In this segment of Compliance Studio, John J. Byrne, ACAMS executive vice president visited with Dennis M. Lormel, founder and president of DML Associates to discuss the challenges facing the private sector and the changes that have occurred in the fight against terrorist financing in the past 10 years.
DML Associates, LLC, is a full service investigative consultancy, where Lormel provides consulting services and training related to terrorist financing, money laundering, fraud, financial crimes and due diligence. For 28 years, he served as a special agent in the FBI and served as chief of the FBI Financial Crimes Program. There, he formulated, established and directed the FBI’s terrorist financing initiative following the terrorist attacks of September 11, 2001. For his visionary contributions, Lormel received numerous commendations and awards to include the Department of Justice, Criminal Division’s Award for Investigative Initiative and the Central Intelligence Agency’s George H. W. Bush Award for Excellence in Counterterrorism.
Truth or Deception
By Dennis M. Lormel
Where does the truth end and deception begin? At what point does deception become fraud? These are important questions for bank fraud investigators and anti-money laundering (AML) compliance professionals. They go to the heart of knowing who you are dealing with (knowing your customer) and understanding what constitutes fraud (knowing the crime problem). Truth becomes deception when it is combined with one or more misrepresentations intended to put the individual in a more favorable position that provides benefits to that individual, which might not have been derived without the deception. Although being deceptive and making misrepresentations, the intent is not to nefariously make financial or personal gains. On the other hand, deception becomes fraud when the intent is to wrongfully or criminally make financial or personal gains at the expense of others.
The key to determining when deception becomes fraud is to understand intent. For example, what is the difference between an illusionist and a fraudster? The difference is intent. The illusionist is an entertainer who relies on trickery or sleight of hand as a form of deception. The fraudster relies on spin or misrepresentations as a form of deception. The difference between the deception employed by the illusionist and the deception used by the fraudster is intent. The intent of the illusionist is to entertain his audience. The illusionist makes money by charging his audience a fee to attend his show and watch him perform his acts of deception. The intent of the fraudster is to victimize his audience by stealing their money or other items of value through a series of misrepresentations.
By nature, people are honest, truthful and trusting individuals. However, there are varying levels of truthfulness that influence honesty and trust. Assessing truthfulness is the real challenge for bank fraud investigators and AML compliance professionals. When people are totally truthful, their candor is much easier to validate. When people are generally truthful, and make one or more misrepresentations or omissions to protect and/or promote their self-interests, truthfulness mixes with a certain level of deception. The less the deception, the more limited the impact on honesty and trust, and the more difficult to identify. The greater the level of deception, the more adverse the impact on honesty and trust. This leads to the risk that deception deteriorates to fraud and will be identified as such. Unfortunately, there are elements of unscrupulous individuals who prey on honesty and trust for illicit purposes. Their intent is to commit fraud. They achieve this through deception and a lack of truthfulness.
In the example of the illusionist, although he is deceptive through trickery, he is an honest businessman. He makes an honest living as an entertainer and is deserving of our trust. This type of individual causes little trouble from an investigative or compliance perspective and is the kind of a person financial institutions want to do business with.
The fraudster, however, is a criminal who is neither honest nor deserving of trust. Ironically, fraudsters rely on the ill given trust of their victims to succeed. As with Ponzi schemes, fraudsters artfully create the illusion of legitimacy. They skillfully separate their victims from substantial amounts of money, often times, their life savings. Many of these schemes are seldom uncovered until the fraud scheme collapses due to the weight of the deception. In addition to individual victims, we often find that fraudsters fooled financial institutions into facilitating their criminal activity by presenting the appearance of honesty, truthfulness and trustworthiness. By accepting the fraudster as legitimate, and not detecting frauds until they collapse, financial institutions are confronted with greater potential financial losses, risk to their reputation and being subject to civil litigation for facilitating fraud schemes. It behooves investigators and compliance professionals to identify frauds more timely, before they collapse.
What about the situation where individuals start out honest, truthful and trustworthy, and find themselves being deceptive by making one or more misrepresentations? It could be in the form of applying for a mortgage or a business loan and falsifying income. It could be a business person falsifying monthly or quarterly financial statements, for what they thought would only be one time. It could be misappropriating funds to cover a debt on what started as a one off situation. It could be a myriad of circumstances that leads to deception. The problem is that once these types of deceptive activities occur, the pattern is that they continue. Individuals will find themselves in too deep and in a position where they must perpetuate the deception. This is the point where the intent to make payments or to pay back a misappropriation is blurred and the intent becomes more sinister.
Let’s consider the situation our friend John finds himself confronting. John and his wife Mia are honest, truthful and trustworthy. They are a hardworking and aspiring couple. John is the Manager of Accounts Receivable and Accounts Payable at a small, but growing, business. He is also responsible for managing petty cash. The company maintains $10,000 in cash that employees could draw from to cover out of pocket expenses. The company Mia works for abruptly goes out of business. It is unable to pay salaries or provide severance. John and Mia quickly find themselves in serious financial distress. A few weeks pass and they find themselves $5,000 behind in their bills, including their mortgage. The couple begins receiving nonstop calls from creditors. John rationalizes that he can borrow money from his company’s petty cash fund. The petty cash fund has become antiquated because all employees were issued company credit cards. The fund is dormant and the Internal Auditor checks it on a quarterly basis. John theorizes he has a month to pay back the cash. By then, Mia should be working again or he can get a loan or find some other way to make restitution. John takes $7,500 in cash. Unfortunately, Mia does not find a job, and their financial situation further deteriorates. The Internal Auditor schedules a review of the petty cash. At this point, would you consider John to be a fraudster? After all, his intent has been to pay back the $7,500. Some people would contend this was a fraud. Many would also contend it wasn’t because John’s intent was to pay back the $7,500, as a form of a loan. At this point, John rationalizes that if he set up a shell company, he could submit invoices to his company and pay the invoices with no one knowing since he controls receivables and payables. John quickly sets up a shell company, creates invoices and opens a bank account for the shell. Initially, John reasons that this is only a short term fix and he intends to make restitution. As we can see, John’s deception is growing, and the line between deception and fraud has blurred. John submits an invoice from the shell company, in the amount of $7,500, for consulting services. A month passes. No one has questioned the invoice. John rationalizes that he can submit monthly invoices until his financial problems are straightened out. What actually happens is John establishes three more shell companies and continues to submit invoices for services not rendered. After embezzling over $1,000,000, John gets caught.
This scenario depicts real life. Many individuals have done what John did in this case. There are all too many actual schemes where otherwise honest, truthful and trustworthy people have taken advantage of control weaknesses, and because of a combination of opportunity, pressure, and rationalization (the fraud triangle), they compromised their integrity and betrayed their sense of honesty, truthfulness and trustworthiness. What you find in all of these cases is that, just like John, the person involved had the capacity to follow through with serious acts of deception that became fraud. (Capacity, combined with opportunity, pressure and rationalization, represents the fraud diamond).
At what point should bank fraud investigators and AML compliance professionals have discovered John’s scheme? Red flags were not discussed in the case study. In actuality, numerous red flags should have been evident. How can investigators and compliance officers distinguish truth from deception, and then deception from fraud? There are at least eight internal steps that can be taken to distinguish truth from deception and deception from fraud.
1. Know your customer
Knowing you customer, both from an individual and business perspective, is essential. Are representations made by customers reasonable and consistent with their employment or business activity? Reasonableness should factor into the level of due diligence performed. An important part of the “know your customer” process should be identifying changes in a customer’s profile or activities.
Understanding, recognizing and mitigating fraud and money laundering risks is one of the most important keys to preventing fraud and money laundering. When assessing risk, determine the reasonableness of the activities involved and the threat they pose. An important element of risk recognition is: understanding the crime problems that present the greatest risk. Understanding the crime problems will enable investigators and compliance professionals to better identify risk.
3. Determine intent
When making the distinction between truth and deception, and then deception and fraud, you must determine intent. When assessing the circumstances, you must be able to determine at what point truth gave way to deception and when deception became fraud. In analyzing the chronology or flow of events, consider the reasonableness of the situation. In some cases intent will be clear cut. In others, intent will be difficult to establish. In those cases, more enhanced due diligence will be required.
4. Transaction monitoring
An important component of an AML compliance program is transaction monitoring. A robust transaction monitoring system, one that contains both automated and manual processes, flags transactions that require additional scrutiny. In the process of analyzing those transactions, potential suspicious activity is identified. Such suspicious activity often points to fraud.
5. Financial intelligence
Financial institutions serve as repositories for financial intelligence. The analysis of financial intelligence can serve as a meaningful tool in assessing suspicious activity and working through deceptive actions to identify fraud. Financial intelligence is also important for identifying current and emerging trends. Suspicious activity reports are a great source for financial intelligence.
6. Review and assessment of actual case typologies
Reviewing and assessing case typologies, especially actual frauds perpetrated against your financial institution, is an invaluable exercise. This form of after action evaluation builds experience. It demonstrates how fraudsters exploited the financial institution to carry out their criminal activity and should result in identifying and diminishing systemic vulnerabilities to the institution.
