Automated money-laundering scheme found in free-to-play games

An unsecured MongoDB database has exposed what security researchers say is an automated money-laundering operation. The scam involves credit card thieves automatically creating fake Apple accounts and gaming profiles to profit from transactions on gaming sites.

On Monday, Kromtech’s Security Center explained that crooks are reaping profits from games that are free to play by reselling resources – for example, gems, gold, other virtual objects that give players extra abilities (known as power-ups), or games themselves.

It’s a rich vein to mine: according to one report, the gaming industry saw revenues of $108.4bn in 2017, with most of it – $82bn – coming from free-to-play titles.

Kromtech communications director Alexander Kernishniuk said in a post that money laundering in app stores is far from a new idea: in 2011, for example, Apple’s App Store was flooded with expensive, oddball apps that nobody was actually buying, the bulk of them from China.

Money laundering is one thing, but Kromtech wound up finding something Kernishniuk called “much more sophisticated.”

While conducting security audits of unsecured MongoDB databases, security researchers saw a newly created, “strange” database – open to the public, with no passwords or credentials required – that held a large number of credit card numbers and personal information. Given that the groups of records were in round numbers – 10K, 20K, 30K – the records were likely bought on the market for carders: i.e., those who buy stolen credit card numbers in large lots.

Kromtech researcher Bob Diachenko told Bleeping Computer that the group had it down to a science: they were using a special tool to create iOS accounts using valid emails accounts, then they were adding a stolen payment card’s details to one of the new iOS accounts.

Then, they used another automated tool on jailbroken iOS devices to spread the workload, which consisted of installing games, creating in-game accounts, and buying game features or premiums that they later re-sold online for real money.

The database was only a few months old. The credit card thieves were using the records to target just three games: Clash of Clans and Clash Royale, both from game maker Supercell, and Marvel Contest of Champions, from Kabam. The three games – all together, the trio has 250 million users – have a very active third-party market for selling resources.

Kromtech said that the automated tool its researchers found, and its users, currently work with countries such as Saudi Arabia, India, Indonesia, Kuwait, and Mauritania. The database contained 150,833 unique card entries, each with full card number, expiration date, and CCVs. The cards belonged to 19 different banks.

Kromtech says that it’s easy to automatically create new accounts on a large scale because Apple only requires a valid email address, a password, a date of birth, and three security questions to create an Apple ID. Email accounts from various providers are also very easy to create en masse, with little verification required. Put the two together, and accounts could be churned out lickety-split, in great numbers.

But wait, there’s still more automation yet in this scheme: not only did the crooks automatically create accounts, they also automatically filled in credit card details until they hit on a valid one, then they automatically purchased games and resources, automatically posted games and resources for sale, used a digital wallet for order processing, and used multiple Apple devices to distribute the load.

Kromtech:

The end result, an automated money laundering tool for credit card thieves.

There are a few hurdles that should slow down this type of automated thievery. For one, email services could require phone verification, which some are, in fact, doing. VoIP burner numbers are still easy to get, but at least phone verification would make it tougher to get email accounts in bulk.

For another thing, Apple does try to validate the credit cards by charging and then refunding, $1. But Kromtech isn’t impressed by the company’s verification processes, given that researchers spotted many transactions that went through using cards that had an incorrect name and address.

Perhaps verification is minimal due to the low dollar amount of the charge, but a stricter credit card verification would make it a bit more difficult for the carders.

Kromtech has notified the US Department of Justice about the operation. Ditto for Supercell and Apple. I’ve reached out to Apple for a comment and will update the story if I hear back.

While the focus here is on Apple, Google Play isn’t immune to this type of abuse too. Kromtech’s researchers said they saw instructions on how to rebind Google accounts, with payments, to user IDs in Supercell. Rebinding means that a player can log-in on other devices, as long as they remember their binding details.

Don’t play into the scammers’ hands

Kromtech advised players not to fall for offers of cheaper gems/diamonds. They’re scams. Such third-party services request private login data such as Apple ID or your Google Play credentials to access your account, but they often hijack the account and sell it to other players. Also, once they have access to your credentials, scammers can jeopardize not only your gaming security but your financial security, as well.

