Greg Kilminster
Head of Product - Content
OFAC Settles with daVinci Payments for apparent sanctions violations
Swift Prepaid Solutions, Inc operating as daVinci Payments, a financial services and payments company has agreed to pay a $206,213 settlement related to 12,391 apparent violations of OFAC sanctions concerning Crimea, Iran, Syria, and Cuba. These apparent violations occurred between 15 November 2017, and 27 July 27. DaVinci’s core business involves managing prepaid reward card programs, and it was found to have allowed reward cards to be redeemed by individuals located in sanctioned jurisdictions.
DaVinci offers digital and physical payment reward card programs to various clients, including corporations, non-profit organizations, and government entities. These programs enable clients to issue payment cards to designated recipients as part of loyalty, award, or promotional initiatives.
The process involved daVinci’s clients funding the card programmes through an issuing bank, with daVinci providing digital or physical prepaid cards to authorised users. Upon receiving a list of card recipients, daVinci sent email invitations to authorised users, prompting them to redeem the token for a prepaid card. To redeem, users provided their information and were screened against sanctions lists. If cleared, funds were released to the prepaid cards, allowing users to make purchases with merchants.
During a compliance review and subsequent investigation between March 2020 and February 2022, daVinci identified that it had redeemed prepaid cards for users with IP addresses associated with sanctioned countries, including Iran, Syria, Cuba, and Crimea, on 12,378 occasions. Following this discovery, daVinci blocked access from IP addresses linked to these jurisdictions but later found that they had also redeemed cards for 13 individuals who used email addresses with domain suffixes associated with sanctioned regions during the redemption process.
This lapse in comprehensive geolocation controls resulted in daVinci processing 12,391 redemptions, totaling $549,134.89, for cardholders located in sanctioned jurisdictions, thereby violating various sanctions regulations, including the Cuban Assets Control Regulations, Iranian Transactions and Sanctions Regulations, Ukraine-/Russia-Related Sanctions Regulations, and Syrian Sanctions Regulations.
The settlement amount reflects OFAC’s view that daVinci’s conduct was non-egregious and was voluntarily self-disclosed. This case serves as a reminder of the importance of robust compliance measures when dealing with sanctioned jurisdictions.
Click here to read the full RegInsight on CUBE’s RegPlatform
$2.6 million fine for commodity pool fraud
The Commodity Futures Trading Commission (CFTC) has ordered Mark A Ramkishun, to pay over $2.6 million in restitution and civil monetary penalties for commodity pool fraud.
The court found that Ramkishun, acting as an unregistered commodity pool operator, fraudulently solicited investments in a purported commodity pool called Leo Growl LLC. Ramkishun made false and misleading statements to investors about the pool’s performance and risks, and misappropriated investor funds for personal use.
The court ordered Ramkishun to pay $1,076,758 in restitution to investors and a $1,566,977.07 civil monetary penalty. The court also permanently banned Ramkishun from registering with the CFTC or trading on any registered entity.
Click here to read the full RegInsight on CUBE’s RegPlatform
Bank employee jailed for fraud
A man has been sentenced to four years in prison for committing £2.26 million of fraud by abusing his position as a senior market data administrator and financial analyst at a bank.
Michael Grant, 45, redirected refunds from service providers meant for the bank into his own external business account. The bank became suspicious of Grant after finding a document on a printer in his office that appeared to have been altered to falsely show that his business account was part of the bank.
Grant was interviewed by the bank and his contract was terminated after he was deemed to pose a risk to the organisation. The bank and the Dedicated Card and Payment Crime Unit (DCPCU), a specialist police unit that is funded by the banking and finance industry, launched a full investigation.
The investigation found that Grant had successfully diverted funds relating to one hundred refund payments into his business account, totalling £2,260,729.09. Grant pleaded guilty to fraud by abuse of position under the Fraud Act 2006 and was sentenced to four years in prison.
Click here to read the full RegInsight on CUBE’s RegPlatform
FCA warns firms to improve anti-fraud systems
The Financial Conduct Authority has published the findings of its review into authorised push payment (APP) fraud, concluding that payment service providers should regularly evaluate their approach to identifying the fraud risks that they and their customers are exposed to and must continue to develop their defences against fraud and ensure their control frameworks are fit for purpose.
The review found that, in the context of governance, oversight, and management information (MI), the following key observations were made:
Governance frameworks: Some firms demonstrated effective and well-established governance frameworks, while others fell short. Notably, some firms lacked evidence of effective oversight and challenge by senior management or board committees.
Management information (MI): Many firms primarily focused their MI on reporting against commercial risk appetite and financials. However, the most robust MI included customer-centric measures, showing how these measures informed decision-making to enhance anti-fraud systems and controls, as well as improve customer outcomes and service.
Proceeds of fraud – money mules: Firms with higher reported mule accounts compared to their peers often lacked sufficient MI and senior management oversight to address the risk and assess intervention impacts.
Regarding fraud systems and controls:
Anti-fraud control frameworks: Some firms were still in the process of developing their anti-fraud control frameworks. Most firms recognised the need to strengthen systems and controls to detect, prevent, and manage fraud.
