve the detection of suspicious transactions and activities, and to shut the loopholes used by criminals to launder illicit proceeds or finance terrorist activities through the financial system.
The proposals improve the existing EU framework by responding to emerging challenges linked to technological innovation. They take into account virtual currencies, more integrated financial flows in the Single Market and the global nature of terrorist organizations. The proposals bring convergence in the AML/CFT rules and establish a more consistent framework to ease compliance for operators subject to AML/CFT rules, especially for those active in cross-border transactions.
The Four Legislative Proposals
The initiatives consist of four legislative proposals:
- A Regulation establishing a new EU AML/CFT Authority;
- A Regulation on AML/CFT, containing directly-applicable rules, including in the areas of Customer Due Diligence and Beneficial Ownership;
- A sixth Directive on AML/CFT (“AMLD6”), replacing the existing Directive 2015/849/EU (the fourth AML directive as amended by the fifth AML directive), containing provisions that will be transposed into national law, such as rules on national supervisors and Financial Intelligence Units in Member States;
- A revision of the 2015 Regulation on Transfers of Funds to trace transfers of crypto-assets (Regulation 2015/847/EU).
New EU AML Authority (AMLA) Proposed
The initiatives will establish a new EU Authority (AMLA) to transform AML/CFT supervision in the EU and improve cooperation among Financial Intelligence Units (FIUs). The AMLA will serve as the central authority coordinating national authorities to ensure the private sector correctly and consistently applies EU rules. AMLA will also furnish support to FIUs to improve their analytical capacity around illicit flows and make financial intelligence a key source for law enforcement agencies.
The AMLA will:
- create a single integrated system of AML/CFT supervision throughout the EU, based on common supervisory methods and convergence of high supervisory standards;
- directly supervise some of the riskiest financial institutions that operate in a large number of EU Members or require immediate action to respond to imminent risks;
- monitor and coordinate national supervisors responsible for other financial entities, as well as coordinate supervisors of non-financial entities;
- support cooperation among national FIUs and facilitate coordination and joint analyses between them, to better detect illicit financial flows of a cross-border nature.
One EU Rulebook for AML/CFT
The Single EU Rulebook for AML/CFT will harmonize AML/CFT rules across the EU, including, for instance, more detailed rules on Customer Due Diligence, Beneficial Ownership and the authorities and task of supervisors and FIUs. The initiatives will connect existing national registers of bank accounts, furnishing faster access for FIUs to information on bank accounts and safe deposit boxes. The Commission will also supply law enforcement authorities with access to this system, accelerating financial investigations and the recovery of criminal assets in cross-border cases. Access to financial information will be subject to strong safeguards in Directive (EU) 2019/1153 on exchange of information.
Extending AML/CFT Rules to the Crypto Sector
Currently EU AML/CFT rules apply to only certain types of crypto-asset service providers. The proposed initiatives will extend these rules to the entire crypto sector, obliging all service providers to conduct due diligence on their customers. The proposals will ensure full traceability of crypto-asset transfers, such as Bitcoin, and will permit prevention and detection of their possible use for money laundering or terrorism financing. Additionally, the proposals will fully apply EU AML/CFT rules to the crypto sector and prohibit anonymous crypto asset wallets.
Limit Cash Payments to € 10,000
The Commission has proposed an EU-wide limit of €0,000 on large cash payments. The limit is high enough not to question the euro as legal tender and recognizes the important role of cash. In about two-thirds of EU Members limits already exist, but the amounts vary. National limits under € 10,000 can remain in place. Limiting large cash payments makes it more difficult for criminals to launder money. Additionally, the proposes forbid anonymous crypto-asset wallets, similar to the prohibition of anonymous bank accounts.
“Black-Lists” and “Grey-lists” for Third Countries
The EU will continue to use a “black-list” and a “grey-list.” In addition to using the FATF list for its own listing, the EU will have its own list based on an autonomous assessment.
Future
The Commission proposals are in the hands of the European Parliament and Council. The future AML Authority should be operational in 2024 and will start its work of direct supervision slightly later, once the Directive has been transposed and the new regulatory framework starts to apply.
Analysis
The AMLA with direct authority over institutions with cross-border activities or institutions with problems will contribute significantly to stronger compliance. The AMLA will help establish a single integrated system of AML/CFT through common supervisory methods and convergence of high supervisory standards. It will also facilitate cooperation among FIUs and more convergence with respect to their operation.
The extension of AML/CFT rules to crypto-asset service providers and prohibition of anonymous crypto asset wallets will plug a gap in the use of virtual currency to circumvent AML/CFT regulation.