If that’s not harsh enough, buying gems or diamonds from third-party vendors can lead to having your in-app currency revoked, or even get your account permanently banned.

Finally, here’s a rare thumb’s-up for unsecured databases: Like we’ve said in the past, they’re still the low-hanging fruit of the internet.

MongoDB, a NoSQL database, turns up all too frequently in security-breach headlines, which is why we always urge people to make sure they read the security manual of whatever NoSQL database service they’re using, and that they implement all the available security controls.

However, fortunately for all of us law-abiding citizens, carders and other crooks are also mere humans, prone to the same poor database security that others grapple with. This money-laundering scheme came to light because of it – a rare instance of a silver lining on a security failure!

Former Rumrunners bouncer sentenced to 20 years for involvement in drug ring, money laundering crimes

By Beth Verge

ANCHORAGE (KTUU) – An Anchorage man was sentenced this past week to 20 years in prison followed by a 10-year term of supervised release for his role in a local drug ring.

Murville Lavelle Lampkin, 45, was sentenced July 10 following a conviction for conspiracy to distribute methamphetamine and heroin, possession with the intent to distribute methamphetamine, distribution of heroin, and money laundering, with some of the activity dating as early as January of 2015.

That month, law enforcement officials found about 400 grams of methamphetamine packaged into 15 individual Ziploc baggies inside a locked safe at the foot of Lampkin’s bed. They also discovered smaller baggies into which doses of drugs could be packaged and a digital scale used to measure drug quantities.

The final sentencing follows an eight-day trial in November of 2016, during which evidence presented showed Lampkin was a member of a conspiracy led by Toa Danh “Tony” Ly: Two years earlier, Ly and others had begun to distribute marijuana and methamphetamine in Anchorage, the Valley, and Kenai Peninsula, later adding heroin to the list. Money made from the drug sales was deposited into Wells Fargo bank accounts controlled by Ly, to which Lampkin contributed about $57,000.

According to the Dept. of Justice, Pao Lee, Rennie Davis, Robert Rast, Tracey Trujillo, Mark Hanes and Susan Bradshaw are also known to have sold drugs and made deposits of drug money for Ly.

As for Lampkin, this conviction is his third: In 2002, he pleaded guilty in federal court to distribution and possession of cocaine with the intent to distribute, and was sentenced to 10 years in prison. While in custody, he was then convicted – in Alaska state court – of promoting contraband in the first degree for possessing oxycodone and tetrahydrocannabinol.

In 2012, as a bouncer at Rumrunners Old Towne Bar & Grill, he was also convicted in state court of fourth-degree assault following a fight with a patron. He was sentenced in that case to two months in jail and two years of probation.

Read the full DOJ release here.

“Bitcoin Maven” Theresa Lynn Tetley Sentenced To 12 Months Jail For Money Laundering

By Yuri Besmanoff

Theresa Lynn Tetley, the so-called “Bitcoin Maven,” who admitted to running a Bitcoin-for-cash exchange business without a license, as well as laundering Bitcoin purchased from the proceeds of drug trafficking, was last week sentenced to 12 months and one day in federal prison and also fined $20,000.

The Downfall Of The Bitcoin Maven

She reveled in being known as the “Bitcoin Maven,” a moniker she gave herself because of her deep knowledge of cryptocurrency. That knowledge enabled her to make a substantial amount of money in a shorts space of time.

However, this week, Theresa Lynn Tetley, aged 50, of Southern California, who in a former, less complicated life had been a stockbroker and real estate investor, pleaded guilty to one count of money laundering and one count of operating a money transmitting business without a license, and was sentenced to 12 months in prison by US District Judge Manuel L. Real.

The official charge was conducting an illegal business and engaging in unlawful monetary transactions involving Bitcoins. Tetley was also ordered to forfeit some 40 Bitcoin, worth around $250,000, to forfeit $292,264.00 in cash, as well as 25 assorted gold bars (worth around $12,500) that were deemed to be the proceeds of her illegal activities.

