GDPR Means General Data Protection Regulation

If you have been seeing Cookie Acceptance Notifications pop up on many global websites lately, it is precisely because this 2016 EU law, which goes into effect on May 25, 2018.  The law is broad in scope, but the notifications require the site user to accept the cookies being used, which is to document the site-user of opting in to the cookie tracking.  The sites are require to be able to evidence this opt-in.

The major requirement is in the title: Data Protection.  The foundational principle is that the website user owns his or her personal data that the site is collecting, so, as long as the site receives acceptance to use the data, the site also is responsible for protecting the data from data breaches.  Considering the ever-growing prowess of Black Hat Hackers, many sites are opting to purge the user data.  Major social networking site are probably coming up with ways to anonymize user data.

This principle that the user owns the data that is being collected has other ramifications.  The user can request erasure of his or her data.  The user will likely be able to request all users of his or her data, however removed from the originating data collector, to provide how the data was used.  All of the rights of ownership are attached to the data.

This is quite contrary to the American legal principle of privacy, which requires sites to keep the data private, but since the site owns the user’s data, it can do what it can do with any other asset it owns.  The defense of the American legal principle is that much of the data collected are actually intellectual property.  Take, for example, demographic information.  One site may analyze my personal data and conclude that I am a social conservative while another a social liberal; the conclusion is the result of the site’s work.

The EU legal principle suggests that such work may indeed be owned by the site, but if it is derived from the user, then user has derivative ownership of those conclusions.  Essentially, it recognizes that the user’s information has economic value and, therefore, the site will have to have a valid contract to use that data.

Since the law protects all EU citizens and residents and their data, it is global in nature.  Also, if an American tourist logs in from the EU jurisdiction, the American is protected as well.  For that matter, the American would be protected if the data is harvested from the United States but it is stored or passes through the EU jurisdiction.

Some questions remain, at least for me.  Would a company legally headquartered in Ireland but its activities are in Menlo Park, California, is the company treated as an EU company, and, therefore, require data protection to all user information going through Menlo Park because the financial results of that information is reported to the Irish tax authorities?

How about counter-terrorism efforts?

Or, does the public figure have an economic right to his or biography published by a traditional publisher of hardcover books?

Panama Papers Investigation Suspended
Source: Süddeutsche Zeitung via Deutsche Welle

Mossack Fonseca, the law firm at the center of the Panama Papers investigation, argued that the documents were obtained illegally and, therefore, the investigation is constitutional. In Panama, the law firm was able to suspend the investigation with that argument, reports Deutsche Welle.

Let’s quickly go over the background. Some 2.6 Terabytes of the firm’s data were obtained and provided to International Consortium of Investigative Journalists (ICIJ), which released a report and all of the documents to the world. The data included 11.5 million documents that contained how the firm helped the wealthy all around the world form shell corporations to hide wealth and avoid taxes in tax havens with complicated organizational structures to elude tax authorities. The fallout included ousting of national leaders and revelation of unlikely political connections.

This does not stop investigations in other nations of their subjects, but it does crimp some of the investigations because Panama is one of the major sources of those investigations because of its status as original jurisdiction.

The Biggest National Security Risk of the Trump Presidency

President Trump has some very interesting priorities and preferences. Interesting, in this case, could be signs of risks in areas that this blog often does not venture into. This blog focuses on risks and potential risks of money laundering and terrorist financing. But this blog cannot ignore the fact that the incoming president introduces new risks in these areas that did not exist before. The primary risk is a switch in policy toward Russia.
U.S. officials say a Russian hacking operating penetrated a utility in Vermont. (Victoria Walker/The Washington Post)

When Russia was our enemy, we were adamant about two things: defending ourselves from whatever the Kremlin would throw our way, and proving that Capitalism works better than Communism.

The latter we have stopped proving after the fall of the USSR in 1989. The result is that we no longer have Capitalism. Most of our wealthiest people are not productive people, they are people who know how to fix the economic rules in their favor or find ways to define other people’s economic output as capital gains. I won’t go into the economics here.

However, the former, the defense, now has new dimensions that we did not face in the cold war. The worry is that if President Trump decides to “side” with Russia against our current allies, we would be pulling down our defenses against a state that has been on the constant attack of our defenses and infrastructure. Terrorism is one thing that attacks us and our way of life. Russia has been another, with constant cyber warfare, land and people grab of allied nations, and, most recently, outright lying about its support for a terrorism financing state.

