Corporate Investigations and White Collar Defense - October 2017

by Manatt, Phelps & Phillips, LLP
Contact

Manatt, Phelps & Phillips, LLP

In This Issue:
  • Supreme Court to Hear Important Whistleblower Case
  • Caremark Claim Against Board for FCPA Settlement Fails
  • No International Double Jeopardy After U.S. FCPA Guilty Plea
  • FCPA and Healthcare: The DOJ’s New Bedfellows
  • Criminal Charges, Civil Fines for Bitcoin Exchange and Operator

Supreme Court to Hear Important Whistleblower Case

By John F. Libby, Partner, Corporate Investigations and White Collar Defense | Jacqueline C. Wolff, Partner, Corporate Investigations and White Collar Defense | Kenneth B. Julian, Partner, Litigation

Why it matters: Must an employee “whistleblower” specifically provide information about alleged corporate misconduct to the Securities and Exchange Commission (SEC) in order to get protection under the anti-retaliation provisions of Dodd-Frank? The circuits are split, and the Supreme Court has agreed to decide the issue in Digital Realty Trust, Inc. v. Somers.

Detailed discussion: On June 26, 2017, the Supreme Court granted certiorari in Digital Realty Trust Inc. v. Somers, agreeing to review the question presented of “[w]hether the anti-retaliation provision for ‘whistleblowers’ in the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010 [Dodd-Frank] extends to individuals who have not reported alleged misconduct to the Securities and Exchange Commission and thus fall outside the act’s definition of ‘whistleblower.’”

We discussed the Somers case in our May 2017 newsletter under “Eye on the Circuit Courts.” To briefly summarize the facts and procedural history of the case, plaintiff Paul Somers was employed from 2010 to 2014 as a vice president at Digital Realty Trust Inc. (Digital Realty). In his complaint for wrongful termination filed in the Northern District of California, Somers alleged that soon after he made several reports to Digital Realty senior management regarding possible securities law violations, he was fired. Somers claimed that he was not able to report his concerns to the SEC before Digital Realty terminated his employment. The district court denied Digital Realty’s motion to dismiss—which had been based on the fact that Somers did not disclose to the SEC and thus was not a “whistleblower” entitled to protection under Dodd-Frank—and certified the issue for interlocutory appeal to the Ninth Circuit.

On March 12, 2017, the Ninth Circuit (with one dissent) ruled that employees do not have to specifically disclose alleged misconduct to the SEC in order to qualify for “whistleblower” status under the anti-retaliation provisions of Dodd-Frank, and that internal reporting of such misconduct to management is sufficient.

In reaching this conclusion, the Ninth Circuit relied on the Second Circuit’s 2015 decision in Berman v. Neo@Ogilvy, LLC, where the Second Circuit found that the relevant statutory language in Dodd-Frank was ambiguous and held that Chevron deference must be given to the SEC’s regulation issued on the matter (17 C.F.R. § 240.21F-2), which provides that the Dodd-Frank whistleblower provisions “extend protections to all those who make disclosures of suspected violations, whether the disclosures are made internally or to the SEC.”

By siding with the Second Circuit, the Ninth widened the split with the First Circuit, which had ruled in the 2013 case of Asadi v. G.E. Energy (USA) that disclosure to the SEC was required in order to receive protection under the anti-retaliation provisions of Dodd-Frank based on the “clear on its face” statutory language specifically defining a “whistleblower” as an employee who discloses information to the SEC. Thus, the First Circuit found that internal reporting of alleged misconduct alone is not sufficient to qualify for protection under Dodd-Frank.

The Somers case is on the docket for the Supreme Court’s 2017–2018 term. We will be watching with avid interest and will report back.

