Banking Conference Report

From  Mon Oct 23 20:43:21 1995
From: "David L. Smith" 
Subject: Banking Laws

	The below seems particularly relevant after Clinton threatened
economic sanctions against any country that is too "lax" on money laundering-
including Austria, which should cause some problems given that it's in the EU.
BTW, I know about the 15,000 or so notification limit, but doesn't the IRS cash
tracking center in Detroit get a notification of anything $100 or over?

P.S. As I wrote before, the RRE (red rock eater) mailing list is an
(unfortunately over-liberal) mailing list; see below for the request

Subject: money laundering and bank regulation

[Author bio: Douglas Barnes is a software architect at Electric Communities;
his focus is on issues of security, cryptography, and commerce.  Additional
information about Electric Communities can be found at ]

Date: 9 Oct 1995 01:25:28 -0400
From: (Douglas Barnes)
Newsgroups: ailab.cypherpunks


As you may know, I attended the Fourth International conference
on Money Laundering, Forfeiture, Asset Recovery, Offshore Investments,
the Pacific Rim and International Financial Crimes last week. I
will be dribbling my trip report out over the next week.

The conference was attended primarily by lawyers, bank "compliance
officers", law enforcement personnel and federal regulators. There
were several main themes through the conference:

  o How existing and soon-to-exist regulations affect banks and
    NBFIs (Non-bank financial institutions) with respect to money

  o How the US is projecting its notions of fiscal propriety around
    the globe.

  o Scary stories about things bad people do.

There were also a few bits that prevented it from being a complete
pro-law-enforcement rally, including an interesting bit on foreign
asset protection trusts and a single speaker who dared to suggest that
if we stopped treating drugs as a law enforcement problem, perhaps we
wouldn't have such a serious problem with money laundering. There was
also the bizarre substitution of a marketroid from First Virtual for one
of the speakers.

Despite this somewhat bleak description, it was extremely educational,
and, I think quite useful -- the utility coming not so much from the
explicit content, but rather from the subtext of the talks, the
interactions between the different parties, the hallway conversations,
and the vast tracts of ignorance with respect to cyberspace that were
displayed (and, to be honest, openly admitted) in some of the talks.

Some quick morsels of interest:

  o Regulators are not amused by attempts to run unlicensed online
    banks. They are aware such things are starting to pop up, and
    they are very interested in shutting them down when they do.

  o The same goes for NBFIs (Non-bank financial institutions) --
    these appear to be regulated primarily at the state level, with
    some IRS and FinCEN involvement. These include everyone from
    stock brokers to Casas de Cambio. (I shared a table with a lawyer
    from Chula Vista who represents some of these guys -- he had a
    wonderful sense of humor and we began to worry we'd get chucked
    out for laughing at the wrong parts of the presentations.)

  o The attendees displayed an understanding of the situation wrt
    electronic payment systems that ran from dim to non-existent. A
    surprisingly large number of them had heard of David Chaum, who
    apparently has been hob-nobbing with them a bit. I don't think
    much of what he's said has sunk in, beyond some acquisition of
    the notion that non-anonymous systems can pose privacy problems.

New Regulations Coming, Old Regulations Reinterpreted

Recent legislation and regulation on money laundering is moving
in the following direction:

  o Fewer formal, specific or deterministic rules for reporting
    suspicious transactions.

  o More vague, subjective, and privacy-invading rules for
    reporting suspicious transactions, coupled with more severe
    penalties for banks and NBFIs.

More specifically ("bank" includes NBFIs):

  o Banks are now considered "deputies" of the federal government
    in the War On Money Laundering.
  o Banks have an affirmative duty to use their resources to seek
    out and report on suspicious activity.
  o Banks must implement strict "Know Your Customer" policies.
  o If money launderers are found to be using a bank, a bank
    can be closed down (Under Annunzio-Wylie "death penalty"
    provisions); penalties are mitigated if:

    o Senior officers are aware of and pushing for compliance
      with m.l. regulations.
    o Bank has strong controls that were thwarted in a new or
      unusual way.
    o Bank cooperated (and has a history of cooperating with)
      Law Enforcement Agencies, including appropriate filing
      of Currency Transaction Reports (CTRs), Suspicious Activity
      Reports (SARs) and Criminal Referral Forms (CRFs).
    o Bank instituted new controls after m.l. incident.
    o Removal of bank would harm community.

The primary representative of the regulators, Dan Sato, made it
very clear that it was not the government's job to define
"suspicious" behavior, but that this was up to the banks. This
has the effect of causing the banks to implement far more
restrictive and invasive policies than the government could ever
explicitly mandate.

