Here are several samples of my work for PaymentsCompliance:

Ex-MoneyGram Compliance Officer Settles Money Laundering Case

A former MoneyGram compliance officer has agreed to pay a $250,000 fine and refrain from performing similar functions for three years, settling a civil action accusing him of failing to ensure compliance with anti-money laundering (AML) laws.

The U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) and the U.S. Attorney’s Office for the Southern District of New York had initially sought to collect a $1m fine and bar Thomas Haider from working in the financial industry.

Haider was sued on December 18, 2014 for failing to ensure the money transfer company had an effective AML program in what was the first of its kind lawsuit by regulators.

Haider worked as chief compliance officer at Dallas-based MoneyGram from 2003 to 2008; in its 50-page complaint, FinCEN said Haider failed to comply with the U.S. Bank Secrecy Act (BSA) during that time.

“FinCEN relies on compliance professionals from every corner of the financial industry,” said acting FinCEN director Jamal El-Hindi. “FinCEN and our law enforcement partners need their judgment and their skills to effectively fight money laundering, fraud, and terrorist financing.”

In a two-page statement released yesterday, El-Hindi said compliance officers occupy “unique positions of trust in our financial system”.

He added that the agency has repeatedly said that when FinCEN takes action against an individual, “the record will clearly reflect the basis for that action.”

As chief compliance officer from 2003 until he left MoneyGram in 2008, Haider supervised MoneyGram’s fraud and anti-money laundering compliance departments.

MoneyGram uses a global network of agents and outlets, and Haider was accused of failing to ensure the company had a policy to discipline agents suspected of being involved in fraud or to terminate high-risk agents and outlets.

FinCEN also claimed Haider did not ensure that MoneyGram filed reports alerting the U.S. government to suspicious transactions, according to the complaint.

Haider allegedly had the authority to terminate or otherwise discipline agents and outlets due to “compliance concerns” and allegedly could decline to approve new agents or outlets.

“By failing to terminate MoneyGram outlets that presented a high risk for fraud and to take other actions clearly required of him, Haider allowed criminals to use MoneyGram to defraud innocent consumers,” acting U.S. Attorney Joon H. Kim said on Thursday.

MoneyGram has a network of 350,000 places where customers can send and receive money. These include stores, post offices and banks in 200 countries.

In 2009, after Haider had left MoneyGram, the Federal Trade Commission filed a complaint against MoneyGram alleging that, between 2004 and 2008, agents in the United States and Canada aided fraudulent telemarketers in a scam that cost U.S. consumers millions of dollars.

In 2012, MoneyGram paid a $100m fine and entered into a deferred prosecution agreement with federal agencies and law enforcement on charges of aiding and abetting wire fraud and willfully failing to implement an effective AML program.

Despite the company’s settlement, the U.S. District Court for the District of Minnesota in January 2016 denied Haider’s motion to dismiss the federal government’s complaint seeking to hold him liable for BSA violations.

Haider disputed that FinCEN had the authority to hold him individually liable for company failings.

Among other things, the court:

  • Affirmed that a compliance officer responsible for the development and oversight of an AML program may be held liable for the Bank Secrecy Act violations of his or her employer.
  • Reserved judgment as to whether the proposal to bar Haider from service to any U.S. financial institution was a punitive sanction subject to the statute of limitations or a prophylactic measure that was not so limited.

In the meantime, China’s Ant Financial, an affiliate of online shopping company Alibaba Group, is expected to sign a $3.5bn loan to help fund its purchase of MoneyGram, Reuters reported.

MoneyGram is the world’s second-largest money transfer business, behind Western Union.

Ant Financial has offered to pay $1.2bn more for the company than Euronet Worldwide, according to Reuters.

After Euronet offered to buy MoneyGram in March, Ant Financial increased its offer by 36 percent.

Nevada Bill Would Block Taxes On Blockchain Transactions

A senator in Nevada has told PaymentsCompliance it is crucial to the state’s economic viability that it positions itself as a “safe space for entrepreneurs” developing companies that utilize blockchain technology.