Caremark Claim Against Board for FCPA Settlement Fails

By John F. Libby, Partner, Corporate Investigations and White Collar Defense | Jacqueline C. Wolff, Partner, Corporate Investigations and White Collar Defense | Kenneth B. Julian, Partner, Litigation

Why it matters: On June 16, 2017, the Delaware Court of Chancery in the case of In re Qualcomm Inc. FCPA Stockholder Derivative Litigation dismissed a shareholders’ derivative lawsuit that had been brought against the board of directors of Qualcomm Inc. The complaint included a Caremark claim alleging that the Qualcomm board’s “conscious disregard for red flags” resulted in a “princelings” investigation by the Securities and Exchange Commission (SEC) and a March 2016 settlement pursuant to which Qualcomm paid the SEC a $7.5 million civil penalty to resolve Foreign Corrupt Practices Act (FCPA) violations. In dismissing the lawsuit, the court ruled that the complaint failed to adequately plead demand futility or bad faith on the part of Qualcomm’s board, finding among other things that the plaintiff shareholders “simply seek to second-guess the timing and manner of the board’s response to the red flags, which fails to state a Caremark claim.”

Detailed discussion: On June 16, 2017, the Delaware Court of Chancery in the case of In re Qualcomm Inc. FCPA Stockholder Derivative Litigation dismissed a shareholders’ derivative lawsuit that had been brought against the board of directors of Qualcomm Inc. The complaint included a Caremark claim alleging that the Qualcomm board’s “conscious disregard for red flags” led to a “princelings” investigation by the SEC and a March 2016 settlement (including a cease-and-desist order) pursuant to which Qualcomm paid the SEC a $7.5 million civil penalty to resolve alleged violations of the internal controls provisions of the FCPA. In dismissing the lawsuit, the court ruled that the complaint failed to adequately plead demand futility or bad faith on the part of Qualcomm’s board, finding among other things that the plaintiff shareholders “simply seek to second-guess the timing and manner of the board’s response to the red flags, which fails to state a Caremark claim.”

The court’s opinion details the SEC’s findings and cease-and-desist order in connection with the FCPA settlement at the heart of the shareholder derivative lawsuit. To briefly summarize, on March 1, 2016, the SEC announced that Qualcomm agreed to pay $7.5 million to settle charges that it and its Chinese subsidiary violated the internal controls provisions of the FCPA by hiring relatives of Chinese government officials who had decision-making power over “whether to select the company’s mobile technology products amid increasing competition in the international telecommunications market.” The SEC’s investigation further found that Qualcomm and its Chinese subsidiary “provided gifts, travel, and entertainment to try to influence officials at government-owned telecom companies in China.” In addition to paying the $7.5 million civil penalty, Qualcomm agreed to self-report and certify to the SEC for a two-year period about its FCPA compliance efforts (for more on the SEC’s FCPA settlement with Qualcomm and the SEC’s “princelings” investigations generally, see our March 2016 newsletter under “FCPA Focus on China, Princelings and the First SEC FCPA DPA with an Individual: Qualcomm and PTC”).

Following the SEC settlement, a shareholders’ derivative complaint (Complaint) was filed in the Delaware Court of Chancery against the Qualcomm board of directors that asserted as the first of three counts (the others being waste and unjust enrichment) a Caremark claim for breach of fiduciary duty based on improper board oversight (the claim name derives from the 1996 Delaware Court of Chancery case of In re Caremark International Inc. Derivative Litigation, which first established the test—discussed below—for board liability in an oversight context). We focus only on the Caremark claim here.

Qualcomm subsequently moved to dismiss the Complaint under Delaware Court of Chancery Rule 23.1 for, among other things, failure to adequately allege demand futility, which the court granted as to all three counts after first reviewing the standards that must be met to prove demand futility under Delaware law (“to excuse demand, the alleged derivative claims against the board must be sufficiently strong such that a majority of the members of the board face a ‘substantial likelihood’ of personal liability”).

The court began its analysis of the Caremark count by reiterating the two bases on which directors may be held liable for a Caremark claim under Delaware law: “(a) the directors utterly failed to implement any reporting or information system or controls; or (b) having implemented such a system or controls, consciously failed to monitor or oversee its operations thus disabling themselves from being informed of risks or problems requiring their attention.”

