Financial transparency in Iran – more advanced than you think

By Christine Duhaime | July 2nd, 2016

Blacklist in place

Last week, the FATF voted to keep Iran on a blacklist, which means that banks are being advised that they may want to treat financial transactions from Iran with heightened scrutiny.

It’s an interesting decision because Iran is, in many ways, more transparent that many other countries that appear to have no FATF issues. In other ways it may not be on par.

A former member of the US Treasury said in early May in public that John Kerry is asking global banks to re-engage with Iran but their board members are refusing because of the risks of fines from US regulators if they do, arising from the uncertainly created by the position of the FATF.

Central bank of Iran

Iran actually has a modern, online banking system that, if anything, is ultra transparent.

For example, the FATF put forward a soft recommendation a few months ago that central banks consider becoming involved in the on-boarding process of commercial banks and that they have ties to their banks for identification. It was advanced as the ideal way for countries to become FATF compliant.

Iran’s central bank does on-board clients at the same time as the commercial bank does. A person, whether they are foreign or Iranian, cannot open a bank account in Iran until the central bank clears the person first – the central bank runs a check on the person to ensure they are not a terrorist, a money launderer, a debtor or have an outstanding judgement against them in Iran.  Even a debtor is denied the privilege of a bank account in Iran until the debt is settled and the national records are corrected to reflect that.

Trade-based transparency & beneficial ownership data in trade transactions

Another example, Iran has transparency in respect of trade that no other country has – to wit, they have an online foreign trade database that delivers data on trade transactions in real time.

The database shows imported / exported goods, evaluations of the traded goods, tax receipts paid, licenses issued in respect of the traded goods, transit permits, trade-based invoices, and tax reports.

It also includes information in respect of the products imported, any legal issues with the importer and discloses the beneficial ownership of the importer or exporter (who controls the company involved in trade and is the authorized signatory).

The database can be used as an anti-financial crime tool to mitigate against money laundering, including trade-based money laundering, and for beneficial ownership disclosure. It allows Iran, and law enforcement to have real-time data on trades and the financing thereof, and act as a powerful tool to mitigate against financial crimes occurring as Iran opens up its trade system to the rest of world in conjunction with the lifting of sanctions.


Share this Post:
  • Facebook
  • Twitter
  • StumbleUpon
  • Print
  • email

FBI wins appeal to hack into your personal computer for serious criminality

By Christine Duhaime | July 2nd, 2016

Right to hack any computer anywhere for serious criminality with underlying court order

In a case that seemed to be quite sweeping, the US government has won an appeal to use evidence in a criminal proceeding derived from hacking into personal computers, regardless of where situated (a home, a corporation, a café, an airport) for the purposes of identifying and prosecuting serious criminal activities.

It seems, pursuant to the case, that there is no need for the computer (e.g., you) being hacked to be owned or controlled by a US national (person or corporation) except that the underlying warrant authorizing the activity may be tied to US persons (natural and corporate, or which have a tie to the US).

The case, US v. Matish, did not involve terrorism, like the FBI- Apple case; rather it involved child pornography and child exploitation websites. According to the case, the FBI has been collecting evidence from a large number of national and international people for the purposes of future prosecutions for serious criminality. But they have not acted on those prosecutions yet and the targets in the US and other countries have no idea that the US government has evidence of them on file for prosecution purposes yet.


The facts of the case are as follows:

  • Edward Matish, a US citizen, was charged with accessing the Internet with an intent to view child pornography and receiving child pornography from a website called Playpen.
  • Playpen was on the TOR network which allows anonymous viewing of websites by hiding the IP address of a person using the Internet, which can locate the person geographically.
  • Playpen had 150,000 members.
  • The FBI took over Playpen from its creator and was authorized by a court order to deploy an investigative technique that allowed it to find out the identity of any user of the site, and where they lived (so, they were traceable like any porn regular non-TOR site). The information the FBI could obtain from the tech it created included the IP address of a person and the media access control address of their computer, so that if you moved locations, you could still be located.
  • In essence, the FBI gained access to a person’s computer through TOR and downloaded coding to obtain their computer address and then uploaded certain information back for the purposes of prosecution (e.g., who you are and where you are).

Matish sought to force the FBI to disclosure their investigation techniques and the tech (programming code) developed to access his home computer, and he sought to have the evidence inadmissible on numerous grounds including his 4th Amendment right against search and seizure, and his reasonable expectation of privacy when using his computer at home from FBI intrusion.

The government successfully resisted on the grounds, inter alia, of security because it would expose their techniques and make it useless to track Internet crime, and on the ground of law enforcement privilege because revealing their tech would diminish the future value of important techniques that protect the public.

No expectation of privacy with your computer

With respect to the expectation of privacy, the Court held that people cannot reasonably expect to be safe from hackers, including those using the TOR network.

The Court held that the FBI gaining access to one’s computer using TOR is identical to a police officer looking through broken blinds of a person’s home, and thus no 4th Amendment right was violated.

The Court noted that since no computer is hack proof, “people who traverse the Internet understand the risks associated with doing so.” The FBI’s action on TOR was akin to merely peeking through blinds when they downloaded code to a person’s computer and watched their activities in their home, and gathered information they needed to prosecute.

Government authorized to use most advanced tech for criminal investigation for terrorists and child porn

The Court further held that “the government should be able to use the most advanced tech to overcome criminal activity that is conducted in secret, and Defendant should not be rewarded for allegedly obtaining contraband through his virtual travel through interstate and foreign commerce on a TOR hidden service.”