Between $6-$9.5 Million In Illegal Transactions

The court heard how Tetley ran a Bitcoin-for-cash exchange platform without first registering with the Financial Crimes Enforcement Network (FinCEN). She had also failed to implement anti-money-laundering mechanisms such as customer due diligence, and had failed to report certain transactions required for these types of businesses.

Tetley advertised on the website LocalBitcoins.com, and took part in illegal transactions that totaled between $6-$9.5 million. Her customers were almost all from the United States. Ironically, clients that used her exchange received no special favors, as Tetley actually charged higher rates for Bitcoin transactions than legal exchange platforms do.

Laundered Drug Money Earned On The Dark Web

The most serious offence – at least in the eyes of the public – was that Tetley knowingly laundered funds from an individual suspected of receiving Bitcoin as payment for selling drugs on the “Dark Web.” During the investigation, an undercover agent representing himself as a drug trafficker successfully swapped Bitcoin for cash using Tetley’s exchange platform.

According to sentencing documents, the prosecution had successfully argued that:

“In light of the growth of the dark web and the use of digital currency, unlicensed exchangers provide an avenue of laundering for those who use digital currency for illicit purposes. Tetley’s business fueled a black-market financial system that purposely and deliberately existed outside of the regulated bank industry.”

The case against Tetley was the first of its kind in the annals of the Central District of California.

‘Bitcoin Maven’ Jailed for Multi-Million Dollar Bitcoin-for-Cash Money Laundering Operation

By AJ Dellinger

Bitcoin has lost most of its (likely inflated) value in the last few months, but it still has plenty of value for law enforcement agencies looking for financial crimes to punish. The latest cryptocurrency criminal to get the book thrown at them is “Bitcoin Maven,” a 50-year-old woman who ran a bitcoin-for-cash exchange operation.

The Department of Justice announced Theresa Lynn Tetley, a former stockbroker and real estate investor, was sentenced to 12 months and one day in federal prison this week for operating an unlicensed money transmitting business and money laundering. She was also ordered to forfeit 40 Bitcoin (valued at about $250,000), $292,264 in cash, and 25 gold bars acquired through her illegal business.

Tetley’s scheme, highlighted by Ars Technica, involved offering people Bitcoin in exchange for cash, which on its face probably doesn’t sound like much of a crime. But Tetley did everything off the books. She failed to register her operation as a money services business and didn’t offer any sort of “anti-money-laundering mechanisms,” per the Justice Department.

Most of Tetley’s transactions were completed in person, with cash being provided for the virtual currency. She advertised her service through localbitcoins.com, a site that facilitates such exchanges, where she posted under the name “Bitcoin Maven.” She lived up to it, too; According to the DOJ, she exchanged $6 and $9.5 million over the course of several years.

Her undoing came when she began unwittingly started doing business with an undercover agent from the Drug Enforcement Administration. The agency started closing in on her in 2016, and dragged her along for nearly a year as they built a case against her.

The plan to bring Tetley down included introducing a second agent, posing as the first agent’s boyfriend, to conduct a number of large transactions with the Bitcoin Maven. According to Ars Technica, at one point the fake boyfriend informed Tetley that he possessed a large supply of “coke, meth, and weed” that had been “stolen” and was selling that stash for the bitcoin he was trading with her. Tetley moved forward with the transactions anyway, at one point showing up with $300,000 in two Trader Joe’s grocery bags to make a trade with the undercover agent.

“Providing cash in envelopes (and in the significant amounts she did), in coffee shops and restaurants, is no way to conduct legitimate business, certainly when that volume exceeds the millions,” prosecutors wrote in a sentencing memorandumper Ars Technica. “Someone such as defendant—a former stockbroker and real estate investor—was certainly aware of that.”

Not helping her case was the fact that Tetley was also doing business with William James Farber, a man believed to be at the head of one of the largest drug rings on the now-shuttered dark web marketplace Alphabay. Ars Technica noted Farber was arrested last year and charged with conspiracy to possess and distribute controlled substances.

For her run as the Bitcoin Maven, Tetley will spend 366 days behind bars in a federal prison. Her stash of bitcoin collected from the business, which now belongs to the government, is worth about $250,000 as of Wednesday evening—but it’ll likely be worth $400,000, then $75,000, then $250,000 again by the end of the week.