The court noted that the plaintiffs in this case were relying on the second prong of the Caremark test, and thus their Complaint “must allege ‘(1) that the directors knew or should have known that the corporation was violating the law, (2) that the directors acted in bad faith by failing to prevent or remedy those violations, and (3) that such failure resulted in damage to the corporation.’” Further, because the plaintiffs were not alleging that the Qualcomm board intentionally caused Qualcomm to violate the law, the court said that in order to adequately plead bad faith the plaintiffs “must plead particularized facts from which it is reasonably inferable that the [b]oard consciously disregarded its duties by ‘intentionally fail[ing] to act in the face of a known duty to act.’” In this regard, the court said, “[s]imply alleging that a board incorrectly exercised its business judgment and made a ‘wrong’ decision in response to red flags . . . is insufficient to plead bad faith.”

Applying these principles to the case before it, the court found that the Complaint “fails to allege particularized facts giving rise to an inference that a majority of the board faces a substantial likelihood of liability on the Caremark claim alleged” and thus failed to adequately plead demand futility.

The court said that, at the outset, it “need not address whether the alleged red flags actually constitute red flags or whether the board’s response to the alleged red flags caused damage to Qualcomm because the Complaint fails to plead facts giving rise to an inference that the board acted in bad faith.” For example, the court said that even “[a]ssuming for purposes of this analysis that the various reports to the Audit Committee and the board [cited by the plaintiffs] constituted red flags, the Complaint does not allege that the board consciously disregarded the red flags.” In fact, the court noted that “[m]any of the documents the Complaint cites as red flags also include planned remedial actions.”

The court then went through some of the Qualcomm board’s responses to the alleged “red flags” cited by the shareholders as proof of bad faith or conscious disregard on the part of the board, and concluded as follows:

“These responses to the red flags show that the board did not act in bad faith. There is no indication that the board believed Qualcomm could continue to violate the FCPA without consequences. And no allegations suggest that the Qualcomm board consciously disregarded the red flags. The allegations in the Complaint do not adequately plead ‘an intentional dereliction of duty’ after the board was aware of the risk of future FCPA violations through the red flags. In fact, Plaintiffs point to only two factual allegations as evidence of a failure to respond to the red flags: a December 31, 2013 target date for the translation of its FCPA compliance materials into Chinese (which Plaintiffs allege was too late) and the company’s plan to formulate a long-range FCPA plan (which Plaintiffs again contend was too late because it remained outstanding as of January 27, 2014). These board decisions do not rise to the level of bad faith. Instead, Plaintiffs here simply seek to second-guess the timing and manner of the board’s response to the red flags, which fails to state a Caremark claim.”

Finally, the court also rejected the plaintiffs’ argument that the SEC’s findings in the 2016 cease-and-desist order regarding Qualcomm’s violation of the FCPA were proof positive of dereliction of duty in bad faith by the Qualcomm board, stating:

“A corporation’s violation of the FCPA alone is not enough for director liability under Caremark. Delaware courts routinely reject the conclusory allegation that because illegal behavior occurred, internal controls must have been deficient, and the board must have known so. Delaware law, not the FCPA, establishes the standard for director liability, and under Delaware law, Plaintiffs’ Complaint does not allege bad faith.”

No International Double Jeopardy After U.S. FCPA Guilty Plea

By John F. Libby, Partner, Corporate Investigations and White Collar Defense | Jacqueline C. Wolff, Partner, Corporate Investigations and White Collar Defense | Kenneth B. Julian, Partner, Litigation

Why it matters: A recently circulated and sure to be controversial decision by a French court of appeals raises interesting issues in connection with cross-border prosecutions. In the decision, the French appellate court ruled that an individual who had pleaded guilty to Foreign Corrupt Practices Act (FCPA) violations and entered into a plea agreement in the United States could not be prosecuted for the same offense in France. The court’s novel reasoning: Because the individual had had “no choice” but to enter into the plea agreement with U.S. authorities (under which he was obligated to plead guilty and prohibited from later denying any admissions made in the agreement), he had been deprived of his right to self-defense protected by the European Convention on Human Rights (ECHR).

