DPA Means Deferred Prosecution Agreement

Deferred prosecution agreements (DPAs) encourage individuals and companies to provide the SEC with forthcoming information about misconduct and assist with a subsequent investigation. In return, the SEC refrains from prosecuting cooperators for their own violations if they comply with certain undertakings. – SEC

DPA’s are also used by the DOJ.

For a company or an individual who may have unwittingly been involved in financial crime, DPA is often the best option. There are two main types of DPA’s, with and without admission of violation.

Obviously, not admitting to violation is the best option. This option can only be provided if the violator’s intended results were not a violation in themselves. This doesn’t mean it’s the end of the violator’s troubles. The violator may face professional punishments if s/he is licensed or certified. In rare cases, the violator will be barred from the profession.

Wolf of Wall Street by Martin Scorsese via Aerometal

Admitting to the violation only strengthens the case against the violator’s disbarment. On top of that, the violator may face disbarment from the industry regardless of the function. Admission could be career suicide.

It used to be that corporations wanted to avoid admission because it meant suicide for the corporation. But last year, the regulators showed their willingness to work with corporations on leniency, if that’s what it can be called. A number of corporations entered into agreements to admit to wrong doing and pay hefty violations but DPA’s were executed in such a way so that corporations may have taken a hit to their assets, but the shareholders’ equity would not be affected.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

How super cookies threaten bank security

Super cookies threaten bank security by exposing both customer data in ways that are more discreet than ever before.


What are super cookies?

Super cookie are sometimes called zombie cookies. The most typical type of super cookie is called flash cookie because it is a cookie from Adobe Flash plug-in. Cookies are little bits of code websites leave on your browsers cookie folder so that it can remember your preferences and, should you choose to do so, account information and password. Basically, when you turn on your browser and you can get to your email or Facebook without having you login, the website has a cookie in your browser cookie folder. It is pretty convenient.

The usual threat

If this bit of code contains personal information, then of course your identity is threatened by anything that is going to try to retrieve it when it is not supposed to. The codes need to be deciphered, usually. There are lots of websites and phone applications known to have very security on their cookies, making it very simple to decipher. On a consumer level, this is dangerous because most consumers are not all that creative with their passwords, using the same one for all of their accounts.

The banking relevance

For banks, the threat is more real than ever. Transactions are usually legitimized in multiple ways: correctly identifying the transaction parties, correctly using the transaction accounts, correctly using passwords, matching payment sender and receiver, matching banking institutions and on and on. Most of these matches have been nearly eliminated because the banking system has taken care of most of them, having the consumer contact points reduced to the point of sale.

The primary banking threat

Now that the whole purchasing process can take place online, a digital path can be created for transactions. Here’s how it works: Jaco wants to purchase a bass guitar. He goes to SuperBassGuitarGlobalMarket.com and looks around. Jaco looks are strings and pick-ups and amplifiers along with bass guitars. He purchases a rare Flea Bass and nothing else. SBGGM keeps a cookie on his computer so that when he returns the website can present him with suggestions based on his purchase and his surfing history. If Jaco deletes the SBGGM cookie, then his return visit will not have any suggestions based on his surfing history. If SBGGM uses Adobe Flash on its website and creates a cookie in Adobe Flash, it keeps the cookie in an Adobe folder rather than a browser folder. Jaco’s return visit, will show him suggestions based on his previous visits even if he deleted SBGGM’s browser cookie. A cyber criminal can hack into Jaco’s computer, get onto SBGGM’s website, get on Jaco’s account, make purchases from the website suggestions, have them shipped to another address. From there, bought items could be sold for money. To add an additional layer of stealth, the cyber criminal can make purchases that are small every month to go undetected, especially if Jaco tends to just pay for all of the credit card balance at the end of each month. As long as the consumer does not pay attention to every transaction, consumer is paying for these transactions. Banks have been flooded with small fraudulent transactions. These transactions make banking more expensive for everyone.

Because super cookies circumvent a consumer’s deliberate attempt to erase information trails, it poses a super threat.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

How Net Neutrality Threatens Banks

Tom Wheeler is being credited for being the twenty first century’s Senator Joseph Kennedy.Tom_Wheeler_FCC

Last week, Tom Wheeler, Chairman of the Federal Communications Commission (FCC), publicly announced his support for Net Neutrality.


1219px-FCC_New_Logo.svgNet Neutrality is the name of the principle that all internet service providers (ISPs) should provide equal access to the their content providers. Proponents of Net Neutrality claim that it is this principle that has enabled many small content providers, social networks and economic platforms to flourish. Without continuing a policy that implements this principle, the next developing the next big thing will be so expensive that it won’t happen, at worst, or will happen in other economies, at best. Also, proponents are argue that a tiered service would amount to content discrimination. Proponents include Yahoo!, eBay, Amazon, Microsoft, Lawrence Lessig, Steve Wozniak and, even, President Barack Obama.

Those against Net Neutrality argue that the current system hinders financing the development of better telecom infrastructure, customers, especially lower income customers, are subsidizing large bandwidth heavy content providers and effectively lowering the service quality they receive. Those against Net Neutrality include major telecommunications providers, internet service providers and free market types. (Sadly, the names against Net Neutrality just aren’t as well known as the proponents, thereby making it unnecessary to enumerate.)

