Guidance

FinCEN Issues Spanish Language Version of Advisory FIN-2019-A002, Warning Against Continued Corrupt Venezuelan Attempts to Steal, Hide, or Launder Money 

 

The Financial Crimes Enforcement Network (FinCEN) today made available in Spanish its advisory (FIN-2019-A002), which warns against continued corrupt Venezuelan attempts to steal, hide, or launder money. The advisory was issued in English on May 3, 2019. FinCEN is issuing this Spanish language version to make it more widely accessible.

 

News Release (Spanish):  https://www.fincen.gov/news/news-releases/aviso-actualizado-de-fincen-advierte-contra-los-continuos-intentos-corruptos-de

Advisory (Spanish):  https://www.fincen.gov/resources/advisories/fincen-advisory-fin-2019-a002-spanish

 

News Release (English):  https://www.fincen.gov/news/news-releases/updated-fincen-advisory-warns-against-continued-corrupt-venezuelan-attempts

Advisory (English):  https://www.fincen.gov/resources/advisories/fincen-advisory-fin-2019-a002

 

———-

 

FinCEN publica versión en español del aviso FIN-2019-A002, que advierte sobre los intentos continuos y corruptos de Venezuela de robar, ocultar o lavar dinero  

 

La Red Contra los Delitos Financieros (FinCEN, por sus siglas en inglés) publicó en español hoy su aviso (FIN-2019-A002), para alertar a las instituciones financieras sobre la continua corrupción pública generalizada en Venezuela y advertir contra los continuos intentos corruptos de robar, esconder o lavar dinero. El aviso se emitió en inglés el 3 de mayo de 2019. FinCEN está emitiendo esta versión en español para que sea más accesible.

 

Comunicado de Prensa: https://www.fincen.gov/news/news-releases/aviso-actualizado-de-fincen-advierte-contra-los-continuos-intentos-corruptos-de 

Aviso: https://www.fincen.gov/resources/advisories/fincen-advisory-fin-2019-a002-spanish

 

On May 1st, the US Justice Department issued a new guidance document entitled “Evaluation of Corporate Compliance Programs”. Here’s the introduction section:

The “Principles of Federal Prosecution of Business Organizations” in the Justice Manual describe specific factors that prosecutors should consider in conducting an investigation of a corporation, determining whether to bring charges, and negotiating plea or other agreements. JM 9-28.300. These factors include “the adequacy and effectiveness of the corporation’s compliance program at the time of the offense, as well as at the time of a charging decision” and the corporation’s remedial efforts “to implement an adequate and effective corporate compliance program or to improve an existing one.” JM 9-28.300 (citing JM 9-28.800 and JM 9-28.1000). Additionally, the United States Sentencing Guidelines advise that consideration be given to whether the corporation had in place at the time of the misconduct an effective compliance program for purposes of calculating the appropriate organizational criminal fine. See U.S.S.G. §§ 8B2.1, 8C2.5(f), and 8C2.8(11). Moreover, the memorandum entitled “Selection of Monitors in Criminal Division Matters” issued by Assistant Attorney General Brian Benczkowski (hereafter, the “Benczkowski Memo”) instructs prosecutors to consider, at the time of the resolution, “whether the corporation has made significant investments in, and improvements to, its corporate compliance program and internal controls systems” and “whether remedial improvements to the compliance program and internal controls have been tested to demonstrate that they would prevent or detect similar misconduct in the future” to determinewhether a monitor is appropriate.

This document is meant to assist prosecutors in making informed decisions as to whether, and to what extent, the corporation’s compliance program was effective at the time of the offense, and is effective at the time of a charging decision or resolution, for purposes of determining the appropriate (1) form of any resolution or prosecution; (2) monetary penalty, if any; and (3) compliance obligations contained in any corporate criminal resolution (e.g., monitorship or reporting obligations).

Because a corporate compliance program must be evaluated in the specific context of a criminal investigation, the Criminal Division does not use any rigid formula to assess the effectiveness of corporate compliance programs. We recognize that each company’s risk profile and solutions to reduce its risks warrant particularized evaluation. Accordingly, we make an individualized determination in each case. There are, however, common questions that we may ask in the course of making an individualized determination. As the Justice Manual notes, there are three “fundamental questions“ a prosecutor should ask:

1. “Is the corporation’s compliance program well designed?“

2. “Is the program being applied earnestly and in good faith?“ In other words, is the program being implemented effectively?

3. “Does the corporation’s compliance program work“ in practice?

See JM § 9-28.800.