Detailed discussion: On June 28, 2017, online blog FCPA Professor posted a missive from Paris-based attorney Frederick Davis reporting on a decision by a French court of appeals (from September 2016 but only recently circulated) that adds another wrinkle to the ongoing issues surrounding cross-border prosecutions, at least between the United States and France.

The French appellate court ruled that an individual who had pleaded guilty to FCPA violations and entered into a plea agreement in the United States could not be prosecuted for the same offense in France. The court’s reasoning: Because the individual had had “no choice” but to enter into the plea agreement with U.S. authorities (under which he was obligated to plead guilty and prohibited from later denying any admissions made in the agreement), he had been deprived of his right to self-defense protected by the ECHR.

The case involved former U.K. solicitor Jeffrey Tesler, who in March 2011 had entered into a written plea agreement with the U.S. Department of Justice in which he agreed to plead guilty to FCPA violations. A Southern District of Texas court formally accepted the plea agreement in February 2012, at which point a judgment of conviction was entered against Tesler. At roughly the same time overseas, following a lengthy investigation in France by an investigating magistrate, Tesler was ordered to stand trial in November 2010 for alleged criminal violations of the French anti-bribery statute based largely on the same facts underlying the U.S. investigation.

In a decision handed down in September 2016 but circulated only recently, the French appellate court ruled that Tesler could not be prosecuted in France because (as translated from French) “[Tesler’s guilty plea] prohibited him from contradicting his acknowledgment of guilt for fear that the U.S. authorities would walk away from their agreement and reopen the prosecution against him, thus depriving him of his ability to insist on his innocence without abandoning his right against self-incrimination or his right of self-defense.” As Davis put it, the court’s “key reasoning was that by pleading guilty in the U.S., Tesler put himself under an obligation not to contradict any of the factual or legal representations he had made there, and therefore was powerless to defend himself in French court without fear of violating his plea agreement and incurring the wrath of U.S. prosecutors.”

To underscore this point, the court continued (again, translated from French), “It is difficult to conclude that this situation resulted from a considered and personal decision by the accused (even if surrounded by lawyers) when faced with American judicial authorities armed with such powers and capable of proceeding against him to obtain particularly lengthy sentences (several decades) if he refused to plead guilty.”

According to Davis, the court’s decision in the Tesler case was based on a “clearly animated” belief that U.S. criminal procedures “lack fairness” in contravention of the ECHR. Davis also noted that in 2015 another French court came to the same conclusion (i.e., no French prosecution after U.S. guilty plea) on different grounds based on the International Covenant on Civil and Political Rights, which decision is still being appealed to “uncertain outcome.” In addition to creating uncertainty in cross-border investigations, at least between the United States and France, Davis said that the “perverse effect” of these French cases “may be to encourage recourse to U.S. negotiated outcomes for the simple reason that its ruling means that a U.S. plea precludes prosecution in France, while the same would clearly not be the case were the situation reversed.”

Davis continued, “The notion that a carefully negotiated guilty plea by a wealthy defendant advised by experienced counsel, and apparently in strict compliance with U.S. procedures, is nonetheless ‘involuntary’ will appear preposterous to U.S. lawyers and prosecutors; on its face, the court’s ruling would undermine the validity of virtually any U.S. guilty plea. … It is the opinion of the author, however, that the perception is already widespread in Europe that U.S. prosecutors exercise far too much power with far too little judicial supervision, a point of view that this decision will encourage.”

