Cyber Laundering, Bank Secrecy Act, and terrorist financing

Anti-money laundering laws have traditionally served the purpose of eliminating the profits for he commission of crimes. After September 11th, 2001, the focus of anti-money laundering laws expanded to include the funding of terrorist organizations, and multiple reforms to the Bank Secrecy Act and anti-money laundering laws generally, were enacted with the passage of the USA PATRIOT Act.

Reforms included the creation of registration requirements for informal financial entities like money transmitters and the creation of an electronic filing system for suspicious activity reports to reduce time and costs associated with compliance with reporting requirements. The USA PATRIOT Act also enacted other reforms independently, such as enhanced customer due diligence measures and identification requirements and the prohibition of maintaining correspondent accounts with shell banks. Yet despite these reforms, the law is only gradually catching up to advances made by changing technology.

The advent of e-currencies are not new, but as it stands now, there are means of finance which avoid the regulated banking sector completely. These changing technologies pose a problem for the most basic and fundamental tenants of the US anti-money laundering system-the elements of customer due diligence and reporting.

Current anti-money laundering laws regarding foreign owned or controlled private bank accounts or correspondent accounts of $1,000,000 USD require an initial examination of the identify of the owner or beneficial owner, the source of their funds, and whether the individual or individuals are senior foreign political figures. Cash transactions of $10,000 USD or more however, have to be reported as well, but are not subject to the same customer due diligence requirements.

Unfortunately cyber banks and do not operate with these sorts of requirements and will take money provided for them with as little as an email address. As for 2013, Online currency exchanges are obligated to conform with the same federal laws governing conventional financial institutions. Despite these efforts to rein in potential cyberlaundering, gaps still exist.

Title 31 of federal code governs most of the anti-money laundering approach taken by the US federal government. The rise of anonymous payment services and cyber banks only present a significant problem for regulation if the problem is purely limited to domestic responses. The Liberty Reserve, an online anonymous currency exchange found to be used for money laundering operations was incorporated in Costa Rica, yet it is one of multiple such entities incorporated outside of US jurisdiction.

With the legal troubles faced by Liberty Reserve, launderers simply switched venues to mask and transfer their funds, using services such as Perfect Money, a Panamanian entity, to facilitate their business. International cooperation in holding these service providers is necessary for effective prevention of money laundering.

The current provisions governing tracing cross-border transfers permit regulations to be made regarding certain amounts of such transfers but the Financial Crimes Enforcement Network is still in the process of lowering the threshold for reporting cross-border transactions to $1,000 USD. This could increase incentives for the US government to cultivate more cooperative an internationally integrated approach to reaching anonymous payment and currency exchange services based in foreign countries.

The first gap within the anti-money laundering regime is the application of customer due diligence and enhance due diligence measures apply only to accounts owned by or controlled by foreign nationals. This may allow for detection of some potential terrorist finance accounts, it neglects the potential domestic financier of international terrorism who uses their own accounts to wire money. The laws attempt to prevent this by attaching reporting requirements for transfers to international sources provided they are large enough, either individually or in an aggregate, but these can be circumvented.

The second gap is the inability of the current legal structure to adjust to the increasingly decentralized nature of payment transfers online. The guidance released by FinCEN only addresses individuals who convert hard currency into virtual currency and those who issue virtual currency, but federal law attempts to regulate these entities with larger definition of money transmitters. Despite the increase in regulation, anonymous payment services continue to be utilized and have become more prolific with the rise of mobile technology.

It is still unclear how the US government intends to cope with these changes in technology. It is also unknown what sorts of laws could impact anonymous payment and banking services. There are literally hundreds of such services. The current federal regulations implicitly assume that agents of foreign terrorist organizations will attempt to utilize domestic formal financial services in the US. It is perhaps time for policy makers to reconsider this approach.

US-India Economic and Financial Partnership – Combating Terrorist Financing

Last month, US Treasury Secretary Jack Lew announced a new bilateral effort with India to implement international anti-money laundering / combating the financing of illicit terrorism (AML/CFT) standards.  The announcement at the fourth annual US-India Economic and Financial Partnership specifically mentioned intentions to target the financial networks of Lashkar-e-Tayyiba (LeT), Jamaat-ud Dawa (JuD), and the Haqqani Network.  LeT and it’s religious front, JuD, are blamed for the 2008 Mumbai Terror Attacks, and the Haqqani Network is blamed for the Indian embassy bombing in Kabul that same year.

Congress first criminalized the provision of material support to terrorists in 1994 when it passed 18 U.S.C. § 2339A and, two years later, when it passed § 2339B, which makes it illegal to provide material support to designated foreign terrorist organizations. Prior to this, U.S. law enforcement had to prosecute these crimes under anti-money laundering statutes.  “Material support” includes “property, tangible or intangible, or service, including currency or monetary instruments or financial securities, financial services ….”  It also holds financial institutions responsible and requires any institution that “becomes aware that it has possession of, or control over, any funds in which a foreign terrorist organization, or its agent, has an interest, shall retain possession of, or maintain control over, such funds; and report to the Secretary the existence of such funds in accordance with regulations issued by the Secretary [of Treasury].”