“The government’s efforts to contain child pornographers, terrorists and the like cannot remain frozen in time; the government must be allowed to utilize its own advanced tech to keep pace with our world’s ever-advancing technology and novel criminal methods.”

The way it works is that the users of TOR sites that involve serious criminality that are hacked by the FBI (and there are thousands thus far), will be identified for criminal purposes and those that involve US citizens will be prosecuted and those that involve foreigners (Canadians) will be referred to the RCMP.

If I were to guess, based on that case, I would say that the FBI is creating a database of persons around the world with their IP address, media address, name, IP service provider, location and a site visit profile.

While that may seem freighting to some, it is much more palatable than companies in the private sector who attempt to do the same for commercial purposes in violation of privacy laws, who sell the personal data collected, or information related to personal data, to foreign countries.

Share this Post:
  • Facebook
  • Twitter
  • StumbleUpon
  • Print
  • email

P3 infrastructure criminal charges in Canada against a politically exposed person

By Christine Duhaime | June 29th, 2016

The RCMP has charged a former head of a Crown corporation, Michel Fournier, and his wife, Judith Fournier, both resident in Victoria, with money laundering in connection with alleged corruption from kickbacks they allegedly received tied to a $127 million contract to renovate the Jacques Cartier Bridge. Fournier had a secret bank account in Switzerland with millions of dollars in it and is a politically exposed person (“PEP“).

At the time he was banking in Switzerland, Fournier was a foreign PEP to Swiss banks and was subject to higher due diligence scrutiny and vetting of funds under international anti-money laundering laws.

Corruption occurs frequently enough in large infrastructure projects, including in Canada. The largest corruption and money laundering case in Canada involved infrastructure with the McGill University Hospital Centre, a public-private partnership arrangement (P3) in which another PEP, Arthur Porter, was paid a bribe for a contract. In February 2014, the late Minister of Finance said that infrastructure in Canada has”fallen prey to corruption.”

According to the OECD and FATF, P3 project are more susceptible to corruption is they have the following characteristics:

  • Lack of due diligence by financiers on, inter alia, financial crime including involvement of politically exposed persons, domestic and foreign.
  • Large projects with greater complexities or novel features.
  • Lack of transparency in the process.
  • Too much discretionary decision-making authority exercisable by several officials.
  • Unclear rules and regulations in respect of financial control and audits.
  • Lack of awareness of financial crimes.

The FATF has determined, with respect to PEPs, that there is a greater risk with persons involved in the following:

  • Energy, construction, gaming, mining and defense sectors;
  • Large infrastructure projects; and
  • Financing of government projects.

The Competition Bureau of Canada recently expressed concern in Canada over the potential financial crime risks with infrastructure projects because financial crime negatively impacts competition and creates an unfair playing field.

Fournier was politically exposed because he ran the Federal Bridge Corporation, a federal agency.

Share this Post:
  • Facebook
  • Twitter
  • StumbleUpon
  • Print
  • email

Iran renews calls for the deportation of Khavari

By Christine Duhaime | June 19th, 2016

The requested deportation of Mahmoud Reza Khavari, a former Iranian foreign national, and a Canadian citizen living in Toronto, seems to be at the centre of the arrest of a Canadian professor from Montreal, Homa Hoodfar, also an Iranian foreign national and equally a Canadian citizen, who was visiting Iran.

Professor Hoodfar was arrested by the Revolutionary Guard in Tehran just before Norwuz and is alleged to be incarcerated in Evin prison in Northern Tehran. The Canadian government has sought her release from Iran. The government of Iran has countered with its renewed requests for the deportation of Khavari.


Some background on Mahmoud Reza Khavari. He was prosecuted in Tehran for participating in the embezzlement of US$2.6 billion from the Melli Bank, a state-owned bank in Iran (Washington Post). It is the largest bank theft in Iran and its largest money laundering case, although it was not prosecuted on the basis of money laundering.

Khavari fled Tehran and came to Canada. Prior to that, however, he was granted citizenship of Canada in circumstances that seem unclear since he appears to have been living full-time in Tehran running a state bank; meeting the residency requirements under the Immigration and Refugee Protection Act to earn the right to citizenship would have been quite challenging.

Khavari purchased a mansion on the Bridal Path in Toronto, which is like having a mansion in Elahiel in Northern Tehran, only with a yard. The yards are so large and private on the Bridal Path that one family once kept a thoroughbred horse there for many months.

According to court filings, Khavari is alleged to have told a Toronto friend that he has “vast financial resources”. It turns out that Khavari was actively investing in Toronto – he invested $14.2 million in the construction of two Toronto luxury condominium buildings (Financial Post) and he has interests over them (they are at 131 Hazelton Avenue, 195 Davenport Road and part of 145 Davenport Road in Toronto) (2011 ONSC 101)

Also according to those court filings, Khavari assumed the name “Khalili” when he moved to Canada to conceal his true identity.

The US$2.6 billion stolen from Iran was never recovered.

The government of Iran has sought the deportation of Khavari for many years from Canada without success; prosecutors in Tehran omitted to charge Khavari with money laundering in Iran, which would have accelerated his removal. While Iranian agents have visited Canada and physically searched for Khavari in Ontario, also without success, it now turns out that his address has been published in Court documents filed in Ontario in connection with a civil litigation in which he is embroiled (Financial Post). Iranians in Toronto say he lives quite openly in the community in a mansion in Toronto.

Iran has called the refusal of Canada to return Khavari to Iran as “one of the biggest hostilities of Canada towards Iran” (Fars News Agency), in part because allegedly Canadian officials misled Iran as to the whereabouts of Khavari, claiming that he was no longer living in Canada when he was in Toronto.