7. Targeted monitoring
One of the attractive features about fraud is that the fraudster is proactive. Fraud investigators and AML compliance professional are usually reactive. In adapting and using a targeted monitoring strategy, based on select typologies, you can implement proactive mechanisms to identify fraud. This technique has been used successfully by certain financial institutions, in partnership with law enforcement.
Training is a critically important element. By no means should it be considered a low priority. Awareness, understanding and recognition are gained through training and experience. All of the above steps can be greatly enhanced through sound and comprehensive training program.
Terrorist Finance: Questions from the House Committee on Homeland Security Answered by Dennis M. Lormel
Questions for the Record from the Honorable Patrick Meehan
1. With our military successes against al-Qaeda core leadership in Afghanistan and Pakistan, there is a growing trend of al-Qaeda affiliated groups and adherents filling the void and taking the lead in launching attacks against the homeland.
a. Given the relatively low amount of money required to plan and launch a terrorist attack, how realistic is it to expect U.S. and international counterterrorism entities to identify funds that might be used to undertake terrorism-related activity?
(DML): Nominal funding requirements to support terrorist activity can be very challenging for U.S. and international counterterrorism entities to identify. It is possible to identify such funding but highly improbable. Counterterrorism entities need to develop and implement investigative and analytical methodologies to increase the probability factor. Few, if any, entities existed before 9/11 that were dedicated to identifying, investigating and disrupting terrorist financing. Since then, many entities were established with the mission to investigate terrorist financing. By using the combination of financial intelligence, human intelligence, and signal intelligence, mechanisms have been, and will continue to be, developed to identify even nominal amounts of money. By analyzing case studies, ranging from grand to simple, such as the Mumbai bombing and lone wolf schemes like that of Farooque Ahmed, who planned to detonate a bomb in the Washington, D.C. Metro Transit System, counterterrorism entities responsible for terrorist financing can build typologies and develop proactive and progressive investigative strategies.
b. What are some of the persistent challenges in identifying and investigating an activity suspected of financing terrorism? What are some of the trends in how terrorist groups acquiring funds to support their objectives?
(DML): One of the persistent challenges I encountered in the FBI, and that I would continue to be concerned about today is the timely collection and assessment of financial intelligence. Did my FBI Section, the Terrorist Financing Operations Section (TFOS), have intelligence information that we did not identify that could have led us to a plot or potential attack? We collected and assimilated a tremendous amount of intelligence information that we endeavored to turn into actionable intelligence for field investigators. This is particularly important in cases where a lone wolf operative did not have a record, was unknown to intelligence agencies, and used funds from a legitimate job to finance terrorist plans. Time sensitivity in these matters was always challenging.
A trend that has continued since 9/11, and has grown significantly since then, has been the movement to criminal activity as a fund raising mechanism for terrorists. In the aftermath of 9/11, the U.S. and our international partners made a concerted effort to cut off the flow of legitimate money from wealthy donors and charities. The more these efforts succeeded, the more terrorists were driven to criminal activity. This continues today. It will be interesting to assess the success of the sanctions against Iran and the revolution in Syria, two State sponsors of terrorism. This will probably result in the continued increase in criminal activity.
c. Is the decision to pursue a terror financing investigation based on the amount of money suspected of being acquired for terrorism-related purposes? If so, what is the minimum monetary amount of terrorism-related funds the U.S. government assesses as worthy of investigating?
(DML): Terrorist financing investigations were not predicated on monetary considerations when I ran TFOS at the FBI. Terrorist financing investigations are probably still not and should never be predicated on monetary thresholds. Such investigations should be predicated upon the relation to terrorism and the potential threat represented. While I was still at the FBI in 2003, a process was established whereby all terrorism cases contained a financial investigative component. Terrorist financing investigations should focus on identifying all funding streams and disrupting terrorist activities through denying terrorists money. For terrorists to succeed, they must have a source of funds and access to their money when they need it. Disrupting the sources and/or access to money makes it extremely difficult for terrorists to succeed.
d. Can you describe the decision-making process and considerations by which the U.S. intelligence and law enforcement communities decide whether to stop terrorism-financing related activity and charge a suspect arrest or chose to allow the activity to continue in hopes of following the trail of funds to a larger network of support or to entities that may be planning a terrorist attack.
(DML): Terrorist financing investigations are a component of counterterrorism. They should be conducted in coordination with the broader counterterrorism mission and in conjunction with terrorism investigations. Terrorist financing is one tool in the arsenal. Terrorist financing investigations should be conducted with other investigative techniques to include undercover operations, use of informants and/or wiretaps and tracking telephone calls and/or emails. The combination of these investigative techniques can be extremely productive.
The decision to allow a terrorist financing or broader terrorism investigation to continue or to take it down is extremely important. It should be based on whether an attack is imminent or not. If an attack is imminent, you need to take down the investigation immediately and prevent the attack. If an attack is not imminent, you allow the investigation to continue. In so doing, you can develop evidence to identify additional co-conspirators and funding streams. As an example, consider the Lebanese Canadian Bank investigation. Although Hezbollah was involved, and is a violent terrorist organization, there was no specific threat or imminent danger associated with the investigation. In that situation, you allow the investigation to play out. In this case, the investigation was a multi-year investigation. A number of funding streams and co-conspirators were identified and dismantled. Take a case such as the Time Square bomber. As a hypothetical, had law enforcement and intelligence agencies been aware of Faisal Shahzad and his plan to detonate a bomb in Time Square, they would have allowed the plot to unfold up to the point of imminent danger. In that case, had they been aware and determined there was no imminent danger, they probably would have identified the funding source, through the Hawala operator. Had there been imminent danger, or if imminent danger could not be determined, they would have arrested Shahzad and developed additional information and evidence in the aftermath of the take down.
When I ran TFOS at the FBI, we strove to take terrorist financing investigations in two directions: forward to the strike team and backward to the point of financial origin. I believed there were three funding tracks, and I wanted investigations to disrupt activities in all three tracks. First, there was a fundraising track. Large sums of money, from the hundreds of thousands to millions of dollars, would be generated through mechanisms to include donations from wealthy donors, charities, State Sponsors (Iran most notably), criminal activities and other means. The money flowed into the terrorist organization for organizational use. Second, funding would be provided in a track from the organization, through a single facilitator or multiple facilitators, and to an operation. The funding flow here would be less than the flow into the organization. It would range from the hundreds of thousands to a few thousand dollars. Our primary investigative attention would be focused on the facilitators because that would take us to both the organization and to the operatives. Third, there was a track from the operation, through the facilitator(s), to the operatives. The funding flow here would be in the thousands to the hundreds of dollars.
In general, when conducting terrorist financing investigations in the first track, the organizational track, you would be more inclined to allow the investigation to continue over a longer period of time and be more deliberate and methodical in your investigative methodology. When conducting investigations into the second track (operations) and the third track (operatives) you have to deal with a greater sense of urgency and constantly assess whether an attack is imminent. Most of these investigations were shorter term because, at some point, you had to be concerned about the threat of attack.
2. President Obama recently signed an executive order allowing the Treasury Department to freeze U.S.-based assets of persons who the White House has identified as a “threat to the peace, security and stability” of Yemen.
a. Do you think this is an effective use of the designation authority? Especially when a group such as Boko Haram – who have killed thousands of civilians and are in constant contact with AQIM – remain undesignated?
(DML): If evidence exists to support designations, I am an ardent supporter for the designation process. Such actions disrupt funding flows and serve as a deterrent. Boko Haram is a violent and dangerous group. They have been very active and pose a formidable threat in Nigeria. With respect to designating other groups, I would not make designation decisions by comparing one group, such as Boko Haram, to other groups. A number of factors must be taken in consideration in the decision process to include the level of
overall terrorist threat, threat to the United States (U.S.), diplomatic considerations, and the need to continue the classification and protection of intelligence information.
3. In 2011, the U.S. government revealed the findings of a multi-year law enforcement operation to dismantle a complex, transnational network involved in money laundering and drug trafficking. The case involved Hezbollah, Mexican and Colombian drug trafficking organizations, the Taliban, Lebanon, Colombia, Panama, several countries in West Africa, U.S. car buyers, a U.S. shipping company, bulk cash couriers, plans for weapons trafficking deals, and the Beirut-based Lebanese Canadian Bank (LCB).
a. Does the fact that groups such as Hezbollah and the Islamic Revolutionary Guard Corps continue to use criminal ventures create opportunities for U.S. enforcement mechanisms – such as our robust counternarcotics tools – to roll up these vast networks?
(DML): All criminal activity undertaken by Hezbollah, the Islamic Revolutionary Guard Corps and other terrorist organizations leave them vulnerable to detection by law enforcement and intelligence services. Law enforcement, particularly the DEA and FBI, deserve considerable credit for conducting a well disciplined, focused and comprehensive investigation that tied transnational criminal organizations together with terrorist groups and a number of facilitation tools to include the Lebanese Canadian Bank. Through comprehensive investigation and financial tracing, multiple funding streams between Central America, the United States, Lebanon, West Africa and Europe were identified and dismantled. There have been at least four other significant investigations conducted by the FBI and other agencies that exposed Hezbollah’s involvement in raising large amounts of money through criminal activities in the U.S. The most notable of these cases was the North Carolina cigarette smuggling case known as Operation Smokescreen. A Hezbollah cell operated an elaborate scheme to smuggle cigarettes from North Carolina to Michigan. This cell generated approximately $25 million in illicit funds.
b. How does counterterrorism fit in this increasingly interconnected underworld?