The connecting of existing national registers of bank accounts along with the national beneficial ownership registers for companies and trusts will facilitate financial investigations and asset recovery.
Unfortunately, the use of its own grey and black lists will contribute to the proliferation of such lists internationally, causing more limits and closures of correspondent bank accounts and financial exclusion for persons in small jurisdictions.
For additional information see Questions and Answers: AntiMoney Laundering and Countering Financing of Terrorism (AML/CFT) and Factsheet: Stronger EU rules to fight financial crime, Anti-money laundering and countering the financing of terrorism legislative package, and Proposal on centralised bank account registeries.
The next issue (August) of the IELR will have a more comprehensive discussion of the EU Commission’s AML/CFT initiatives.
U.S. and EU Progress on Several International Enforcement issues at Justice & Home Affairs Ministerial Meeting in Lisbon
On June 22, 2021, the Portuguese Presidency of the Council of the European Union hosted the EU-U.S. Ministerial Meeting on Justice and Home Affairs in Lisbon and made progress on count-terrorism, violent extremism, Passenger Name Record (PNR) data exchange. They also discussed developing bilateral and multilateral instruments to combat cybercrime, using artificial intelligence, and developing well-managed and humane migration policies.
Overview
They underscored the need to cooperate against terrorism, including prevention, permanent vigilance, adaptation, and resilience from all relevant actors.
The U.S. and EU underscored their strong concern with the rise of violent extremism. They cited crimes inspired by hate speech, racism and xenophobia both in Europe and the U.S. Violent extremism constitutes a direct threat to democratic societies. It requires renewed attention by law enforcement, judicial authorities, the private sector and civil society. The U.S. and EU pledged to expand their information exchanges on violent extremist groups, especially those with transnational linkages.
The U.S. and EU underscored the importance of the Passenger Name Record (PNR) data exchange to prevent, detect, investigate and prosecute terrorism, combat serious crime, including child exploitation, and protect the safety of citizens.
Digital Aspects and Cybercrimes
The U.S. and EU discussed the need to cooperate to shape a digital future based on their shared democratic values. They acknowledged the potential benefits and risks of suing Artificial Intelligence technologies for law enforcement and the judiciary. They discussed the need to develop and use such technologies in a trustworthy way in conformity with human rights obligations.
They discussed current and upcoming EU efforts on combating illegal content online, including the need to improve the cooperation between the authorities and online platforms to detect ongoing criminal activity. The U.S. and EU pledged to continue cooperating to most effectively exercise their lawful authorities to combat serious crime both online and offline.
The two sides will focus on combating ransomware, including through law enforcement action, raising public awareness on how to protect networks, the risks of paying criminals responsible, and encouraging those states that have not cooperated to arrest and extradite or effectively prosecute criminals on their territory.
Concerning bilateral and multilateral instruments to combat cybercrime, the U.S. and EU reinforced their commitment to negotiate as soon as possible an Eu-U.S. agreement facilitating access to e-evidence to cooperate in criminal matters. They welcomed the recent approval by the Committee of State Parties to the Budapest Convention of the draft text of the Second Additional Protocol of the Budapest Convention, which is the main instrument for international cooperation on cybercrime. They observed the framework of negotiations on a possible future United Nations international legal instrument on cybercrime and committed to continue to closely coordinate their respective positions.
Migration and Travel
The two sides underscored the importance of well-managed and humane migration and discussed their respective efforts to develop comprehensive and enduring migration and asylum policies. Humanitarian protection should be available to qualifying persons. Unmeritorious claims must be detected quickly, including through information sharing and modern identity management techniques. Unmeritorious claims must be prevented from overwhelming migration systems or public confidence in them.
The agenda requires cooperation with third countries of origin, transit and destination. These jurisdiction also have a responsibility to discourage people from enlisting smugglers and traffickers and endangering the lives of migrants who take dangerous, irregular journeys. Both sides reaffirmed their interest in expanding the transatlantic dialogue on migration and mobility, focusing on sharing lessons learned, exploring complementary pathways to migration, addressing the root causes of migration, improving the return and readmission of irregular migrants and enhancing cooperation in and combatting migrant smuggling.
The U.S. and EU continued to endorse safe and secure mobility and the exchange of information on their respective measures towards the gradual resumption of non-essential international travel. Both sides pledged to restart secure travel between the U.S. and EU as soon as possible, based on the principles of mutual cooperation, efficient operation of the international travel system and scientific evidence.