Davis concluded with a discussion of the “right of self-defense” that French courts appear to believe is undercut by a U.S. guilty plea:

“[I]n France (and elsewhere in continental Europe) the right of self defense implies a right to some testimonial flexibility. Generally speaking, criminal defendants are encouraged to speak on their own behalf (among other reasons, because a strong inference of guilt may often be drawn from their failure to do so), but they are not put under oath. The reason for this is a widespread belief that it is unfair to force on a defendant the stark choice between insisting on silence (and leaving the prosecutor’s case unrebutted) and risking a perjury prosecution at the hands of the same prosecutor. This has led to the concept—which does not appear in any text, but is openly discussed in France—of a so-called ‘right to lie.’ Even before this decision, there has been frequent anecdotal comment, and one published article, criticizing provisions in many U.S. Deferred Prosecution and Non-Prosecution Agreements where a defendant formally agrees not to contradict elsewhere anything said in the agreement. This provision is clearly intended by U.S. prosecutors to avoid the public relations fiasco of a defendant insisting on innocence even after expressing contrition in a formal agreement, but in France is disparagingly called a “muzzle clause,” and is widely viewed as a pernicious example of the extraterritorial reach of U.S. criminal procedures.”

FCPA and Healthcare: The DOJ’s New Bedfellows

By John F. Libby, Partner, Corporate Investigations and White Collar Defense | Jacqueline C. Wolff, Partner, Corporate Investigations and White Collar Defense | Kenneth B. Julian, Partner, Litigation

Why it matters: In a speech on July 25, 2017, Sandra Moser, acting chief of the Fraud Section of the Department of Justice (DOJ), announced that prosecutors from the agency’s Foreign Corrupt Practices Act (FCPA) Unit would henceforth be “working hand in hand” with the Corporate Strike Force of the agency’s Healthcare Fraud Unit to “investigate and prosecute matters relating to healthcare bribery schemes, both domestic and abroad.”

Detailed discussion: On July 25, 2017, Sandra Moser, the acting chief of the DOJ’s Fraud Section, delivered a speech at the American Conference Institute’s 8th Global Forum on Anti-Corruption in High Risk Markets in Washington, D.C., where, among other things, she announced that prosecutors from the Fraud Section’s FCPA Unit would henceforth be “working hand in hand” with the Corporate Strike Force of the Fraud Section’s Healthcare Fraud Unit to “investigate and prosecute matters relating to health care bribery schemes, both domestic and abroad.”

Moser’s remarks were made in the context of a larger “state of the FCPA” speech. She began by stating that at this point in time, the United States and other countries “stand at a critical juncture in the fight against transnational corruption” and its devastating effects, giving as examples the “undermin[ing] of the rule of law and destabiliz[ation of] economies; the link between corruption and terrorism and the attendant threat to global security; [and] the erosion of the free and fair market and, with it, the public’s confidence.” Moser said that, from an FCPA enforcement perspective, the DOJ is “well-positioned to remain at the forefront of the fight against corruption” especially with full and increasingly strong coordination with the global enforcement community.

To combat such “deep rooted and pervasive corruption,” Moser said that corporations needed to “[b]e better, do better” and provided a helpful list to accomplish this, including investing in a robust compliance program sooner rather than later and empowering compliance officers. Moser stated that the Fraud Section—through its FCPA Unit—is doing its part to “be better, do better” by, among other things, “taking additional steps to enhance our enforcement of the FCPA against both corporate and individual actors, and to promote transparency in doing so.” Moser pointed to the FCPA pilot program announced in April 2016 as just one example of the DOJ’s focus on transparency by offering “clearer guidelines not only internally to our own prosecutors, but to companies and their employees, regarding what is required to receive full credit under its auspices.” See our April 2016 newsletter article titled “Alert: DOJ Launches New FCPA Voluntary Disclosure Pilot Program” for a discussion of the FCPA pilot program’s provisions.

After providing an overview of the FCPA Unit’s notable global resolutions and enforcement actions against both corporations and individuals in 2016 and the first six months of 2017 across all markets, industries and business sectors, Moser turned her focus to the healthcare industry: “This conference is all about high-risk regions and high-risk industries. As you know, health care cuts across both.” Moser pointed out that in recent years healthcare companies have increasingly come before the Fraud Section in connection with FCPA violations: “Investigations have revealed that healthcare companies operating overseas frequently interact with state-employed doctors and foreign public officials who work for government-owned hospitals and medical institutions. In addition, publicly funded and administered foreign health care programs are invariably run by government officials, which means that, to do business in these countries, a company must deal with government officials. As a result, we have seen a number of significant FCPA cases involving the payment of bribes and kickbacks by healthcare companies to foreign officials to obtain a wide variety of improper business advantages.”

