Top highlights from the anti-financial crime space in 2021

The end of 2021 is just a few days away and so it is the perfect time to review and reflect on what happened this year, what were some of its most memorable compliance headlines, and what to look out for in 2022. We picked some of the top highlights in several categories.

Regulatory

We all knew this year will be intense for financial crime professionals as we kicked off 2021 with the passing of the AML Act 2020 (AMLA) on January 1st, 2021. This act brings changes to the Bank Secrecy Act (BSA) aiming to improve information sharing and modernize the existing laws and systems. Within the AML Act, there is the Corporate Transparency Act (CTA). It establishes uniform beneficial ownership reporting requirements for businesses in the US and authorizes FinCEN to collect information and share it with the government. The importance of the adoption of CTA was highlighted later in the year when the Pandora papers news broke. In early December 2021, FinCEN issued a Notice of Proposed Rulemaking (NPRM) to implement the beneficial ownership information reporting provisions of the CTA, thus we will continue monitoring and preparing for the new requirements of CTA in 2022.

On the other side of the Atlantic, this year the EU announced plans to create a new AML Authority. Among its main priorities are ensuring effective implementation of the existing AML/CFT framework, information sharing, streamlining the processes, and bringing the AML/CFT supervision to an EU-level. The Authority's work is planned to commence at the beginning of 2023.

Moving further east, the UAE has also announced the creation of an executive office to tackle money laundering and terror financing. The office is expected to reinforce UAE's efforts in fighting financial crime. Later in the year, the UAE issued updated guidance on financial sanctions. The UAE has enhanced its sanctions regime which does not only include the multilateral United Nations Security Council (UNSC) sanctions but also its own unilateral targeted sanctions. For more information on the guidance see: Guidance on Targeted Financial Sanctions (sca.gov.ae)

All eyes on cryptocurrency and virtual assets

Some of the main 2021 topics were cryptocurrency and virtual assets. For us, here are some of the most interesting highlights.

In June El Salvador become the first country to approve Bitcoin as legal tender. We can learn much from this. As reported by news media, the population of El Salvador greet this move with curiosity but also seem to have reservations. Additionally, there were initial issues with the rollout and protests against the bitcoin due to fears of inflation of the local currency.

Interesting developments in cryptocurrency compliance come from sanctions enforcement. At the beginning of the year, OFAC settled with BitPay sanctions violations related to digital currency transactions. According to the released enforcement action, BitPay allowed persons who appear to have been located in the Crimea region of Ukraine, Cuba, North Korea, Iran, Sudan, and Syria to transact with merchants in the United States and elsewhere using digital currency on BitPay’s platform even though BitPay had location information, including Internet Protocol (IP) addresses and other location data, about those persons prior to effecting the transactions.

OFAC sanctions were also imposed in September on two crypto exchanges - SUEX and later on Chatex. They were designated for taking part in facilitating financial transactions for ransomware actors. In the enforcement actions, OFAC notes that virtual exchanges such as SUEX and Chatex "are critical to the profitability of ransomware attacks, which help fund additional cybercriminal activity".

Not surprisingly, following these designations, OFAC published sanctions compliance guidance for the virtual currency industry. Some of the key recommendations of OFAC include: implementation of a risk-based sanctions compliance program, utilization of geolocation tools, know-your-customer (KYC) procedures, performing sanctions screening of all available KYC and transactions details, as well as transaction monitoring. For more information see: virtual_currency_guidance_brochure.pdf (treasury.gov)

Not long after that, FATF issued an updated guidance for VASPs. The guidance clarifies some of the definitions for virtual assets and virtual assets services providers, it addresses risks and tools for money laundering in peer-to-peer transfers, licensing and registration of VASPs and "travel rule" implementation guidance. For more details download the full document from FATF's webpage.

Corruption, human rights, and more leaks

In 2021, the fight against corruption and human rights violations proceeds. State heads such as the French Nicolas Sarkozy and the Malaysian Najib Razak were sentenced to jail on corruption charges. This year the Office of Foreign Assets Control (OFAC) designated a large number of entities and individuals under the Global Magnitsky Act all over the world. The Magnitsky sanctions target corruption and human rights violations internationally. The 2021 designations included persons and entities in Africa, Asia, most notably China, Europe, even EU involvement as Bulgarian individuals and entities were designated, and Latin American targets. Further, the European Parliament has called for a new EU instrument that allows for import bans on products related to severe human rights violations such as forced labor or child labor.