(DML): The nexus between criminal and terrorist organizations has continued to grow. This trend will persist. As the U.S. government and our allies’ continue to exert pressure and cut off funding streams, terrorists will further align themselves with criminal organizations and participate in criminal activity to raise much needed money. Terrorists are extremely adaptable and consistently look for new funding mechanisms. Many terrorist organizations have become engaged in drug trafficking because drug trafficking is the most profitable criminal activity. These terrorist groups are evolving into hybrid criminal and terrorist organizations. As they do, their ideology tends to give way to greed. Greed is a vulnerability law enforcement can exploit, unlike ideology. This makes these groups more susceptible to criminal investigation and prosecution.
4. The U.S. government’s ongoing investigation of the Lebanese Canadian Bank is of particular interest from a money laundering perspective because it highlights the consequences of poor compliance with anti-money laundering regulations in the formal financial system.
a. Given the Lebanese Canadian Bank case, what more can be done to protect the formal financial system from exploitation by terrorists?
(DML): There are some egregious examples of anti-money laundering (AML) compliance breakdowns that facilitated terrorists being able to exploit the formal financial system. The biggest failure in the Lebanese Canadian Bank case was the complicity of the Lebanese Canadian Bank with transnational organized criminal groups, a Mexican drug cartel, and Hezbollah. First, there was a total failure by the bank to have an AML program. This enabled criminal and terrorist elements to place money in the formal financial system, the first step in the money laundering process; and then to layer it, which is the second step, by moving it to other financial institutions and giving it a sense of legitimacy; and then in integrating the funds, the third step in the money laundering process, by using the illicit, but seemingly legitimate funds to purchase goods, in this case used cars from the U.S., and shipping them to Africa for sale as legitimate transactions.
One way to help strengthen the formal financial system is to make a comprehensive case study out of the Lebanese Canadian Bank and specifically show financial institutions how they were exploited in this case. By developing typologies that could be built into scenarios that could be incorporated into rules for AML transaction monitoring, we can improve the system. This case study should also be used as a wide-ranging training exercise.
The Lebanese Canadian Bank case was exacerbated by the fact that Lebanon does not recognize Hezbollah as a terrorist organization. Therefore, banks in Lebanon, and banks in other countries that do not consider Hezbollah to be a terrorist organization, are inclined to bank Hezbollah. International consensus on who is a terrorist organization has been a longstanding problem. There are other cases that can be sited, such as HSBC. The Senate Permanent Subcommittee on Investigations conducted a thorough investigation and issued a formal report on July 17, 2012, in conjunction with a public hearing involving executives from HSBC. The hearing and report serve as tools for lessons learned and should provide a deterrent to other institutions for serious shortcomings in their AML programs.
It should be pointed out that an overwhelming number of banks operating in the U.S. have outstanding AML programs. The AML compliance professionals in these institutions take a great deal of pride in their work ethic and dedication to rooting out money laundering and terrorist financing. I have seen this first hand, both as an FBI agent and today as a consultant doing work in the financial services industry.
b. How can the U.S. government more effectively mitigate the threats posed by trade-based money laundering and bulk cash smuggling and other ways outside the formal financial sector?
(DML): Trade based money laundering has had a long history as a successful mechanism for criminals and terrorists. The Lebanese Canadian Bank case demonstrates how criminals and terrorists collaborated in different trade based money laundering schemes to launder illicit funds. Likewise, bulk cash smuggling has long been, and continues to be, a significant problem for criminals and terrorists. In 2010 and 2011, both the Treasury Department and FBI reported that bulk cash smuggling was a huge terrorist financing concern.
In my view, one of the most significant problems and vulnerabilities we are confronted with outside the formal banking system in the U.S. is unlicensed and unregistered money remitters. These illegal money remitters provide hawala-like services and do not comply with Bank Secrecy Act (BSA) reporting requirements. Many banks are unaware of how many of their clients operate as illegal money remitters. This is in spite of rigorous due diligence requirements. I believe that about 80% of money remitters in the United States are illegal.
To the question of how the U.S. government can more effectively mitigate the threats of these informal mechanisms, the answer is twofold. First, the government interagency community should conduct targeted investigative initiatives addressing these problem areas. Through interagency cooperation, communication and coordination, the government should identify the highest priority targets in these areas and determine which agencies could make the best impact by taking the lead and develop multi-agency strategies. Second, as a component of these initiatives, the U.S. government should bring in the private sector and subject matter experts who could provide a different perspective and different sets of information that could develop valuable financial intelligence. Public private partnerships like this are woefully lacking.
5. There is an increasing concern in the counterterrorism and intelligence community that terrorist organizations are increasingly using criminal activities that are outside of the formal international financial system to raise funds to carry out attacks and further their goals.
a. How important are terrorist funds derived from criminal activities for the operational sustainability of major terrorist groups compared to other non-criminal sources of funds, including state sponsors and private sector donations?
(DML): Following the terrorist attacks of 9/11, the U.S. and our allies made a concerted effort to deter donations to terrorists from wealthy donors, charities and other funding sources to include State Sponsors. This was accomplished in the form of sanctions, OFAC and State Department designations, and targeted investigations by law enforcement and intelligence agencies. As a result, numerous funding sources were shut off and terrorist groups had to develop alternative funding mechanisms. They gravitated to criminal activity, which has consistently expanded over the years. Drug trafficking, kidnapping, extortion, counterfeit goods and a variety of other crimes have become a staple for terrorist organizations. As mentioned earlier, terrorists must have a continuous flow of funds available that they can immediately access in order to succeed. As otherwise legitimate sources of funding have diminished, terrorists have had to increasingly rely on criminal activity as a funding mechanism. As more sanctions and pressure are exerted on Iran, it is less likely they will be able to maintain the level of State Sponsorship provided to Hezbollah and other terrorist organizations. Likewise, as Syria faces a regime overthrow, it is unlikely they will be able to provide funding and support to terrorists. This will result in an even steadier reliance on criminal activities by terrorist groups.
6. Foreign Terrorist Organization designation by the Secretary of State is an important tool our government uses to deter donations or contributions to and economic transactions with terrorist organizations. There are currently 50 groups listed by the State Department as designated Foreign Terrorist Organizations.
a. Which FTO designated groups would you say are the best resourced and most proficient at evading American and international financial regulations? Which use the U.S. financial system the most?
(DML): When it comes to resources, proficiency and exploitation of the U.S. financial system, as well as the global financial system, Hezbollah is in a league by themselves. In my view, Hezbollah is not only the most proficient terrorist organization; they are the most competent criminal organization in the world. Their global infrastructure could serve as a model for organized crime. Hezbollah has an incredible worldwide infrastructure that enables them to operate criminal enterprises and function as a serious terrorist threat. Including the Lebanese Canadian Bank case, there are at least five significant investigations involving Hezbollah operations that touch on the U.S. that demonstrate Hezbollah’s criminal organizational skills. In aggregate, their activities represent hundreds of millions of dollars in criminal activity having a U.S. nexus.
In today’s environment and especially with the sanctions confronting them, Iran poses a significant challenge for the formal financial system. Their ability to hide behind shell companies and opaque beneficial ownership is a hindrance to meaningful sanctions. In addition, Iran’s ability to use foreign banks as correspondent banks and to strip SWIFT messaging information from transactional records enables them to circumvent OFAC screening requirements. This is a huge problem that surfaced with Lloyds Bank a few years ago and currently with Standard Charter Bank. This is an issue that must be dealt with forcefully with offending institutions if we intend to have meaningful sanctions against Iran.
7. All of the witnesses mentioned in their prepared testimony that the government needs to interact with the financial sector to identify terrorist financing.
a. How should the government develop more effective case typologies and feedback mechanisms about how terrorists use financial institutions? Is this mostly an educational issue where we need to empower financial institutions in order to monitor transactions for suspicious or anomalous behavior?
(DML): In my written testimony for the record, I made six recommendations about improving the possibility and probability of identifying terrorist financing. Three of those recommendations address how the government should develop more effective case typologies and feedback mechanisms for terrorist financing cases. They are:
“A consistent and comprehensive feedback mechanism from law enforcement must be developed that demonstrates the importance of BSA reporting, especially the significance of Suspicious Activity Reports (SARs). FinCEN’s SAR Activity Review is a good mechanism that provides insightful information. In addition, specific feedback from law enforcement to financial institutions concerning the value and benefit of BSA data, including SAR filings, would have a dramatic impact on the morale of individuals responsible for SAR reporting. There must be an assessment by the government of all SARs related to or identifiable with terrorism cases. Such a review would identify specific red flags that could be used as a training mechanism and more importantly, could be factored into identifying typologies that could be used for the monitoring/surveillance capabilities of financial institutions. In addition, a determination could be made as to why the financial institution filed a SAR. In many instances, the SAR was filed for violations other than terrorist financing. Understanding what triggered the SAR filing; in tandem with how the SAR ultimately was linked to terrorist interests would be insightful. In addition to assessing SARs, the government and industry should collectively identify and assess as many case studies, of terrorist financing related investigations, as can be identified and legally publicly accessed. The case studies should be compared to determine what types of commonalities and patterns of activity exist. In addition, common red flags should be easily discernible. This type of case study assessment, coupled with the SAR analysis, would provide more meaningful information to consider in identifying terrorist financing characteristics, especially in cases involving more nominal financial flows. This would enable financial institutions to more effectively use surveillance and monitor techniques to identify questionable transactional information.”