Analysis
The initial meeting of the Justice and Home Affairs Ministers of the two sides during the Biden Administration went quite well. Clearly, the priority of the Biden Administration for bilateral and multilateral cooperation contrasted with the America 1st unilateral approach of the Trump Administration. The visit of President to the NATO meeting and the EU itself as well as his removal of tariffs and support for the minimum global taxation and other initiatives of the OECD and EU were well received.
The threats of terrorism, organized crime, extremist and hate groups, cybercrime, and illegal migration are common to both sides.
The current issue of the IELR will have a more in depth discussion of the implications of the meeting.
Cryptocurrency Creates Potential Opportunity for both Ransomware Attacks and Agency Seizures
By Austin Max Scherer[1]
On June 7, the Justice Department seized much of the ransom that a major U.S. pipeline operator had paid last month to a Russian hacking collective.[2] This resulted from investigators tracing more than 75 Bitcoins worth as the money moved through a “maze” of at least 23 different electronic accounts belonging to DarkSide, the hacking group.[3] DarkSide operated by providing ransomware to affiliates. Iin exchange, DarkSide reaped a cut of the affiliates’ profits.[4] DarkSide began as an affiliate for another Russian hacking group called REvil, the group that recently used ransomware to try to extort money from JBS, one of the world’s largest meat processors.[5] Law enforcers viewed this seizure as a warning to cybercriminals that the United States would go after the hackers’ profits, which typically derive from cryptocurrencies.[6] In addition, law enforcement now hope this recent action will encourage victims of ransomware attacks to notify the authorities to help recover ransoms.[7] The Federal Bureau of Investigation (FBI) actively discourages ransom payments; however, ransom payments are still legal and they are even tax deductible![8]
Seizure of Ransom Payments
Law enforcement has found a breakthrough due to the fact that, “bitcoin transactions are available on a publicly distributed ledger, in many cases law enforcement can trace bitcoin payments and track stolen funds.”[9] Furthermore, the FBI was able to obtain the private key for the hackers’ accounts, the key essentially serves as a password which enabled the FBI to move bitcoin out of the wallet.[10] The seizure itself yielded $2.3 million worth of bitcoin.[11] The Special Prosecutions Section and Asset Forfeiture Unit of the U.S. Attorney’s Office for the Northern District of California is handling the seizure, with significant assistance from the Department of Justice Criminal Division’s Money Laundering and Asset Recovery Section and Computer Crime and Intellectual Property Section.[12] The task force stated they would prioritize the disruption, investigation, and prosecution of ransomware and digital extortion.[13] Conversely, the ransomware attacks are generally unsophisticated.[14] “Hackers often use phishing and send employees emails containing suspicious links or attachments.”[15]
This coincided with President Biden’s first foreign trip, as he is expected to discuss the issue with Russian President Vladimir Putin.[16] Senior Biden administration officials deemed ransomware, as a national threat. Secretary of State, Antony Blinken stated the following, “states cannot be in the business of harboring those who are engaged in these kinds of attacks.”[17] FBI Director Christopher Wray further emphasized this complaint by stating, “if the Russian government wants to show that it’s serious about the issue, there’s a lot of room for them to demonstrate some real progress that we’re not seeing.”[18] Antony Blinken and Christopher Wray’s concerns are supported by the fact that, according to Chainalysis, a firm that tracks cryptocurrency payments, victims paid at least $412 million in cyber ransom attacks last year.[19]
Biden Administration Responses
In response to the series of ransomware incidents, the Biden administration, “announced that it would require pipeline companies to report significant cyberattacks that the government would create 24 hour emergency centers to handle serious hackings.”[20] However, even these efforts may not be enough as the FBI emphasized that all government agencies, private sectors, and, “even the average American.”[21] It would be quite the optimistic approach for the government to believe that all players in the cryptocurrency world will partake in dismantling these ransomware attacks, so a wait and see approach is best suited for now.
Several government officials have called for action against the ransomware attackers and the foreign states that harbor these attackers. Senator Mark Warner stated the following, “We must make clear to Russia-and any other adversaries-that they will face consequences for this and any other malicious cyberactivity.”[22] In addition, Microsoft reported, “the goal of the hackers was not to go after the aid agency itself, instead, its motivation appeared to be to use emails purporting to be from the U.S. government to get inside groups that have revealed Russian disinformation campaigns, anti-corruption groups and those who have protested the poisoning, conviction and jailing of Russia’s best-known opposition leader, Alexie A. Navalny.”[23] Furthermore, government officials have taken the position that the U.S. response to SolarWinds, a software supply, should have been harsher. The question then becomes, how does the U.S. implement a harsher response, and with sanctions applied to Russia already substantial, how much of a role can sanction play? One answer is that to be effective, sanctions must be multilateral and well-coordinated. The last four years the U.S. has not coordinated its sanctions. President Biden’s trip to Europe should provide some insight to these inquiries. Another response to ransomware attacks and cybercrimes has been prosecution of the perpetrators.
