Category Archives: Risk management

The Non-Data-Sharing Data-Sharing Network: One Anti-Money Laundering Innovation Requires a Closer Look

by Allison Caffarone

Financial authorities worldwide are focused on how new technologies can be used to more effectively combat money laundering and financial crime.  The UK’s Financial Conduct Authority (the “FCA”) is one of the leaders in the movement towards using financial technology (FinTech)[1] and regulatory technology (RegTech)[2] to fight money laundering.  In the FCA’s most recent conference on this issue, which was attended by over 100 technology firms, regulators, and law enforcement agencies from the US, Europe, the Middle East, and Asia, participants were tasked with developing proposals to address fifteen problem statements relating to how new technologies can more effectively combat money laundering and financial crime.  This article addresses one of the proposals that received significant attention during and subsequent to the conference.

The proposal, offered by a team from Santander Bank and others, called for financial institutions to use distributed ledger technology to develop a database of “bad actors” without requiring the institutions to share the underlying transactional data that led to the “bad actor” designation.  The goal for the database was to create a money laundering detection network to benefit all financial institutions in the ecosphere without running afoul of data privacy restrictions. This “Catch the Chameleon” proposal won the “Eureka” award at the conference for the “most original idea” and, according to the FCA website, will receive “support to progress” from Level 39, RegTech Associates and The Disruption House.  Following the conference, the proposal continued to receive attention from other major financial institutions.  For example, Credit Suisse highlighted the proposal in its letter (PDF: 338 KB) responding to FINRA’s request for comment on FinTech innovation,[3] deeming the proposal worthy of exploration. 

There is clearly merit behind the “Catch the Chameleon” proposal.  Data and information sharing between the private and public sectors and among and between the different institutions in the private sector is essential to combat money laundering.  Additionally, the use of distributed ledger technology to help facilitate the sharing of such information seems to have significant benefits, such as requiring relatively low implementation costs and allowing enforcement agencies to access a single source of data for all financial institutions in real time.[4]  However, there are at least three significant dangers of the platform or database as described on the FCA website, and in light of the heightened attention this proposal has received, these concerns are worthy of further discussion and exploration. Continue reading

The Future of Anti-Corruption Enforcement Involving Brazil and the United States

by Bruce E. Yannett, David. A. O’Neil, Andrew M. Levine, Kara Brockmeyer, and Daniel Aun

The beginning of the year allows us to look back at recent developments in the white collar front involving Brazil and the United States, and prompts us to consider what to expect going forward, especially in light of the election of President Jair Bolsonaro and the appointment of former judge Sergio Moro as Minister of Justice. 

Lava Jato, Carne Fraca, and Zelotes are among the Brazilian anti-corruption operations that have echoed in the United States over the last few years.  Intensified cooperation between authorities in the two countries has fueled countless investigations, settlements, convictions, and related civil litigation.  U.S. criminal enforcement also has reverberated in Brazil, with the FIFA prosecutions being perhaps the most headline-making example.  Continue reading

Strong Whistleblower Protections Reflect a Positive Compliance Culture

By Maria T. Vullo

In a recent submission (PDF: 2.36 MB) to Congress, the U.S. Securities & Exchange Commission (SEC) reported that, for fiscal year 2018, the SEC paid the largest whistleblower awards since the institution of its program in 2012 following the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank).  Specifically, in FY 2018, the SEC awarded 13 individuals over $168 million collectively for tips that led to actions by the SEC to protect investors.[1]

Other statutes likewise provide financial incentives to whistleblowing.  Under the False Claims Act (FCA), for example, persons who report fraud in government contracting can receive up to 30 percent of the government’s recovery in an action.  Many states, including New York, have enacted state-level equivalents of the FCA.  For many decades, the FCA has contributed to large recoveries to the U.S. Treasury, with an expansion of recoveries in part due to the reporting of violations by whistleblowers. Continue reading