Financial institutions are required by the BSA to monitor transactions for and report suspicious activity. Overall, U.S. banks do a good job of reporting suspicious activity. This process could be improved through a meaningful feedback mechanism from the government where the government emphasizes the importance of SAR reporting, coupled with demonstrating “how” terrorists used financial institutions to move, store and spend money. In addition, terrorist financing specific training would be important. This was another of the six recommendations I spoke about in my written testimony. Terrorist financing is not well understood. As I stated in my testimony, “(w)ithout specific training, the ability to understand and disrupt terrorist financing is more difficult to achieve.”
8. The Financial Action Task Force on Money Laundering is comprised of 36 member countries and territories and two international organizations and was organized to develop and promote policies to combat money laundering and terrorist financing. The FATF relies on a combination of annual self-assessments and periodic mutual evaluations that are completed by a team of FATF experts to provide information and to assess the compliance of its members to the FATF guidelines.
a. What are the areas of greatest need for improvement in the FATF surveillance process?
(DML): The FATF mutual evaluation process is one of the most significant accomplishments of the FATF 40 Recommendations regarding money laundering and terrorist financing as it provides peer and public pressure to enact and then operationalize AML laws. There are approximately 170 jurisdictions who have adopted the FATF 40 Recommendations (FATF plus the FATF style regional bodies).
FATF revised the 40 Recommendations and the methodology for assessment in February 2012. According to FATF, the FATF Standards have been revised to strengthen global safeguards and further protect the integrity of the financial system by providing governments with stronger tools to take action against financial crime. At the same time, these new standards will address new priority areas such as corruption and tax crimes.
Ted Greenberg, a former Department of Justice and World Bank official, is an expert on FATF. He was involved in writing the 40 Recommendations and has participated in the FATF evaluation process. According to Mr. Greenberg, the current methodology has proven to be repetitive in its application, not focused on assessment of effectiveness, and failed to take account of corruption issues in law. Mr. Greenberg believes the new process should focus on the main weaknesses in each jurisdiction, why they are/are not effective and make recommendations to fix the problem areas. He also believes the new process must focus more on corruption issues and their impact on AML.
b. How does the United States evaluate the threats to the global economy arising from money laundering, terrorist financing, and financing the proliferation of weapons of mass destruction?
(DML): When I was responsible for TFOS at the FBI, I was the FBI’s representative on the Policy Coordinating Committee (PCC) for Terrorist Financing. All government agencies with a nexus to money laundering and terrorist financing participated in that PCC. As an interagency group, we evaluated the threats from money laundering and terrorist financing. We collectively identified and prioritized the most significant threats. The PCC was then chaired by David Aufhauser. During that time period (2001 – 2003), Mr. Aufhauser served as General Counsel at the Treasury Department. As I mentioned in my written testimony,” Mr. Aufhauser was a true leader who marshaled the interagency collaborative initiative. He was an unsung hero and visionary.” My understanding is that this interagency working group is now directed by the National Security Council. The group is no longer referred to as the PCC for Terrorist Financing. I am not sure what it is currently identified as.
c. How should we be prioritizing these threats and how effectively has the FATF process been in addressing these threats?
(DML): In the U.S., the threats should continue to be evaluated and prioritized by the interagency working group. Stopping the flow of funds to terrorists should be an extremely high interagency priority. Overall, the FATF evaluation process has been successful. When FATF first started there was no peer evaluation process of money laundering laws. In fact, few countries had AML laws. Since then, the FATF evaluation process has been widely accepted and followed. FATF has revised the evaluation process, which should result in an improved process.
9. KPMG, a private consulting firm, released in October 2011 the findings of an anti-money laundering survey of major international banks. They found that 80% of respondents reported an increase in costs associated with anti-money laundering that averaged around 45% since 2007. The major sources of cost increases identified by the KMPG survey were 1) enhanced transaction monitoring, 2) increased external reporting requirements to internal regulators and external law enforcement agencies, and 3) increased anti-bribery and anti-corruption activities.
a. In your opinion, are there sufficient resources devoted to countering the financing of terrorism and money laundering? Alternatively, are the resource costs associated with implementing such financial regulations too burdensome on either the private or public sectors?
(DML): Overall, I do not believe sufficient resources are devoted to countering the financing of terrorism and money laundering, both in the private and public sectors. In the private sector, AML compliance is considered a cost center, as opposed to a revenue center. As such, AML compliance does not receive the support from business entities within a financial institution that should be given. The HSBC case illustrates this shortcoming. This problem was magnified during the financial crisis when banks were reducing staff. Invariably compliance staffs were cut before business staffs. The battle cry in AML compliance was “do more with less”. The only winner under those circumstances is the money launderer. In the last few years, as the economy improved, AML compliance resources have improved. However, until the business entity (revenue center) versus compliance entity (cost center) mentality is dealt with, AML compliance will not be adequately resourced. As far as the government is concerned, these are lean budget times. Consequently, staffing is impacted. In general, government agencies responsible for investigating money laundering and terrorist financing do not have the necessary staffing. However, the government has consistently done outstanding work in addressing the money laundering and terrorist financing crime problems.
10. There has been growing concern at DHS, particularly within ICE, about the widespread use of prepaid and stored value cards as a way of smuggling illicit funds into the country which could fund terror activity. Some estimates are that $1 billion annually is moved into the country this way, with most of those funds nearly impossible to track.
a. Would you agree that prepaid and stored value cards are a growing danger to being able to target terrorist financiers? What steps would you recommend DHS and the Department of the Treasury take to combat this emerging trend?
(DML): The use of prepaid cards has exploded and continues to gain popularity at a rapid pace. There are many legitimate and convenient uses of prepaid cards. However, prepaid cards have been a source of vulnerability since they came on the market. Law enforcement has constantly been concerned about criminals and terrorists using prepaid cards in furtherance of their illicit activities. The problem is not just a one way problem. Prepaid cards coming into the country to support a potential terrorist attack is a direct threat to national security and should be considered a significant problem. There is also a serious outbound problem. One area where this is extremely problematic is with the Mexican drug cartels. Prepaid cards are being purchased in the U.S. for shipment to Mexico with drug proceeds.
The Treasury Department, through FinCEN, established rules regarding prepaid cards in September 2011, which went into effect in March 2012. The rules, while helpful, do not solve the problem. What is needed is legislation making prepaid cards monetary instruments and subjecting them to BSA reporting requirements. Most notably, prepaid cards should be subject to reporting requirements when individuals travel internationally.
The Treasury and Homeland Security Departments should work with the interagency community, especially the interagency working group for money laundering and terrorist financing to develop a government-wide investigative strategy to deal with the threat posed by prepaid cards being exploited by terrorists. Likewise, the interagency community should reach out to the privates sector to form strategic partnerships to address this crime problem.
11. On June 29, 2012, the Obama administration imposed sanctions on a pair of informal money-exchange networks – known as hawalas – in Afghanistan and Pakistan in what officials described as the first use of the tactic to attack the financial underpinnings of Taliban militants who rely on the system to fund their insurgency. The Treasury Department said that the designations were coordinated with similar measures adopted by the United Nations as part of a broad effort to slow the flow of cash used by the Taliban to pay salaries and purchase weapons for attacks in Afghanistan. The U.N. also added the names of the same two institutions and their principal backers to a list of groups officially associated with Taliban militancy, meaning they will be subject to international sanctions as well.
a. Considering how widespread their use is, how difficult is it for U.S. government to really get a handle on some of the terror financing and money laundering activities being conducted under the hawala system?
(DML): The problem of illegal money remitters operating in the U.S. is one of the most significant and challenging facing the U.S. government. This is one of the biggest challenges facing the financial services sector. Financial institutions do not know the number of their customers who use their businesses to conduct illegal money remittance operations. This is a form of hawala. The interagency working group dealing with money laundering and terrorist financing should conduct a targeted and coordinated investigative initiative on two levels to identify and dismantle illegal money remittance operations. On an international level, hawalas linked to terrorism should be identified and targeted. The government should employee techniques to identify wire transfers to and from the U.S. involving these hawalas, as well as telephone numbers and emails, among other communication modes linked to the hawalas. From there, investigation should focus on the identified illegal money remitters in the U.S. Coordinated take downs of targeted hawalas in the U.S. and abroad should take place. This would involve coordination with our international partners. On a second level, there should be an initiative to arrest a large number of illegal money remitters in the U.S. for operating illegal (unlicensed and unregistered) money remittance operations. This would generate considerable media attention to this problem, be impactful and have a deterrent effect on these types of businesses.
b. How could the U.S. be more effective in targeting the hawala systems being used by drug traffickers to fuel the Taliban insurgency in Afghanistan and Pakistan?