Scope for improvement: Many firms had significant room for improvement in their approach to managing various types of fraud risks, starting from onboarding customers and throughout their relationship with the firm.
Preventing and detecting fraud: Strategies included identifying and acting on information through customer onboarding, transaction monitoring, ongoing customer and account-level monitoring, device monitoring, and intelligence use. Behavioural biometrics and automated warning messages were considered effective tools.
Manual intervention: Manual intervention for high-risk payments, involving staff interaction, could add a positive friction to the payment journey and help prevent fraudulent payments.
Concerning the use of intelligence:
Engaging with external bodies: Most firms actively engaged with external organisations to discuss intelligence and anticipate future threats, enabling pre-emptive action against fraud.
PSPs and fraudulent funds: Some firms noted that PSPs could be slow to freeze fraudulent funds, and they expected PSPs to act promptly, especially with the impending PSR’s reimbursement requirement in 2024.
Addressing customer treatment and awareness:
Reporting fraud: Customers sometimes faced challenges in reporting fraud, as firms’ websites did not always provide clear information on how to contact the firm or what to do if fraud occurred outside of standard opening hours.
Resource allocation: Fraud and complaints teams were not always adequately resourced, impacting the quality and speed of customer service when handling fraud cases or complaints.
Frozen accounts: Customers with frozen accounts due to fraud concerns should be supported, and firms should communicate effectively with them during this period.
Extra support: Some firms offered additional support to customers, such as allowing them to discuss concerns about potential scams and raising awareness of fraud and cybersecurity through a multi-channel approach, like a free app.
Concerning the approach to customer complaints:
Complaint handling quality: The quality of firms’ complaint handling was often disappointing, with some firms being slow to respond and issues with communication with customers throughout the process.
Final response letters: Final response letters were sometimes poorly written, lacked tailoring to the specific case, and contained technical jargon, aggressive language, or unclear rationale for the final decision.
Lastly, on the treatment of customers in vulnerable circumstances:
Vulnerability consideration: All firms claimed to consider characteristics of vulnerability when handling fraud claims and complaints, but the review found evidence of inconsistency.
Fair treatment: Firms should ensure that customers in vulnerable circumstances receive outcomes as favorable as other consumers and consistent fair treatment, appropriate to their characteristics.
As part of the next steps, the FCA notes that it will: “continue to monitor how payment firms are meeting our expectations to slow the growth in APP fraud cases and losses, as well as fraud more generally, and to put the needs of customers first”.
Click here to read the full RegInsight on CUBE’s RegPlatform
CFTC releases enforcement data as the “premier enforcement agency in the digital asset space”
The Commodity Futures Trading Commission (CFTC) has released its enforcement results for 2023, showcasing a remarkable year in tackling fraud, manipulation, and other significant violations in various markets, including digital assets and swaps. This year’s actions resulted in penalties, restitution, and disgorgement exceeding $4.3 billion.
CFTC Chairman Rostin Behnam expressed his pride in the Division of Enforcement’s groundbreaking work in the digital asset space in particular.
Enforcement highlights from 2023
Digital assets: Notable actions included:
- Charging Samuel Bankman-Fried, FTX, Alameda, FTX Co-Founder Gary Wang, Alameda Co-CEO Caroline Ellison, and FTX Co-Owner Nishad Singh for an alleged fraudulent scheme involving digital asset commodities, resulting in the loss of over $8 billion in FTX customer assets.
- Charging Binance, its founder, and a former chief compliance officer with operating an illegal digital asset derivatives exchange and evading CFTC provisions.
- Charging Celsius and its former CEO Alex Mashinsky with fraud and material misrepresentations in connection with a commodity pool scheme involving digital asset commodities.
- Obtaining orders requiring defendants in a fraud action to pay $1,733,838,372 in restitution to victims, marking the highest CMP ever ordered in any CFTC case.
- Winning a groundbreaking alternative service motion and a subsequent default judgment order against the Ooki DAO, a decentralised autonomous organisation.
- Obtaining a default judgment against defendant operators of a digital asset trading platform for illegally offering futures transactions and attempting to manipulate the price of the Digitex Futures native token.
- Charging Avraham Eisenberg for a fraudulent and manipulative scheme involving complex manipulation strategy.
- Simultaneously filing and settling charges against the operators of three digital asset decentralised finance (DeFi) protocols for illegally offering leveraged and margined retail commodity transactions in digital asset commodities.
- In an enforcement sweep, charging 14 entities that falsely claimed to be CFTC-registered FCMs and RFEDs.
Manipulative and deceptive conduct and spoofing: 2023 saw the CFTC’s focus on detecting and prosecuting misconduct related to manipulative and deceptive conduct, including:
- Simultaneously filing and settling charges against HSBC Bank USA, for manipulative and deceptive trading related to swaps with bond issuers, spoofing, and supervision and mobile device recordkeeping failures.
- Charging two commodity pool operators (CPOs) and their Co-Founder and Co-Chief Investment Officer for deception and manipulation in a $30 million scheme.
- Simultaneously filing and settling charges against Goldman Sachs & Co LLC for failure to maintain adequate supervisory systems and controls.