Anti-money laundering law & sanctions law 

Khavari was the Chairman of the Melli Bank, hence he and all his family members are foreign politically exposed persons, subject to anti-money laundering heightened due diligence that required that the source of all their wealth be ascertained when they opened bank accounts in Toronto.

Salaries in Iran are about 30% what they are in Canada so salaries on bank applications that don’t reflect that are of concern to banks. Iran was subject to sanctions after 2010 which prohibited any bank or brokerage firm, in fact any person, from doing anything but freezing funds of Khavari that originated from Iran after 2010 unless it was approved by the Canadian government. To avoid sanctions, Iranians typically move their money  through Dubai.  Obfuscating the original of money from Iran through banks in Dubai does not make the funds sanctions-free — it does the opposite, it makes them proceeds of crime, the predicate criminal offense being sanctions avoidance.

Dual citizens with dual passports

Back to Professor Hoodfar. The jurisdiction, as a matter of law, of the arrest of Professor Hoodfar is not as straight forward as it may seem to Canadians. All Canadian Iranians are Iranian citizens under the laws of Iran, and both countries allow them to have passports from both countries. However, Iran does not recognize dual residency and as long as an Iranian has not relinquished Iranian citizenship formally, in the eyes of Iran, they are Iranian.

Iranians often have two passports to facilitate their travel and often it is so that they can enter the United States as Canadians, without disclosing to US border agents the existence of their Iranian passports, and enter Iran as Iranians, without disclosing the existence of their Canadian passports to Iran’s border control agents. Professor Hoodfar likely entered Iran under her Iranian passport as an Iranian citizen, otherwise she would have needed to have applied for a visa to enter Iran, which seems unlikely. Khavari as well, although now a Canadian citizen, is still a citizen of Iran under the laws of Iran. Getting Professor Hoodfra back to Canada will not be as easy as it would be if she were a Canadian citizen visiting Iran. In the eyes of Iran, she is an Iranian in Iran, not a Canadian in Iran.

The political situation between Canada and Iran became more complicated and tense because of the $13 million judgement against Iran awarded by a Toronto Court last week (National Post) for American plaintiffs.

What will Iran do? 

If I were to take an educated guess, I think Iran will act on this file, as follows:

(1) Iran will start discussing the case of Khavari internationally with other countries, the UN and such. At the end of the day, if the rule of law prevails, Canada has to return Khavari – he is a politically exposed person and was prosecuted in Iran pursuant to their rule of law and is being sought in connection with the most serious financial crime possible involving a US$2.6 billion alleged theft;

(2) Iran will seek the deportation of Khavari to Tehran in exchange for the release of Professor Hoodfra; and

(3) Iran will seek from Canada certain payments and may go after the assets of the Yorkville condo projects, the home and the bank accounts of Khavari and sue a number of parties to recover its US$2.6 billion.

What will Canada do? 

On the part of Canada, if I were to take an educated guess, I think it will respond as follows:

(1) I suspect it will privately move on the deportation of Khavari. In order to do that, I suspect it may scour through Khavari’s immigration application to see if it can find a material misrepresentation;

(2) Canada will require that Iran promise not to execute Khavari if he is returned;

(3) Canada will require, before it does anything at all, that Professor Hoodfar be released once the two countries have signed an agreement for an exchange of foreign nationals.

Iran can and will wait this one out; Canada can’t – not for Professor Hoodfar or for its trade mandate with Iran to re-engage.

Professor Hoodfra is caught in the middle of a political situation between Canada and Iran over money – US$2.6 billion to be exact.

Share this Post:
  • Facebook
  • Twitter
  • StumbleUpon
  • Print
  • email

The CIA on terrorism and tech

By Christine Duhaime | June 18th, 2016

On June 16, 2016, the Director of the CIA testified before the Senate Select Committee on Intelligence in respect of the Islamic State (ISIS), terrorism and technology generally.

Here is an executive summary:

  • The CIA said there there has never been a time when there is such a “dizzying” array of national security issues and threats affecting countries;
  • The so-called “Twitter Terrorist” and terrorist propaganda phenomena poses an international security threat and such propaganda takes place mostly on Twitter, Tumblr and Telegram, working to inspire attacks by sympathizers globally to harm the West (to learn more, you can read our research here);
  • ISIS is still able to raise tens of billions of US$ per month in revenues;
  • Libya is now ISIS’ most developed and dangerous jurisdiction, followed by Egypt. The Libya branch of ISIS is actively planning attacks in the EU;
  • ISIS will be moving with groups of migrants and refugees to access the West;
  • The US financial system (its banks and financial institutions) are under serious threat of cybersecurity threats;
  • The rebuilding of Syria will take billions and billions of dollars;
  • The digital realm, including mobile and online activities, pose the most challenge to the CIA and other intelligence agencies. The CIA called digital challenges a “new frontier”, noting that the law has not kept up with those challenges; and
  • The Internet of Things (IoT),  where every type of electronic and mobile device will be connected to the Internet will create inherent security risks to the US.

With respect to national security solutions, the Director of the CIA said that the agency is (a) embracing diversity and ensuring that it has women in leadership in the intelligence community; (b) working with the EU over threats to terrorism and on the issue of social media propaganda promoting terrorism, and the movement of prospective terrorists to the EU; and (c) working with the tech private sector to advance the national security interests to ensure that the tech companies are aware of their responsibilities in respect of national securities issues and are cooperative.