In answering each of these three “fundamental questions,“ prosecutors may evaluate the company’s performance on various topics that the Criminal Division has frequently found relevant in evaluating a corporate compliance program. The sample topics and questions below form neither a checklist nor a formula. In any particular case, the topics and questions set forth below may not all be relevant, and others may be more salient given the particular facts at issue.1 Even though we have organized the topics under these three fundamental questions, we recognize that some topics necessarily fall under more than one category.

Link:

DOJ Guidance

VI. Sanctions Screening Software or Filter Faults

Many organizations conduct screening of their customers, supply chain, intermediaries, counter- parties, commercial and financial documents, and transactions in order to identify OFAC- prohibited locations, parties, or dealings. At times, organizations have failed to update their sanctions screening software to incorporate updates to the SDN List or SSI List, failed to include pertinent identifiers such as SWIFT Business Identifier Codes for designated, blocked, or sanctioned financial institutions, or did not account for alternative spellings of prohibited countries or parties—particularly in instances in which the organization is domiciled or conducts business in geographies that frequently utilize such alternative spellings (i.e., Habana instead of Havana, Kuba instead of Cuba, Soudan instead of Sudan, etc.),

VII. Improper Due Diligence on Customers/Clients (e.g., Ownership, Business Dealings, etc.)

One of the fundamental components of an effective OFAC risk assessment and SCP is conducting due diligence on an organization’s customers, supply chain, intermediaries, and counter-parties. Various administrative actions taken by OFAC involved improper or incomplete due diligence by a company or corporation on its customers, such as their ownership, geographic location(s), counter-parties, and transactions, as well as their knowledge and awareness of OFAC sanctions.

VIII. De-Centralized Compliance Functions and Inconsistent Application of an SCP

While each organization should design, develop, and implement its risk-based SCP based on its own characteristics, several organizations subject to U.S. jurisdiction have committed apparent violations due to a de-centralized SCP, often with personnel and decision-makers scattered in various offices or business units. In particular, violations have resulted from this arrangement due to an improper interpretation and application of OFAC’s regulations, the lack of a formal escalation process to review high-risk or potential OFAC customers or transactions, an inefficient or incapable oversight and audit function, or miscommunications regarding the organization’s sanctions-related policies and procedures.

IX. Utilizing Non-Standard Payment or Commercial Practices

Organizations subject to U.S. jurisdiction are in the best position to determine whether a particular dealing, transaction, or activity is proposed or processed in a manner that is consistent with industry norms and practices. In many instances, organizations attempting to evade or circumvent OFAC sanctions or conceal their activity will implement non-traditional business methods in order to complete their transactions.

X. Individual Liability

In several instances, individual employees—particularly in supervisory, managerial, or executive-level positions—have played integral roles in causing or facilitating violations of the regulations administered by OFAC. Specifically, OFAC has identified scenarios involving U.S.- owned or controlled entities operating outside of the United States, in which supervisory, managerial or executive employees of the entities conducted or facilitated dealings or transactions with OFAC-sanctioned persons, regions, or countries, notwithstanding the fact that the U.S. entity had a fulsome sanctions compliance program in place. In some of these cases, the employees of the foreign entities also made efforts to obfuscate and conceal their activities from others within the corporate organization, including compliance personnel, as well as from regulators or law enforcement. In such circumstances, OFAC will consider using its enforcement authorities not only against the violating entities, but against the individuals as well.

New FinCEN Guidance Affirms Its Longstanding Regulatory Framework for Virtual Currencies and a New FinCEN Advisory Warns of Threats Posed by Virtual Currency Misuse

Contact
Public Affairs, 703-905-3770
Immediate Release

WASHINGTON—To provide regulatory certainty for businesses and individuals engaged in expanding fields of financial activity, the Financial Crimes Enforcement Network (FinCEN) today issued the following guidance, Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies (CVC). The guidance is in response to questions raised by financial institutions, law enforcement, and regulators concerning the regulatory treatment of multiple variations of businesses dealing in CVCs.

FinCEN today also issued an Advisory on Illicit Activity Involving Convertible Virtual Currency to assist financial institutions in identifying and reporting suspicious activity related to criminal exploitation of CVCs for money laundering, sanctions evasion, and other illicit financing purposes. The advisory highlights prominent typologies, associated “red flags,” and identifies information that would be most valuable to law enforcement if contained in suspicious activity reports.

“Treasury is committed to helping financial institutions better detect and prevent bad actors from exploiting convertible virtual currencies for money laundering, sanctions evasion, and other illicit activities.” said Sigal Mandelker, Under Secretary of the Treasury for Terrorism and Financial Intelligence. “The comprehensive advisory FinCEN issued today highlights the risks associated with darknet marketplaces, peer-to-peer exchangers, unregistered money services businesses, and CVC kiosks and identifies typologies and red flags to help the virtual currency industry protect its businesses from exploitation.”