The human rights aspect of sanctions and trade bans will most certainly have an impact on compliance in 2022 and beyond.

To add to the corruption issues, the International Consortium of Investigative Journalists (ICIJ) revealed leaked documents from tax heavens - Pandora papers. Although not necessarily related to illicit activity, the papers show how officials are using the offshore and agents to obscure links to their wealth. Earlier we took a look at the reactions in the compliance community (you can see here).

Ransomware on the rise

In June 2021, in response to an increase of suspicious activity reports (SARs) related to ransomware, the FinCEN published "Ransomware Trends in Bank Secrecy Act Data Between January 2021 and June 2021" report. The period January - June 2021 had 30% more ransomware-related SARs in comparison with 2020 (635 SARs up to mid-2021 vs 487 SARs for the entire 2020). As a value, the ransomware SARs depict a 42% increase as the total value for 2020 was $416 million compared to $590 million in mid-2021. FinCEN identified bitcoin (BTC) as the most common ransomware-related payment method in reported transactions.

In May the president Biden signed a new executive order aiming to improve cybersecurity, and in October OFAC issued an advisory note on potential sanctions risks involving ransomware payments. With the increase detected in May/June 2021, it is likely to expect more focus on ransomware and cybersecurity in 2022. Learn more and get ready for the future of cybercrimes. Compliance Time podcast currently has an episode on cybersecurity and one more is in the pipeline.

Image source: "Ransomware Trends in Bank Secrecy Act Data Between January 2021 and June 2021" report, FinCEN

Country highlights

Compliance professionals need to stay up-to-date with what is going on in the world. This year, the highlights which we followed included three countries, namely Myanmar, Belarus, and Afghanistan. Coup, diplomatic provocations, and a country takeover - all events were associated with sanctions and restrictions imposed. Additionally, illicit fund flows from/to these countries are expected to circumvent detection through neighbor countries, allies, or using different methods and vehicles.

First, in February, there was a military coup in Myanmar. As a result, the US, UK, and EU responded with sanctions on military officials. The sanctions hit state-owned enterprises in various industries such as gems and timber. The sanctions are impactful as these entities are responsible for the majority of industry output. For example, the sanctioned Myanma Gems Enterprise "is responsible for all gemstone activities in Burma". Another key component here is the majority ownership, there are multiple entities majority-owned by the designated entities. Therefore businesses working with Myanmar should be well-aware of the ownership of their counterparts.

In May, a Belarusian military plane diverted a Ryanair flight and then the police took one of the passengers - an opposition journalist. This incident, following Lukashenko's questionable re-election in 2020, resulted in Belarus being sanctioned by the EU and OFAC. They limit access to capital markets and impose trade bans on the country's most important resources - energy and potassium chloride. Towards the end of 2021, Belarus orchestrated a migrant crisis at its borders with EU countries. Considering the rising tensions between Russia and Ukraine, and Belarus' ties with Russia, likely there will be further developments, and Belarus will most certainly be a country to observe in 2022.

Last but not least, in 2021 the Taliban took over Afghanistan. In response, the Biden Administration put a hold on Afghan government reserves held in U.S. bank accounts (Taliban’s access to cash limited as Biden administration freezes Afghan reserves - The Washington Post). Additionally, their currency, the afghani, was trading on a record low. The takeover led to a humanitarian crisis as many were trying to flee the country. The country has longstanding illicit flows from drug trade, and in the current socio-economic climate, it appears that the economic situation is increasingly more complex.

Of course, there was much more going on in 2021, for example, the US-China and US-Russia relations could probably take a book volume on their own. There is a lot to look for in 2022 and we will keep learning and seek the top highlights for compliance professionals. If you would like to add something, get in touch with us or leave us a comment on LinkedIn or Medium. Subscribe to our monthly newsletter on www.cmpltime.com