Anti-Money Laundering

Report on inspection in Exchange Kolding v / Mashal Imami (the laundry area)

In February 2019, the Danish FSA was on inspection in Exchange Kolding v / Mashal Imami.

The inspection was a study of the money laundering area as part of the ongoing supervision of the company. The inspection included company compliance with the rules on customer knowledge, monitoring, investigation, notification and listing.

Risk assessment and summary 

The company is authorized for currency exchange. In addition, the company is a money transfer agent for Western Union.

The company’s business model, for the part of the company that is linked to currency exchange, consists mainly of currency exchange for private persons who are going to use foreign currency for foreign travel and for people who are staying as tourists in Kolding.

The Danish Financial Supervisory Authority considers that the company’s inherent risk of being abused for money laundering or terrorist financing is high in relation to the average of financial companies in Denmark. In the assessment, the Danish FSA has placed particular emphasis on the fact that currency exchange activities are generally considered to have a high inherent risk of being used for money laundering or terrorist financing.

The Danish FSA did not find it necessary to give any reactions to the money laundering area.


Finanstilsynet notice


7.1 Clear guidance should be provided to all officers, employees and agents as to what constitutes a “suspicious transaction” that warrants escalation and reporting.

7.2 There should be well-defined guidelines and procedures in place for escalating, investigating, reporting and acting on suspicious transactions. The channels for reporting suspicious transactions should be clearly specified in writing and communicated to all personnel.

7.3 A clear internal reporting channel should be set up for the escalation of suspicious transaction reports from the officer, employee or agent making the report. The insurer should establish a single reference point (e.g. Chief Executive, Head of Compliance) within the organisation to whom all transactions suspected of being connected to ML/TF activity should be referred to.

7.4 The onus is on the insurer to identify and assess red flag indicators of suspicious transactions. The insurer should determine what constitutes a suspicious transaction which warrants escalation and reporting based on the scale, complexity, and inherent risk of its business. In terms of determining and assessing suspicious activity exhibited by customers, examples of suspicious circumstances that may warrant the filing of an STR may include the following:

(a) where the customer is reluctant, unable or unwilling to provide any information requested by the insurer;

(b) where the customer, without reasonable grounds, decides to withdraw a pending application to establish business relations with the insurer;

(c) where the customer, without reasonable grounds, decides to suddenly terminate existing business relations with the insurer;

(d) abnormal settlement instructions, including payment to apparently unconnected parties; or

(e) frequent changes to the customer’s address or to authorised signatories.

7.5 STRs should be filed on all suspicious transactions and cases. Where an insurer decides not to file an STR for a case that was initially thought to be suspicious, the basis for doing so should be documented, and the decision made by the initial assessor of the case should be raised to a higher authority for review and approval.

7.6 An STR should be filed within 15 business days of the case being referred by the relevant officer, employee or agent, if the insurer has assessed that the matter should be referred to the STRO, unless the circumstances are exceptional or extraordinary. The decision as to whether to refer the matter to the STRO should be regardless of the amount of the transaction, if any.

7.7 STR reporting templates are available on the Commercial Affairs Department’s website. However, insurers are strongly encouraged to use the online system provided by STRO to lodge STRs, as this also enables reporting entities to be kept apprised of STRO’s advisories. In the event that an insurer is of the view that STRO should be informed on an urgent basis, including where a transaction is known to be part of an ongoing investigation by the relevant authorities, the insurer should give initial notification to STRO by telephone or email and follow up with such other means of reporting as STRO may direct.

7.8 Under exceptional circumstances, (e.g. if the online system is down) and the insurer files an STR manually with the STRO (i.e. not through the STRO Online Notices and Reporting Platform (SONAR)), a copy of the report should be extended to the Authority for information.


6.1 There should be adequate documentation by the insurer for the basis of clearing or dismissing hits arising from its screening procedures (i.e. false positive hits). As a good practice, additional parameters such as date of birth and nationality should minimally be used to establish and dismiss false hits.

6.2 There should be documentation and maintenance of proper records by the insurer as to when screening was performed, the results of the screening and the assessment of screening results for all policies.

6.3 A record of all transactions referred to the Suspicious Transaction Reporting Office (“STRO”) should be maintained by an insurer, including the relevant internal findings and analysis.