“FinCEN was the first financial regulator to address virtual currency and the first to assign obligations to related businesses to guard against financial crime,” said FinCEN Director Kenneth A. Blanco. “The money transmitter definition we published in 2011 and the guidance we issued in 2013 clarifying how that definition applies to transactions involving virtual currency have proven to be exceptionally durable. Our regulatory approach has been consistent and despite dynamic waves of new financial technologies, products, and services, our original concepts continue to hold true. Simply stated, those who accept and transfer value, by any means, must comply with our regulations and the criminal misuse of any methodology remains our fundamental concern.”

Today’s guidance does not establish any new regulatory expectations. It consolidates current FinCEN regulations, guidance and administrative rulings that relate to money transmission involving virtual currency, and applies the same interpretive criteria to other common business models involving CVC. FinCEN’s rules define certain businesses or individuals involved with CVCs as money transmitters subject to the same registration requirements and a range of anti-money laundering, program, recordkeeping, and reporting responsibilities as other money services businesses.

Links:

FINCEN Press Release

Guidance (Application of FinCEN’s Regulations to Certain Business Models Involving Convertible Virtual Currencies)

FinCEN Advisory on Illicit Activity Involving Convertible Virtual Currency

Root Causes of OFAC Sanctions Compliance Program Breakdowns or Deficiencies Based on Assessment of Prior OFAC Administrative Actions

Since its publication of the Economic Sanctions Enforcement Guidelines, 31 C.F.R. part 501, App. A (the “Guidelines”), OFAC has finalized numerous public enforcement actions in which it identified deficiencies or weaknesses within the subject person’s SCP. These items, which are provided in a non-exhaustive list below, are provided to alert persons subject to U.S. jurisdiction, including entities that conduct business in or with the United States, U.S. persons, or U.S.-origin goods or services, about several specific root causes associated with apparent violations of the regulations it administers in order to assist them in designing, updating, and amending their respective SCP.

I. Lack of a Formal OFAC SCP

OFAC regulations do not require a formal SCP; however, OFAC encourages organizations subject to U.S. jurisdiction (including but not limited to those entities that conduct business in, with, or through the United States or involving U.S.-origin goods, services, or technology), and particularly those that engage in international trade or transactions or possess any clients or counter-parties located outside of the United States, to adopt a formal SCP. OFAC has finalized numerous civil monetary penalties since publicizing the Guidelines in which the subject person’s lack of an SCP was one of the root causes of the sanctions violations identified during the course of the investigation. In addition, OFAC frequently identified this element as an aggravating factor in its analysis of the General Factors associated with such administrative actions.

II. Misinterpreting, or Failing to Understand the Applicability of, OFAC’s Regulations

Numerous organizations have committed sanctions violations by misinterpreting OFAC’s regulations, particularly in instances in which the subject person determined the transaction, dealing, or activity at issue was either not prohibited or did not apply to their organization or operations. For example, several organizations have failed to appreciate or consider (or, in some instances, actively disregarded) the fact that OFAC sanctions applied to their organization based on their status as a U.S. person, a U.S.-owned or controlled subsidiary (in the Cuba and Iran programs), or dealings in or with U.S. persons, the U.S. financial system, or U.S.-origin goods and technology.

With respect to this specific root cause, OFAC’s administrative actions have typically identified additional aggravating factors, such as reckless conduct, the presence of numerous warning signs that the activity at issue was likely prohibited, awareness by the organization’s management of the conduct at issue, and the size and sophistication of the subject person.

III. Facilitating Transactions by Non-U.S. Persons (Including Through or By Overseas Subsidiaries or Affiliates)

Multiple organizations subject to U.S. jurisdiction—specifically those with foreign-based operations and subsidiaries located outside of the United States—have engaged in transactions or activity that violated OFAC’s regulations by referring business opportunities to, approving or signing off on transactions conducted by, or otherwise facilitating dealings between their organization’s non-U.S. locations and OFAC-sanctioned countries, regions, or persons. In many instances, the root cause of these violations stems from a misinterpretation or misunderstanding of OFAC’s regulations. Companies and corporations with integrated operations, particularly those involving or requiring participation by their U.S.-based headquarters, locations, or personnel, should ensure any activities they engage in (i.e., approvals, contracts, procurement, etc.) are compliant with OFAC’s regulations.