(DML): DEA has had the lead in the area of drug trafficking in Afghanistan. DEA should develop investigative strategies with the Department of Defense, law enforcement and intelligence agencies. Those strategies should be fully coordinated. The collective financial intelligence from the various agencies should provide actionable intelligence information to prioritize and target hawala dealers who support the Taliban. The key is coordination, communication and cooperation.
c. Would closer collaboration with the U.N. help our government’s ability to identify hawala networks engaged in illegal behavior?
(DML): On a practical operational level, collaboration with the U.N. would have little impact on U.S. investigative efforts. On a policy level, especially in considering regulating hawalas, collaboration with the U.N. and other international bodies could be extremely beneficial.
12. Mr. Lormel, in your written testimony you mentioned the Lloyds Bank “stripping” case as a prime example of how correspondent banking was used by Iran as a facilitation tool.
a. This was a pretty egregious example of Iran using the formal banking system to skirt international financial system. Do you think this was a one-off or an instance of a larger problem, particularly with regard to SWIFT?
(DML): I believe the problem of “stripping” is much larger. It is not a one-off situation. The Lloyds case was investigated jointly by the District Attorney of New York (DANY) and the Department of Justice. At the time the case was brought forward, DANY announced it was investigating nine other banks for similar “stripping” activity. On August 6, 2012, the New York State Department of Financial Services announced it was investigating Standard Charter Bank for “stripping” information related to Iran.
SWIFT is not the problem. The problem is that certain banks have chosen to do business with Iran. There is tremendous profit for the banks in dealing with Iran, especially with the strong U.S. sanctions. However, Iran needs access to U.S. dollars, therefore the banks who are dealing with Iran must transact in the U.S. They must have a correspondent banking relationship with a U.S. bank to access U.S. dollars. In the cases of Lloyds and Standard Charter, the banks knew that if they provided the proper SWIFT messaging data, the identities of the Iranian banks they were transacting with would have been disclosed through their correspondent relationship with a U.S. bank. They knew full well that if that occurred the U.S. bank would have declined the transaction. The U.S. bank’s OFAC monitoring system would have identified the sanctioned Iranian bank and returned the transaction. Therefore, Lloyds and Standard Charter “stripped” out any reference or mention of the Iranian bank in the transaction, circumventing the OFAC monitoring. This gave the appearance to the U.S. bank that either Lloyds or Standard Charter were the originating bank in the transaction.
13. Mr. Lormel, you suggested that providing security clearances to select personnel in financial institutions in order to share limited intelligence information that could be scrubbed against bank monitoring systems to identify transactional information associated with terrorists.
a. How would you envision this to work?
(DML): The government provides security clearances to individuals working in the defense contracting industry. This enables defense contractors and consultants to work on classified projects, which is in the government’s best interest. The same should be true in the financial services industry. Financial institutions are a repository for significant financial intelligence information. If the government could share selective classified information with a limited number of vetted and cleared bank officials that information could be run through transactional information. Hits in the transactional data, that otherwise would not have been identified, would be reported back to the agency providing the information. Legal process would have to be put in place to ensure any information provided back to the government did not violate Bank Secrecy Act privacy provisions.
b. What would you think of sending members of Treasury’s Office of Financial Intelligence, or of the Intelligence Community, to certain high-risk financial institutions, in essence detailing them there for this purpose? Would this not also help with the challenge of helping the financial sector to identify activity consistent with typologies of terrorists?
(DML): The idea of detailing members of the Treasury’s Office of Financial Intelligence or from law enforcement is worth consideration. It would be important to distinguish law enforcement and the intelligence community in the sense that the CIA should be precluded from collecting domestic intelligence, especially involving U.S. persons. The FBI or other law enforcement agencies dealing with classified intelligence would be the appropriate government representatives. However, before considering sending government personnel to select high risk institutions, a number of impediments would need to be resolved. The General Counsels from the financial institution and government agencies would need to assess the legality and potential liabilities of such a relationship. Two other considerations would need to be considered. First, by sending personnel to select financial institutions would the government be unwittingly providing that institution with an unfair competitive advantage? Second, does the government have the resources to devote to this type of initiative?
While I ran TFOS at the FBI, we actually had an operation with a financial services provider, similar to what was suggested in the above question. We worked through the impediments and formed a public private partnership that achieved extremely productive investigative results. This was a terrific model of how the financial services sector and law enforcement could form a strategic partnership in furtherance of national security. Because of the sensitivity of that initiative, I cannot comment about it any further.
Learn more about DML Associates here…
Good morning Chairman Meehan and distinguished members of the Committee. Thank you for inviting me to testify at this hearing. Terrorist financing is a subject that is extremely important to me. This topic does not receive the attention it deserves. I greatly appreciate the fact that you are taking the time to delve into this subject.
There are few events in a lifetime that evoke deep seated emotion and vivid recollection. The terrorist attacks against the United States (U.S.) by al Qaeda on September 11, 2001 (9/11), are clearly one of those historic moments that remain frozen in our minds. I poignantly remember my personal reaction then and how it affects me now. 9/11 changed my life, as it did for so many of us. As the agent in charge of the FBI’s Financial Crimes Program at that time, I was in a unique situation where I was afforded an opportunity to respond in a manner few other people could. I was in a position to “follow the money.” I witnessed, firsthand, investigative successes which disrupted or deterred funding intended to support terrorist activities. I am an ardent believer that terrorist financing is a critical component of the war against terrorism.
By way of background, immediately after 9/11, I was responsible for the formation and oversight of the FBI led, multi-agency, Financial Review Group, which evolved into a formal Section within the FBI’s Counterterrorism Section, known as the Terrorist Financing Operations Section (TFOS). Since retiring from the FBI, I have provided consulting services regarding fraud, money laundering and terrorist financing. Many of my clients are in the financial services sector.
My government investigative and private sector consulting experience has provided me a rare opportunity to understand two very distinct perspectives. For over 30 years, I had a law enforcement perspective. In that capacity, my perspective was government and investigative driven. For the last nine years, in my current position as a consultant, my perspective has shifted to one that is industry and compliance driven. This provides me with a unique understanding of the responsibilities, sensitivities, challenges and frustrations experienced by the government and financial sectors in dealing with anti-money laundering (AML) and terrorist financing considerations. There is a notable difference in perspectives. This is one of the many challenges we face in dealing with terrorist financing and other criminal problems.
Identifying suspicious activity in financial institutions, especially involving terrorist financing, is extremely challenging. This is where understanding perspective is critically important. When it comes to identifying and reporting suspicious activity, you must consider the “who, what, where, when, why and how.” Law enforcement typically focuses on the “why” as the most important element while financial institutions are most concerned about the “how.” This is one of the areas where collaboration between law enforcement and financial institutions is not as consistent as it could be. Law enforcement frequently shares “war stories” about investigative successes with industry. However, they do not often provide specific information about “how” financial institutions were used by the bad guys. The Internal Revenue Service is one agency that does provide this type of information to financial institutions at industry training forums.
In order to succeed, individual terrorists, such as lone wolves, and terrorist groups must have access to money. They require funding in order to operate and succeed. Invariably, their funding sources will flow through financial institutions. To function, terrorists must have continuous access to money. Regardless of how nominal or extensive, the funding flow is operationally critical. Terrorists, like criminals, raise, move, store, and spend money in furtherance of their illicit activity. This is why Bank Secrecy Act (BSA) reporting requirements are essential to our National Security. This fact becomes more compelling in view of the actuality that finance is one of the two most significant vulnerabilities to terrorist and criminal organizations.
Terrorist financing is not adequately understood and extremely difficult to identify, especially when funding flows are more nominal. This is where government, through the interagency community engaged in terrorist financing, must interact more efficiently with the financial services sector to identify terrorist financing. It is possible for financial institutions to identify terrorist financing, but it is highly improbable. We must take continual actions that increase the probability factor, thereby increasing the possibility of identifying funding flows. The challenge confronting the government and banking community is to improve the effectiveness of the process. This is where the government needs to be more effective and efficient in the “how” of assisting financial institutions in identifying suspicious activity. Government should develop better feedback mechanisms to financial institutions about “how” terrorists use financial institutions and provide them with typologies that financial institutions could use for transactional monitoring.
The interagency community that has jurisdiction and responsibility for terrorist financing should be commended for their contributions. Terrorist financing is one area where the government excelled following 9/11 and where they continue to perform admirably.
Terrorist financing is every bit as challenging today as it was in the immediate aftermath of 9/11. Law enforcement, regulators and intelligence agencies here, in the U.S., and abroad, have achieved noteworthy and meaningful accomplishments. New proactive and progressive methodologies have been developed and implemented in furtherance of such efforts. When the government succeeds in implementing and executing proactive methodologies, the ability of terrorists to carry out operations is diminished. However, lingering concerns and the resiliency of terrorists to adapt to change, coupled with the ease of exploitation of systemic vulnerabilities in the financial sector, will perpetuate the challenge of addressing the issues presented by terrorist financing.
Despite the gains we’ve made, the financial services sector is as inherently vulnerable today as it was on 9/11. On October 3, 2001, as a senior executive in the FBI, I testified before the House Financial Services Committee. One of the issues I addressed was vulnerabilities or high risk areas in the financial services sector. I testified that wire transfers, correspondent banking, fraud and money services businesses were the biggest areas of vulnerability to the financial services industry at that time.