Moser noted that, in all of these instances, the FCPA violations arose from failures in the healthcare companies’ compliance programs, or the absence of those programs altogether. Among the “basics” for large international corporations that were lacking or missing altogether were “things like maintaining a confidential employee hotline, enhancing training, having those at the top of the food chain certify to the effectiveness of the compliance program, and adopting guidelines to claw back bonuses and the like from those executives that engage in misconduct or who simply fail to promote compliance within their organization.”

Thus, Moser concluded, “to become better and more efficient” at investigating and prosecuting foreign bribery and kickbacks involving healthcare companies and their executives, she was announcing a new partnership between the Corporate Strike Force of the Healthcare Fraud Unit and the FCPA Unit: “Together they will investigate and prosecute matters relating to health care bribery schemes, both domestic and abroad. This increased coordination will ensure that companies, their executives, employees, and agents are held to account for the payment of bribes and kickbacks to foreign and domestic officials and actors regardless of the market.”

Criminal Charges, Civil Fines for Bitcoin Exchange and Operator

By John F. Libby, Partner, Corporate Investigations and White Collar Defense | Jacqueline C. Wolff, Partner, Corporate Investigations and White Collar Defense | Kenneth B. Julian, Partner, Litigation

Why it matters: On July 26, 2017, the Department of Justice (DOJ) announced that a grand jury in the Northern District of California had indicted the digital currency exchange BTC-e and the Russian national behind it for operating an unlicensed money service business and money laundering. That same day, the Financial Crimes Enforcement Network (FinCEN)—in its first action against a “foreign-located money services business”—announced that it had assessed civil fines in excess of $110 million against BTC-e and $12 million against the Russian national for violating U.S. anti-money laundering (AML) laws.

Detailed discussion: On July 26, 2017, the DOJ announced that a grand jury in the Northern District of California had indicted digital currency exchange BTC-e and Russian national Alexander Vinnik for “operating an unlicensed money service business, money laundering, and related crimes.” That same day, FinCEN—in its first action against a “foreign-located money services business”—announced that it had assessed civil fines in excess of $110 million against BTC-e and $12 million against Vinnik for “willfully violating U.S. anti-money laundering (AML) laws.”

Criminal charges: The indictment handed down by the grand jury described BTC-e, founded in 2011, as “one of the world’s largest and most widely used digital currency exchanges,” receiving “more than $4 billion worth of bitcoin over the course of its operation.” Per the DOJ, BTC-e’s website indicates that the company is “situated” in Bulgaria but organized under the laws of Cyprus, and BTC-e also allegedly maintains a “base of operations” in the Seychelles islands. Furthermore, the DOJ said that BTC-e has web domains registered to shell companies in, among other places, Singapore, the British Virgin Islands, France and New Zealand.

The indictment further described Vinnik, who was arrested in Greece on July 25, 2017, as “the owner and operator of multiple BTC-e accounts, including administrator accounts, and also a primary beneficial owner of BTC-e’s managing shell company, Canton Business Corporation.” The indictment alleged that “numerous withdrawals from BTC-e administrator accounts went directly to Vinnik’s personal bank accounts … [and] proceeds from well-known hacks and thefts from bitcoin exchanges were funded through a BTC-e administrator account associated with Vinnik.” As one example, the indictment alleged that Vinnik received funds—which he later laundered through online exchanges (including BTC-e)—from the “infamous computer intrusion or ‘hack’ of Mt. Gox—an earlier digital currency exchange that eventually failed, in part due to losses attributable to hacking.”