Those of you who have recently experienced new account paranoia
at banks should take note -- it's going to get much, much worse.
Current compliance measures being used or proposed for use by the
industry itself include:

 o Increased ID requirements for new accounts, including bank
   references, follow-up investigation, flagging of mail-drop
   addresses, etc. One attendee described some software to detect
   new account fraud in glowing terms.

 o Use of transaction profiling to detect unusual patterns; use of
   AI at banks to turn them into mini-FinCENs.

 o Pre-loading transaction profiling with a detailed questionnaire
   given to customers when account is opened: "Do you plan to make
   any large cash transactions?", "Do you plan to send or receive
   any wire transfers?" -- answers trigger further investigation
   and documentation of the customer's reson for using these services.

Note that equivalent measures and software are enthusiastically
embraced by the people involved in NBFIs, including a
representative of a large money transmitter I spoke with.

Most of the discussions on the subject of bank regulation wrt
money laundering featured some input from John Byrne, a lobbyist
for the American Banker's Assocation, and, for reasons which
are clear, "the first private sector recipient of FinCEN's
Director's Medal for Exceptional Service." Mr. Byrne continued to
provide exceptional service for the government throughout the
conference, a model of government-industry cooperation.

It is important for people not involved in the banking industry
to realize that it is very tightly regulated, with a good deal of
highly subjective lattitude given to bank examiners. There is
very little due process available to banks wrt the judgements made
by examiners, and banks wisely do whatever they can to avoid
irritating the government. The alternative is higher fines and
less benefit of the doubt when they inevitably screw up and
violate one of the yards of regulations affecting them. [I am
continuing to research how control is extended to NBFIs.]

This enthusiastic compliance is not too surprising. In
fact, one of the recurring complaints from the bankers was that
over the years they had dutifully filed Suspicious Activity Reports
and Criminal Activity Forms and nothing ever happened; as a reward
for their concerns, they now have an affirmative duty to follow
up on these forms if they don't hear back from an appropriate LEA.
(Failure to follow up is now considered a form of willful blindness.)

And finally, for your entertainment and edification, here are some
examples of "suspicious behavior", generally:

o Insufficient, false, or suspicious information provided by
  the customer.

o Cash deposits, purchase and/or deposits of monetary instruments,
  or wire transfers which are not consistent with the business activities
  of the customer. (Ponder for a bit how closely a bank has to understand
  you and your business to make this determination.)

o Structuring of transactions to avoid reporting requirements (a
  running joke in the conference was that a $9,500 cash transaction
  is far more suspicious than a $24,000 one.)

o Funds transfer to foreign countries.

More specifically:

o Customer is reluctant to provide information requested for
  proper identification.

o Customer opens a number of accounts under one or more names and
  subseqently makes deposits of less than $10K in one or more of them.

o Customer is reluctant to proceed with transaction after being
  informed that a CTR will be filed.

o Customer makes frequent deposits or withdrawals for no apparent
  business reason, or for a business which generally does not involve
  large amounts of cash. (Again, ponder the process of determining

o Customer exchanges large amounts of currency from small to large
  denomination bills.

o Customer makes frequent purchases of monetary instruments for cash
  in amounts less than $10K.

o Customers who enter the bank simultaneously and each conduct a large
  currency transaction under $10K with different tellers.

o Customer who makes constant deposits of funds into an account and
  almost immediately requests wire transfers to another city or
  country, and that activity is inconsistent with the customer's
  stated business.

o Customer who receives wire transfers and immediately purchases
  monetary instruments for payment to another party.

o Traffic patterns of a customer change in the safe deposit box
  area possibly indicating the safekeeping of large amounts of cash.

o Custmoer discusses CTR requirements with apparent intention of
  avoiding those requirements or makes threats to an employee to deter
  the filing of a CTR.

o Customer's wire traffic increases, esp. if international

o Customer receives many small incoming wire transfers or deposits
  of checks and money orders then requests wire transfers to another
  city or country.

o Large wire transfers less than $10K to nonaccountholders, esp.
  in conjunction with purchase of monetary instruments.

o Customer's stated purpose for a loan does not make economic sense,
  or customer proposes cash collateral for a loan while refusing to
  disclose the purpose of a loan.

o Requests for loans to offshore companies, or loans secured by the
  obligations of offshore banks.

o Borrower pays down a large problem loan suddenly, with no reasonable
  explanation of the source of funds.

o Customer purchases CDs and uses them as collateral, or uses any
  cash collateral for a loan.

o Loan proceeds are unexpectedly channeled off-shore.

