BHC Mean Bank Holding Company

Bank Holding Company is a company that owns one or more subsidiary banks. There is no regional designations for such a company, but often they are interstate and international. These companies are usually interstate because there is no reason to hold multiple bank brands within a given state. Many of these companies are international, reaching both investors and clients abroad.

Bank Holding Companies are supervised by the Federal Reserve.

chevy chase capital one


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.


Subordinated Debt Means Last To Get Paid

Gulliver Seeks Extreme Solutions as HSBC Breakup Option Seen – Bloomberg

Subordinated debt is like any other debt, borrowed capital, except with one crucial difference. It is debt that gets paid off last if the debtor goes into bankruptcy. For this reason, usually there is a slightly higher interest rate for this type of debt.

Subordinated debt can be issued to avoid bank failure. A bank issues debt, an IOU, that is at least 10 years, and then with the borrowed funds, it pays off debts due in the near future. This is not a ideal situation, but the interest rates tend to be quite attractive. The terms of the loan may also include a clause that allows the bank to pay off the loan in the future after a certain number of months or years, allowing the bank to seek out lower interest rate subordinated debt or other ways of building capital reserves.

Obama to Create New Central Cybersecurity Agency

The private sector plays a more central role in spotting and responding to cyber incidents than they do in the counterterrorism realm, where the government largely takes the lead. – Lisa O. Monaco, President’s Homeland Security and Counterterrorism Advisor
Seal of the Office of the Director of National Intelligence

Lisa Monaco announced the launch of Cyber Threat Intelligence Integration Center (CTIIC), which will provide analysis to policymakers and intelligence operatives using private sector data.

CTIIC will report to the Director of National Intelligence.

This was also written about in a previous post.




About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

GRC Means Governance, Risk & Compliance

GRC is an abbreviation for Governance, Risk and Compliance. These three functions are put together to increase efficiency and efficacy. Governance is responsible for overseeing the implementation of decisions made by the board of directors. Risk is responsible for analyzing all risks that impact revenue and operations. Compliance is responsible for meeting regulatory requirements to reduce, primarily, legal exposure. So, protect the integrity of management decisions, protect the business that makes the organization successful, and protect the organization from unnecessarily dealings with governments.

Going Through TSA
Going Through TSA

Depending on the industry, an organization maybe have licensed attorneys as heads of each of these areas. Other times, a separate legal department is created not just to deal with litigation issues but advising the organization on any combination of these three issues, there by allowing the organization to have functional and industry experts lead these areas. Governance can be lead by MIS or Audit professional – MIS means Management Information Systems. Risk can be lead by IT or operations professional – IT means Information Technology. Compliance can be led by Audit or front-office professional.

Front-office is a term used for the area of an organization that focuses on revenue and sales. Bankers in a bank are front-office professionals.

All three areas require a combinations of special knowledge.
Governance covers management issues, an understanding of operations, concerns of investors and shareholders and information being shared within the organization, both how and what. This person must have a strong understanding of the organization’s structure.

Risk covers capital requirements (if a bank), supply chain, losses from inefficiencies in the operations and the like. This person must have a strong understanding of how the business operates.

Compliance covers regulatory exams and responses, investigation, surveillance, monitoring, controls and policies and procedures, and sanctions (if a bank). This person must have a strong understanding of expectations by regulators as well as be a person who can persuade line-of-business professionals to buy-in to a set of rules for the whole organization to play by.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

AML Means Anti-Money Laundering

Money Laundering is the process of making earning from criminal activities into legitimate money. It’s called “laundering” because the money from criminal activities is considered “dirty” money, so, “laundering” it would “clean” it. AML is the activity of preventing and identifying those activities.

The general process of money laundering begins by placing the dirty money into the financial system, layering it under the cover of a legitimate business and then integrating it by acquiring the funds legally. There are various strategies and tactics to successfully laundering money but with the aid of technology and broader reach of the global financial system, it is much more difficult to succeed.
Van Heusen Advert via Erotic Mad Science

Because there are so many ways and so many places criminals try to launder money, there are many organizations involved. FATF was formed to provide guidelines for enforcement of anti-money laundering activities. All of the financial regulators are involved in oversight, review, exam and enforce AML activities. Intelligence and law enforcement organizations are also involved because the criminal activities tend to be mixed with other criminal activities.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