Terrorists slipping through net thanks to anti-money laundering unit delays

By Jan Keuchel

It took a second glance to confirm what the officer was seeing and it was still unbelievable. The list of people suspected of money laundering at a bank included a member of Al Qaeda. The policeman, based in northern Germany, called it a “security catastrophe.”

Unfortunately that wasn’t the only problem. It had taken more than six months for the list to reach the officer’s desk. He blames the national Financial Intelligence Unit (FIU). The relatively new unit is endangering the lives of German citizens, in his view.

That was not an isolated incident. The anti-money laundering agency has a backlog of tens of thousands of reports, is woefully understaffed, and so risks missing important leads about terrorism, according to Handelsblatt’s research.

As one senior prosecutor in North Rhine-Westphalia commented: “I wouldn’t want to be in their shoes if there is an attack and it turns out there was an explicit tip in their files.”

Dozens of interviews with state criminal authorities confirmed that tips about possible terrorist activity take months to reach their desks. They all blame the FIU, set up a year ago by former Finance Minister Wolfgang Schäuble after calls for a centralized system to uncover money-laundering.

‘A significant danger for domestic security’

In a secret report to the parliamentary finance committee, the state criminal authority in Thuringia labeled the FIU “a significant danger to domestic security.” The agency described one incident where a report from the Islamic KT Bank in Frankfurt in early February 2018 showed an account that received €18,000 from several different people in a short space of time. Then the funds were transferred to the Netherlands. But the report didn’t reach the police until April.

Dusseldorf senior public prosecutor, Andreas Stueve, who focuses on money laundering cases, called this dangerous, because millions of dollars aren’t needed to carry out terror. “The smallest sums can produce the biggest dangers,” he points out.

It won’t be easy to fix this problem, though many call on the new finance minister, Olaf Scholz, do so. The FIU suffers from fundamental deficiencies in both conception and execution, say critics.

The unit was originally moved from the Federal Criminal Police Office to the Central Customs Authority but without the original staff. The job of the FIU is to identify and forward any suspicions of money laundering associated with terrorists or criminals. That needs time and care, though only two of the 101 full-time members of staff have a law enforcement background. Many came from the employment agency and a further 220 part-timers and students help out.

The FIU does not see this as a problem, but said it needs 475 more members of staff. New employees are currently being trained, the agency said.

A further problem is the FIU lacks access to law enforcement databases to cross-check suspicious activity, so cases aren’t processed from a law enforcement perspective. By the time reports reach police, months on, they have to be processed all over again.

‘FIU an out-and-out failure’

The opposition parties want Mr. Scholz to step in immediately. “The relaunch of the FIU seems to have been an out-and-out failure,” said Lisa Paus, financial policy spokeswoman for the Greens. She said the finance ministry now has to prove it can get the situation under control.

Mr. Scholz did fire Andreas Bardong, the director of the FIU last month, but critics say more is needed. The FIU has a backlog of 20,000 reports to review. These need to be passed on if there is any indication of crime or terror. More than 70,000 new reports will follow this year. They are likely to contain important tips as €50 billion ($59 billion) worth of dirty money moves through Germany every year, according to experts.

There’s also a stash of worrying files at the finance ministry. Of 20,000 cases that are outstanding, 12,000 were put aside for “further monitoring.” That means the FIU decided they weren’t too urgent so stored them in a database. But no other agencies receive information about those cases, not the police, prosecutors or even whoever reported the suspicion in the first place.

The FIU concedes mistakes but said the agency is moving faster to forward reports indicating potential terror activity, both to the police and the counterintelligence agency. The finance ministry told Handelsblatt that backlogs should be cleared by the end of this month, though that seems unrealistic given the deadline has been postponed several times in the past.

And the problem is growing as lawmakers note that Germany’s booming real estate market is a prime channel for money laundering from Russia and Italy. Concerns are raised almost only by banks, as real estate agents, lawyers and notaries don’t know where to report suspicions. In the future, the number of tip offs is likely to increase exponentially.