- Simultaneously filing and settling charges against a registered CPO and CTA for spoofing.
- Charging a registered CTA/CPO and its associated person with spoofing.
Reporting, risk management, adequate compliance programs, and business practices: CFTC’s actions in this category focused on ensuring registrants comply with various requirements, including:
- Simultaneously filing and settling charges against the affiliates of three financial institutions for swap data reporting and other failures.
- Simultaneously filing and settling charges that a registered derivatives clearing organisation violated its Core Principles.
- Finding a provisionally registered SD failed to satisfy the CFTC’s Business Conduct Standards.
- Simultaneously filing and settling charges against an SD for recordkeeping violations.
- Finding liable CFTC registrants for recordkeeping and supervision violations.
Misconduct involving confidential information: FY 2023 actions addressed misconduct involving confidential information, such as:
- Settling charges against a registered introducing broker, its owners, and affiliated companies for fraud by misappropriation of material, nonpublic information.
- Charging a trader with running a fraudulent scheme involving knowledge of his employer’s trading in feeder cattle futures.
Protecting customers: The CFTC’s efforts in protecting customers were evident through numerous actions:
- Obtaining an order imposing $33 million in restitution and a $5 million CMP against precious metals firm Monex Deposit Company and its affiliated companies and principals.
- Bringing its first case involving a romance scam, a type of fraud that is growing in popularity.
- Obtaining a preliminary injunction in an enforcement action charging fraud and misappropriation.
- Obtaining an order imposing $112.7 million in restitution and a $33 million CMP against defendants engaged in a fraudulent and deceptive scheme.
- Charging defendants with fraudulently soliciting funds from customers to trade various products.
- Charging precious metals dealers with fraudulently soliciting funds from elderly customers to purchase precious metals.
- Simultaneously filing and settling charges against a Switzerland-based trading platform for illegal transactions.
- In a sweep, simultaneously filing and settling charges against eight entities for fraudulently claiming to be CFTC-registered FCMs and RFEDs.
Cooperation with criminal and regulatory authorities: The CFTC’s enforcement program emphasised collaborative relationships with various authorities, including criminal prosecution and regulatory enforcement.
Whistleblower program: The Whistleblower Program played a vital role, with seven whistleblower awards granted in FY 2023, totaling approximately $16 million.
DOE task forces: The DOE established two new task forces in FY 2023, focusing on cybersecurity and emerging technologies, as well as combating environmental fraud.
The CFTC’s announcement that it is the “premier enforcement agency in the digital asset space” will not go unnoticed by the SEC.
Click here to read the full RegInsight on CUBE’s RegPlatform
Michelle Bowman: concerns on bank supervision and regulation proposals
In a speech at the Ohio Bankers League, Federal Reserve Governor Michelle W Bowman covered regulatory developments across a number of key areas. Underpinning the speech was Bowman’s concerns about “regulatory action that raises questions about need and legal basis” as she raised a number of concerns about some key proposals.
Capital requirements reform: Bowman addressed the proposed reforms to capital requirements for banks with over $100 billion in assets. She expressed some scepticism about the proposed changes and their potential impact on market liquidity, lending, and the overall financial landscape, noting that ultimately bank customers would pick up the cost of credit which could arise from the proposed capital increases. Bowman reminded the audience that the consultation period for the proposed increases has moved back to January 2024. The zeitgeist of many recent regulator’s speeches was also covered: the importance of international coordination in establishing capital standards.
Community Reinvestment Act (CRA): Bowman noted that her objectives for the CRA were not realised in its recent adoption as a new final rule. She highlighted concerns about the rule’s complexity and potential negative consequences for community banks. She also addressed the rule’s scope and impact on community banks, noting that increased burden and cost may well be disproportional to the regulatory goals: the final rule runs to almost 1,500 pages.
Interchange fee cap proposal: The Federal Reserve’s proposal to amend the regulatory cap on debit card interchange fees was considered by Bowman who said: “the proposal is unfair to many issuers and in some ways regressive in its impacts”. She expressed concerns about the fairness of the proposal, potential impacts on issuers of different sizes, and the consequences for bank customers.
Climate guidance: The speech also discussed the guidance on climate-related financial risks published by the Federal Reserve, the FDIC, and the OCC. Bowman raises concerns about the guidance’s clarity around supervisory expectations, costs, and its potential impact on access to financial services, particularly in low-income communities. Once again she noted that, ultimately, consumers will foot the bill of increased costs of compliance.
Overall, the speech provides a critical assessment of recent regulatory developments and reforms in the financial sector, highlighting concerns about their potential unintended consequences and overall effectiveness. In concluding, Bowman noted:
“While the unintended consequences of these reforms may not be clear at the outset, our ability to predict these consequences is even more limited when the reforms overlap or conflict. The sheer volume of change presents significant challenges for banks, who will be required to prioritize the implementation of new and revised requirements, with the risk of being distracted from more material concerns or supervisory issues."
“In my view, our regulatory agenda should focus on evolving conditions and data-driven, identified risks”.
Click here to read the full RegInsight on CUBE’s RegPlatform