Today, I have refined the vulnerabilities in two categories: crime problems and facilitation tools. The most significant crime problems we currently face in the financial services industry are fraud and money laundering. Fraud was magnified during the recent financial crisis and continues to represent a significant threat to our economy. Money laundering encompasses all other criminal activity where the proceeds of crime are laundered through financial institutions. The key facilitation tools used in furtherance of fraud and money laundering are: wire transfers, correspondent banking, illegal money remitters, shell companies and electronic mechanisms.
Illegal money remitters represent one of the most significant problems confronting banks. This has been an ongoing challenge. Many banks cannot identify customers who operate illegal money remittance operations. On the surface, they appear to be a legitimate business. However, if like the Carnival Ice Cream Shop in Brooklyn, New York, they actually functioned as illegal money remitters funneling money to high risk countries. Consequently, terrorist and criminal groups have used illegal money remitters in furtherance of their illicit activities. There are a number of cases we can point to that illustrate this problem to include the Time Square bombing case.
Sanctions against Iran have caused Iranian entities to regularly use shell companies to hide beneficial ownership, as well as rely on correspondent banking and wire transfers to illegally move funds. The Lloyds Bank “stripping” case is a prime example of how correspondent banking was used by Iran as a facilitation tool. In this matter, Lloyds stripped SWIFT messaging information to hide Iranian bank identification in order to avoid U.S. banking monitoring detection. The Alavi Foundation case was an example of how Iran used shell companies to hide beneficial ownership in a New York City office building. Both cases involved the use of wire transfers.
The use of electronic payment mechanisms is an area of growing concern regarding how terrorists move money due to the anonymity and instant settlement it affords. Electronic payment mechanisms are becoming more prolific and vulnerable to misuse by criminals and terrorists. Africa is a venue of concern for the growing use of electronic mechanisms.
The government has made consistent incremental progress in addressing terrorist financing. Individual agencies and entities responsible for terrorist financing have matured and evolved. They have individually and collectively developed investigative methodologies to effectively deal with the constant and emerging challenges. Although on an agency by agency level, we can point to enhanced capabilities, the true measure of government success is the ability of the interagency community to work as a unified team, and to parlay their collective investigative capabilities into a joint government wide terrorist financing strategy. In the aftermath of 9/11, I was part of such a working group that was led by David Aufhauser, then the General Counsel at the Treasury Department. Mr. Aufhauser was a true leader who marshaled the interagency collaborative initiative. He was an unsung hero and visionary. I recommend that the Committee periodically assess the status of the interagency terrorist financing working group to ensure that it is effectively coordinating the broader interagency initiatives.
The face of terrorism since 9/11 has been altered significantly. The last few years have seen tremendous change and instability in the Middle East. Core al Qaeda has been decimated and affiliate groups have evolved into greater threats. Our homeland has experienced a growing concern involving lone wolf terrorists and other homegrown threats. These developing factors have modified terrorist financial typologies.
The evolving terrorist landscape has led to less costly terrorist plots. As noted earlier, the more nominal amounts have been more challenging to identify. This is due to the fact they are generally more undetectable. For example, many lone wolf terrorists such as Farooque Ahmed, who plotted to detonate a bomb on the Washington, DC metro system, relied on money from their legitimate jobs to pay for their illicit activity.
The government must continuously identify and assess emerging trends and develop case typologies they can share with financial institutions. In so doing, the financial services sector can implement transaction monitoring strategies to identify patterns of activity consistent with the case typologies of criminals and terrorists. The government has not done this as consistently as they could have.
In general, law enforcement and the Financial Crimes Enforcement Network (FinCEN) have done a good job in sharing information with the financial services sector. However, they have not done as much as they think they have or they could. I do not make this comment lightly. When I was in the FBI, I thought I had maximized liaison relationships. It was not until after my retirement from law enforcement and my consulting work with the financial services sector that I realized I could have done more. It was a matter of perspective. If only I knew then, what I know now, I would have been dangerous. Law enforcement and FinCEN should do a better job of listening and providing feedback to financial institutions in the form of “how” terrorists and criminal organizations use the financial system in furtherance of their illicit activities.
What is important, especially in dealing with more minimal dollar amounts, is identifying case typologies and using them to develop targeted transaction monitoring strategies. This leads to the need for more consistent collaboration between law enforcement and the financial services sector. The model for this type of public and private sector collaboration was set in recent years by JPMorgan Chase under the leadership of compliance executive William Langford and senior investigator Phil DeLuca. Working in conjunction with the ICE Department of Homeland Security Investigations (HSI), JPMorgan Chase was able to identify financial patterns for human smugglers and traffickers. This was because HSI provided specific typologies to JPMorgan Chase setting forth the “how.” This enabled JPMorgan Chase to identify patterns of transactional activity and develop targeted transactional monitoring. In so doing, JPMorgan Chase was able to provide HSI with financial intelligence information which led to successful criminal investigations. This initiative was greatly supported by an informal task force involving DHI and the financial services sector that was led by John Byrne and the Association of Anti Money Laundering Specialists (ACAMS). Because of the successful impact of this public private partnership, ACAMS provided a special award to JPMorgan Chase and HSI, which was presented at the recent Money Laundering.com annual anti-money laundering conference. This is a great example of how law enforcement, in this case HSI, provided the “how” to a financial institution, JPMorgan Chase, and how the bank used the information to identify patterns of illicit activity. I recommend that the Committee look at this collaboration as a model of the type of cooperative initiative that could be used to fight terrorist financing.
This type of initiative could be effectively used to identify terrorist financing. There are a number of scenarios that could be identified and targeted in a similar fashion. An example would be the case of a lone wolf terrorist who leaves the United States and travels to Pakistan to attend a terrorist training camp. During the time that this individual attends the training camp, it is unlikely he or she would incur any financial activity, virtually falling off the financial grid. The combination of travel to Pakistan, a high risk country for terrorism, and a gap in financial activity, could be identified by targeted financial monitoring in a financial institution.
One of the perceived impediments to banks in regard to targeted transactional monitoring is the challenge of satisfying the regulators. Regulators are not generally forward thinkers. They deal with black and white issues and are more prone to a check the box mentality that tends to stymie progressive and innovative thinking. In fairness to regulators, their mandate is not to think outside the box but to ensure that regulatory requirements are met by financial institutions. This is a daunting task. There is often a perplexing triangle involving financial institutions, law enforcement and the regulators. BSA reporting requirements were established to benefit law enforcement. Unfortunately, financial institutions are generally more concerned with placating their regulators than providing the “why” to law enforcement. Financial institutions, law enforcement and regulators need to come to a better consensus about the balance of law enforcement and regulatory considerations. This is an area that this Committee or the House Financial Services Committee should look into.
Certain countries pose a challenge to deal with in terms of their capacity or political will to establish terrorist financing regimes. Other countries, most notably Iran, pose a significant threat and are indifferent to complying with international standards as they flaunt their nuclear and/or other ambitions. The first step to deal with these situations is to coordinate a strong interagency response at the domestic level. This calls for relying on a combination of diplomatic, regulatory, intelligence, military and law enforcement responses. By orchestrating a choreographed response strategy, pressure could be leveraged against these countries. The second step is to coordinate international responses and strategies with the Financial Action Task Force (FATF), the United Nations and other international bodies.
There is a growing and troubling nexus between transnational criminal organizations, drug cartels and terrorist organizations. Each has their own objective and is willing to deal with the others to further their own interests. The Lebanese Canadian Bank investigation manifests this emerging problem. It illustrated the alliance between Hezbollah, a terrorist organization, the Joumaa drug trafficking and money laundering organization in Lebanon, and the Los Zetas Mexican drug cartel. This troubling alliance relied on drug trafficking and trade based money laundering, among other activities to facilitate the illicit activities of three dangerous transnational groups. The interagency community should closely assess the collaborative operations of these organizations and develop strategies to deal with other similar associations.
As noted earlier, it is possible to identify terrorist financing but highly improbably. This is one area where collaboration and partnership between the public and private sector are essential. In 2009, I wrote an article addressing how to increase the probability through such collaboration. For the most part, the same points I articulated then are applicable today. Accordingly, there are six steps the government and financial services industry should take to collectively and unilaterally increase the probability of identifying terrorist financing. They are:
- The government and financial sector must recognize the importance of terrorist financing specific training. This is a dimension that is lacking on both sides, although more on the part of financial institutions. Without specific training, the ability to understand and disrupt terrorist financing is more difficult to achieve.
- The government must develop a means to legally provide security clearances to select personnel in financial institutions in order to share limited intelligence information that could be scrubbed against bank monitoring systems to identify account or transactional information associated with terrorists. The FBI has been discussing this challenging issue since 9/11, in concert with select industry compliance leaders and experts.
- A consistent and comprehensive feedback mechanism from law enforcement must be developed that demonstrates the importance of BSA reporting, especially the significance of Suspicious Activity Reports (SARs). FinCEN’s SAR Activity Review is a good mechanism that provides insightful information. In addition, specific feedback from law enforcement to financial institutions concerning the value and benefit of BSA data, including SAR filings, would have a dramatic impact on the morale of individuals responsible for SAR reporting.