6.4 In cases where an insurer maintains an internal database containing the list of designated individuals and entities for the purpose of screening, there should be clear documentation of when the internal database was most recently updated, as well as of the name of the person who carried out the update.


5.1 Screening of customers11 should be carried out against relevant ML/TF information sources, which include designated names of individuals and/or entities within:

(a) the lists and information provided by the Authority or other relevant authorities in Singapore in relation to ML/TF risks;

(b) the First Schedule of the TSOFA; and

(c) the MAS TFS Regulations.

5.2 In the context of direct insurance business, the screening of customers should include the screening of policy owners, insureds and claimants. In cases where an insurer has assessed the policy owner or insured to be of a higher ML/TF risk, the insurer should also screen the substantial shareholders (direct and indirect), beneficial owners, natural persons appointed to act on behalf of the customer and directors, if any, of the policy owner or insured.

5.3 In the context of reinsurance business, the screening of customers should include the screening of cedants and claimants12. Underlying insureds should also be screened in cases where they are made known to the reinsurers. In cases where a reinsurer has assessed the cedant or underlying insured to be of a higher ML/TF risk, the reinsurer should also screen the substantial shareholders (direct and indirect), beneficial owners and directors, if any, of the cedant or underlying insured.

5.4 Screening of customers should be conducted at the following points in time:

(a) before establishing business relations for new customers, otherwise as soon as reasonably practicable thereafter;

(b) prior to renewing business relations with existing customers;

(c) on a regular basis after the establishment of business relations13;

(d) when there are changes made to the lists14 mentioned in paragraph 5.1 above;


(e) before making claim payments to claimants15.

5.5 For the purposes of screening, the insurer should minimally, either:

(a) subscribe to a commercial sanctions database; or

(b) maintain an internal database containing the names of designated individuals

and entities.

5.6 The screening database(s) (i.e. commercial sanctions database and/or internally-

maintained database) and procedures adopted by an insurer should be effective in identifying individuals and entities with adverse information, as well as designated individuals and entities as defined in the First Schedule of the TSOFA and the MAS TFS Regulations, or as informed by the relevant authorities in Singapore.

5.7 In view of system limitations in screening capability, some insurers may not be able to effectively detect designated individuals or entities if they were to perform screening based on a full/exact match logic instead of a partial/fuzzy16 match logic for name searches. A full/exact name match for screening should not be used, as this will likely result in missed sanctions or adverse comments hits. In addition, the screening filters used by the insurer should not be limiting17 and should take into account the various permutations of a person’s first and last names.

5.8 Insurers are reminded that where screening results in a positive hit against the lists mentioned in paragraph 5.1, an insurer shall freeze without delay and without prior notice, the funds or other assets of designated persons and entities that it has control over, so as to comply with applicable laws and regulations in Singapore. This would include both the TSOFA and the MAS TFS Regulations relating to sanctions and freezing of assets of persons. Any such assets shall be reported promptly to the relevant authorities and an STR shall be filed.

5.9 Insurers should also have in place screening procedures when hiring employees, officers18 and agents19, and when establishing business relationships with offshore intermediaries. This should include, where applicable:


(a) background checks with past employers;

(b) credit history checks;

(c) screening against ML/TF information sources; and

(d) bankruptcy searches.



relation to AML/CFT should be clearly set out.

The roles and responsibilities of the board of directors and senior management in

4.2 There should be a formalised process in place to keep the board of directors and senior management informed regularly of compliance and risk management efforts, audit reports, identified compliance and risk management deficiencies, and corrective actions taken in relation to AML/CFT. Examples of such reports may include statistics on the number of Suspicious Transaction Reports (“STRs”) filed, sanctions hits, outstanding transaction monitoring alerts and/or sanctions alerts including aging reports and resource issues.

4.3 Senior management are reminded to take prompt corrective actions to ensure the proper and timely remediation of deficiencies in AML/CFT controls and risk management.

4.4 There should be adequate processes in place for updating senior management and any other relevant personnel of AML/CFT-related updates issued by the Authority or other relevant authorities in Singapore. There should also be a designated employee (e.g. Head of Compliance) responsible for providing such updates to management and other relevant personnel.