“They Wanted the Barrels”: A Case Study in Behavioral Influences on Corporate-Compliance Decisionmaking

by Jonathan J. Rusch

In 2011, during NATO’s bombing campaign against Libyan ruler Muammar Qaddafi’s forces, NATO bombs hit a particular oil company’s storage facility containing thousands of barrels of chemicals used in oil drilling.  While most barrels were destroyed, a substantial number were intact but their contents were permanently altered, due to extreme heat from bomb explosions and fires.  The chemical changes made the barrels’ contents useless for their intended purpose.[1]

Some days later, the oil company’s compliance lawyer with responsibility for the region was contacted by an oilfield operations manager for the company.  The manager said that they had been approached by unnamed “authorities” in eastern Libya, who were offering millions of dollars to buy the chemicals to use for drilling for water. He explained that the company would not permit use of the altered chemicals to drill for oil because they no longer met company quality standards.

The oilfield manager also told the lawyer, “We need this deal” and “We haven’t had any significant revenue for years.”  He showed the lawyer “photos of the damaged chemicals and the letters requesting the deal from the authorities,” as well as “the approvals from the commercial lawyers and a chain of emails from our leaders showing their desperation to screw some profit out of this situation.”  The manager also asserted that “the authorities were running out of patience. They had a window in which they had to get drilling and if we couldn’t help them they would need to find someone who could. So time was of the essence and all that was lacking was the compliance seal of approval.” Continue reading

Cybersecurity Is Not an Area for De-Regulation

by Maria T. Vullo

Recently, the White House chief of staff announced that a major priority of the federal administration is de-regulation.   According to the proponents of de-regulation, companies should be free to determine their own risks without governmental interference.  This view is myopic and, if continued, will lead to increased risk to our financial system. Certainly, cybersecurity is not an area that should be part of any de-regulatory agenda.

The job of the regulator, particularly in the financial services industry, is to ensure the safety and soundness of an industry that serves the public.  Promoting a compliance culture is a key part of the regulator’s job.  For government actors to make political statements about the propriety of regulations as a binary proposition is a very bad idea.  We have been there before and must resist the impulse to think it cannot happen again. Continue reading

Deconstructing “Too Big To Fail:” A New Take on an Old Problem

by Saule Omarova

 “Too big to fail” (or “TBTF”) is one of the most widely used phrases in the present-day vocabulary of finance. In both high-level policy discussions and popular press, it stands for the core dysfunction of the modern financial system: the recurrent pattern of government bailouts of large, systemically important financial institutions. The financial crisis of 2008 made TBTF a household term, while also leading to the creation of even fewer and bigger financial institutions. To this day, TBTF remains at the center of the policy debate on financial markets and regulatory reform. Yet, the analytical content of this term remains remarkably unclear. In many ways, it still functions as the discursive equivalent of the common “you know it when you see it” philosophy.

In a forthcoming article, I attempt to offer a novel framework for understanding the complex of closely related but conceptually distinct regulatory and policy challenges the TBTF label actually denotes. I start by identifying and defining a fundamental paradox at the heart of the TBTF problem: TBTF is an entity-centric, micro-level metaphor for a cluster of interrelated systemic, macro-level problems. I further argue that this largely unacknowledged inherent tension between the micro and the macro, the entity and the system, renders TBTF a uniquely complex phenomenon and explains the seemingly intractable and persistent nature of the TBTF problem. Continue reading

AML Information Sharing in a Technology-Enabled and Privacy-Conscious World

by Kevin Petrasic, Paul Saltzman, Jonah Anderson, Jeremy Kuester, John Wagner, Rebecca Copcutt, and John Timmons

Financial firms play an integral role in preventing, identifying, investigating and reporting criminal activity, including terrorist financing, money laundering, and many other finance-related crimes. It is a critical role that depends on financial firms having the information they need to identify and report potentially suspicious activity and provide other relevant information to law enforcement. However, there are significant barriers to information sharing throughout the US anti-money laundering (“AML”) regime. These barriers limit the effectiveness of AML information sharing within a financial institution, among financial institutions, and between financial institutions and law enforcement.