Both sides are correct.

Net Neutrality logoCurrently, Net Neutrality is in place. This means that when most people go online to do bandwidth heavy activities, such as listening music on Spotify or Pandora, or watching videos on Youtube or Netflix, no additional charges are incurred. If Net Neutrality was done away with, either the customers or the music and video providers or a combination of the two will have to pay for the heavy bandwidth. Seems more expensive?

Well, imagine if you are one of those creative types who are trying to develop something that will compete with YouTube, one of the groups of people proponents would like to protect. Because your competitor is providing their service for free, no one wants to go to your site. You are ten years behind and whatever great idea you have is very unlikely to get the notice to effectively compete with the established players. Customers are getting a great experience with existing industry players but they are missing out on potentially others.

There are more ways to think about what the alternative universe would look like in a world without Net Neutrality. One can even look at other developed economies to see how their industries have fared without Net Neutrality. Most common example is the United Kingdom.

How Net Neutrality Threatens Banks

Banking on both retail and investment side are being done more and more on the internet. Banking was one of the first industries to adopt internet technology. this makes sense since banking is a transaction system. Anything that helps to reduce the cost, increase the speed and better secure transactions would make an industry player more competitive.

Banking industry has experienced two major transitions in the last century. First was the transition from currencies backed by precious metals to fiat currencies. Second was from fiat currencies to digital currencies. Today, nearly all of the $2 Trillion in currency transactions per day are done digitally between computers. Despite the fact that the US Dollar and other currencies are government backed, in nature they aren’t much different from cyber-currencies like BitCoin. (There are some significant differences but those primarily have to do with the capabilities of the currency types, which, at this point, are not relevant for this discussion.)

Cyber-crime is performed in two primary ways. The “old school” method is to email or otherwise contact a person, deceive them in some way, and steal valuable information, which then can be used to “legitimately” tap into customer accounts. The more sophisticated method is to write codes that would do steal information or take over the processing capabilities to tap into customer accounts. These codes are, in many sense, the same as content. in order for Youtube to provide you with free videos, YouTube must develop code to do so. So, effectively, everyone is subsidizing the dissemination of cyber-crime.

Banks have been working very hard to secure themselves from both types of threats. Protection from phishing, the “old school” cyber-crime, banks require registering computers (via IP addresses) before entry into bank accounts. For institutional clients, this might be much more sophisticated than for retail customers but it is essentially the same.

To protect customers from code attacks, which are generally attacks directly on bank infrastructure, banks have hired technologists to develop hardware and software that protect servers.

Net Neutrality is a subject most people do not understand the nuances of, and, usually, favor without understanding the ramifications of its perpetuity. I am not taking a stance on either side of the discussion, but I think knowledge would do it great service.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

CFT Means Counter-Financing of Terrorism

Counter-Financing of Terrorism (CFT) is also known as Combating the Financing of Terrorism. Both are abbreviated as CFT and mean the same thing.

IMFThis is an AML activity that encompasses surveillance, assessment, investigation, sanctions and other traditional AML activity. A bank can receive instructions or guidance from any number of government entities. International Monetary Fund (IMF) has developed standards for assessment through its Offshore Financial Centers assessment program. Surveillance guidance is provided by Financial Sector Assessment Program (FSAP), which is another the IMF. And the Financial Action Task Force (FATF) plays a crucial role in developing the standards for assessment.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

FATF Means Financial Action Task Force

The Financial Action Task Force (FATF) is an inter-governmental body established in 1989 by the Ministers of its Member jurisdictions. The objectives of the FATF are to set standards and promote effective implementation of legal, regulatory and operational measures for combating money laundering, terrorist financing and other related threats to the integrity of the international financial system. The FATF is therefore a “policy-making body” which works to generate the necessary political will to bring about national legislative and regulatory reforms in these areas. – FATF

FATF is housed at the Organization Economic Co-operation and Development (OECD) in Paris, France. It works with the G-7 world leaders, G-20 finance ministers to make policy and enforcement recommendations regarding anti-money laundering, anti-bribery, anti-corruption, anti-terrorist financing and anti-piracy. It is part thinktank and part NGO.

FATF has a membership status for each country. There are thirty five member nations and the rest are either observing the guidelines and recommendations or not actively doing so. FATF also has a Blacklist, a list of banned nations. The usual suspects are listed: Iran, North Korea, etc.

The Treasury represents the United States at the FATF. The Financial Crimes Enforcement Network (FinCEN) is the primary contact for guidance.

About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.

FCPA Means Foreign Corrupt Practices Act

Foreign Corrupt Practices Act (FCPA) is a legislation that prohibits publicly traded companies and their agents from bribing foreign officials and related-agents for business. Its goal is to stop bribery in all its forms so that companies compete in the market by lowering prices, producing better goods and providing better services. FCPA is a broadly defined.

The Department of Justice (DOJ) and Securities And Exchange Commission (SEC) are in charge of enforcement. the SEC has produced a resource guide along with a section of its website dedicated to topics related to this legislation. The legislation was enacted in 1977. The DOJ has also provided the Act in its entirety, but it is good to keep in mind that there is extensive case law that has provided interpretations to the Act’s language. The DOJ provides an extensive database of related opinions to help a professional navigate the changing nature of interpretation.


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.