4.5 There should be a clear and detailed set of documented AML/CFT policies and procedures in place that incorporate, at a minimum, the following elements:

(a) Customer due diligence and screening procedures;

(b) Documentation of screening results;

(c) Assessment, escalation and reporting of suspicious transactions; and

(d) Frequency and recipients of AML/CFT-related training.

4.6 AML/CFT policies and procedures should be reviewed regularly by the board of directors and/or senior management. At a minimum, these policies should be reviewed whenever there are changes in regulations or if there is a significant change in the insurer’s business strategies.

4.7 Regular AML/CFT-related training10 should be conducted for the board of directors, employees and agents (where applicable) of the insurer. Such training may take the form of seminars, e-learning modules, etc.


3.1 Insurers are reminded that the ultimate responsibility and accountability for ensuring compliance with AML and CFT (“AML/CFT”)-related laws and regulations rest with their board of directors and senior management8.

3.2 An insurer’s board of directors and senior management are responsible for ensuring strong governance and sound risk management and controls in relation to AML/CFT within the insurer. While certain responsibilities can be delegated to senior employees responsible for AML/CFT, the final accountability rests with an insurer’s board of directors and senior management. The insurer should ensure a strong compliance culture throughout the organisation, where the board of directors and senior management set the right tone from the top. The board of directors and senior management should also set a clear risk appetite and establish a compliance culture whereby financial crime is not tolerated.

3.3 Business units (e.g. front office, customer-facing functions) constitute the first line of defence in identifying, assessing and mitigating the ML/TF risks faced by an insurer. As part of the first line of defence, business units require robust controls to detect illicit activities and should be allocated sufficient resources to perform this function effectively. The insurer’s policies, procedures and controls on AML/CFT should be clearly documented in writing, and communicated to all relevant officers, employees and agents in the various business units. The insurer should also ensure that its officers, employees and agents are adequately trained to be aware of their AML/CFT-related obligations, so that the insurer is in compliance with prevailing AML/CFT laws and regulations.

3.4 The second line of defence includes an insurer’s compliance function9, and other support functions such as operations, human resource or technology that work together with the compliance function to identify ML/TF risks. The compliance function is typically responsible for the screening of new and existing business relations and their ongoing monitoring. The compliance function should alert the board of directors or senior management if it has reason to believe that the insurer’s officers, employees or agents are failing or have failed to adequately address ML/TF risks and concerns or have breached applicable AML/CFT laws and regulations. While the other support functions also play a role in mitigating ML/TF risks that an insurer faces, the compliance function will usually be the main contact point in relation to all AML/CFT-related issues for domestic and foreign authorities, including supervisory authorities, law enforcement authorities and financial intelligence units.

3.5 The third line of defence is an insurer’s internal audit function, which plays a key role in independently evaluating the insurer’s AML/CFT risk management framework and controls. This independent assessment is achieved through internal audits (or an equivalent function’s periodic evaluations) of the insurer’s compliance with AML/CFT laws and regulations, as well as policies, procedures and controls. An insurer should establish policies for periodic AML/CFT internal audits, covering areas such as –

(a) adequacy of the insurer’s AML/CFT policies, procedures and controls in identifying ML/TF risks, addressing the identified risks and complying with laws, regulations and notices;

(b) effectiveness of the insurer’s officers, employees and agents in implementing the insurer’s policies, procedures and controls;

(c) effectiveness of the compliance oversight and quality control including parameters and criteria for transaction alerts; and

(d) adequacy and effectiveness of the insurer’s AML/CFT training of relevant officers, employees and agents.

The results of these assessments should be reported to either the Audit or Risk Committee of the insurer, or a similar body of oversight, on a regular basis. Significant AML/CFT issues should be escalated to the Board. Any deficiencies identified should be promptly addressed to mitigate risks, including legal and reputational risks, to the insurer.

3.6 The board of directors and senior management should understand the ML/TF risks that the insurer is exposed to and how the insurer’s AML/CFT control framework operates to mitigate those risks. The AML/CFT controls put in place by an insurer should commensurate with the scale, complexity and inherent risk of the insurer, and may be broadly categorised into the following 4 categories, which will be elaborated on within these Guidelines:


(a) Management Oversight, Policies and Training;

(b) Customer Due Diligence and Screening Procedures;

(c) Record Keeping and Documentation; and

(d) Assessment and Reporting of Suspicious Transactions.