[More to come.]

Date: 10 Oct 1995 22:33:41 -0400
From: (Douglas Barnes)
Newsgroups: ailab.cypherpunks

The increasingly long arm of US law

Those of you who have read my earlier exploration on the subject
of jurisdiction (
should be aware of a wide variety of ways that the US can "reach
out and touch someone" they're not pleased with.

Well, last week, I learned a few more.

There are several ways in which the US is attempting to exert
hegemony throughout the world wrt banking regulation:

  o Identification of "fiscally tolerant" nations and banking
    havens, and close regulatory examination of all transactions
    with these countries.

  o Pressure on major US trading partners and allies to pass
    and implement anti-money-laundering legislation and
    regulatory regimes.

  o Regulations on foreign banks with offices in the US, making
    compliance demands on world-wide operations.

  o Criminal prosecution of banks suspected of institutional
    involvement in money laundering, even if said bank has no
    offices or branches in the US.

  o Worldwide pre-trial substitute asset forfeiture of banks
    suspected of institutional involvement in money laundering,
    even if said bank has no offices or branches in the US.

Pariah Nations in Banking

As I touched on briefly in the previous section, transactions
with well-known banking havens can automatically qualify as
"suspicious." And in addition to some of the better known havens,
a number of countries were pointed out at the conference as
being "fiscally tolerant", including Malta, Uruguay, Japan,
Ireland and Belgium; in another presentation the countries of
Eastern Europe and the former Soviet Union were identified as
"rapidly growing" sources of suspicious baning activity.

Transactions with counterparties in such countries will be flagged
by regulators for closer examination -- banks with large percentages
of transactions with these countries will be expected to meet a
higher standard in their attempt to identify "suspicious" behavior
and will be under increasing pressure to investigate their customers'
business practicies and motivation for all bank transactions.

Some countries are clearly going to continue to tell the US to
"get stuffed." However, if the US is successful in pressuring more
and more countries to "tow the line", it will leave a shrinking
pool of transactions subject to closer and closer examination.

New Money Laundering Legislation

Two presentations, one from Taiwan, the other from Thailand,
focused on new or proposed legislation wrt money laundering in
those countries. Based on my direct experience of living in the
former, and my reseach into the latter, it's going to be a very,
very long time before such legislation has a significant
impact on either country.

Chinese people (who are in the majority in Taiwan, and form
an economically active minority in Thailand) are very cash-
oriented; I vividly remember payday in Taiwan, with the boss
sitting at a table piled with money, bundling up salaries for
everyone. I'd come home at the end of each month with a giant
wad of cash from my several different jobs. One could hardly
imagine a better environment for money laundering than a society
in which large quantities of cash change hands on a regular basis.
After his talk, the Taiwanese speaker acknowledged the problems,
but seemed hopeful that progress could be made.

The speaker from Thailand, Nualnoi Treerat, a professor of
Economics, discussed the proposed legislation primarily as an
attempt to reduce the impact of organized crime on
political life and society in Thailand; however, by her own
estimations, the underground economy in Thailand represents
17-19% of the country's GDP (mostly drugs and prostitution.)
Given the extensive corruption which she also detailed, it
seems that such legislation will be a very small step indeed.

Other speakers addressed the issue of cultural differences
with respect to the use of cash and attitudes towards privacy,
and it came up at lunch both days -- in many cultures, financial
privacy is held in much higher regard than in the US, and people
have a  much stronger suspicion towards the government. Furthermore,
there are many people who feel this way in the US. There is going
to be an inevitable clash between atttempts to closely regulate
and monitor money movements and people's fundamental desire for
privacy. It's not clear that people of any culture can be sufficiently
frightend by the bad guys to give up as much of their privacy as
would be required for ultimate success in the War on Money Laundering.

Despite the dim chances of success, it's clear that the US has
been at least partially successful in coercing and coaxing other
countries to adopt measures against money laundering, and to
some extent there is local support for these measures. But these
direct efforts pale by comparison to some other techniques...

Foreign Bank Regulation

In various pro-privacy publications I've read, there have been
oblique warnings about doing business with foreign banks that
maintain offices in the US. At this conference, I learned some
very concrete reasons for this.

It turns out that if a foreign bank wants to open a US office,
they must demonstrate compliance with US money laundering laws
throughout their _worldwide operations_. Furthermore, they're
expected to have solid leadership for these policies from their
home offices.