- There must be an assessment by the government of all SARs related to or identifiable with terrorism cases. Such a review would identify specific red flags that could be used as a training mechanism and more importantly, could be factored into identifying typologies that could be used for the monitoring/surveillance capabilities of financial institutions. In addition, a determination could be made as to why the financial institution filed a SAR. In many instances, the SAR was filed for violations other than terrorist financing. Understanding what triggered the SAR filing; in tandem with how the SAR ultimately was linked to terrorist interests would be insightful.
- In addition to assessing SARs, the government and industry should collectively identify and assess as many case studies, of terrorist financing related investigations, as can be identified and legally publically accessed. The case studies should be compared to determine what types of commonalities and patterns of activity exist. In addition, common red flags should be easily discernible. This type of case study assessment, coupled with the SAR analysis, would provide more meaningful information to consider in identifying terrorist financing characteristics, especially in cases involving more nominal financial flows. This would enable financial institutions to more effectively use surveillance and monitor techniques to identify questionable transactional information.
- A combination of BSA data, particularly SARs, combined with empirical and anecdotal information would enable the government and financial sector to collectively and unilaterally conduct trend analyses. This would be a significant factor in identifying emerging trends. On a government level, this would contribute to implementing investigative and enforcement strategies. On the institutional level, this would enable the financial sector to implement strategies to mitigate risk.
Although the landscape has changed, and methodologies have evolved since 9/11, terrorist financing remains the same. In essence, terrorists must have access to funds when they need them in order to operate. It is incumbent that government agencies cooperate, coordinate and communicate on both an interagency level and with the private sector in order to deny terrorists from moving and accessing funds and thereby diminishing their ability to operate.
I would again like to thank the Committee for affording me the opportunity to participate in this forum. I would be happy to answer any questions or to elaborate on my statement.
House Committee on Homeland Security
Subcommittee on Counterterrorism and Intelligence
Dennis M. Lormel
President & CEO
DML Associates, LLC
Lieutenant Columbo was a television detective, played by actor Peter Falk. Week after week, he was confronted with complex murder cases committed by cunning felons. In each episode, when criminal and detective were first introduced, the felon ended that encounter with a confident smirk on his or her face. After all, the bad guy was a polished, well dressed, affluent, and condescending individual. On the flip side, Columbo, wearing his crumpled raincoat, appeared disheveled, disorganized and unimpressive. In simple terms, Lieutenant Columbo was underwhelming and seemingly no match for his formidable adversary.
What the bad guys never realized in that initial encounter was that Lieutenant Columbo was extremely meticulous, analytical and persistent. As the episode progressed, he broke down the deception by relentlessly questioning the reasonableness of the felon’s story. Lieutenant Columbo allowed the bad guy to believe he or she had the upper hand, when in fact, he was in control. In the end, the worn down criminal was arrested and charged with murder.
What if Lieutenant Columbo investigated fraud instead of homicide? Think about it, the traits displayed by Lieutenant Columbo indealing with murder are very similar to the characteristics required to investigate fraud. Investigating fraud requires imagination. A good fraudster thrives on deception. The fraudster will be charismatic, portray him or herself as well educated, and being an expert in their field, such as an investment advisor. They will display an air of wealth, although in many instances, the wealth will be derived from fraud at the expense of their victims.
This Week’s Episode
In this week’s episode, Lieutenant Columbo is matched against Stud Athlete and Connie (Con) Mann. Stud Athlete is in his mid-forties. He enjoyed a prosperous career as a professional football player, who was fortunate enough to play for the New York Jets. Con Mann was Stud’s long time friend and business manager. Unbeknownst to anyone, Stud and Con squandered Stud’s generous earnings. Providing an air of wealth and significant financial backing, Stud and Con establish “To Good to Be True Investments.” They offer two fictitious investment schemes, one involving investing in bridge loans for real estate development and one for investing in gemstones.
Based on his sports popularity and charisma, Stud is able to attract numerous investors in and around the New York area at country clubs and sporting venues. Stud promotes Con as being an investment guru. Together, Stud and Con give the confident guarantee that their gemstone and bridge loan investment vehicles will provide a minimum annual return of 20%. One of the tactics the fraudsters use is to leave the impression that they selectively choose investors and you would be lucky to be invited to invest. The purported selectiveness and rate of return are attractive carrots to draw investors.
Our bad guys operated unfettered for ten years. During that timeframe, they took in $100,000,000 in investments. They operated a Ponzi scheme. There were no real investments. Client money primarily went to support their lavish lifestyles. The fraudsters paid early investor dividends and returns based on new investment money. They succeeded in getting many of those early investors to reinvest. Over the years, they convinced most of their clients to continue to invest with them. They built a web of deception through spinning a variety of stories about their investment vehicles. The clients were provided with fictitious investment statements leaving the notion that they earned about 20% annually on their investments.
Stud and Con set up an intricate network of business and personal bank accounts. Their banking practices were consistent throughout the years. They never structured deposits. Investment money was deposited into bank accounts from legitimate investor checks and wire transfers. None of the investors ever challenged or disputed deposits. The banks did not detect suspicious activity. To facilitate their scheme, the fraudsters set up a series of shell companies in order to divert investment funds to personal offshore accounts. In addition, Stud and Con drew salaries that in retrospect were very high. They justified the salaries by virtue of the fictitious returns their clients earned. They also siphoned off millions of dollars in withdrawals in the form of petty cash and other seemingly legitimate expenses. The cash and expense payments were laundered offshore through money services businesses in an intricate pattern to serve as part of an exit strategy.
As with most Ponzi schemes, the weight of deception finally caved in after a successful ten year run. Stud and Con were no longer able to sustain the level of investment money necessary to replenish diverted funds and continue to conceal their fraud. One of the banks holding a business account detected a change in deposit activity. The bank escalated their review and identified suspicious activity, triggering the filing of a Suspicious Activity Report (SAR).
Enter Lieutenant Columbo. After receiving the SAR, the Lieutenant went to the bank and obtained the SAR decision file. Once he reviewed the file, Lieutenant Columbo subpoenaed accounts at three banks, in addition to the account at the bank filing the SAR. Financial analysts assisted Lieutenant Columbo in conducting a financial review of the Ponzi scheme’s financial activity. In addition, Lieutenant Columbo conducted background investigations on our bad guys. His due diligence immediately focused on their alleged expertise. Columbo identified inconsistencies about Stud and Con’s credentials, backgrounds and prior experience.
The good Lieutenant meticulously prepared an investigative plan and interview outlines for our two villains. He understood the theoretical elements of fraud, as well as the specific elements of the criminal activity Stud and Con engaged in. Our hero also understood how to deal with and investigate good fraudsters. He knew that Stud and Con would attempt to gain the upper hand through deception and intimidation. He also knew that his persistence and analysis to determine what was reasonable would ultimately give him the advantage as he develops evidence. Lieutenant Columbo also knew he needed to be prepared to deal with Stud and Con’s exit strategy.
As part of his investigative plan, Columbo assessed the financial analysis conducted by his staff. He recognized a pattern of money flows through various accounts into shell companies and ultimately to offshore venues. At this stage, Lieutenant Columbo brought in asset forfeiture specialists to begin the process of conducting an asset forfeiture investigation to parallel his criminal investigation. Next, he conducted surveillances to establish Stud and Con’s schedules coming and going from their office in order to determine the most advantageous time to confront them.
One morning, shortly after they arrived at their office, Lieutenant Columbo entered. After identifying himself, he advised the partners he was looking into an allegation of fraud involving them. They were surprised but prepared for such an encounter. Stud and Con had choreographed their response for such an eventuality. However, as has been the hallmark when Lieutenant Columbo first approached his subjects, our bad guys viewed the detective with dismissive mindsets. After all, a buffoon like Lieutenant Columbo could not possibly match wits with sophisticated con artists like them. The disrespectful smile in their eyes did not go unnoticed by our hero. He skillfully listened as Stud and Con lied about their activity. Columbo told the partners he had to interview them separately. Con acted infuriated and attempted to intimidate the good Lieutenant. Columbo fumbled through his initial interviews. On his way out, he apologetically asked them to bear with him, he was only doing his job, and this was probably a big misunderstanding. Stud and Con were feeling pretty confident after Lieutenant Columbo left their office. A few minutes later, Columbo walks back in and sheepishly advised he might have to subpoena their bank accounts and commented that he would need their help reviewing the bank statements if he did so. Con told the Lieutenant that would be a waste of his time and wasn’t necessary. Lieutenant Columbo said that was probably true.
After the office closed that evening, Lieutenant Columbo returned and searched the trash dumpster behind the building. He found a number of discarded documents including rough draft copies of client investment statements and other incriminating material. A few envelopes recovered were from an offshore location. Columbo researched the venue and determined that the U.S. did not have an extradition treaty with that territory. He theorized this jurisdiction could be part of his subjects’ exit strategy.
Subsequently, Lieutenant Columbo scheduled separate meetings with Stud and Con to interview them and review bank statements. They both considered Columbo to be incompetent. As with many fraudsters, their egos had to subtly let the Lieutenant know how superior they were to him. Columbo allowed the fraudsters to think they had the upper hand, all the time knowing, he was actually in control.