‘Bitcoin Maven’ sentenced to a year in prison for money laundering

By James Koren

Bitcoin and other cryptocurrencies have for years been a preferred payment method on the so-called dark web — anything-goes corners of the internet where you can find drugs and other illegal products and services.

But once a drug dealer accepts crytocurrency, how do they turn that money into real currency? The case of Theresa Tetley is instructive.

The Marina del Rey woman exchanged millions of dollars in cash for bitcoin, including for a suspected online drug dealer. She was sentenced Monday to a year in federal prison after pleading guilty to money laundering.

Tetley, a former stockbroker turned bitcoin enthusiast who called herself “Bitcoin Maven,” will also pay a $20,000 fine and give up nearly $300,000 in cash, 25 gold bars and 40 bitcoin — worth about $270,000 as of Monday afternoon — that federal authorities seized last year.

From 2014 to last year, Tetley exchanged as much as $9.5 million in cash for bitcoin, meeting clients at restaurants, coffee shops and other public places to hand over envelopes of cash in exchange for the virtual currency, the Justice Department said in court filings.

She was arrested in March 2017 after a sting operation orchestrated by the U.S. Drug Enforcement Administration. She offered to exchange $300,000 in cash — carried in two Trader Joe’s paper grocery bags — for bitcoin held by an undercover DEA agent posing as a drug dealer, prosecutors said.

The Justice Department also alleged that Tetley made $6 million worth of bitcoin-for-cash exchanges with William James Farber, a Los Angeles man charged last summer with running an Altadena drug ring that sold cannabis on dark-web marketplaces Silk Road and AlphaBay.

Tetley was charged with money laundering and operating an unlicensed money-transmitting business and pleaded guilty to both charges in January.

It’s not illegal to exchange bitcoin or other digital currencies for cash, but Tetley did so without obeying federal rules that require banks and other financial firms to report suspicious activity and large cash transactions — measures that aim to curb money laundering by drug traffickers or other illegal businesses.

Bitcoin and other virtual currencies, which are not issued by governments and can be directly exchanged from person to person without going through banks or other regulated institutions, are a preferred payment method for dark-web transactions.

But those who accept virtual currency payments for illicit transactions may have a difficult time exchanging those holdings for real currency — unless they find someone like Tetley who would not report suspicious activity to federal regulators.

Brian Klein, one of Tetley’s attorneys, called the 12-month sentence a victory, noting that it is substantially shorter than the 30-month sentence sought by federal prosecutors. In a sentencing document submitted to the court, her attorneys argued that Tetley, though guilty, “did not set out to engage in a broad-ranging criminal enterprise.”

“We are pleased the judge made such a dramatic departure,” Klein said.

The U.S. attorney’s office argued in court filings that Tetley should have received a longer sentence because her conduct showed she knew or should have known some of her clients were engaging in illegal activity.

“Providing cash in envelopes (and in the significant amounts she did), in coffee shops and restaurants, is no way to conduct legitimate business, certainly when that volume exceeds the millions,” government attorneys said in court filings. “Her decision to continue to proceed in this manner highlights the seriousness of the offense.”

Businessman pleads not guilty to drug conspiracy, money laundering

By Lorenzo Zazueta

McALLEN — The owner of a Houston-based Chicago-style pizzeria may have played a role in drug trafficking and money laundering, according to an indictment unsealed last month.

During a brief arraignment hearing, a Houston man pleaded not guilty to charges related to an alleged drug trafficking ring going back more than six years.

DeAllen Jerome Nettles stood before U.S. Magistrate Judge Peter E. Ormsby Thursday afternoon after his attorney’s written waiver for the arraignment was not accepted by the court, obligating Nettles to appear before Ormsby.

Nettles also waived the reading of the indictment during the hearing, and pleaded not guilty to all three counts he’s facing — one count of conspiracy to distribute more than five kilos of cocaine, and two counts of money laundering.

The indictment alleges in part that the 30-year-old man and at least more than 20 others — the majority of whom have their names redacted in the court record partially unsealed June 13 — conspired to distribute more than 5 kilos of cocaine for more than six years, beginning in May 2012 to the date of the filing this June.