FinCEN Holds Fifth Annual Awards Program to Recognize Importance of Bank Secrecy Act Reporting by Financial Institutions

Office of Public Affairs, 703-905-3770
Immediate Release

WASHINGTONFinancial Crimes Enforcement Network (FinCEN) Director Kenneth A. Blanco hosted the fifth annual FinCEN Director’s Law Enforcement Awards Program today, during which he recognized the efforts of several law enforcement agencies that used Bank Secrecy Act (BSA) reporting to successfully pursue and prosecute criminal investigations. The BSA’s recordkeeping and reporting requirements help to create a financial trail that law enforcement agencies use to track criminals, their activities, and their assets.  

“The cases recognized today make clear that BSA data is critical in the fight against financial crime,” said Sigal P. Mandelker, Under Secretary for Terrorism and Financial Intelligence. “I commend the award recipients and their agencies. Their use of this information demonstrates the value of the financial industry’s continued partnership and commitment.”

“BSA data is an important part of our national security apparatus and how we protect the people of our nation from criminals, terrorists, and other bad actors,” said FinCEN Director Kenneth A. Blanco. “The successful prosecution of the cases recognized here today demonstrates that the information that financial institutions report to us through their BSA filings makes a difference in the lives of many people every day. It provides leads, helps expand cases, identifies networks of criminals and other bad actors, and often helps to alert the regulatory and law enforcement communities to trends in illicit activity, making our communities safer.”

FinCEN’s annual awards program underscores the importance of a successful partnership between the financial industry that provides BSA information and the law enforcement agencies that use it. Today’s ceremony was held following the conclusion of the Bank Secrecy Act Advisory Group (BSAAG) Plenary. Chaired by the Director of FinCEN, BSAAG is the congressionally-established forum for industry, regulators, and law enforcement to communicate about how law enforcement agencies use BSA reports, and how recordkeeping and reporting requirements can be improved. Representatives from financial industry trade groups assisted in the presentation of each award. 

The program is open to all Federal, state, local, and tribal law enforcement agencies. The seven award categories and the 2019 award recipients are listed below. 


Significant Fraud:  Internal Revenue Service-Criminal Investigation (IRS-CI)

This multi-agency investigation began when IRS-CI agents identified sensitive financial information detailing an unusual pattern of transactions, including structured cash withdrawals and a circular pattern of transactions, which appeared to be indicative of renewable identification number fraud. This transaction data detailed numerous suspicious transactions between entities both known and unknown to investigators.

Investigators determined the subjects engaged in a conspiracy to submit false claims to the Internal Revenue Service (IRS) and the Environmental Protection Agency (EPA) for the production of biodiesel fuel. The financial data greatly assisted in identifying multiple entities whose principals were ultimately prosecuted as a result of this investigation.

During the time the scheme was carried out, the IRS offered a $1 tax credit for every gallon of biodiesel produced that met certain specifications and use criteria. The subjects of this investigation fraudulently claimed and received $7.2 million in tax credits when the fuel produced was a lesser grade that did not qualify for the credit. Transaction records helped identify a high volume of cash withdrawals from business accounts, which were atypical for such a business. The data also assisted in identifying operating accounts for the target businesses as well as the disposition of proceeds derived from the fraud scheme.

In addition to tax credits, biodiesel fuel producers are eligible to receive Renewable Identification Numbers (RINs) from the EPA for the production of qualifying biodiesel fuel.  During the period in question, the subjects generated over 14 million RINs when in fact the fuel again did not meet the required specifications and use criteria. Utilizing a RIN broker in New York, the subjects sold the fraudulently obtained RINs for profit to third parties, including a domestic and international ethanol supplier and leading marketer of RINs, for over $20 million. The subjects of the investigation sold much of the mislabeled oil back and forth to each other claiming it was newly produced oil without actually producing new product.

The investigation led to the successful prosecution of nine individuals for various fraud and obstruction offenses. The primary targets of the investigation were each sentenced to 63 months in prison while numerous co-conspirators were sentenced to varying penalties.