The current issue of the IELR will have a more comprehensive discussion of the ransomware attacks, the seizure, and implications.
[1] Rising third year law student, Washington College of Law, American University; M.S., Finance, American Univ; B.A., George Washington Univ.
[2] Katie Benner and Nicole Perlroth, Seizing Money, U.S. Retaliates For Cybercrime, N.Y. Times, Jun. 8, 2021, at A1.
[3] Id.
[4] Id.
[5] Id.
[6] Id.
[7] Id.
[8] Id.
[9] Sadie Gurman, David Uberti, and Dustin Volz, Pipeline Ransom Money Seized By U.S., Wall St. J., Jun. 6, 2021, at A1.
[10] Ellen Nakashima, Authorities recover about $2 million paid in ransom to pipeline hackers, Wash. Post, Jun. 8, 2021, at A18.
[11] Id.
[12] For Immediate Release: Department of Justice Seizes $2.3 Million in Cryptocurrency Paid to the Ransomware Extortionists Darkside, Dept. of Justice, Jun. 7, 2021, https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside (last visited Jun. 10, 2021).
[13] Id.
[14] Rachel Lerman, Meat supplier JBS paid $11 million in ransom after hackers targeted plants, Wash. Post, Jun. 10, 2021, at A22.
[15] Id.
[16] Nakashima, supra note 10.
[17] Benner and Perlroth, supra note 2.
[18] Id.
[19] Nakashima, supra note 10.
[20] Benner and Perlroth, supra note 2.
[21] Id.
[22] Nicole Perlroth and David E. Sanger, Calls for Action Against Russia for Cyberattack, N.Y. Times, May. 29, 2021, at A1.
[23] Id.
President Biden Revokes Executive Order Imposing Sanctions on the International Criminal Court
On April 1, 2021, United States President Joseph R. Biden terminated the national emergency declared in Executive Order 13928 of June 11, 2020, which blocked property of certain persons associated with the International Criminal Court (ICC).
Biden Executive Order
The new Executive Order explained that the U.S. continues to object to the ICC’s assertions of jurisdiction over personnel of such non-States Parties as the U.S. and its allies without their consent or referral by the United Nations Security Council. President Biden said the U.S. “will vigorously protect current and former United States personnel from any attempts to exercise such jurisdiction, the threat and imposition of financial sanctions against the Court, its personnel, and those who assist it are not an effective or appropriate strategy for addressing the United States’ concerns with the ICC.”
Statement by U.S. Secretary of State Antony J. Blinken
On April 2, 2021, U.S. Secretary of State Antony J. Blinken in a press statement explained that, as a result of the new Executive Order, the U.S. has removed the sanctions imposed by the prior administration against ICC Prosecutor Fatou Bensouda and Phakiso Mochochoko, the Head of Jurisdiction, Complementarity and Cooperation Division of the Office of the Prosecutor.
According to Blinken, the U.S. continues to disagree strongly with the ICC’s actions concerning the Afghanistan and Palestinian situations. Blinken also reiterated the U.S. government’s objection to the ICC’s efforts to assert jurisdiction over personnel of non-States Parties such as the U.S. and Israel. Blinken continued that the U.S. concerns about these cases would be better addressed through engagement with all stakeholders in the ICC process rather than through the imposition of sanctions.
According to Blinken, U.S. support for the rule of law, accesses to justice, and accountability for mass atrocities are significant U.S. national security interests that are protected and furthered by engaging with the rest of the world to meet the challenges. The U.S. government leadership was important in forming the Nuremberg and Tokyo Tribunals after World War II and bringing accountability in the Balkans, Cambodia, Rwanda and elsewhere. The U.S. government leadership has supported various international, regional, and domestic tribunals, and international investigative mechanisms for Iraq, Syria, and Burma, to bring justice for victims of atrocities.
Blinken mentioned the U.S. is encouraged that States parties to the Rome Statute are considering a large range of reforms to assist the ICC prioritize its resources and to achieve its core mission of serving as a court of last resort in punishing and deterring atrocity crimes.
Litigation against Trump’s Executive Order Authorizing Sanctions on Officials of the ICC
The Biden Executive Order precedes by days a deadline on April 5 for the Biden administration to respond to a lawsuit by civil society (Open Society Justice Initiative) and law professors challenging the constitutionality of the executive order. In October, the OSJI and four law professors brought a lawsuit against the U.S. government in U.S. District S.D.N.Y., claiming that the executive violated their rights of free speech and association. Some of the professors worked in various capacities for the ICC prosecutor and victims of alleged atrocities.