A Chicago nativs, Nettles made his initial appearance in a Houston federal courtroom June 13 and was released the next day on a $10,000 bond. His social media profiles state he is the owner of a Houston-based business called ChItalian Pizzeria.

Nettles is also accused of two money laundering charges, one alleged incident occurred in November 2012, the other Dec. 29, 2015, the court documents state.

The second money laundering charge gives more detail, showing Nettles allegedly moved more than $300,000 to Mexico from Chicago “with the intent to promote the carrying on of specified unlawful activity that is the distribution of a controlled substance,” according to court documents.

In total, the feds are looking to seize more than $150,000 in property, and more than $7 million in U.S. currency as part of the case against the multiple defendants, court records show.

Nettles remains free on the $10,000 bond. Nettles’ attorney, Houston-based Cornel A. Williams, declined comment based on his policy not to comment on pending litigation.

Jury selection is set for Aug. 7, with the trial beginning shortly after, court records show.

The EU is losing its battle against money laundering

First Latvia, now Estonia. Reports that Danske Bank, Denmark’s largest lender, may have laundered up to $8.3bn through its Estonian subsidiary — following Latvia’s banking scandals this year — have highlighted anew the Baltic republics’ reputation as conduits for dirty money. They point, too, to a more fundamental issue. Europe is trying to fight an inherently international problem with a patchwork of national authorities.

In the Danske case, Danish newspaper Berlingske alleged this week that as much as DKr53bn of suspicious money — more than twice previous estimates — flowed through the bank’s Estonian branch, citing bank documents. The report poses questions for managers, including Thomas Borgen, the bank’s chief executive since 2013 who previously headed its international operations, including the Baltics. It also suggests the bank’s own internal probe is insufficient, and the fraud squad should be brought in.

The Estonian scandal has blown up only four months after the US Treasury in effect forced the closure of Latvia’s third-largest bank, ABLV, by accusing it of “institutionalised money laundering”, including helping finance North Korea’s nuclear programme.

The alleged laundering through Danske in Estonia is historical, dating from 2007-2015. The Baltic states, under EU and US pressure, claim to have clamped down on illicit money flows since then, and shrunk their outsized non-resident banking sectors, which largely serviced customers from Russia and other ex-Soviet states. But the US swoop on ABLV raised doubts about how effective that clampdown has been — and left Latvian and EU authorities looking ineffective. The US told Latvia in March that its banks were still involved in money laundering.

There are limits, in any case, to what national regulators can achieve on their own. Tackling money laundering requires close cross-border co-ordination. In Danske’s case, while Danish regulators supervise bank management, they must rely on Estonian authorities — and others beyond — to track the money flows. Dirty money, moreover, is like water. Plug holes in Latvia or Estonia and it will flow elsewhere — through Malta, say, or Cyprus.

As yet, no EU body exists with responsibility for co-ordinating efforts to plug the holes everywhere at once. The European Central Bank’s supervisory arm, the Single Supervisory Mechanism, scrutinises the business models and governance of banks. Competence for policing money laundering still lies with national authorities.

Each country has a financial intelligence unit, monitoring potentially suspicious transactions on behalf of law enforcement bodies. But there is no EU co-ordinating institution or central database. The outgoing head of Europol warned this year that the information-sharing that now exists on terrorism risks was not matched by that in the fight against financial crime.

Since Latvia’s banking scandals the European Commission has pledged to strengthen co-ordination. It is seeking better co-operation among national financial intelligence units, setting a deadline to respond to requests from counterparts in other EU countries, and trying to remove bottlenecks in sharing bank account data.

Danièle Nouy, the EU’s top financial regulator, has said Europe should go further, and create a centralised body for dealing with money laundering. For now, the political will does not exist. Until it does, the international McMafia will continue to find plenty of ways to funnel its illicit billions through the pipework of the European financial system.

Glencore Slumps as U.S. Orders Documents in Corruption Probe

By Thomas Biesheuvel and Franz Wild

Glencore Plc tumbled the most in two years as U.S. authorities demanded documents relating to possible corruption and money laundering.

