Dear Friend of Snell & Wilmer:
The latest edition of Global Connection offers insight into a potential money laundering crackdown in the real estate sector, information on the Federal Trade Commission’s approach to data breach investigations and a legal alert regarding the requirement of a U.S. person with a foreign affiliate to make specific tax filings. These articles demonstrate the continued importance of cyber security measures, as well as highlight new rules and regulations in the United States that have potential impact on companies and individuals abroad.
We hope this edition of Global Connection proves useful as you continue to seek out new opportunities at home and abroad.
Best regards,
Lindsey E. Martínez
Editor
Money Laundering Crackdown in Real Estate Sector?
by Craig S. Denney
The Director of the Financial Crimes Enforcement Network (also known as FinCEN) recently gave a speech in San Francisco regarding the agency’s investigative priorities. Director Jennifer Shasky Calvery’s comments drew media attention because she mentioned the need for more transparency of real estate transactions negotiated by professionals (like brokers, title companies, accountants and lawyers). Calvery suggested that real estate professionals should perform more due diligence and anti-money laundering (AML) scrutiny of large real estate transactions involving shell companies. For the past decade, federal law enforcement has been more aggressive in pursuing civil enforcement penalties and even criminal prosecution of financial institutions that are involved in aiding and abetting money laundering activities of bank customers. Now, it appears FinCEN has decided to scrutinize the beneficial ownership of real estate purchased and owned by shell companies.
Three months ago, the New York Times published a front-page investigative story that reported about suspected money laundering by international organized crime in the lucrative real estate market of Manhattan. Numerous multi-million dollar real estate transactions were conducted by shell companies that have no business operations or employees. This article may have drawn the attention of regulators and investigators at FinCEN.[1] Just this week, Law360 also published an article entitled “Real Estate Industry Poised for Money Laundering Crackdown.”[2] Shell corporations (often formed as limited liability corporations) do have legitimate business purposes as transactional entities for deals that involve tax reasons, limitations of financial liability and investor privacy. However, federal prosecutors and law enforcement agencies typically find shell companies are often utilized to disguise money laundering and hide illicit proceeds of criminal or fraudulent conduct.
FinCEN’s attention to the real estate market may prompt real estate professionals to do more due diligence and ensure they “know their customer” before engaging in transactions with shell entities. Even though the Bank Secrecy Act (BSA) does not apply to real estate transactions (that do not involve a bank mortgage), the federal money laundering statutes (18 U.S.C. 1956 and 1957) apply to everyone when proceeds from a specified unlawful activity are being used.
The director’s comments may signal a trend in real estate that follows the post 9/11 crackdown of financial institutions who ignore AML obligations (such as preparing suspicious activity reports and filing currency transaction reports) and run afoul of the BSA. Real estate professionals should be cautious of being willfully blind to who their customers are and where the cash is coming from for a lucrative real estate transaction. FinCEN is now looking more closely at these deals.
Note:
[1] The New York Times, “Towers of Secrecy: Stream of Foreign Wealth Flows to Elite New York Real Estate.” By Louise Story and Stephanie Saul (Feb. 7, 2015)
[2] The author of this article was interviewed by Law360’s reporter Natalie Rodriguez.
Inside Insight: How the FTC Approaches Data Breach Investigations
by Ryan D. Ricks
A data breach hurts in a myriad of ways – the tarnished image of the breached company, the diminished consumer trust and the bottom-line impact of remedial costs and lost business. The last thing a company already reeling from a data breach wants to see is a government agency knocking on the door to investigate its data privacy and security practices. Yet, such investigations are increasingly common following data breach disclosures; in the last year, various state Attorneys General, the Department of Health and Human Services and the Federal Communications Commission have all announced data security investigations and/or fines.[1]
On May 20, 2015, the Federal Trade Commission (FTC) provided an overview of what a company can expect if it is the target of an FTC investigation related to data security. In a blog post on the FTC website[2], FTC assistant director Mark Eichorn shed some light on what might otherwise be an opaque process. Once the FTC becomes aware of a breach, it typically will:
-
Conduct informal diligence by reviewing publicly available information or direct company contact;
-
If warranted, open a full investigation, seeking to understand the circumstances surrounding the breach by making formal request for company documents, conducting interviews with knowledgeable interviews and reviewing outside information from vendors or experts; and
-
Evaluate the results and if appropriate, make a recommendation to the Commission to take administrative action or bring a case in federal court.