IV. Exporting or Re-exporting U.S.-origin Goods, Technology, or Services to OFAC- Sanctioned Persons or Countries

Non-U.S. persons have repeatedly purchased U.S.-origin goods with the specific intent of re- exporting, transferring, or selling the items to a person, country, or region subject to OFAC sanctions. In several instances, this activity occurred despite warning signs that U.S. economic sanctions laws prohibited the activity, including contractual language expressly prohibiting any such dealings. OFAC’s public enforcement actions in this area have generally been focused on companies or corporations that are large or sophisticated, engaged in a pattern or practice that lasted multiple years, ignored or failed to respond to numerous warning signs, utilized non- routine business practices, and—in several instances—concealed their activity in a willful or reckless manner.

V. Utilizing the U.S. Financial System, or Processing Payments to or through U.S. Financial Institutions, for Commercial Transactions Involving OFAC-Sanctioned Persons or Countries

Many non-U.S. persons have engaged in violations of OFAC’s regulations by processing financial transactions (almost all of which have been denominated in U.S. Dollars) to or through U.S. financial institutions that pertain to commercial activity involving an OFAC-sanctioned country, region, or person. Although no organizations subject to U.S. jurisdiction may be involved in the underlying transaction—such as the shipment of goods from a third-country to an OFAC-sanctioned country—the inclusion of a U.S. financial institution in any payments associated with these transactions often results in a prohibited activity (e.g., the exportation or re- exportation of services from the United States to a comprehensively sanctioned country, or dealing in blocked property in the United States). OFAC has generally focused its enforcement investigations on persons who have engaged in willful or reckless conduct, attempted to conceal their activity (e.g., by stripping or manipulating payment messages, or making false representations to their non-U.S. or U.S. financial institution), engaged in a pattern or practice of conduct for several months or years, ignored or failed to consider numerous warning signs that the conduct was prohibited, involved actual knowledge or involvement by the organization’s management, caused significant harm to U.S. sanctions program objectives, and were large or sophisticated organizations.

TRAINING

An effective training program is an integral component of a successful SCP. The training program should be provided to all appropriate employees and personnel on a periodic basis (and at a minimum, annually) and generally should accomplish the following: (i) provide job-specific knowledge based on need; (ii) communicate the sanctions compliance responsibilities for each employee; and (iii) hold employees accountable for sanctions compliance training through assessments.

General Aspects of an SCP: Training

An adequate training program, tailored to an entity’s risk profile and all appropriate employees and stakeholders, is critical to the success of an SCP.

I. The organization commits to ensuring that its OFAC-related training program provides adequate information and instruction to employees and, as appropriate, stakeholders (for example, clients, suppliers, business partners, and counterparties) in order to support the organization’s OFAC compliance efforts. Such training should be further tailored to high-risk employees within the organization.

II. The organization commits to provide OFAC-related training with a scope that is appropriate for the products and services it offers; the customers, clients, and partner relationships it maintains; and the geographic regions in which it operates.

III. The organization commits to providing OFAC-related training with a frequency that is appropriate based on its OFAC risk assessment and risk profile.

IV. The organization commits to ensuring that, upon learning of a confirmed negative testing result or audit finding, or other deficiency pertaining to its SCP, it will take immediate and effective action to provide training to or other corrective action with respect to relevant personnel.

V. The organization’s training program includes easily accessible resources and materials that are available to all applicable personnel.

TESTING AND AUDITING

Audits assess the effectiveness of current processes and check for inconsistencies between these and day-to-day operations. A comprehensive and objective testing or audit function within an SCP ensures that an organization identifies program weaknesses and deficiencies, and it is the organization’s responsibility to enhance its program, including all program-related software, systems, and other technology, to remediate any identified compliance gaps. Such enhancements might include updating, improving, or recalibrating SCP elements to account for a changing risk assessment or sanctions environment. Testing and auditing can be conducted on a specific element of an SCP or at the enterprise-wide level.

General Aspects of an SCP: Testing and Auditing

A comprehensive, independent, and objective testing or audit function within an SCP ensures that entities are aware of where and how their programs are performing and should be updated, enhanced, or recalibrated to account for a changing risk assessment or sanctions environment, as appropriate. Testing or audit, whether conducted on a specific element of a compliance program or at the enterprise-wide level, are important tools to ensure the program is working as designed and identify weaknesses and deficiencies within a compliance program.

I. The organization commits to ensuring that the testing or audit function is accountable to senior management, is independent of the audited activities and functions, and has sufficient authority, skills, expertise, resources, and authority within the organization.

II. The organization commits to ensuring that it employs testing or audit procedures appropriate to the level and sophistication of its SCP and that this function, whether deployed internally or by an external party, reflects a comprehensive and objective assessment of the organization’s OFAC-related risk assessment and internal controls.

III. The organization ensures that, upon learning of a confirmed negative testing result or audit finding pertaining to its SCP, it will take immediate and effective action, to the extent possible, to identify and implement compensating controls until the root cause of the weakness can be determined and remediated.