Cyber Threats:  United States Attorney’s Office-Southern District of New York (USAO-SDNY)

This three-year investigation into an illegal online bitcoin exchange led to the successful prosecution of seven individuals on charges of operating unlicensed money transmitting businesses, as well as fraud, conspiracy, and bribery. Investigators determined that the majority of transactions moving through this exchange were conducted to facilitate illegal activity, such as ransomware schemes or illegal purchases on the dark net.

The primary targets of this investigation founded the exchange in the United States, but conducted significant operations in Russia that allowed users to convert U.S. dollars to bitcoin, and vice versa. Investigators determined that the exchange conducted $12 million in bitcoin transactions without registering as a money services business with FinCEN, obtaining a license in the state of Florida, or conducting any anti-money laundering (AML) operations.

As part of the group’s efforts to evade scrutiny, the targets took control of a small credit union by bribing the CEO to relinquish operational control and allow the group to select new board members. After gaining control of the credit union, the targets conducted over $60 million in Automated Clearing House (ACH) transactions on behalf of the exchange and several other money transmitters and payday lenders. The excessive ACH activity, lack of AML controls, and other violations led the credit union to become insolvent and cease operations in that same year.

A high volume of sensitive financial information was instrumental in identifying the payment processing accounts used by the exchange as well as the co-conspirators associated with the account creation and operation. The financial data also revealed that the exchange’s operators utilized a payment infrastructure in Azerbaijan to process credit and debit card transactions on behalf of their customers. This information allowed investigators to issue subpoenas to obtain a full accounting of the exchange’s operating accounts and transactions.

Transaction data and financial account information also assisted investigators in determining that the exchange was partially owned by an individual who led a large-scale international criminal enterprise that was responsible for the theft of personal data of over 100 million U.S. individuals from a U.S. financial institution. Investigators discovered that the exchange was used to launder a significant amount of the illicit proceeds acquired by this criminal organization.

The prosecution led to the successful conviction of six individuals, two of whom went to trial. In addition to prison sentences ranging from one to six years, the defendants were also fined, ordered to pay significant forfeitures, and ordered to pay restitution to the National Credit Union Administration (NCUA) for the losses incurred in connection with the liquidation of the credit union. 


SAR Review Team:  Immigration and Customs Enforcement-Homeland Security Investigations (ICE-HSI)

This investigation was initiated by HSI investigators from the El Paso High Intensity Financial Crime Area Financial Task Force after identifying funnel activity in a set of account and transaction data. The initial dataset identified an individual with a stated occupation as “student/homemaker” who was utilizing their account to funnel cash deposits from North Carolina to Texas. Investigators analyzed additional financial data to assist with identifying multiple co-conspirators and determined these subjects were members of a large Mexican Transnational Criminal Organization (TCO). This TCO was responsible for trafficking cocaine from Mexico through Texas for distribution in North Carolina. The criminally derived funds were subsequently laundered through the U.S. financial system and moved back to Mexico.

Investigators cross-referenced information uncovered in sensitive financial information with the border crossing histories of their subjects, which resulted in the identification of multiple co-conspirators. Additional inquiries were conducted on these co-conspirators, all of whom had a history of similar funnel account activity as the original subject.

Multiple traffic stops in Texas, Tennessee, and Arkansas resulted in the discovery of a high volume of cash, marijuana, and cocaine. In post-arrest interviews, the suspects confirmed the TCO’s operations and their roles in the organization. Based on an analysis of sensitive financial data and Grand Jury information, investigators determined that over $650,000 in cash was funneled through U.S. financial institutions and over $1.4 million in bulk cash was smuggled out of the United States into Mexico over a 12-month period. In addition to the movement of cash, investigators estimated that approximately 200 kilograms of cocaine was smuggled from Mexico to North Carolina.

This investigation led to the arrest and prosecution of 11 members of this Mexican TCO for money laundering and drug trafficking violations. Their prison sentences range from nine months to ten years.


State and Local Law Enforcement:  Wilmette Police Department

The Wilmette Police Department in Wilmette, Illinois developed an investigation into a stolen property fencing ring on the west side of Chicago.  The criminal group operated out of small stores and actively accepted stolen goods in exchange for cash. The organizers recruited heroin addicts to steal specified goods from area stores. This case was significant due to its regional impact and coordination with multiple local and federal law enforcement agencies to include the Chicago Police; Homeland Security Investigations; the U.S. Department of Agriculture; and the Cook County State’s Attorney, as well as numerous private retailers.