Eichorn’s post provides some clarity on internal FTC investigation processes, but perhaps more important, it offers insight into the likely posture of the FTC toward the company subject to the investigation. Cooperation is key:
“We’ll also consider the steps the company took to help affected consumers, and whether it cooperated with criminal and other law enforcement agencies in their efforts to apprehend the people responsible for the intrusion. In our eyes, a company that has reported a breach to the appropriate law enforcers and cooperated with them has taken an important step to reduce the harm from the breach. Therefore, in the course of conducting an investigation, it’s likely we’d view that company more favorably than a company that hasn’t cooperated.”
Companies should note that this explanation is similar to guidance issued in April 2015 by the Department of Justice (DOJ), where the DOJ indicated that “companies from regulated industries that cooperate with law enforcement may be viewed more favorably by regulators looking into a data breach.”[3] Likewise, in late May 2015, FBI cybersecurity division Deputy Assistant Director Donald Good spoke at the Financial Industry Regulatory Authority annual conference[4] and clarified that the FBI was now treating breached companies more like victims rather than potentially negligent custodians of personal data. Because the FTC has made it clear that cooperating with law enforcement will be viewed as “an important step to reduce the harm from the breach”, each company should give serious consideration to the amount of cooperation (or lack thereof) it extends to law enforcement following a data breach.
So – can cooperating with law enforcement after a data breach keep the regulators and the civil lawsuits at bay? Probably not. But failing to cooperate may significantly increase the post-breach regulatory scrutiny, thus pouring salt on an already open wound.
New Requirement to File BE-10: Benchmark Survey of U.S. Direct Investment Abroad
by Carlene Y. Lowry, Mark A. Ziemba, Roger A. Grad and William A. Kastin
Any U.S. person with a foreign affiliate is required to file the 2014 Form BE-10, Benchmark Survey of U.S. Direct Investment Abroad by June 30, 2015 or face civil penalties between $2,500 and $25,000. Further, a willful failure to file can result in a separate criminal penalty of not more than $10,000 and imprisonment for not more than one year. This penalty structure applies to U.S. persons holding investments and to officers, directors, employees or agents who knowingly participate in such failures. The requirement to file Form BE-10 has caught many persons by surprise because the Form was previously only required to be filed upon request. The original filing date of the 2014 Form was May 29, 2015, but was extended to June 30, 2015 for first time filers.
The instructions to Form BE-10A state that any person who is resident in the United States or subject to the jurisdiction of the United States must file Form BE-10A if such person had direct or indirect ownership or control of at least 10 percent of the voting stock of an incorporated foreign business enterprise, or an equivalent interest in an unincorporated foreign business enterprise, at any time during the 2014 fiscal year. If the U.S. person filing Form BE-10A (termed a “U.S. Reporter”) is a corporation, Form BE-10 must cover the fully consolidated U.S. domestic business enterprise.
Note that the definition of “U.S. person” for this purpose is not the same as the definition of a “United States person” provided for in the Internal Revenue Code in 26 U.S.C.A. 7701(a)(30) for federal income tax purposes. Instead, the instructions to Form BE-10 state that an individual is considered a resident of, and subject to the jurisdiction of, the country in which the individual is physically located, subject to certain qualifications regarding temporary assignments. Thus, it appears that a U.S. citizen who permanently resides abroad does not need to file the current version of Form BE-10A.[1]
A U.S. person’s ownership of foreign real estate, however, is defined as a business enterprise that must be reported as a foreign affiliate, regardless of whether the property is held in a foreign entity. The filing is required unless the property is held exclusively for personal use and not for profit-making purposes. There is some flexibility in the definition of “exclusively” if the property is a personal residence, but is rented out while the U.S. person resides in the U.S.