To begin to create a supportive environment, Republican Senator Ben Kieckhefer filed a bill that would prevent local authorities from imposing fees or taxes on the use of blockchain technology.

Nevada Senate Bill 398 is concerned with creating a legal foundation for blockchain contracts and records.

“As blockchain is growing and evolving … I want companies to know that Nevada has a legal structure that ensures transactions conducted over a blockchain will be recognized by our courts,” Kieckhefer said.

Hopefully, the senator said, it will encourage more companies to do business in Nevada.

Kieckhefer said one of the companies he was working with was Filament, which is a Reno-based blockchain company.

“It isn’t often that a new technology comes along that completely changes the way we interact with each other,” Filament chief executive Allison Clift-Jennings wrote in a letter supporting SB 398 to the Senate Judiciary Committee.

“It happened with the advent of the internet and later with the smartphone revolution,” Clift-Jennings said. “The blockchain is a new technology that’s just as important.”

Clift-Jennings said that blockchain technology has the “ability to reduce fraud and bring new trust to existing interactions.”

Under Kieckhefer’s proposal, the use of blockchain technology or licensure would not be taxed by local government in Nevada.

But nothing in the bill “prohibits a local governmental entity from using a blockchain or smart contract in the performance of its powers or duties.”

A similar bill was signed on March 31 by Republican Arizona Governor Doug Ducey that would enshrine signatures recorded on a blockchain and smart contracts — self-executing pieces of code — under state law.

Specifically, House Bill 2417, aimed to make those types of records “considered to be in an electronic format and to be an electronic record.”

The Arizona law was also similar to a measure passed in Vermont last year that would make blockchain data admissible in court.

The bill also focused on data that would be a “factor or record” tied to a blockchain.

“Blockchain technology has certainly gained transaction among Nevada’s entrepreneurs,” Kieckhefer said.

Kieckhefer’s four-page bill states that a local government is prohibited from “(1) imposing a tax or fee on the use of blockchain; (2) requiring a certificate, license or permit to use a blockchain; and (3) imposing any other requirement relating to the use of a blockchain.”

The bill would also prohibit the exclusion of blockchain records in “proceedings,” noting in Section 11 that “if a law requires a record to be in writing, submission of a blockchain which electronically contains the record satisfies the law.”

“A smart contract, record or signature may not be denied legal effect or enforceability solely because blockchain was used to create, store or verify the smart contract, record or signature,” the bill said.

“In a [legal] proceeding, evidence of a smart contract, record or signature must not be excluded solely because a blockchain was used to create, store, or verify the smart contract, record or signature.”

But with less than half of the 120-day session left in Nevada, lawmakers have limited time to approve what is a wide-ranging piece of legislation that deals with relatively new technology.

If the bill dies in the 2017 Nevada legislature, Kieckhefer would have to wait until February 2019 to file another measure.

“While I’m not sure any specific problems will be created if we don’t pass this legislation, I believe Nevada could miss out on a significant opportunity to become a destination state for entrepreneurs and businesses working in this area,” the senator said.

U.S. Legalized Marijuana Industry Struggling To Bank Its Billions

Payments start-ups in the U.S. have said the rift between federal and state regulations means banks are unwilling to process transactions linked to legalized marijuana businesses.

Despite a flurry of state laws making it legal for retailers to supply marijuana, industry insiders believe a federal-level ban on the drug means the vast majority of transactions — worth billions of dollars — are being made in cash.

Financial institutions, fearful of being on the receiving end of stinging enforcement actions by federal authorities, will often refuse transactions or deny account services to businesses involved in the industry.

“Banks are very risk adverse, especially when it comes to dealing with marijuana businesses,” said Adam Healy, the chief information security officer at digital wallet provider Tokken.

“How can we de-risk these transactions?”

Tokken, along with other start-ups such as Kind Financial and PayQwick, have created online systems that help dispensaries and banks record and monitor transactions, with the goal of moving transactions away from cash.

“Really, how we see it in terms of law enforcement, is that we don’t want to operate in the shadows,” Healy told PaymentsCompliance.