The indictment alleged that BTC-e “allowed its users to trade in the digital currency ‘Bitcoin’ with high levels of anonymity” and that since BTC-e’s inception, (1) “Vinnik and others developed a customer base for BTC-e that was heavily reliant on criminals, including by not requiring users to validate their identity, obscuring and anonymizing transactions and source of funds, and by lacking any anti-money laundering processes”; (2) “BTC-e was operated to facilitate transactions for cybercriminals worldwide and received the criminal proceeds of numerous computer intrusions and hacking incidents, ransomware scams, identity theft schemes, corrupt public officials, and narcotics distribution rings”; and (3) “BTC-e was used to facilitate crimes ranging from computer hacking, to fraud, identity theft, tax refund fraud schemes, public corruption, and drug trafficking.”

Although BTC-e conducted “substantial” business in the United States, the indictment further alleged that the currency exchange was “not registered as a money services business with the U.S. Department of the Treasury, had no anti-money laundering process, no system for appropriate ‘know your customer’ or ‘KYC’ verification, and no anti-money laundering program as required by federal law.”

Under the indictment, BTC-e and Vinnik were charged with one count of operation of an unlicensed money service business (in violation of 18 U.S.C. § 1960) and one count of conspiracy to commit money laundering (in violation of 18 U.S.C. § 1956(h)). In addition, Vinnik was charged with 17 counts of money laundering (in violation of 18 U.S.C. § 1956(a)(1)) and two counts of engaging in unlawful monetary transactions (in violation of 18 U.S.C. § 1957).

Said Brian J. Stretch, U.S. attorney for the Northern District of California, “Cryptocurrencies such as Bitcoin provide people around the world new and innovative ways of engaging in legitimate commerce. As this case demonstrates, however, just as new computer technologies continue to change the way we engage each other and experience the world, so too will criminals subvert these new technologies to serve their own nefarious purposes.” Added Acting Assistant Attorney General Kenneth A. Blanco, “The Criminal Division will work tirelessly to identify those who use technology to conduct and obscure their criminal activity, as we ensure there are no safe havens from U.S. justice for those who seek to victimize Americans.”

FinCEN fines: In its press release, FinCEN said that the supervisory enforcement action against BTC-e and Vinnik (against which and whom it assessed $110 million and $12 million in civil fines, respectively) was “the first it has taken against a foreign-located MSB [money services business] doing business in the United States.”

FinCEN described BTC-e as “an internet-based, foreign-located money transmitter that exchanges fiat currency as well as the convertible virtual currencies Bitcoin, Litecoin, Namecoin, Novacoin, Peercoin, Ethereum, and Dash. It is one of the largest virtual currency exchanges by volume in the world.” FinCEN said that to date BTC-e had conducted “over $296 million in transactions of bitcoin alone and tens of thousands of transactions in other convertible virtual currencies.” FinCEN noted that while BTC-e had taken great pains to conceal its geographic location and ownership, it had conducted transactions within the United States and thus “was required to comply with U.S. AML laws and regulations as a foreign-located MSB including AML program, MSB registration, suspicious activity reporting, and recordkeeping requirements.”

Overall, FinCEN said that BTC-e “facilitated transactions involving ransomware, computer hacking, identity theft, tax refund fraud schemes, public corruption, and drug trafficking” and “embraced the pervasive criminal activity conducted at the exchange.” Among BTC-e’s specific AML violations cited by FinCEN were the following: (1) “BTC-e failed to obtain required information from customers beyond a username, a password, and an e-mail address”; (2) “Users openly and explicitly discussed criminal activity on BTC-e’s user chat [and] BTC-e’s customer service representatives offered advice on how to process and access money obtained from illegal drug sales on dark net markets like Silk Road, Hansa Market, and AlphaBay”; (3) BTC-e “processed [over 300,000 bitcoin] transactions involving funds stolen between 2011 and 2014 from one of the world’s largest bitcoin exchanges, Mt. Gox”; and (4) BTC-e facilitated “at least $3 million of … transactions tied to ransomware attacks such as ‘Cryptolocker’ and ‘Locky’ [and] shared customers and conducted transactions with the now-defunct money laundering website Liberty Reserve.”