Already, the Biden administration decided not to appeal a preliminary injunction the court issued in the litigation barred the implementation of the Executive Order.
The American Civil Liberties union and several U.S. citizens also brought a lawsuit challenging the Trump Executive Order. The Biden administration would have had to respond on April 9.
Analysis
The new Executive Order by President Biden and its timing illustrate the utility of the lawsuits.
The new E.O. and the Blinken statement also show an effort by the Biden administration to re-engage in acting against international atrocities and international human rights more generally.
The current issue of the IELR will have more discussion on these developments.
FATF Starts New Project to Study and Mitigate the Unintended Consequences from Incorrect Implementation of Standards and Announces More Jurisdictions on its Black and Grey Lists
On March 17, 2021, the Financial Action Task Force announced the start of a new project “to study and mitigate the unintended consequences resulting from the incorrect implementation of the FATF Standards.
Mitigation Project
The project started in February 2021 and will examine the following four areas
- “De-risking, or the loss or limitation of access to financial services. This practice has affected non-profit organizations (NPOs), money value transfer service providers, and correspondent banking relationships, in particular;
- Financial exclusion, a phenomenon whereby individuals are excluded from the formal financial system and denied access to basic financial services;
- Suppression of NPOs or the NPO sector as a wholethrough non-implementation of the FATF’s risk-based approach;
- Threats to fundamental human rightsstemming from the misuse of the FATF Standards or AML/CFT assessment processes to enact, justify, or implement laws, which may violate rights such as due process or the right to a fair trial.”
The FATF will conduct the project in two phases:
Phase One: research and engagement. The project will analyze these unintended consequences resulting from the misuse of the FATF’s Standards on preventing and combating money laundering and the financing of terrorism. This work will rely on the knowledge and experiences of members of the FATF’s Global Network of 205 jurisdictions, its observers, and outside stakeholders.
Phase Two: solutions. The second phase will develop options the FATF could consider to prevent and mitigate these unintended consequences.
According the announcement, the FATF welcomes input to inform this project, including scholarly research; industry and civil society perspectives; and documented instances of unintended consequences. Information may be sent to pscf@fatf-gafi.org.
The announcement states the project is an opportunity to study trends and propose solutions. Any information provided to the FATF Secretariat will be shared with the project team and the source will be identified.
New Lists of High-Risk Jurisdictions and Jurisdictions in Need of Increased Monitoring
On February 25, 2021, the FATF announced its list of High-Risk Jurisdictions (also commonly referred to as its “blacklist”) subject to a Call for Action (Iran and North Korea) and jurisdictions in need of increased monitoring (commonly referred to as its “grey list”). The list has the following jurisdictions: Albania, Barbados, Botswana, Burkina Faso, Cambodia, Cayman Islands, Ghana, Jamaica, Mauritius, Morocco, Myanmar, Nicaragua, Pakistan, Panama, Senegal, Syria, Uganda, Yemen, and Zimbabwe.
One of the problems with the list of high-risk jurisdictions is that they’ve been on the list now for many years and they are also on international and national sanctions list. As a result, many banks and financial institutions will not process transactions, even ones that are for genuine humanitarian purposes due to the risk of large penalties.
Another practical problem is that jurisdictions on either list tend to also land on the European Union list of high-risk jurisdictions for money laundering (commonly referred to as its AML/CFT blacklist).
Although the FATF does not mandate the application of enhanced due diligence measures for jurisdictions under increased monitoring, it encourages member jurisdictions to take the listing into account when undertake their risk analysis. The measures to be applied will vary, but may result in: (a) a requirement to perform more comprehensive due diligence on the customer’s source of funds and source of wealth and/ or (b) increased internal controls on business acceptance and ongoing monitoring.
Practically speaking, regulators around the world take into account the listing as do the electronic databases used by financial institutions and intermediaries when they are on-boarding and reviewing clients for customer due diligence. As a result, banks and financial institutions from the metropole tend to limit or terminate correspondent bank relationships (de-risking) and withdraw from having branches or subsidiaries in the jurisdictions, especially because the listed jurisdictions tend to be small jurisdictions. The result is that persons and businesses in these jurisdictions increase higher costs to bank, especially internationally. Ultimately, the listings lead to financial exclusion of the small jurisdictions and their inhabitants, even though many already experience a high degree of lack of access to formal financial markets.
The current issue of the IELR will have a more comprehensive discussion of the issues raised in this post.
- 1
- 2
- 3
- 4
- Next Page »