The world’s biggest commodity trader said Tuesday that it’s been subpoenaed by the U.S. Department of Justice to hand over documents related to the Foreign Corrupt Practices Act and U.S money laundering statutes. The documents relate to the company’s business in Nigeria, the Democratic Republic of Congo and Venezuela from 2007 to the present.

The shares plunged as much as 13 percent, and more than 5.5 billion pounds ($7.3 billion) have been knocked off Glencore’s market value, about half the $14.8 billion of profit the company made last year.

It’s been a tumultuous year for Glencore, mostly due to challenges linked to its business in the Congo, where it operates giant copper and cobalt mines. The Swiss trader and miner is already facing the possibility of a bribery investigation by U.K. prosecutors over its work with Dan Gertler, an Israeli billionaire and close friend of Congo President Joseph Kabila, people familiar with the situation said in May.

Glencore said it’s reviewing the subpoena and will provide further information as appropriate. The shares dropped to the lowest in almost a year and were down 11 percent by 12:11 p.m. in London.

The DOJ usually issues subpoenas when it is investigating a company. In December, a Swiss court ordered companies controlled by Gertler to hand over bank documents to U.S. Federal prosecutors.

“Given the flow of negative news we’ve had through the course of this year, the knee-jerk reaction is worse than it otherwise might have been,” Hunter Hillcoat, an analyst at Investec Securities Ltd., said by phone. “The DOJ fines can be big, but to wipe out 10 percent of the market cap would be bigger than any fine I can recall.”

The biggest U.S. penalty for foreign corruption under the FCPA was a $965 million payment imposed on Swedish telecoms company Telia Company AB after it accepted that it paid hundreds of millions of dollars in bribes to a government official in Uzbekistan.

The largest fine linked to the U.S. law was meted out to Odebrecht SA, Latin America’s top construction company, and an affiliate. Odebrecht was ordered by a U.S. judge in 2017 to pay $2.6 billion to resolve bribery allegations involving Petroleo Brasileiro SA, Brazil’s state-run oil company. Odebrecht was ordered to pay $2.39 billion to Brazil, $93 million to the U.S. and $116 million to Switzerland.

While Glencore didn’t specify exactly what the DOJ is investigating, it has faced legal challenges in DRC, Venezuela and Nigeria that might suggest where the U.S. authorities are focusing their probe.

The company’s relationship with Gertler, who’s under U.S. sanctions over allegedly corrupt deals in Congo, has long been a cause for concern. In Venezuela, Glencore is among oil traders accused of paying bribes to get the inside track on oil deals, according to a lawsuit filed by a trust for Petroleos de Venezuela SA earlier this year. In 2015 a former representative of Glencore alleged that the company failed to pay a fee for helping to free 15 Russian sailors detained on suspicion of smuggling guns in Nigeria.

The company’s problems had seemed to ease last month as it headed off two of its biggest challenges in Congo. Faced with the risk of losing control of its mines, Glencore bowed to the demands from two entities with close government ties — the state-run mining company Gecamines and Gertler.

A spokesman for Gertler declined to comment.

Glencore’s bonds also slumped on the news. The company’s 500 million euros ($583 million) of notes due April 2026 led the decline, falling more than 2 cents on the euro to 109 cents, the biggest drop in more than two years, according to data compiled by Bloomberg.

“After navigating the recent challenges in the Congo, albeit with a jurisdictional shift in risk from the Congo to the U.S., this investigation is likely to provide another reason for investors to proceed with caution around the Glencore investment case,” RBC Capital Markets analyst Tyler Broda said in a note to investors.

GLOBAL COLLABORATION KEY TO ENSURING IMPLEMENTATION OF ANTI-MONEY LAUNDERING LEGISLATION

By Zac Cohen

Banks are spending $20 billion on compliance in an effort to combat money laundering, yet only one per cent of illicit financial flows are seized by authorities every year. While regulations have been introduced to crack-down on money laundering, so far they have had a limited effect. Given that banks will incur more than $400 billion in fines by 2020, as a result of misconduct and inadequate AML measures, organisations are under pressure to strengthen their own customer due diligence in order to avoid heavy fines.