Share this Post:
  • Facebook
  • Twitter
  • StumbleUpon
  • Print
  • email

FinTechs are being derisked out of bank accounts over terrorist financing and money laundering risks says UK study

By Christine Duhaime | May 29th, 2016

The Financial Conduct Authority released an interesting soft study on the incidents of derisking affecting companies in the UK and pursuant to the study, MSB, charities and FinTechs are the three business client groups whose bank accounts are most frequently closed because they are too risky for the bank (a practice known as derisking). No business, least of all a FinTech, can survive for very long without a bank account.

By way of background, banks are required by complicated anti-money laundering, counter-terrorist financing and sanctions laws to implement robust legal compliance programs that include, inter alia, the appointment of an experienced compliance officer, the undertaking of a geographically tailored risk assessment, regular company wide training, and a reporting regime for suspicious transactions tied to enumerated predicate offenses under national criminal law statutes, tax statutes, terrorism statutes, UN Conventions, sanctions statutes, and anti-corruption statues, and the reporting of certain transactions. The requirements are based on national laws and vary by country.

The costs of compliance for any reporting entity is at least $1 million per year, regardless of the size of the entity. Across the board, reporting entities in most countries agree that that is the baseline cost and it goes up based on the size of the financial institution. Large banks have compliance costs in the tens of millions of dollars per year. The costs is the same, in terms of a baseline amount because all reporting entities regardless of size have similar basis requirements that are costly to implement.

Diving into the minutia of costs, banks in the survey disclosed that it costs them annually between $4,200 to $6,400 (converted to CDN) per account holder to meet its AML / CTF complete compliance obligations. Those costs are not being passed onto the actual bank clients but rather are absorbed by the banks as part of its costs of operations. A FinTech paying $4,200 to $6,400 per month for the actual costs of compliance would have to raise money to match the actual costs of doing business. Based on many financing documents in the FinTech space, a number of FinTechs pay large monthly management fees to their insiders and next to nothing for legal compliance. That makes the FinTech risky for any bank or investor.

The AML / CTF requirements are similar across all reporting sectors, whether the reporting entity is a casino, a bank, a stock broker, a realtor or an MSB or a FinTech that is a reporting entity, and the costs incurred by each group should also be the same to comply with AML / CTF law. But its not. Typically only land based casinos, some investment firms and banks tend to implement the full suite of AML / CTF legal requirements. The rest of the sectors of reporting entities do not.

And so the derisking problem is this; all companies (including charities, MSBs and FinTechs), have to have banking relationships and bank accounts for their business and to complete financial transactions on behalf of their customers. The banks who provide those banking services are on the hook for AML / CTF compliance failures for banking the little players and therefore carry the risk of the banking relationship. The risk is a regulatory risk,  a civil liability risk and a risk of criminal liability for AML / CTF failures, not only of the bank but also of its officers and directors. As noted in the study, banks also have a real concern with the media backlash and reputation damage to them if  it were to emerge that banks participated in banking a FinTech that was involved in a financial crime scandal, or funded a terrorist organization inadvertently by not being familiar with well-known typologies.

FinTechs that onboard customers and conduct financial transactions do not spend $4k – $6k per customer per year, like banks do, in AML / CTF compliance costs. For banks, that means that the bank now has a double compliance burden of being concerned with its own compliance and the compliance of the FinTech and thus its costs escalate.

In the banking relationship, FinTechs are essentially asking banks to trust that the FinTech management will be legally compliant in respect of AML / CTF. Banks are saying: “No, show us on paper that you know what AML / CTF involves so that we have comfort that your FinTech is not a risk to us.” AML / CTF compliance lawyers working at banks are not willing to lose their job, pay a huge fine or be prosecuted for a FinTech’s AML / CTF failures.

Every bank does a risk assessment of a FinTech, which they will never share with you if you’re a FinTech but you can rest assured that if you are derisked, its because your startup, your management team, or your control systems (or lack thereof) were deemed too risky to the bank. Sometimes its not the FinTech that is risky but its the people behind a FinTech financing that are of concern to a bank, such as unlicensed individuals who raise money for startups who have been investigated by securities commissions for taking financing fees off the books. Banks are also adverse to banking FinTechs that have ties to jurisdictions associated with offshore gambling operations that operate in some countries illegally.

FinTechs that do not know AML / CTF law or who know it but fail to comply because they costs are prohibitive for a startup or because they prefer to use their financing funds for other purposes, are too risky for a bank to bank and consequently they are derisked and their bank accounts are terminated.

I’ve heard from a number of chiefs of innovation at the world’s largest banks in the leading FinTech cities that FinTechs often approach them to partner or for investment without having spent time understanding the legal environment in which banks operate, and often they have already developed sophisticated tech that may be amazing but which a bank could never use because it would not mesh with the law. A FinTech that invests in tech but not the legal requirements for applying that tech is risky to a bank and signals that its house is not in order.

Many FinTechs operate with contracts in place with banks whereby, if they are partnering with a bank, the AML / CTF obligations remain with the banks, rather than the FinTechs. Others have no contracts in place and the banks in those partnerships have decided that since FinTechs are not registered as reporting entities, or registrable with the FIU, AML / CTF laws are suspended in respect of those transactions (although that is not the law). Many other FinTechs and banks are struggling to carve out the obligations in respect of AML / CTF to ensure that responsibilities and liabilities are clearly defined and that the risks are borne by one of the parties for AML / CTF failures.

