The Ashley Madison Lesson – Part 1

Ashley Madison Home Page Background

The Ashley Madison data breach scandal is exploding because of the nature of the business, but technologically it is no different than any other breach scandal: some hackers found a way into a system, stole data, and then released it to the public. Okay, so that last part doesn’t always happen. In the case of most credit card data breaches, the information is auctioned off in the Dark Web.

For compliance officers, there’s an additional issue: insider information. It is unfortunate to find out that one of your traders’ Ashley Madison account has initiated divorce proceedings. Even worse, that trader may have used insider information to brag about his role in an important market movement. Or maybe your trader created one of those fake accounts and has been targeting traders at other banks to milk them for information. Essentially, any place where there could be interaction between people is a information security risk. And sites where people must keep mum are places where legitimacy must be won in ways other than outright bragging. This is the kind of situation that could easily lead to slip ups.

If your trader, or anyone else at your institution, has been found to be using Ashley Madison, now that their identity is assuredly exposed along with information they might have shared on their profiles or in messages, an investigation must be performed to make certain that nothing else has been leaked.

 


Do you have an account on Ashley Madison?
Shhh… I won’t tell…


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and other clients manage investigations and regulatory responses.


btn_donateCC_LG

Advertisements

Cantwell-King-McCain-Warren to re-up Glass-Steagall

Sens. Elizabeth Warren (D-Mass.), John McCain (R-Ariz.), Maria Cantwell (D-Wash.) and Angus King (I-Maine) proposed a 21st Century Glass-Steagall, which would separate commercial banking with investment banking. Sen. Warren has published a fact sheet, which we publish here in its entirety.

21st CENTURY GLASS-STEAGALL ACT

Fact Sheet

The original Glass-Steagall, the Banking Act of 1933, was introduced in reponse to the financial crash of 1929. Starting in the 1980s, regulators at the Federal Reserve and the Office of the Comptroller of the Currency reinterpreted longstanding legal terms in ways that slowly broke down the core function of the bill – a wall between investment and depository banking to curb risk. In 1999, after 12 attempts at repeal, Congress passed the Gramm-Leach-Bliley Act to repeal the core provisions of Glass-Stegall.

The 21st Century Glass-Steagall Act would reduce risk in the financial system and dial back the likelihood of future financial crises.

  • Returning basic banking to the basics. The 21st Century Glass-Steagall Act separates traditional banks that offer savings and checking accounts and are insured by the Federal Deposit Insurance Corporation from riskier financial services, such as investment banking, insurance, swaps dealing, and hedge fund and private equity activities. The bill also separates depository institutions from products that did not exist when Glass-Steagall was originally passed, such as structured and synthetic financial products including complex derivatives and swaps.
  • Countering regulatory loopholes for risky activities. The 21st Century Glass-Steagall Act specifies what activities are considered the “business of banking” to prevent national banks from engaging in risky activities, and bars non-banking activities from being treated as “closely related” to banking. Over time, the Office of the Comptroller of the Currency and the Federal Reserve used these terms to allow traditional banks and bank holding companies to engage in a wider and wider range of high-risk activities. This bill would end those practices.
  • Taking on “Too Big to Fail.” The 21st Century Glass-Steagall Act cannot end “Too Big to Fail”on its own, but it moves the financial institutions in the right direction by making them smaller and safer. By separating depository institutions from riskier activities, large financial institutions will shrink in size and will not be able to relly on federal depository insurance as a safety net for their high-risk activities. Although some financial institutions might be large, they would no longer be intertwined with traditional depository banks, reducing the implicit government guarantee of a bailout.
  • Enforcing Glass-Stegall. The 21st Century Glass-Steagall Act institutes a five-year transition period and penalties for violating the law.

Does this proposal to separate commercial banking and investment banking forget that it was repealed because foreign banks were eating into the global financial services market share?
With China having half of the largest global banks, will this separation effectively bar the US from becoming the greatest financial center?
Is giving up much of this market a risk we are willing to take?


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.


Meta: What the audience is interested in

Sometimes, this blog will be meta about itself. This is one of those times.