Wilmette PD investigators identified the organizers of this group and sensitive financial information was analyzed to help gauge the extent of the fraudulent activity and generate investigative leads. The initial data analysis showed a substantial volume of transactions indicative of fraud and money laundering. Several businesses were identified in the financial data that appeared to be operated by straw owners in an attempt to conceal the true beneficiaries from law enforcement.

Undercover operations and other covert surveillance techniques led to the discovery of a higher-level criminal operation than originally suspected. Investigators discovered that this group was also involved in Supplemental Nutrition Assistance Program (SNAP) fraud, regularly processing fraudulent SNAP transactions at the target locations. The verified loss to the government attributed to this criminal group was nearly $6 million.

The targets of this investigation laundered their illicit funds through numerous financial institutions, often by structuring cash deposits and withdrawals through both business and personal accounts. They often used third parties to conduct the transactions on their behalf through teller windows and ATMs.

This case concluded with the execution of search warrants on five target locations and one vehicle, resulting in the discovery of over $150,000 in stolen merchandise, a firearm, and numerous other pieces of evidence tying the targets to the criminal operation. Four subjects were charged, three businesses were closed, and seizure proceedings were initiated on over $140,000 in bulk currency and criminally derived property.  


Third Party Money Launderers:  Internal Revenue Service-Criminal Investigation (IRS-CI)

This multi-agency investigation included representatives from several U.S. and Mexican law enforcement agencies to include IRS-CI; Homeland Security Investigations; the Federal Deposit Insurance Corporation, Office of Inspector General; the Mexican Tax Administration Service; the Mexican Secretary of Finance and Public Credit; and the Mexican Financial Intelligence Unit. Their collaborative efforts led to the identification of significant fraud in Mexico and the use of the U.S. financial system to facilitate a Trade Based Money Laundering (TBML) and Mexican Value Added Tax (VAT) fraud scheme. The U.S. investigative team, led by IRS-CI, analyzed a high volume of sensitive financial data to uncover the laundering of over $100 million of illicit funds that were transferred through the U.S. financial system.

Through data analysis, investigators learned that large sums of money originating from Mexico were transferred through bank accounts of shell companies in Mexico and the United States. The wire transfers sent through these accounts resembled pass-through activity because the funds moved through the accounts with only a small percentage taken out for business expenses. After reviewing bank, business, and shipping records, and interviewing bank employees, investigators determined this activity was part of a large-scale TBML scheme.

Investigators learned that two of the main conspirators were professional third party money launderers for the Sinaloa cartel, and one was also a former shareholder of several financial institutions in Mexico and utilized these financial institutions to help make their illegal activity appear to be legitimate international trade in cell phones. Multiple co-conspirators located across the United States established shell companies and bank accounts in Mexico and the United States; rented virtual offices; created websites for their shell companies; and created fictitious invoices and import/export documents to provide to U.S. Customs officials.

The co-conspirators utilized shell companies in Mexico to acquire counterfeit and obsolete cell phones, after which they created fraudulent invoices showing the cell phones as being brand new and indicating that the Mexican VAT had been paid. The cell phones were then exported to co-conspirators in the United States and fictitious invoices and export documents were utilized to inflate the value of the cell phones.

As a result, the co-conspirators were able to obtain fraudulent VAT refunds from the Mexican government. Once the co-conspirators in the United States received the cell phones, they shipped them to an address in the Los Angeles garment district. When the cell phones were exported back to Mexico, they were described on the export documents as toys. The cell phones were eventually shipped back to shell companies in Mexico, and the same cell phones were shipped again between Mexico and the United States in a continuous cycle. Investigators determined that over $100 million USD of illicit funds were transferred through the U.S. financial system in this manner.

The investigative team’s efforts resulted in the arrest of eight individuals, all of whom pled guilty to money laundering, wire fraud, and Customs violations. They received prison sentences ranging from one to seven years. Over $1.1 million was seized, over $21 million in money judgments were ordered, and over $37 million in restitution was ordered to be paid as restitution to Mexico. The cooperative effort of this investigative team led to the dismantling of this TBML organization.