In addition to contractual risk allocations, the solutions may be to pass on the actual costs of compliance to each business customer so that banks quit derisking and the FinTech carries the true costs – a move supported by the UK government in the study; and to have a regulatory sandbox to allow FinTechs to innovate in a controlled bubble where there is no potential harm to the financial system by their failures to comply with AML / CTF law because their financial transactions are limited in volume and transactional number, and subject to different oversight.

You can read the report here.

Share this Post:
  • Facebook
  • Twitter
  • StumbleUpon
  • Print
  • email

The $200 million a year refugee smuggling operation in Libya

By Christine Duhaime | May 27th, 2016

A $200 million a year business and growing 

The EU – Turkey deal to close the borders of the EU to refugees and migrants has shifted the human smuggling routes back to Libya. The focus back to Libya means ISIS’ large source of terrorist financing from this activity is flowing again, which may also facilitate ISIS moving their own people to the EU.

It is a concern for terrorist financing because ISIS is a transnational criminal organization (“TCO“)  operating in a growing number of places in the world with sophisticated unknown networks that move money, people, drugs and weapons. Those activities fill ISIS’ treasury, especially outside of Syria, allowing them to fund more acts of terrorism and expand their sphere of influence and correspondingly, inject vast sums through the financial system as proceeds of crime.

Large profits made by money laundering smugglers

Here are the financial numbers on the amount of terrorist financing and money laundering earned from the Libyan human smuggling operations:

  • 2015 – Revenues conservatively may be as high as $528,000,000 (derived from 330,000  migrants who apparently arrived in the EU from Libya and who paid, at the lowest end, $1,600 each for the trip. It does not include those who died and paid a fee regardless).
  • 2016 – Revenues year-to-date are likely $59,200,000 (derived from the rate of $1,600 with an estimated 37,000 migrants who have arrived from Libya to EU directly so far in 2016, not including the thousands who died or were arrested en route but paid for the journey).
  • May 2016 – Revenues for May alone are $17,600,000 ($1,600 per migrant  with 11,000 migrants who arrived in EU from Libya this month). If the trend continues, the amount may be as high as $210,000,000 for 2016.
  • Two Libyan men, Medhanie Yehdego Mered and Ermias Ghermay, with alleged ties to ISIS, and who are part of a large TCO, are said to be behind much of the early human smuggling operations in Libya and earned a total of $2,000,000,000 from human smuggling of migrants.

Europol estimates that the human smuggling of refugees and migrants to the EU is netted traffickers between $1,000,000,000 to $6,000,000,000 last year from all areas, not just Libya, and the payments surprising, come from relatives in the West, such as the US, who pay even though they know the payments are for terrorists or those affiliated with terrorist organizations and that the payments are for illegal human smuggling. This means, of course, that banks in the West are being used to send funds for the illegal human smuggling of refugees and migrants that may fund terrorism.

According to reports, Eritreans pay $5,400 to be trafficked, not $1,600 applicable to other migrants, an amount that is 8 times the average annual income of an Eritrean, suggesting that funds are indeed coming from the West to move them to the EU with TCOs.

The unfortunate Canadian connection

One of the Libyan smugglers who is said to allegedly have ties to terrorists, Medhanie Yehdego Mered, aka Mered Medhanie, also known as “The General”, may operate in Canada as well. He was recorded on a wire tap saying he would invest $170,000 in Canada – part of the proceeds of crime from trafficking migrants from Libya to the EU. He also is heard on wiretap saying that $7,800 is the price to smuggle a person into Canada illegally using fake passports from the US or Italy (see Globe & Mail article here).

In order to be investing in Canada, he would need a bank account, a lawyer, a securities broker or realtor. The other, Ermias Ghermay, also has a Canadian connection – one of his operatives told Italian police that they arrange for people to be smuggled into Mexico and Canada with fake Italian passports. The operative of Ghermay also claimed to have smuggled himself into Canada. A third Libyan smuggler is recorded as saying that it’s easier to get into Canada illegally than the US.

Mered is believed to be the kingpin smuggler who arranged for the boat that sank near the Italian island of Lampedusa in October 2013 in which 359 migrants died when the boat capsized and laughed about their deaths when he learned of it.

He allegedly parked his wife in Sweden as a fake refugee, with some of his proceeds of crime.

Share this Post:
  • Facebook
  • Twitter
  • StumbleUpon
  • Print
  • email

Google’s office raided in alleged money laundering probe

By Christine Duhaime | May 25th, 2016

The Paris office of Google was raided today, as part of an investigation over allegations that Google was engaged in tax evasion, which because it is a predicate offense, also means that the investigation involves money laundering (that the purported proceeds of crime from the alleged tax evasion and fiscal fraud were then put through the financial system and used for other purposes).

Share this Post:
  • Facebook
  • Twitter
  • StumbleUpon
  • Print
  • email

A banker’s update on terrorist financing and money laundering from the US Committee on Homeland Security

By Christine Duhaime | May 23rd, 2016

Summary of the Updates

The US House Committee on Homeland Security released a number of updates and received testimony on the status of terrorist financing, terrorism and money laundering in the last few weeks with some interesting developments relevant to banks in terms of changes in terrorist financing typologies that should be added to anti-money laundering and counter-terrorist financing risk assessments, wherever banks are situated, since the new information is globally relevant.