In the days following the attacks on September 11, 2001, President Bush issued , which froze assets of those who commit, threaten to commit, or support terrorism.  In the same speech, President Bush announced an increased role for the Department of Treasury telling the public, “we have established a foreign terrorist asset tracking center at the Department of Treasury to identify and investigate the financial infrastructure of the international terrorist networks….”  Since then, the U.S. Government has gone on the offensive and significantly increased its efforts at combating terrorism by undermining the groups’ ability to fund their efforts.  According to a West Point study from 2010, the number of convictions for terrorism-related cases involving material support charges increased noticeably from 2006 to 2009.  In 2006, “eight out of 54 convictions in terrorism-related cases involved material support charges” and that number jumped to 28 out of 35 just three years later.

Jurisdiction for prosecution under these statutes require that the individual or the offense have certain contacts with the US as listed under 18 U.S.C. § 2339B(d).  With most international transactions having some connection with New York or U.S. banks, tracking and freezing assets, and subsequently acquiring jurisdiction over foreign actors, should not be difficult.   Players in the region, however, might use a more informal system to transfer money from party to party, such as “Hawalas” or “Hundis,” making this newest partnership even more essential in order to follow the money trail.

Secretary Lew’s announcement last month is just another example of the US Government’s proactive approach in cutting off the financial networks available to terrorists and foreign terrorist organizations.  As America continues its draw down in Afghanistan and curbs the frequency of drone strikes in Pakistan, this is a chance for the administration to maintain a regional presence in order to target known and yet-to-be-known threats.

Congress v. China: The Cyber-Espionage Debate Turns Into Concrete Action

During a speech to the Asia Society on March 11, 2013, National Security Advisor Tom Donilon took China to task for suspected acts of cyber-espionage, arguing that Chinese state-sponsored attacks pose risks “to international trade, to the reputation of Chinese industry and to our overall relations.” Over the past decade suspected Chinese cyber attacks have been launched at targets ranging from the New York Times, to the Department of Homeland Security. Although the United States and China have often traded heated words regarding the use of cyber-espionage, in recent days, rhetoric has turned into action.

On March 26, President Obama signed into law H.R.933, the Consolidated and Further Continuing Appropriations Act, to prevent a government shutdown. Although the provision went largely unnoticed in the immediate aftermath of the Act’s passage, it has drawn increasing scrutiny in recent days. Section 516 is unique insofar as it is one of the first laws to specifically target the sale of Chinese produced information technology products to U.S. departmental agencies. Also, it seems to be one of the first concrete steps taken by the Obama administration to address a critically vulnerable area, cyber-security. However, the efficacy of the provision in protecting American cyber-security is dubious, and the motivations behind the inclusion of the provision more so.

First, and perhaps most importantly, the provision barely addresses American cyber-security vulnerabilities. Second, the provision is largely an empty gesture. The Obama Administration could easily decide that an “information technology ‘system’ is created whenever an English-language manual is shrinkwrapped to a Chinese-sourced router. As long as the shrinkwrapping is done by an American contractor, the newly minted “system” might fall outside the scope of the law.” Third, the measure will likely do nothing to stop the steady stream of Chinese cyber-attacks, but could do a great deal of economic harm to Chinese companies such as Lenovo, which provides information technology services to the United States military and NASA. Indeed, i, a staggering amount which Section 516 will undoubtedly affect. Moreover, American companies may also be inadvertently barred from selling their information technology products by Section 516 if their suppliers are directed or subsidized by the Chinese government. Although Section 516 is a concrete step in addressing the basic issue of Chinese cyber-espionage, ultimately, this provision seems destined to offer little towards an actual solution to American cyber-security vulnerabilities.

The Defense Community's New Investment Strategy and the Inherent Limitations for Business Growth

There is no doubt that in today’s national security landscape the most advanced technology is needed to keep nations safe. The need is even more pronounced for nations, such as the United States, which often face threats on multiple fronts. Over t

he past several years, the frequency and complexity of cyber-attacks and espionage activities against the U.S. government and military has increased at an alarming rate.[] In a post 9/11 world, security agencies once strictly focused on national borders must now communicate efficiently and coordinate effectively with overseas military and intelligence operations, tracking the movements of terror suspects.

The U.S. Department of Defense (DOD) has acknowledged the need to protect the nation from cyber-attacks and to create an efficient framework to share information among the different military and national security agencies. In 2010, it launched the U.S. Cyber Command to protect digital security networks and manage cyber resources.[] While the internal efforts of the military and security administration in the realm of cyberspace have been remarkable, a recent and unique trend has been emerging; a formal partnership between the U.S. security community and the private sector.

Partnership and cooperation between the military and the private sector has long been a part of U.S. history and the development of its security capabilities.[] More recently, the DOD has set-up a formal dialogue between the security community and top management of private IT and defense firms, known as the Enduring Security Framework.[] Security officials have repeatedly acknowledged the inherent advantages in technological development that only the private sector can execute. When advocating for a stronger public-private partnership, former U.S. Deputy Secretary of Defense William Lynn as pointed to the 81 months it takes the Pentagon to develop a new computer system as opposed to the 24 months it took Apple to develop the iPhone.[] With the culture of continuous innovation in Silicon Valley and the speed of bringing ideas to market that only a profit-driven business can accomplish, the security community has begun to rethink its strategy to team up and tap private sector capabilities.