This puts such banks in a serious bind. For instance, while
Annunzio-Wylie absolves (or attempts to absolve) banks from civil
liability for filing Suspicious Activity Reports and Criminal
Referral Forms on their cusomters, this absolution does not extend
to the home countries of these banks, where substantially different
laws may obtain -- possibly explicitly forbidding this kind of

There is almost a certain kind of logic to this kind of activity,
but not content to extend our laws over the worldwide operations
of banks with US offices, there are two ways in which US authorities
are now attempting to extend US laws to banks _with no US offices_.

Extraterritorial Reach

The best paper presented at the conference, hands down, was
"Surviving the Solution: The Extraterritorial Reach of the
United States," by Kirk Munroe, a criminal defense attorney
practicing in Miami. [I intend to find out if an online
version of this paper can be made available.]

To quote Mr. Munroe:

  The US money laundering law specifically provides for
  extraterritorial jurisdiction when (a) the conduct is by a US
  citizen anywhere in the world, or, if by a non-US citizen,
  the conduct occurs, at least in part, in the United States,
  and (b) the transactions, or a series of related transactions,
  exceeds $10,000. [18 USC $ 1956(f)]

Some add'l background: banks involved in international business
typically have a number of _correspondent accounts_ scattered
around the world that are used for clearing wire transfers and
other transactions. Since the BCCI scandal, the US government
has increasingly gone after these accounts when a bank is
suspected of facilitating money laundering.

Furthermore, banks can have these correspondent accounts seized,
even if they no longer contain "dirty" money, because they
_facilitated_ a money laundering activity.

When you combine these elements, you get a strategy that
permits the US government to confiscate worldwide correspondent
accounts of banks, even if they don't have a US presence.

The first case Mr. Munroe cites is that of Banco de Occidente
(Panama), one of his clients, that was alleged to have facilitated
the laundering of the proceeds of drug transactions. The indictment
included criminal charges against the banks and a criminal
forfeiture charge. The government also filed a civil action for
the forfeiture of $412 million allegedly laundered (although it
had already passed completely through the bank.)

The government then proceded to freeze not only the bank's US
correspondent accounts, but also accounts in Germany, Switzerland
and Canada, leading to the insolvency of the bank and its subsequent
takeover by the Panamanian Banking Commission. [The Germans quickly
unfroze the account after a civil action brought by the bank.]

Quoting Munroe:

  After months of difficult and complicated negotiations which
  involved the banks' various interests in eight nations, a
  resolution was reached with the governments of the US, Canada,
  and Switzerland... [the bank] entered a guilty plea and agreed
  to forfeit, over a period of four years, $5 million to the US.
  The US, in turn, paid the Swiss and the Canadians $1 million
  each from the initial $2 million forfeiture payment.

[Those of you who are still under any delusions about the "safety"
of Swiss bank accounts, take careful note of this.]

Mr. Munroe concludes that the only reason that the bank got off
this "lightly" was because of substantial evidence that it was,
by and large, a highly respectable institution and that this
instance of laundering was an aberration.

The next case cited by Mr. Munroe is that of Bank Leu. I quote
from his paper:

  In sum, a Luxembourg bank with no office in the US was charged
  and convicted of money laundering in the US on the basis of
  clearing US dollar negotiable instruments drawn on a US bank but
  deposited by non-US citizens in Luxembourg. In other words,
  acceptance of US-dollar negotiable instruments by a bank anywhere
  in the world outside of the US renders the bank susceptible
  to US criminal jurisdiction in the money laundering field.

The case boils down to this: Bank Leu wanted to expand its private
banking business, and hired an officer to market accounts in
South America. Two related accounts were opened, and over a one-
year period $2.3 million in cashier's checks, all below $10K,
were deposited in the two accounts.

Although no guilty knowledge could be shown, this case was pursued
and won on a theory of "willful blindness", that is, the bank "should
have known" that the transactions had no valid business purpose
and were inherently suspicious (came via Columbia, were sometimes
more than 6 months old, all in small amounts, etc.). According to a
LEA representative at the conference, there was a lot of joking in
the backoffice at Bank Leu about the money being dirty, and clerks
were repeatedly told "don't worry, it's ok" by bank officers.
Certainly if this is true, it amounts to _extremely_ willful
blindness, but this case still represents an amazingly long reach
for US laws.

[more to come... "Things bad people do with money"]

David L. Smith MD =  Tel (334) 460-7100 
Fax (334) 460-7832  E. Allen Smith = EALLENSMITH@MBCL.RUTGERS.EDU
Any handicap can be overcome, except stupidity.