Stud and Con did not view Columbo as a threat. They considered him an annoyance. As the contacts continue, our bad guys made a series of culpable statements to the Lieutenant allowing him to build a stronger case against them. Even though they did not consider Lieutenant Columbo to be a threat, Stud and Con realize their fraud had unraveled. As with many fraudsters, they had an exit strategy. The fraudsters believed the time had come to put that exit strategy in motion.
Meanwhile, having developed evidence through financial analysis, interview, documentary review and other methodic investigative steps, Lieutenant Columbo obtained arrest and search warrants. He also knew that the asset forfeiture investigation was progressing. Anticipating that an exit was imminent, Columbo called the fraudsters and requested a meeting at their office the next day. He told them he would have to review their client records. Con advised that the next day was Saturday, and asked if they could meet on Monday instead? Lieutenant Columbo seemed to naively agree. Con chuckled to Stud as he hung up the phone with the perceived inept Lieutenant.
That evening, Columbo stunned our bad guys by showing up at their office with two teams of uniformed police officers. One team was to arrest Stud and Con while the other executed a search warrant. When the investigators entered the office, Stud and Con were in the process of shredding client records. They were immediately arrested and taken to jail. On Con’s desk were two sets of airline tickets for the next morning. The destination was the bad guy friendly offshore venue displayed on the envelope Lieutenant Columbo previously found in the trash. The tickets were in fictitious names. They were found along with false identifications for Stud and Con matching the tickets.
Score another victory for Lieutenant Columbo. Once again, his meticulous attention to detail, coupled with a persistent investigative style were too much for the bad guys to outwit. Unfortunately, much of the money taken in by the fraudsters was spent for their personal use. This represented a hollow victory for many of the victims. Even though Lieutenant Columbo identified assets for forfeiture, it did not come close to covering the totality of losses suffered by investors.
Lieutenant Columbo overcame a number of investigative challenges because he understood the crime problem he was investigating. He understood how to investigate good fraudsters Likewise, Columbo understood how to recognize and deal with the end game.
In real life, we are fortunate to have an army of Lieutenant Columbo’s working in law enforcement. These criminal investigators work tirelessly and frequently achieve Columbo-like success with their investigations. More often than not, they do not receive the recognition deserved for the outstanding work they perform. To all of you Lieutenant Columbo’s, thanks for perpetuating the legacy of this great, albeit fictional detective.
-Dennis M. Lormel
Today it seems that you can’t turn on the television or open a newspaper without hearing a warning about a fraud alert after dozens of unsuspecting victims have already been hurt. The Bernie Madoff case is one of the most blatant of these schemes, but there are thousands of similar frauds and scams occurring daily. Even if you think you would never fall for one of these deals, you shouldn’t become so complacent that you fail to recognize the warning signs. Law enforcement agencies such as the FBI publicize tips of which you and your family should be aware.
The type of fraud with which Madoff made his billions is known as a Ponzi scheme. This scam promises to pay out unusually high dividends or returns on investments. However, it pays early investors with the money invested by later victims. Eventually the scheme collapses when there aren’t enough new investments coming in to pay the dividends promised. You can avoid falling for a Ponzi scheme by carefully and thoroughly checking potential investments. Even if you think you know and trust the people who are doing the investing, it’s a good idea to run the idea by an unbiased third-party financial advisor. This is known in the business world as due diligence.
Health care fraud scams are another type of rip-off that are often aimed at senior citizens. Medicare scams occur when a company promises to provide a medical procedure or a piece of medical equipment to a victim at little or no cost. One simply has to give the company his or her Medicare number. The company then fraudulently bills Medicare for the procedure or equipment, which the victim usually doesn’t receive, using paperwork with a forged doctor’s signature or one from a doctor who has signed it illegally. The best way to avoid Medicare fraud is to refuse to give your number to a company until the procedure has been performed or the equipment is received.
Identity theft targets everyone today, even if you think you’d never be a victim. Research has shown that the affluent as well as women are often more likely to suffer one of the most common types of fraud scams. You may think that an identity thief must have to work hard to get banking or other financial information, but in many cases, the victim willingly shares it with him. The news is full of stories about websites that mimic your bank and ask you to confirm your account information or scammers who “fall in love” with you through an Internet dating site then ask you to send them money. You can avoid these types of scams by carefully checking your financial records on a regular basis and refusing to deal with people who approach you online asking for your financial information.
Companies can also be victims of fraud. It is just as important for business organizations to avoid common frauds and scams. Large enterprises can be slower to recognize when fraud has occurred because of the sheer scope of their accounting ledgers. Losing money to a fraudster is just one potential threat to businesses. Your organization may unknowingly go into business with perpetrators of fraudulent crimes, which can make you an accessory to those criminal activities. Individuals and organizations should hire anti-fraud consultants to conduct extensive due diligence research on potential new business deals and investments.
If you found this post helpful and informative, sign up for email updates on ongoing fraud alerts…
Most of us possess a high level of personal integrity that precludes us from considering the temptation of accepting the opportunity to commit fraud. Unfortunately, a good number of people do succumb to the lure of fraud. The frauds these unscrupulous individuals perpetrate can be extremely devastating. Fraud takes many shapes. It can occur internally or externally. The criminal activity at the heart of the financial crisis was subprime loan frauds, mortgage fraud, corporate fraud and investment fraud (Ponzi schemes). Other significant financial frauds include insider trading, bankruptcy fraud, credit card fraud, embezzlement, check fraud, loan fraud, and identity theft and fraud. The success of these schemes, usually hinges on the ability to safely launder the proceeds of the illicit acts.
There is an important nexus between fraud and money laundering. Any discussion regarding fraud should include money laundering. To succeed, fraudsters must have a mechanism to legitimize their ill-gotten gains. Laundering the proceeds of fraud provides an air of authenticity and more importantly, immediate access to the funds. Although the various types of fraud contain different characteristics and warning signs, they are all contingent on five common elements: Integrity; Opportunity; Incentive, motivation or pressure; Rationalization or attitude; and Capability.
The starting point is individual integrity. Does a person have the integrity to resist opportunity? If yes, fraud is an afterthought. If a person’s integrity is compromised, it’s usually because pressure and rationalization lead that individual to give into the enticement of opportunity. Opportunity is the driving factor. Without opportunity, a fraud scheme cannot succeed. Likewise, if an individual’s integrity is influenced by pressure and rationalization, and the opportunity presents itself, unless the individual possesses the capacity to commit the fraud, the scheme will not succeed. The capacity represents the combination of being in a position to commit the fraudulent act(s) and having the skill sets necessary to carry the fraud off.
The first step toward thinking like a fraudster is to understand how the five elements or fraud traits fit together to influence the bad guy. I introduced the idea of the fraud continuum in the early 1980s, when I taught fraud awareness classes. The fraud continuum is the intersection between integrity and opportunity. The point of intersection of the two lines of the continuum creates four quadrants. The vertical line represents opportunity. The bottom of the line affords limited opportunity, while the top of the line represents a high level of opportunity. The vertical line represents integrity. Limited integrity is on the far left side of the line and high integrity to the far right. The lower right quadrant represents where integrity is high and opportunity low. This is where people are least likely to engage in fraud. The upper left side of the quadrant is where opportunity is high and integrity low. This is where people are most likely to commit fraud. The other two quadrants represent moderate risk. This is where the combination of pressure, rationalization and capability most influence an individual’s integrity.
The fraud triangle was introduced by Donald Cressey in 1973. The triangle consisted of three factors: opportunity, pressure and rationalization. These factors were long believed to be why individuals committed fraud. Opportunity is the chance to commit fraud. Pressure or incentive represents the motivation, and is usually driven by financial demands. Rationalization is the self-justification making the fraudulent act acceptable. The fraud diamond was introduced by David T. Wolfe and Dana R. Hermanson in 2004. Basically, they added a fourth dimension to the fraud triangle. Their reasoning was that unless a fraudster possessed the capability to commit a fraud, opportunity, pressure and rationalization by themselves were not enough to succeed. Capability required being in the right position at the right time and possessing the needed skill sets to perpetrate the fraud.
Once you understand how to think like a bad guy, you can better position yourself to identify and investigate fraud schemes by breaking down spin and deception. Understanding the crime problem is the first step toward conducting a successful investigation. Good fraudsters usually have an exit strategy. When they realize their scheme has been, or will be, detected in the immediate future, they put their exit strategy in place. With that in mind, from an investigative stand point, you must have an end game. You don’t want to see a fraudster disappear and abscond with the proceeds of their criminal activity. There are two prominent end games. One has a private sector focus, the other, a public sector focus. On the private sector side, the end game is to prevent or minimize monetary losses and reputational risk. On the public sector side, it is to seek prosecution, recover illicit proceeds and assets through forfeiture, and/or bring enforcement actions. Both end games could carry significant consequences. In either event, understanding how the bad guys think and taking preemptive steps to stop them makes the end game easier to handle.
For more information about frauds and scams, contact DML Associates.
Dennis M. Lormel
DML Associates, LLC
Coming Soon: A blog about all things moving and shaking in the world of fraud, written by subject matter expert and consultant Dennis Lormel. For more information on DML Associates LLC and their services visit their site.