One of the more interesting strategies has been the emergence of the security community’s effort to invest venture capital and private equity stakes in tech startups. The most obvious example is In-Q-Tel (IQT), the investment arm of the CIA, which provides funds for equity stakes and product development as well as consulting services to tech startups. Since its inception in 1999, IQT has invested in over 165 firms and delivered more than 350 different technologies for the defense community.[] One investment has proved amazingly successful: Palantir Technologies. A tech startup that was shunned by

the private equity community, Palantir turned to IQT for its seed investment, and created a technology that has been dubbed the solution to the 9/11 security problem.[] It has created a massive system that can mine through all the data scattered throughout the entire security community and display it on a single dashboard. Security officials have been enthusiastic about Palantir (one Special Forces member stationed in Afghanistan has described it as “plugging into the Matrix”)[] and to date, it has been used to find suspects in the murder of a U.S Customs Agent, uncover bomb networks in the Middle East, solve child abduction cases, analyze combat operations in real-time and detect credit fraud scams. Its customer list includes the CIA, FBI, the entire military, the police departments of New York and Los Angeles as well as banks seeking to prevent financial fraud.[]

IQT seeks to invest in the startups that can deliver technology for the security community while also having the capability to commercialize its business and earn a profit.[] It is evident, as the example of Palantir clearly illustrates, that such a strategy can yield huge rewards, both for the startup and the security community’s perpetual and necessary appetite for cutting-edge, creative technology. However, when security agencies take ownership stakes in a business, there may be serious implications for the business’s prospects. Palantir is fortunate to be creating a product that can be utilized by many industries that pose no security threat to the U.S., and therefore realize future growth and healthy profits. But what of the companies, owned in part by IQT and other government sponsored investment bodies, which create more narrowly-focus products and services? Security policy limitations, essential to prevent the transfer of technology to the hands of potential U.S. enemies, cause startups to essentially face a ceiling of profits and growth from their business’s inception.

Limitations can come in many forms; inability to effectively market a product due to classified information, limitations on customers (including lucrative contracts such as China which may be unattainable due to security policy) and distribution of technology to corporations who have overseas operations vulnerable to foreign government intrusion. In such a context, businesses may be severely restricted in pursuing new markets and customers. The inherent problem is compounded when considering the rights of other shareholders who invested in the business to see it grow and turn a profit.

Such cases have occurred in the past, with a notable example being that of the satellite intelligence firm ImageSat. Seeking to create a satellite surveillance and analytics company that had the impression of being disconnected from the U.S. security community, and therefore scarring off potential global customers, a group of Israeli and American investors founded ImageSat.[] Incorporated in the Cayman Islands, the firm sold satellite surveillance to governments including China, Venezuela and Angola.[] While being free from government regulation, the Israeli government (which had influence through formal investment as well as Israeli private shareholders) placed restrictions on business operations, namely that services could not be sold to any customer within a 2,500 mile radius of Israel.[] It wasn’t long before shareholders, both private and individual and companies from around the world, filed a lawsuit claiming up to $300 million in damages on the grounds of corporate malfeasance and limitations on business prospects.[]

The above case illustrates the inherent conflict of interest when security agencies take an ownership interest in private startups. On the one hand investment programs such as IQT provide much needed seed funding to entrepreneurs and deliver important technological advance to the U.S. security community. On the other hand, the startups face inherent restrictions in their marketing capabilities and business development from the beginning, often in times when income is necessary to fund product development and attract investors. In order to preserve this investment strategy, highly beneficial to both the national security and entrepreneurial community, there must be a clear and transparent framework identifying the limitations of government equity positions. Businesses, and their shareholders, must be made aware of security policy implications; where business opportunities end and national security policy begins. Only when such policies are clearly developed and articulated will security

agencies be able to tap into the creative world of the private sector while allowing businesses to rightfully grow and prosper.

[] William J. Lynn, Defending a New Domain, Foreign Affairs, Sept. 2010, at 97.

[] Id. at 102.

[] See generally James Ledbetter, Unwarranted Influence: Dwight D. Eisenhower and the Military-Industrial Complex, 15-44 (2011).

[] Supra note 1, at 105.

[] Id.

[] IQT Corporate Fact Sheet, In-Q-Tel, (last visited May 5, 2012).

[] Ashley Vance & Brad Stone, Palantir, The War of Terror’s Secret Weapon, Businessweek (Nov. 22, 2012, 3:56 PM),

[] Id.

[] Id.

[] Supra note 6.

[] Eamon Javers, Broker, Trader, Lawyer, Spy, 217 (2010).

[] Id. at 219

[] Id.

[] Wilson v. ImageSat Int’l, No. Civ. 6176(DLC), 2008 WL 2851511, at *1 (S.D.N.Y. July 22, 2008).