Let’s also note that if President Trump decides that the United States should take sides with Russia against our current allies, we are not ready to defend ourselves from our allies. This is setting aside the fact that Russia is not likely to give up its efforts to disrupt the US in fundamental ways since President Trump and his policies are not likely to last beyond his term(s) in office. This is an incredible opportunity for Russia.

Even with our defenses, there are signs that Russia is getting through, as Washington Post recently reported. Now, if we let them in, it will be worse that the Trojan Horse because we would not require them to hide themselves in anyway.

Compliance: a bridge but not a goal

Law and Business often play by opposing rules. Law is about justice and playing fairly and business is about winning and gathering unfair advantages. Compliance is the bridge.

I don’t need to explain why this is the case. But I do need to explain how the goals of law and business are achieved, and where we stand currently.

People outside of regulated industries often believe that compliance is a way to defend companies. They also believe that regulators are out to “get” companies. And then they are shocked to find out that a regulator tried to work with a company who had breached a rule. They are appalled that regulators would actually try to help “fix” the problem rather than punish breacher company. Outsiders who feel this way miss the point of compliance.

Because compliance is trying to keep the competitive spirit alive and well in the industry while keeping companies in line, regulators and compliance officers are on the same side in different organizations. Regulators do not want the industry to be punished for an incredible effort to comply with rules and regulations because mistakes happen. Punishment doled out by regulators is more often to deter companies from making that mistake again. They put a heavy price for mistakes. Unlike customers who can simply move their business to another firm if the company does something they don’t like, regulators do not have that power. So, that’s where fines come into play.

Other than that, regulators are trying to keep business going. They are regulating, not preventing.

What we have seen in the past few years is the lack of understanding by the public. Financial institutions complain about the harsh regulatory climate they are in while the public generally seems to believe that all of it is well deserved. In aggregate that might be true. In reality, what we have done is punish the system, not the bad actors. If the system is broken, it should be fixed. Punishing people trying their best in a broken system leads to inefficiencies, it leads to many unforeseen economic costs.

Two quick examples.

Because of the incredible risks taken by some firms, we merged those firms with better firms. We have merged so many firms that thirty three banks have become four. Now we have institutions that we must prop up if they are at risk of falling. We called them Systemically Important Financial Institutions, SIFI, for short. These institutions are so large and forced to reduce so much risk that unless you do not need a loan, you basically don’t qualify for a loan. That’s the result. SIFI’s can’t take the risk of financing startup companies. And we have fewer banks that can. Companies have fewer options for financing. If I recall correctly, there have only been two applications for new banks in the past five years. Ten years ago, we averaged one hundred applications for new banks each year. We thought that new regulations decreased risk to our economy. Instead, we have ingrained a new risk. Yes, we no longer have large financial institutions that will take the economy with it upon collapse, but we have instituted a requirement that you have to be financed by wealthy people in private equity and venture capital in order to start a business. Or you need to have perfect credit and no debt in order to qualify for a loan. Essentially, you already have to be connected with wealthy people and be wealthy yourself in order to start a business. That’s what the regulations seem to be doing.
credit Sintetia

A few years ago, a number of states banned employers from checking the credit histories of applicants. This makes sense for the most part. What does the credit history of an applicant say about the applicant’s ability to do the job? Probably, nothing. But the result was… well, let me have Planet Money explain it for you:

(Robert) SMITH: The theory in passing the laws against credit checks was that it would help black applicants, that it would help young applicants, people who tend to have lower credit scores. But now that employers were asking for more experience, asking for more education, [researchers] found that the laws were hurting the very same people they were meant to help.

(Danny) SHOAG: The switch from checking credit scores to relying on other signals like education and experience actually created relatively worse outcomes for African-Americans.

SMITH: So fewer African-Americans were getting jobs?

SHOAG: Yeah. Employment went down for African-Americans – and for young people.

Compliance can help make sure we are following the rules and regulations, and regulators can supervise that activity and deter bad behavior. But regulations that address whole systems in reaction to a few bad actors tend to have these types of fundamentally unproductive consequences.

As a compliance officer, I am always concerned with this. I know that I am helping firms play the economic game fairly, by the rules we have agreed to follow as a society, but our society often seem to set my goals that shoot it in the foot. I know I am doing good, but by doing good I see what outsiders often don’t see, which is that it is bad and we don’t even know it.

And that is the limitation of compliance. Now, I know that my role is supposed to be compliance. We need people to do compliance. I just wish that we as a society would take observations by people like me and then adjust the rules and regulations so that complying with them would lead to the outcomes we sought in the first place.

Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

Bollywood Money Migration
Aishwarya Rai at Cannes (credit: Media CBS)


Bollywood is now being watched. It turns out, the Panama Papers revealed that many Bollywood actors have been moving their money to the Carribean in order to evade tax and restsrictions. Aishwarya Rai, probably the most recognizable Bollywood performer in the West, also has companies setup by Mossack Fonseca, the fourth largest law firm in Panama that specializes in these legal entities. Rai denies knowledge of these entities. Mossack Fonseca, if you recall, is the source of all of the Papers. Panamanian authorities, under pressure from.. the world, has raided the offices. The Firm also has office around the world and those are being investigated as well.

Indian Express Online has put together a very nice video explanation.

As of right now, it is hard to tell how much money has left India, but the Prime Minister has started an investigation with 50 people already on the list.


Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

Don’t be fooled by student debt article

This is not about financial regulatory compliance from the perspectives of regulators or financial institutions. This is about compliance from a personal finance perspective. The short and skinny of it all is, you should not borrow money for education if at all possible.  The reason is because it is one of the worst to get toward financial independence.

I will explain why by first explaining how income taxes and their associated fines work when you don’t pay your income taxes. If you earned $100,000 in 2015, your effective earn income tax rate is 28%, or $28,000, unmarried non-head of household taxpayer. If you didn’t pay any of that, you would pay a fine of up to 25%. This in on top of the unpaid taxes you must pay. Basically, the IRS is punishing you for borrowing money you owe them. That makes sense. So, 125% of $28,000 is $35,000, or an effective tax rate becomes 35%. This is only applied to the years you did not pay your income taxes, of course.

Let’s see what that looks like when it is converted to student loans. If you borrowed $100,000 for your higher education, and if your interest rate is 5%, and you are in repayment, then this year you would pay $12,727.92, of which about 95% of it in your first year of repayment will be interest, or $12,091.53. Essentially, you are paying this interest to the government, which, if you think about, is a tax because this is not the amount you borrowed; it is on top of it. And, also, you must pay all of the borrowed money back. It is kind of like having a very low interest rate for this portion of borrowed “income.”

Since you are in repayment for our example. You would get a deducation of up to $2,500 from your pre-tax income, the deduction cannot exceed the amount of interest paid. So, now you will pay 27.3% or $27,300 on your earned income, a savings of $700. Plus you will have been paying the government an additional $12,091.53, so, you will have paid the government a total of $39,391.53. And this will continue for ten years, albeit the “tax” portion of it will decrease. Another way to look at it, regardless of whether you pay all of the interest, you will still have to pay more interest for at least ten years, unlike not paying taxes, which you will only have to pay interest as long as you don’t pay.

In order to pay an effective tax rate of 39.3% on your earned income, you would have to make $14.3 Million. Another way to think about it this: in order for student loans to really make sense is if you either make enough money to live on comfortably even after you pay your student loans and you are guaranteed to have your job(s) for the duration of the repayment period, or make a break even amount the first year and then an increase in your income to the amount of the interest rate each year (which becomes easier to do each successive year because the even monthly payments effectively reduce the interest payments over time).

That magical break even income for the example’s first year is… about $66,700. How do I figure? Well, if living comfortable on average costs about $40,000 per year, and your effective tax rate will upwards of nearly 40%, then you need to make $40,000 after tax. This $66,700 only accounts for Federal Income Tax. It does not account for Social Security, Medicare, local taxes. Most of those other taxes amounts to about 10% of your income, depending on where you are. That means, you’d need about $80,ooo.

Who gets paid $80,000 on their first job after undergrad? Engineers and investment bankers. Is it no wonder that they have the bandwidth to accomplish a lot of other things in their early lives?

Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

IRS Cyber-Security Severely Underfunded

credit Wikipedia via Bing

TIGTA is the abbreviation for Treasury Inspector General for Tax Administration, the officer that tracks down fraud schemes by taxpayers and, increasingly, on taxpayers. The current TIGTA have been making progress in impeding the efforts of IRS impersonators. Inspector General, J. Russell George, said, “Perpetrators used to be able to get a victim every 40-50 calls, now they must make 300-400 attempts to claim a victim.”

Still, George’s boss, Secretary of Treasury Jack Lew, assessed that the programs that combat cybercrime on taxpayers is “severely underfunded.”

This is a serious problem because cybercriminals, like all criminals, try different methods when a previously effective method is closed off. Most of these methods almost always include a cybercriminal getting identification information to file a bogus tax return in order to get a refund. The average refund is about $3,000, so, it only takes about 34 to get over $100,000. There are about 60 working days between the end of January, when W-2’s are sent to employees and tax day, so, if a fraudster were to treat this like work, the booty could be about $180,000 when the success rate is just one per day, pretty good work for working less than a quarter of the year.