SAR Means Suspicious Activity Report

SAR is a very important regulatory tool, and a financial institution that ignores it ignores it with great peril. The Report is filed with FinCEN, but nearly ever other regulatory body has a link to FinCEN regarding SAR’s. The OCC, the IRS, even the Department of Homeland Security has a link to FinCEN regarding SAR’s. Here’s an example of the form:
FinCEN Form 109

This form is three pages long and this attachment comes with three pages of instructions. The instructions are written so that even a lay-person without a legal or compliance background should be able to fill it out. A small financial institution may not have a dedicated compliance officer, so, it is very important to understand that there is a 30-day deadline from the moment of the suspicious activity.
The consequences could be detrimental to your business. Your business or you specifically could be charged with enabling, abetting or in any other way aiding terrorist or other money laundering activity.

Generally, this is not an issue that should require a legal counsel. FinCEN is out to enforce the law, not to prosecute it. Its goal is to catch bad guys and if you are helping them, they are likely to look at your favorably. However, should you run out of time before you can determine whether you need to file a report or not, or you are made aware of the activity after the deadline, filing the form late is better than not filing at all. Explaining the reasons for delay is acceptable.
Should you find that your business is starting to attract suspicious activities more frequently than desired, connecting with lawyers who specialize in compliance for counsel will be a very important investment in mitigating this particular risk.

Ultimately, it is in the interest of the business to file a SAR with FinCEN rather than not file.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

Carbanak Robs Banks And Bank Clients of $1 Billions

The greatest heist of the century: hackers stole $1 bln.

Carbanak is a an APT-style campaign targeting (but not limited to) financial institutions that was claimed to have been discovered in 2015 by the Russian/UK Cyber Crime company Kaspersky Lab who said that it had been used to steal money from banks. The malware was said to have been introduced to its targets via phishing emails. The hacker group was said to have stolen over 500 million dollars, or 1BN dollars in other reports, not only from the banks but from more than a thousand private customers. – Kaspersky Labs

To date, the main targets have been in the United States and Russia followed by Germany, Ukraine and China. Not only is the amount stolen large and the number of institution breached many, but the amount of time this has been going on has been long, years, in fact. The official Kaspersky Labs report claims to have evidence of this beginning in 2013. The way the hackers extracted money were varied. Sometimes it was relatively simple: the virus would attack an ATM and would just spit out loads of cash at a scheduled time, allowing a member of the hacking team to go and pickup the cash. Other times it used sophisticated methods: attacking the accounting system, incorrectly placing the decimal point of an account so the account balance was ten times more than it should be and then it would correct it by transferring the extra amount into accounts it had setup in other banks, laundering the funds and making it legit. Essentially, it was creating money. And the correction would go unnoticed because all of this would take place before the banks would have run a account balance check, which banks do with every account, though it’s been found out that many banks only do this about once every ten hours.

While I am able to explain it to you, my reader, in just one long sentence about one of its sophisticated methods, you must understand that there are multiple systems checking for correct coding of every transaction and every account. In order to go undetected, the virus must be able to do two things very well: it must understand the various languages used by various systems and the algorithms being used by these systems for both routine and special operations as well as mimic human interaction with these systems. The first part might sound like a defined problem that can be solved but it isn’t. The algorithms are built to change as it learns more. Carbanak was designed to learn and wait long before executing its financial transactions, if one can call it that.

Kaspersky Labs is the name of a cyber security firm based out of Russia named after its founder, Eugene Kaspersky. Kaspersky was trained in mathematical engineering at Moscow Institute of Physics and Technology, which was established and run by the Russian Defense Ministry and the KGB, Russian intelligence. Because of this background, the Lab hasn’t received as much business as it could have. However, over the years, with Kaspersky writing and opining about cyber crime and cyber security in reputable media outlets and with the Lab’s success in forensic research, like this one, Kaspersky Lab has been garnering more and more corporate clients. Kaspersky Lab also has retail security products.

Below, I have provided the report and various inforgraphics that Kaspersky Labs has created to educate the world on Carbanak. Also, I have provided a list of links that will help you quickly understand the issues surrounding the initiation, operation and discovery of the virus.

Carbanak APT Rpt Img
Carbanak APT: The Great Bank Robbery v2.0 by Kaspersky Lab



Carbanak_2_en map_Carbanak inf_Carbanak_x12802Carbanak_2_en


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.