The updates and testimony before the Committee, if all accurate, mean that:

  1. Antiquities collectors in New York City are essentially engaged in the financing of terrorism (of ISIS specifically) and money laundering by virtue of the fact that they are buying antiquities stolen from Syria and Iraq that are trafficked by ISIS to New York. The proceeds of crime seem to involve collectors, auction houses, brokers, importers, agents of ISIS and ISIS itself. The plunder and trafficking of antiquities by ISIS is such a highly visible news item that collectors can’t possibly not know that the proceeds of crime from these antiquities purchases are used to finance ISIS.
  2. People in the West are essentially engaged in the financing of terrorism (of Al Nusra specifically) and money laundering by virtue of the fact that they are paying $40,000 to surgeons in Egypt, with a large and increasing portion of the proceeds of crime being paid to Al Nusra, for illegal kidney transplants using kidneys harvested from destitute Syrian refugees, who are paid no more than $2,000 for a kidney, often much less.
  3. Al Qaeda has $100 million chilling in bank accounts in Yemen.
  4. Syrians with terrorist connections, or who are terrorists, have attempted to enter the US through its immigration program, claiming to be Syrian refugees.

1. Terrorists have posed as fake Syrian refugees to attempt to enter US

According to the Committee’s latest assessment:

  • Terrorists have attempted to gain access to the US under its immigration program posing as fake Syrian refugees.
  • US law enforcement and intelligence officials lack the ability to vet and screen whether immigration applicants claiming to be Syrian refugees are real refugees or members, or former members, of a terrorist group in Syria (my note - no country has this capability because the Syrian government is not effectively operational – there is nothing to vet or screen against that is reliable in Syria).
  • Banks continue to onboard terrorist organizations and to provide banking services to them. For example, al Qaeda in Yemen has $100 million deposited in banks in Yemen at its disposal.
  • There are over 1,000 defectors to ISIS from the EU who have returned to the UK, France, Germany and Belgium. It is unclear whether they are incarcerated or have been charged, or are in the EU anonymously.
  • ISIS now has 8 official branches in other countries and there are 24 countries with active ISIS members engaged in terrorist financing including Philiipines, Pakistan, Russia, Yemen, Nigeria, Tunisia, Jordan, Libya, Indonesia, Bangaldesh, Algeria, Egypt, India and the Sudan.
  • ISIS controls 60 miles of the border with Turkey (my note - a concern for money transfers in the border towns of Turkey for terrorist financing) and its numbers in Libya doubled in the last year.

2. Looted antiquities from Syria and Iraq that finance ISIS are sold in New York

The illegal sale of stolen antiquities from Syria and Iraq for terrorist financing continues.

Based on documents obtained from the US Delta Force raid on ISIS’ financiers Abu Sayyaf (now dead) and his wife Umm Sayyaf  (in Iraq awaiting prosecution for, inter alia, her role as a human trafficker for ISIS for her role selling Yazidi children as sex slaves) in March 2015, it was learned that ISIS has a separate ‘Ministry’ to manage the looting and for the sale of antiquities illegally removed from Syria and Iraq. ISIS makes $5 million per year in the sales of antiquities to agents in Lebanon and Turkey, who then sell to individuals, art galleries and auction houses mostly in the US. The US is now the largest importer of stolen antiquities from Syria and Iraq trafficked by ISIS as a method of terrorist financing to western collectors. While regular trade with Syria has diminished with the US, imports of Syrian antiquities have apparently skyrocketed, all of it apparently coming into the US through the Port of New York.

In early May, according to testimony heard by the Committee, over $400 million was sold in antiquities during a New York antiquities festival called “Asia Week” and while there were hundreds of raids by law enforcement, only one person was prosecuted. The Committee noted that it would look at a dialogue with the Department of Justice and the FBI to revisit the issue, presumably, based on the Committee Q&A, with a view to looking at the banking transactions underlying the illegal sales  of stolen antiquities from war-torn Syria and Iraq and seeing whether banks are reporting the requisite suspicious and terrorist financing transactions, and following the money trail.

My note – the sale of looted antiquities from Syria and Iraq is low hanging fruit when it comes to identifying members of ISIS in charge of this aspect of their trade and identifying the foreign bank accounts and beneficial ownership structures used by ISIS. If there is an area where ISIS is financially vulnerable in terms of detection, this is it because this is one area where ISIS has to use bank accounts for international trade and commerce. It is also low hanging fruit for regulators to identify banks that may be non-compliant in the area of counter-terrorist financing in trade-based money laundering and terrorist financing on two fronts –  banks that bank terrorists and bank collectors buying stolen antiquities. These purchases are out-of-pattern, both by merchant code and dollar amount, and should be detectable in a nano-second by an AI system in a bank or charge card company monitored by the bank’s AML / CTF lawyers.

3. People in the West are paying terrorists indirectly to buy human organs harvested from refugees

A new way of terrorist financing involving refugees is by the sale of human organs.

According to testimony before the Committee, agents in Turkey work in refugee settlements to locate refugees willing to sell their kidneys. Once a refugee agrees to sell a kidney, the refugee is transported to Egypt for the operation and is then paid, and subsequently uses the money to pay human smugglers to travel to Europe. The refugee is paid about $2,000, often less. The price paid by the patient is $40,000. According to this news report, over 18,000 Syrian refugees have sold their organs. This practice is not new.

What is new, according to testimony before the Committee, is that Al Nusra uses the organ transplants as a form of terrorist financing. People from the West pay Al Nusra $40,000 to buy a kidney from Syrian refugees through travel agencies by depositing money directly into the bank accounts apparently accessible by Al Nusra in Europe, thereby avoiding the wiring of funds to terrorists which could be detected. Western organ buyers use medical travel agents because the doctors performing the operations in Egypt have the arrangements brokered through those travel agencies. It’s not clear how the doctors and hospitals are paid – presumably by Al Nusra.