Much has changed in the 17 years following the passage of the USA PATRIOT Act (“Patriot Act”), which, among other things, sought to enable greater information sharing among law enforcement, regulators and financial institutions regarding AML risks. Of note, Section 314(a) of the Patriot Act and its implementing regulations (“Section 314(a)”) enables federal, state, local and European Union law enforcement agencies to reach out to US financial institutions through the US Treasury Department’s Financial Crimes Enforcement Network (“FinCEN”) to locate accounts and transactions of persons that may be involved in terrorism or money laundering. Section 314(b) of the Patriot Act and its implementing regulations (“Section 314(b)”) provides a limited safe harbor for financial institutions to share information with one another in order to better identify and report potential money laundering or terrorist activities. Continue reading

Firm Reputation Following Accounting Frauds: Evidence from Employee Ratings

by Christos A. Makridis and Yuqing Zhou

Intangible capital is becoming an increasingly important determinant of firm value. For example, the ratio of intangible capital to the United States’ GNP is totaling 1.7, according to McGrattan and Prescott (2010).[1] Companies are further prioritizing their brand and perception among consumers and the media, which can affect the way they do business by influencing corporate strategy and investment. In this sense, how employees and/or the general public think about a company can ultimately influence the company’s ability to retain and attract talented employees, which is an integral determinant of firm value.[2]

While there are many different circumstances that firms find themselves in, some can be particularly damaging. For example, the public revelation of a cyber security breach can have lasting reputational effects when a company prides itself on privacy and security, as was the case with Equifax and their 2017 breach.[3] Much like data breaches, the public revelation of an accounting fraud can have a lasting effect on a company’s reputational capital. If employees and/or the public do not trust senior leadership, then employee engagement and retention will quickly dwindle. No one wants to work for an infamous company, especially skilled workers, given their ability to find alternative options in the labor market. Continue reading

The Vital Report that Directors are Overlooking

by Stephen Stubben and Kyle Welch

With limited time, corporate directors are accustomed to monitoring firms by using aggregated information that is supplied by firms’ management. Nearly every task conducted by a board of directors involves data curated by employees working for a firm’s CEO. A critical challenge for directors is to be informed of important situations that may have been lost in data aggregation or that may have been selectively not reported. Indeed, this is why firms with stellar directors and high-quality external auditors still have major public debacles. One way a corporate director can obtain unfiltered information regarding a firm’s operations and potential problems within a firm is by reviewing reports made by employees through internal reporting systems (also known as internal whistleblowing systems). The problem with this solution is that there have been differing views and understandings as to how to appropriately manage these systems and interpret these submitted reports—until now. Continue reading

CFTC Announces Two Significant Awards By Whistleblower Program

by Breon S. Peace, Nowell D. Bamberger, and Patrick C. Swiber

On July 12 and 16, 2018, the U.S. Commodity Futures Trading Commission (“CFTC”) announced two awards to whistleblowers, one its largest-ever award, approximately $30 million, and another its first award to a whistleblower living in a foreign country.[1]  These awards—along with recent proposed changes meant to bolster the Securities and Exchange Commission’s (“SEC” or “Commission”) own whistleblower regime—demonstrate that such programs likely will continue to be significant parts of the enforcement programs of both agencies and necessarily help shape their enforcement agendas in the coming years.

The Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank”) authorized the CFTC to pay awards of between 10 and 30 percent to whistleblowers who voluntarily provide original information to the CFTC leading to the successful enforcement of an action resulting in monetary sanctions exceeding $1 million.[2]  Following the introduction of implementing rules, the CFTC’s program became effective in October 2011.  Over the next six-and-a-half years, the CFTC has paid whistleblower bounties on only four prior occasions, with awards ranging from $50,000 to $10 million.  The $30 million award announced last week, thus, reflects a significant increase.  This week’s award to a foreign whistleblower also represents another first for the CFTC’s program and reflects the global scope of the program. Continue reading