MCB World

Here’s a map of the visitors of this blog. More red the country, more visitors from that country. It isn’t surprising that US is the overwhelming leader. What might be of surprise is that the EU is not second. Neither is the UK nor Hong Kong. I suppose Australia could be a contender, but it isn’t. Japan would be considering its importance to the global financial markets but because of its language, it was never going to be a contender.

India brings in the second most visitors. Rightfully so since India has agreed to implement FATCA, the US tax law. Indian financial services firms are especially eager to glean any sort of compliance knowledge. Sadly, tax law is not an area this blog covers, nor is it an area this blog specializes in.

The fact that other countries I mentioned come just after India is not surprising since financial services play a outsized role in those markets.

ComplyTech: Actimize

Nice Actimize

Actimize is the industry leader in ComplyTech. It was acquired by NICE, a software company that focused on big data analysis. Actimize brought with it financial industry knowledge, regulatory compliance and customers. Among the top 100 largest banks in the world, more than 25 of them probably use Actimize. Actimize is as close to a full service Compliance Suite as it gets so far. Even still, with its focus on the financial crime side of the department, it is lacking in tools for regulatory compliance. NICE would do very well by creating a joint venture with Thomson Reuters or Bloomberg or some other financial information company and making Actimize the Compliance Department’s sole function tool. (Obviously, it couldn’t compete with the ERP systems for the business management activities, though.)

 


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.


btn_donateCC_LG

FinCEN defines dealers/retailers of precious metals, precious stones, jewels or other money substitutes

[EXCERPT]

Dealers and certain retailers engaging in the purchase and sale of precious metals, precious stones, or jewels are financial institutions under FinCEN regulations. FinCEN defines a dealer as “a person engaged within the United States as a business in the purchase and sale of covered goods and who, during the prior calendar or tax year (i) purchased more than $50,000 in covered goods; and (ii) received more than $50,000 gross proceeds from the sale of covered goods.” 11 FinCEN includes in the definition of “dealer” those persons “… engaged within the United States in the business of sales primarily to the public of covered goods… who during the prior calendar or tax year… purchased more than $50,000 in covered goods from persons other than dealers or other retailers (such as members of the general public or foreign sources of supply.”12 The term “covered goods” includes precious metals as listed in 31 CFR § 1027.100(d). Based on your letter, and subject to the monetary threshold and type of supplier considerations explained above, the purchases and sales the Company entered into on its own account would make the Company a dealer in precious metals, and therefore a financial institution subject to FinCEN regulations.

When acting as either a money transmitter or a dealer in precious metals, precious stones, or jewels, the Company must assess the money laundering risk involved in its non-exempt transactions, and implement an anti-money laundering program to mitigate such risk. In addition, the Company must comply with the recordkeeping, reporting, and transaction monitoring requirements under FinCEN regulations. Examples of such requirements include the filing of reports relating to currency in excess of $10,000 received in a trade or business (31 CFR § 1027.330) whenever applicable, general recordkeeping maintenance (31 CFR § 1027.410), and recordkeeping related to the sale of negotiable instruments (31 CFR § 1010.415). Furthermore, to the extent that any of the Company’s transactions constitute a “transmittal of funds” (31 CFR § 1010.100(ddd)) under FinCEN’s regulations, then the Company must also comply with the “Funds Transfer Rule” (31 CFR § 1010.410(e)) and the “Funds Travel Rule” (31 CFR § 1010.410(f)). Additionally, as a money transmitter, the Company must register with FinCEN within 180 days of starting to engage in convertible virtual currency transactions as an exchanger (31 CFR § 1022.380).


Do you agree with this inclusive definition of dealers/retailers as well as precious metals, precious stones, jewels or other money substitutes?


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.



 

ComplyTech: Tonbeller Compliance Solutions

Tonbeller Compliance Solutions is a competitor to Actimize. It also provides AML/Financial Crimes solutions, but it focuses more of Governance, Risk and Compliance solutions. That is to say, it is a GRC controls tool, primarily.

FICO is a network that Tonbeller is the primary partner of. FICO, Fair Isaac Corporation, is where a consumer’s FICO score comes from.


About the Author: Marcus Maltempo is a compliance professional with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.


btn_donateCC_LG