Said Jamal El-Hindi, acting director of FinCEN, “We will hold accountable foreign-located money transmitters, including virtual currency exchangers, that do business in the United States when they willfully violate U.S. anti-money laundering laws ... This action should be a strong deterrent to anyone who thinks that they can facilitate ransomware, dark net drug sales, or conduct other illicit activity using encrypted virtual currency.”

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP
Contact
more
less

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up using*

Already signed up? Log in here

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
Privacy Policy (Updated: October 8, 2015):
hide

JD Supra provides users with access to its legal industry publishing services (the "Service") through its website (the "Website") as well as through other sources. Our policies with regard to data collection and use of personal information of users of the Service, regardless of the manner in which users access the Service, and visitors to the Website are set forth in this statement ("Policy"). By using the Service, you signify your acceptance of this Policy.

Information Collection and Use by JD Supra

JD Supra collects users' names, companies, titles, e-mail address and industry. JD Supra also tracks the pages that users visit, logs IP addresses and aggregates non-personally identifiable user data and browser type. This data is gathered using cookies and other technologies.

The information and data collected is used to authenticate users and to send notifications relating to the Service, including email alerts to which users have subscribed; to manage the Service and Website, to improve the Service and to customize the user's experience. This information is also provided to the authors of the content to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

JD Supra does not sell, rent or otherwise provide your details to third parties, other than to the authors of the content on JD Supra.

If you prefer not to enable cookies, you may change your browser settings to disable cookies; however, please note that rejecting cookies while visiting the Website may result in certain parts of the Website not operating correctly or as efficiently as if cookies were allowed.

Email Choice/Opt-out

Users who opt in to receive emails may choose to no longer receive e-mail updates and newsletters by selecting the "opt-out of future email" option in the email they receive from JD Supra or in their JD Supra account management screen.

Security

JD Supra takes reasonable precautions to insure that user information is kept private. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. However, please note that no method of transmitting or storing data is completely secure and we cannot guarantee the security of user information. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of user information at any time.

If you have reason to believe that your interaction with us is no longer secure, you must immediately notify us of the problem by contacting us at info@jdsupra.com. In the unlikely event that we believe that the security of your user information in our possession or control may have been compromised, we may seek to notify you of that development and, if so, will endeavor to do so as promptly as practicable under the circumstances.

Sharing and Disclosure of Information JD Supra Collects

Except as otherwise described in this privacy statement, JD Supra will not disclose personal information to any third party unless we believe that disclosure is necessary to: (1) comply with applicable laws; (2) respond to governmental inquiries or requests; (3) comply with valid legal process; (4) protect the rights, privacy, safety or property of JD Supra, users of the Service, Website visitors or the public; (5) permit us to pursue available remedies or limit the damages that we may sustain; and (6) enforce our Terms & Conditions of Use.

In the event there is a change in the corporate structure of JD Supra such as, but not limited to, merger, consolidation, sale, liquidation or transfer of substantial assets, JD Supra may, in its sole discretion, transfer, sell or assign information collected on and through the Service to one or more affiliated or unaffiliated third parties.

Links to Other Websites

This Website and the Service may contain links to other websites. The operator of such other websites may collect information about you, including through cookies or other technologies. If you are using the Service through the Website and link to another site, you will leave the Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We shall have no responsibility or liability for your visitation to, and the data collection and use practices of, such other sites. This Policy applies solely to the information collected in connection with your use of this Website and does not apply to any practices conducted offline or in connection with any other websites.

Changes in Our Privacy Policy

We reserve the right to change this Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our privacy policy will become effective upon posting of the revised policy on the Website. By continuing to use the Service or Website following such changes, you will be deemed to have agreed to such changes. If you do not agree with the terms of this Policy, as it may be amended from time to time, in whole or part, please do not continue using the Service or the Website.

Contacting JD Supra

If you have any questions about this privacy statement, the practices of this site, your dealings with this Web site, or if you would like to change any of the information you have provided to us, please contact us at: info@jdsupra.com.

- hide
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.