Simultaneously, international trade is also becoming increasingly susceptible to trade based money laundering (TBML). Although the World Trade Organisation anticipates merchandise trade volume growth of 4.4 per cent in 2018, TBML accounts for hundreds of billions of dollars of illegal money flows annually.

Operating on such a large scale, techniques for money laundering have become increasingly sophisticated over time. Illegal activities are often masked under massive volumes of legitimate trade, making them challenging to uncover. For example, techniques such as under- or over-invoicing, falsifying documents, and misrepresenting financial transactions, are difficult to trace as they can involve multiple parties, jurisdictions and transactions. To be able to uncover these illicit activities, it is imperative to be able to identify and verify the people behind them.

Establishing ‘Beneficial Ownership’ and Business Verification

For the last two years, the European Union has been working on legislation to combat money laundering. The 4th Anti Money Laundering (AML) directive lays out the need to discover the beneficial owner of business customers, partners, suppliers and other business relationships.

Beneficial owner refers to the natural person(s) who ultimately owns or controls a customer and/or the natural person on whose behalf a transaction is being conducted. It also includes those persons who exercise ultimate effective control over a legal person or arrangement.Financial Action Task Force (FATF)

That is to say, you need to know who you are doing business with and the person (or group of people) who owns or controls that business.

Procedures and processes have to be put in place to collect information about the beneficial owner. By making use of the wide variety of technology available, a scalable solution to authentication can be created across companies and across borders. Automated systems and technology driven by Artificial Intelligence (AI) can be used to scour company documents in order to identify beneficial owners and make transactions more transparent. Cross-referenceing this against electronic ID verification solutions that leverage reliable and unique data from global sources around the world will help forma full picture of each beneficial owner of a business.

By knowing the businesses and knowing the key players within it, it is easier to differentiate between legal and fraudulent transactions, taking advantage of a transparent and secure approach to the global issue of money laundering.

A Global Solution for a Global Issue

Since money laundering is an international issue, it only makes sense for the solution to be cross-border as well. However, in reality, the ‘politics of Anti-Money Laundering’ is largely social and political. The leaders of any organisation set the tone, the priorities, and the agenda that permeates throughout the system. The leaders of a country are no different. They have varying influence and impact based upon their political capital, the willingness and strength of the bureaucracy to push through or downplay the leader’s decisions, and the agendas of the courts and legislators.

Moreover, as with any political issue, public interest in AML rises and falls depending on circumstances. When corruption scandals such as the Panama Papers hit the news, the public takes notice. In response, politicians and regulators note the loopholes and various actions are proposed and/or implemented.

It’s clear that a secure, reliable and global solution is required to fight money laundering and the financing of terrorism.As money laundering is so widespread and sophisticated, it will also require coordinated international efforts from numerous agencies, regulators and financial institutions to successfully combat money laundering. Allowing financial institutions to securely see more information from exporters, importers, shippers, and authorities enables them to better perform due diligence and monitoring.If regulators across borders can agree on standards for better, safer information sharing, money laundering can dramatically be reduced.

In order to take an active rather than reactive approach, renewed focus must be put on collaboration between policymakers, regulators and governments to leverage new technology and close gaps and loopholes. With that said, one of the most important factors is ensuring these technologies share information securely, especially on such a large scale. A combination of new technology, alongside ironclad policies for secure sharing, could help countries tackle the ever-evolving threat of money laundering, terrorist financing, fraud and tax evasion.

The purpose of a collaborative approach, reliant on secure data sharing, is to ensure swift authentication and verification of individuals and businesses. The data that European governments and companies hold on their citizens and consumers serves little purpose if kept in siloed departments. But if linked together, they can act as pieces of a puzzle and provide a holistic image of any individual or business.

The way forward

The increasing risk of money laundering and fraudulent activities, coupled with the pressure on banks and businesses to comply with regulations, proves the need to revamp the existing system for dealing with these activities. By securely accessing databases that include people and companies that pose financial crime risk, such as OFAC, sanctions, politically exposed persons lists, and existing fraud ledgers, a robust approach can be taken to flagging risk and verifying identity. Not only is it imperative to develop a shared and secured system of information sharing, the process of business and customer verification needs to be automated and digitised to keep up with the world of virtual transactions.