This week, OFAC shows American resolve to combat ransomware with new advisory, a tardy German bank is fined for being late with its suspicious activity reports, and Swiss authorities turn back the clock on ex-CEO for old money laundering charges.
Find out more on these stories below.
OFAC updates advisory on sanctions risks to discourage ransomware payments
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has issued a new advisory to companies about the sanctions risks associated with potential ransomware payments made through their platforms.
This advisory, which is an update of OFAC’s 2020 document, includes cryptocurrency exchanges, and notes the possible sanctions which companies could face if found to be in violation of OFAC guidelines. It states, "companies that facilitate ransomware payments to cyber actors on behalf of victims, including financial institutions, cyber insurance firms, and companies involved in digital forensics and incident response, not only encourage future ransomware payment demands but also may risk violating OFAC regulations".
Several of the key updates to the previous anti-ransomware advisory are:
- Discouraging ransom payments. OFAC is emphatic that ransom payments should not be made at all, as this encourages further attacks.
- Prevention. Implementing better cybersecurity protocols will be considered favourably in instances where advisory recommendations are violated.
- Reporting. Cooperation by companies with OFAC and other law enforcement agencies (LEAs) in investigations will be considered as mitigating factors when sanctions are imposed. Victims will also have a wider pool of LEAs to report to.
The OFAC update echoes the FinCEN 2020 advisory, which noted that “detecting and reporting ransomware payments is vital to prevent and deter cybercriminals from deploying malicious software to extort individuals and businesses and hold ransomware attackers accountable for their crimes.”
Ransomware payments increased 300% from 2019 to 2020, and evidence suggests this worrying trend is continuing so far in 2021.
Read more on this from OFAC.
German financial watchdog fines digital bank for sluggish reporting of suspected money laundering
Germany’s financial regulator, BaFin, has issued a whopping €4.25m (£3.65m) fine to Berlin-based digital bank, N26, relating to almost 50 delayed suspicious activity reports (SARs) in 2019 and 2020.
In May 2021, BaFin ordered N26 to improve its anti-money laundering regime, and the fine for the 2019/20 delayed SARs issued in June was settled by N26 in July. The fast-growing digital bank issued a statement noting that “N26 takes its responsibility in the fight against the growing threat of global financial crime, and in the prevention of money laundering, very seriously.”
This BaFin action is an encouraging step towards restoring the reputational damage the regulator suffered after the Wirecard implosion and Greensill Bank collapse. Effective SARs are a critical component of how financial intelligence is used to combat modern day travesties such as human trafficking and online child sexual abuse.
N26, meanwhile, is allegedly negotiating a deal with Dragoneer Investment Group which could see the digital bank become worth €8.55b (£7.34b).
Read more on this story in the Marketwatch.
Swiss authorities charge ex-CEO of defunct Zurich bank with money laundering offences
Switzerland’s Federal Criminal Court has charged Mr Eduardo Leemann, formerly the boss of now-defunct Zurich-based Falcon Bank, with money laundering charges totalling €133m (£114.22m). The indictment alleges that he exploited his CEO role to launder the funds between 2012 and 2016 on behalf of Falcon’s disgraced former director, Khadem Al-Qubaisi, as the bank was engulfed in the 1Malaysia Development Berhad scandal (1MDB).
Among the charges Swiss prosecutors levelled at Mr Leemann in the 52-page indictment are that:
- He used third-party accounts in the British Virgin Islands and Luxembourg to distance the funds from the owner in every possible way
- He paid Mr Al-Qubaisi €61m (£52.4m) which was used to purchase luxury cars, invest in exotic properties, and fund opulent credit card use
- Under his leadership, Falcon Bank was negligent about the monitoring of risky business relationships and failed to implement and sustain an effective financial controls regime, allowing money laundering to flourish
Mr Leeman refuted the allegations through his spokesman, stating that he “categorically denies any kind of wrongdoing and is convinced that the court will see that the case brought against him is totally unfounded.”
Read more on this story in Swiss Info.