Transnational Organized Crime:  United States Attorney’s Office-Southern District of New York (USAO-SDNY)

Members of the Drug Enforcement Administration’s (DEA) Las Vegas District Office initiated this operation that targeted a drug trafficking and money laundering organization operating across the United States, Europe, Asia, South America, and Central America. The case was initiated as a result of sensitive information investigators obtained regarding the money laundering activities of over a dozen individuals. The information indicated that these subjects were responsible for laundering millions of dollars throughout the world, utilizing many different methods to carry out their illicit operations.

Through financial data analysis and surveillance operations, law enforcement investigators learned that this large-scale criminal operation was involved in the distribution of cocaine and heroin, along with laundering the illicit proceeds, both domestically and internationally. As a result of the intercepts associated with several of the targets identified in the financial data, DEA agents seized over 2,500 kilograms of cocaine, 25 kilograms of heroin, 8.5 kilograms of methamphetamines, and over $570,000 in cash in the United States, Colombia, Panama, Dominican Republic, Spain, and Costa Rica. Investigators were also able to link the targets to the Gulf Cartel, Sinaloa Cartel, and Italian criminal organization Ndrangheta.

Further investigative efforts, which included financial data analysis, grand jury subpoena results, search warrants results, and interviews with confidential sources, revealed that this organization engaged in a wide range of techniques and business operations to conduct its criminal activity. Its techniques included structuring, casino gaming schemes, fraudulent investment funds, false invoicing, fictitious business fronts, public corruption, and trade based money laundering schemes. The business operations they utilized included movie companies, jewelry stores, money exchange houses, and armored car companies.

Throughout the course of this multi-year investigation, agents seized more than $5.5 million in currency and assets, including a $750,000 airplane. Coordinated efforts with U.S. and foreign law enforcement agencies and financial intelligence units led to indictments and arrest warrants for numerous members of this criminal organization on various money laundering, narcotics distribution, and conspiracy charges. Several extraditions on additional subjects are pending and several other individuals remain international fugitives. One of the primary targets has already pled guilty and was sentenced to a 30-year prison term and ordered to forfeit $284 million in criminal proceeds. The remaining targets are pending trial.


Transnational Security Threats:  Federal Bureau of Investigation (FBI)

During the last three years, the North Korea counterintelligence squad in the Federal Bureau of Investigation (FBI) has been investigating a Singapore-based commodities company, for its connection to sanctioned North Korean banks. The company represented itself as one of the largest privately owned trading firms in Asia, operating a fleet of oil tankers in connection with its marine fuel trading business.

The FBI, the Department of Justice, and the Department of the Treasury investigations revealed millions of dollars in commodities contracts for North Korea using concerted efforts to obfuscate payment origins, structure transactions to avoid regulatory scrutiny, and evade financial sanctions.

FBI investigators opened the case after extensive financial analysis and reporting from other intelligence agencies. Building on the sensitive financial information, investigators issued federal grand jury subpoenas to multiple U.S. banks and utilized search warrants results and pen registers to identify companies making payments to the subject company on behalf of the sanctioned North Korean banks. In addition, the FBI obtained email search warrants for several of the actors in the company’s network. These warrants revealed a high volume of communications between North Korean banks, North Korean procurement agents, third-party suppliers, and shipping companies in the region. Also contained in the email communications were extensive communications between co-conspirators arranging the purchases and sales of commodities through the subject company on behalf of sanctioned North Korean banks. These individuals used a network of front companies located in China and Southeast Asia to process U.S. dollar transactions of which the company’s U.S. dollar account was the ultimate beneficiary.

As the Department of the Treasury’s OFAC also had a keen interest in the network, FBI and OFAC officials coordinated efforts to announce OFAC designations and indictments of the subjects of these investigations. The FBI and DOJ investigations resulted in the indictments of the company’s director and his primary co-conspirator on fraud, money laundering, conspiracy, and violations of the International Emergency Economic Powers Act. OFAC sanctioned two entities, one individual, and two vessels. Finally, OFAC’s press release emphasized that many of these activities were highlighted in the November 2, 2017 Advisory on North Korea’s Use of the International Financial System published by the Financial Crimes Enforcement Network.


FinCEN Press Release