My note – some of the testimony on the trafficking of refugee organs was odd. The expert testifying before the Committee did not identify the concerns as being the trafficking of human organs of refugees or terrorist financing but rather the concern was articulated as one that arose because “Al Nusra is intimidating the doctors who have traditionally performed the trade and are taking many of the profits out of this trade”. Honestly, does anyone care if the doctors performing such operations are earning less profit? Would anyone care if the mafia earned less profit from an illegal activity except the mafia? What we care about is that people from the West are financing terrorism by human organ transplants involving destitute refugees and that the practice is morally repugnant, illegal and unethical in those circumstances. We also care about the human rights violations and upholding the rule of law.

I suspect that the testimony in respect of Al Nusra receiving payments directly from organ buyers through travel agents is, with respect, incorrect – it is more likely that the doctors and hospitals are the ones who are paid in the EU from travel agents and that they in turn, pay Al Nusra in Egypt. It is terrorist financing either way, one more direct than the other, but in terms of banking risks, the points of entry to be cognizant of are wires from the EU and Dubai to Egyptian medical facilities in the range of $30,000 to $50,000 since they are high risk for terrorist financing of Al Nusra and involve, in addition to terrorist financing, money laundering, the predicate offense being the illegal trafficking of human organs.

4. Transnational Criminal Organizations & Beneficial Ownership

The Committee heard testimony from a sociologist that in Franco Europe (France, Belgium), law enforcement and intelligence agencies do not appreciate the connection between terrorist financing and transnational criminal organizations and apparently cannot “connect the dots.”

My note – With respect, I doubt the above statement is accurate, but nonetheless the testimony was that although we know that TCOs operate with terrorist groups, in Europe law enforcement and intelligence agencies seem to have missed that point. The reason I doubt this is accurate is because Europol has, for many years, been looking at that exact issue and published material on point. It is indeed well-known in counter-terrorism law that terrorist groups are closely aligned with, and often are, TCOs in their own right. For example, at the end of this article, the head of Frontex talks about this issue.

Much of TCO transactions are conducted through beneficial ownership structures. A large global concern at the moment is in respect of beneficial ownership but that concern is all geared towards identifying tax evaders and none of it directed towards terrorist financing.

Part of the testimony before the Committee, however, was tied to beneficial ownership. The testimony was that illicit trade, including trade conducted by terrorists, is “supported by banks, by law firms and by professional services firms (accountants)” in places such as the US who help mask it through contracts as “high level facilitators”.

Smuggling from Libya

The testimony before the Committee was interesting but was lacking the most critical security threat at the moment — the human smuggling operations from Libya by TCOs affiliated with ISIS, who are engaging in large volumes of terrorist financing and money laundering (more here), who will unfortunately manage to smuggle more terrorists into the West.

Share this Post:
  • Facebook
  • Twitter
  • StumbleUpon
  • Print
  • email

“Responsible Innovation” – What the coming regulation of FinTech will look like

By Christine Duhaime | May 15th, 2016

Financial regulators balance innovation and protection

Financial regulators serve two important functions for the financial system. 1. They support growth and innovation where it could improve access to finance, or the delivery of financial services or grow the economy. 2. At the same time,  they  protect consumers and society at large by supervising the financial services sector actors to ensure that the financial system is sound, risks are identified and mitigated, consumers are protected and financial crime is mitigated. The balancing act requires regulators to take a well-considered approach.

How US, UK and Canada rank in balancing regulation and FinTech

Generally speaking, the US does the best job at balancing these two interests, managing to lead the world both in financial innovation and in the regulation and enforcement of financial crime. The UK is quite strong in both, having recently agreed to adopt the sandbox model invented by Kosta Peric of the Gates Foundation.

The Etherium case

People say that Canada may have a way to go in balancing regulation with innovation but the jury is out. The most prominent example of an unbalanced approach that was likely unintended, is of Etherium, a Canadian Blockchain startup driven by Canadian tech brains which relocated to Switzerland when Canada announced it was implementing the world’s first law to regulate digital currency transactions. Canada was once (in 2013 and 2014), the global leader in Blockchain, now the hottest area of FinTech but no longer, as a result of it being unable to balance the promise of leading in global innovation in FinTech with what it perceived, under a previous government, as an imminent threat to international security from the Blockchain being used to transact with Bitcoin. Canada still has that law on the books but decided not to bring it into force and consequently is viewed as a jurisdiction where there is uncertainty among global investors in respect of FinTech. Sometimes a decision that may seem prudent at the time, tips the scale too much in one direction with unintended and unanticipated consequences.

Bank jobs will be lost with FinTech; different jobs will be gained

We know in the FinTech world that financial services will be delivered almost entirely on a mobile phone in a few short years and while that will substantially drive up the costs for banking in terms of investment in tech, innovation, AI and data centers, it correspondingly will drive down the larger costs of maintaining physical branches, tellers and back office employees. Moreover, banks have hundreds, sometimes thousands of compliance personnel whose jobs will be rendered redundant as banking becomes mobile, saving banks hundreds of millions of dollars per year in compliance personnel. So while innovation will cause mass unemployment  in the financial services sector, it will correspondingly create new employment in FinTech. Wall Street and Bay Street will disappear as we currently know them as financial centers (it will be too expensive to maintain bank towers for tech and AI) but tech centers will pop up all over as banking undergoes fundamental shifts.