Over  nine in ten taxfilers file online, which adds other methods of identity theft that could result in more than just a stolen tax refund.

President Obama is proud of having reduced the deficit by reducing Federal spending, but a reduction in the enforcement of such a lucractive crime is a poor way to reduce the deficit. He has reduced the decifit in other bad ways, but that’s not to do with cybercrime and IRS. For now, he and his Secretary of the Treasury disagree on how much is needed to fund the cybersecurity of the IRS.

Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

How will you know government is targeting your GMail?

Google will tell you.

In the latest effort to fight the FBI is the court of public opinion, Google has decided to just let you know when you are being targeted by a government entity.

The way this will work is that a warning will pop up before the user visits a site from a link provided in GMail. The warning will be just like the “safe browsing” warning that shows up in Google Chrome when a link leads the user to a suspicious or known malicious site.

Google is doing this in light of FBI’s pursuit of Apple’s encryption keys.

Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

When 95% of borrowers are fake

The following story is an argument for having good auditing laws and securities regulations protecting investors.

e-Zubao was an Anhui-based Chinese online financing company. It was small, just 21 people. And in just 18 months, it became the largest online financing company in China. It provided loans to consumers, promarily, at 9% to 15% interest. Investors loved it. This company was going to make hand-over-fist. Almost a million investors invested in the company through the stock exchange.

None of the above is false. But they did falsify one thing: the number of borrowers. There were none. Well, not exactly none. About 5% of the stated borrowers were actually borrowers. The rest were made-up ghosts. To put it in terms of returns, to make the same kind of returns it stated it would be making, it would have to have just one employee, and all other costs must also be 20 time less.

You can imagine the horror when investors found out that their explosive company imploded.

Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses. 

33 banks lost to create 4

from Exposing Truth
from Exposing Truth

Risk is always two sides. Get rid of one risk and it comes with another. Insurance plans, for example, supposedly reduce risk, but if you pay the insurance premium, you are essentially getting rid of the substantive risk for a financial one. One of the ways we have thought about reducing risk is by making each financial institution insure itself through sheer size. The local pizzeria simple isn’t much of a loan risk to a bank with trillions of dollars. We have offset that risk with the risk of less personal interaction. We have made banking more and more transactional and less and less transformational.

The day-to-day business of a bank is really transactional. But the purpose of all of those transactions are supposed to be both transactional and transformational. Transactional in that the money gets wired, or deposit is recorded, or loan is approved. Transformational in that the money wired could provide someone the funds to get to work that day, or the deposit recorded provides the documentation for a mortgage loan, or loan approved so that the borrower can start a new business.

The question for Americans in regards to the size of financial institutions is whether the transactional efficiency now hinders the economic transformation that it is supposed to foster. More efficient transactions free up funds for other economic activity. But have we gotten to a point where the freed up capital is primarily helping wealthier people who then are equipped to more resources to make them wealthier while leaving the less-wealthy behind?

This is not a new question, of course. And I certainly don’t have the solution for what is the right amount of competition in banking that will foster more economic transformation while keeping risk relatively low. One test that I place to begin my inquiry is this: What percentage of transformational projects have been funded by bank loans versus investment from wealthy people? As a follow up, I would ask, When did these transformational projects get funded? I don’t know the answers to these questions but my feeling is that greater transformational projects have been funded by wealthy people over time. While I don’t know what proportion is the right proportion for the American economy, we are probably in a period where bank loans do not transform much of the economy anymore. If my feelings were on the mark, it would probably also mean that banks play a less important role in transforming the economy than before, and, therefore, might need a shake up of some sort. That shake up could come in the form of bank breakups, which increases the number of leaders in the industry with smaller pockets, forcing them to rely on ideas to have bank loans compete better with equity investments. But then again we are not in the mood to taken on more risk these days, and competing with equity investors to fund projects is a riskier activity.

So, I guess what I’m saying is: We are thinking about risk to the financial system all wrong. Size itself is just one variable but it isn’t big enough of a variable to change the economy in any meaningful way. Our mentality now is that banks simply move money around and store it and lend it to known risks. People used to start business with loans. Now, less people start businesses with loans. We have given debt a bad name. And that won’t change with having smaller banks… after all, banks, regardless of size, are enablers of debt.

Marcus Maltempo is a Certified Anti-Money Laundering Specialist and a Certified Fraud Examiner with more than a decade of experience helping banks, law firms and clients manage investigations and regulatory responses.