Many developed countries have national FinTech strategies (Canada is an anomaly in not having one) to ensure that the tech and AI shifts affecting financial services result in startups being created in, and remaining in, their jurisdictions so that they develop FinTech for export as opposed to being consumers of the tech. With respect to Canada, it is already, for the most part, a consumer of FinTech at the large financial institutional level with banks investing in FinTech expertise in the US, Singapore and UK , and more marginally in Canada. R3CEV, a US based company, is an example of foreign FinTech being invested in by Canadian banks. Ironically, some of R3CEV’s techs are Canadian, despite being in New York.

Some promises and perils

To weigh innovation and regulation, financial regulators look at the promises and the perils of FinTech.

Some of the promises of FinTech are that it will drive down the overall costs of operating a bank and of providing services to consumers, while increasing access to financial services across a broader sector, and potentially solving the growing problem of financial inclusion for small businesses and individuals all around the world. It also promises to make banking more efficient and reduce customer friction.

Some of the perils of FinTech that are of concern to financial regulators will be obvious things like consumer protection and misrepresentations to investors of FinTech startups and of the services they offer and of less obvious things like if analytics and GPS locating are used to exclude people from financial services. For example, an online lender or online bank may make decisions based on demographics or geo-locations to exclude more impoverished sectors of the population.

Another peril is with respect to financial crime mitigation. FinTechs that are front facing, or customer-facing have anti-money laundering and counter-terrorist financing obligations governed by contracts with deposit-taking institutions, rather than imposed as a matter of law. Because they are not directly regulated by prudential regulators or subject to FIU audits, compliance is spotty, non-existent or not uniform. Terrorist financing has occurred through FinTechs, some deliberately and some by accident.

There are also privacy law, consumer protection, securities law and prudential concerns with FinTechs in the sense that most FinTechs plow ahead without considering what is required, legally speaking, to provide financial services in a regulated environment. Global banks in the UK routinely say that they are frequently pitched to by FinTechs who have developed great tech but the tech is completely useless to financial institutions because it does not comport with the law and is built on wrong assumptions on the law, or without considering, legal requirements of financial institutions.

AML & CTF law is rocket science

The anti-money laundering regime is particularly problematic with FinTechs, and often raised by global banks as an area where FinTechs are venturing without background knowledge or legal expertise to understand the regulatory landscape.

While analytics and AI can be used to improve processes for anti-money laundering law and counter-terrorist financing legal compliance, and undoubtedly will in time, we are facing a tech and knowledge gap in the sense that there is no existing technology that can deliver counter-terrorist financing or anti-money laundering legal compliance at any standard or level that is acceptable to a responsible regulator, or that any financial crime lawyer could sign off on.

I enormously respect FinTech startups and the work they do, but the truth is that FinTechs are just not there yet in this space and the jury is out among counter-terrorist financing and anti-money laundering professionals as to whether a FinTech could ever get there. One needs only to ask a FinTech in this space to describe how their systems deal with legal versus beneficial ownership at on-boarding; how their systems detect a politically exposed person from Vietnam, Austria, Russia, Brunei, or any other country; or to identify which terrorists lists they are using for their warning system. Most can’t have that conversation because anti-money laundering and counter-terrorist financing law is rocket science.

A financial institution using a system created without expertise in anti-money laundering and counter-terrorist financing detection, mitigation, reporting or terrorist property asset freezing, poses a security risk to everybody.

Bar associations may move into FinTech & LawTech regulation

It is likely that other regulators will emerge as well to have their say on the debate on innovation versus regulation and I suspect it will be the law societies and bar associations, especially on financial crime and increasingly on LawTech.

By law, only lawyers are permitted by state, federal and provincial legislation, to practice law, give legal advice or provide legal services, including in anti-money laundering and counter-terrorist financing law, even if it involves just the provision of tech for legal solutions.

A law firm owned by a lawyer licensed to provide services to the public (ergo, not one in-house) can create and sell tech that provides legal solutions such as compliance or legal forms, or auto-divorces, let’s say, but not a startup that is not owned by a licensed lawyer. FinTechs need to be cognizant of where they can go, and cannot go, in tech that is legal. The same is true for accounting services. FinTechs need to be careful to not be providing services that are accounting in nature.

LegalZoom, a tech company that sold online legal solutions and was not a licensed law firm, was required to hire lawyers to vet and approve all of its legal solutions in order to avoid protracted litigation over allegations that it was engaged in the unauthorized practice of law. A few months ago, LegalZoom, bought a law firm to acquire a license to sell legal solutions to the public without running into issues of the unauthorized practice of law. In time, we are likely to see more tech companies buying law firms in order to enter into the field of anti-money laundering and counter-terrorist financing legal tech compliance to avoid being sued by bar associations.

The direction financial regulators are likely headed in a few years on the financial crime front is to require that anti-money laundering law and counter-terrorist financing systems be tested and licensed to preserve the integrity of the financial system in the same was as we require gambling systems to be tested and licensed to preserve the integrity of gambling. A financial crime system that is tested and licensed balances innovation with regulation.

New era of  ”responsible innovation”

Generally, we are heading into an interesting phase with FinTech. Financial regulator have taken a fairly hands off approach with FinTechs around the world, allowing them to grow to support innovation but there are signs that that is about to change. The mood seems to be swinging towards light regulation with a sandbox and in some cases, heavy regulation. The SEC is now looking at P2P lending and other FinTechs from the perspective of whether or not the disclosures to consumer are adequate and to investors.

The new buzz word for FinTech from regulators will be “responsible innovation” and that will mean that FinTechs will be regulated on a sliding scale depending upon the services rendered to the public and the risks involved.

Share this Post:
  • Facebook
  • Twitter
  • StumbleUpon
  • Print
  • email