“We really see it as an advantage to provide stability for the industry.

“We are talking about billions of dollars in transactions.”

Industry analysts GreenWave Advisors and the Arcview Group estimated the cannabis industry in the U.S. last year reached $6.5bn and $6.7bn respectively.

Both research groups estimate the industry will surpass $20bn by 2020.

But, with few exceptions, marijuana customers pay with cash, leaving retailers to pay their employees, taxes, landlords and suppliers with stacks of possibly questionable and hard-to-trace cash.

“Consumers and retailers don’t want to deal with the cash issue,” Healy said. “Local governments don’t want that volume of cash on the street due to public safety concerns.”

He added that if it was easier to bank marijuana-related businesses it would also mean billions of dollars in liquidity for smaller, community banks and millions in tax revenue for local and state governments.

That means the business cannot only accept card transactions from consumers but also utilize its balance like any other mainstream company with a business banking account, paying suppliers, employees and taxes.

Tokken was founded in February last year by a formal federal banking regulator, and says it helps law enforcement authorities by recording all transactions indelibly using distributed ledger technology.

All transactions are also “geofenced”, meaning the company can prove customers are making purchases where they say they are.

PayQwick, which has also targeted the legalized marijuana sector, has taken a slightly different approach.

Registered federally as a money services business, the firm is a licensed money transmitter in Washington and is overseen by the state’s Department of Financial Institutions.

It is also supervised in Oregon by the state’s Division of Finance and Corporate Securities, and intends to expand into Colorado, Nevada, and other states that adopt seed-to-sale traceability systems.

Marijuana customers, retailers and producers are able to use PayQwick’s app, website and prepaid card to make purchases or transfer money between each other.

The system allows for a customer to sign up for an account online and link it to their bank account and transfer funds to PayQwick, which sends the customer a physical card.

When the card is swiped the funds are transferred from the consumer’s PayQwick account to that of the retailer, which can then transfer it to their bank account.

It vows to minimise the risk of exposure to illicit activity by taking on the regulatory compliance role itself, ensuring customer due diligence requirements are met and anti-money laundering rules are being adhered to.

Data Protection In A ‘Post-Dwolla’ World: Industry Told To Up Standards

U.S. financial institutions that are well prepared for a cyber-attack could save millions of dollars if a breach occurs, legal experts have said, in an increasingly hostile regulatory environment.

Courtney Stout, an attorney at Davis Wright Tremaine law firm, told last week’s Emerging Payment Systems event in Washington, D.C. that the average cost of identifying a data breach in fewer than 100 days is $5.8m, compared with $8m for firms that act more slowly.

To control a breach in less than 30 days will cost on average of $5.2m, compared with $8.8m after 30 days, she added.

“Things that you can do to prepare your employees can save your company money,” Stout said.

“Data breaches can be prevented if you have all of the right people.”

Since online payment platform Dwolla was fined $100,000 by consumer protection authorities in March, despite there being no allegation that a data breach actually occurred, has been seen as a landmark case by cybersecurity experts.

The Consumer Finance Protection Bureau (CFPB) said Dwolla had “failed to employ reasonable and appropriate measures to protect data obtained from consumers from unauthorized access,” and so was liable for a financial penalty — the first it had ever issued on security grounds.

“We don’t know what started the Dwolla investigation,” Stout added. “It was one of the first cases that didn’t stem from a data breach.”

For New York lawyer Jessica Sklute, special counsel at Schulte Roth & Zabel, payments providers and other financial firms should ensure they are meeting requirements set out in the Gramm-Leach-Bliley Act (GLBA).

“GLBA is the primary U.S. law that governs privacy,” said Sklute.

“It’s meant to regulate financial institutions, but broadly covers many businesses.”

The act generally requires that financial institutions inform their customers annually on how they share customers’ non-public personal information.

If the institution shares this information with unaffiliated third parties in ways other than specified by statute, Sklute warned that the institution must notify customers of their right to opt out of sharing, and inform them how to do so.

The federal law consists of three sections:

The financial privacy rule, which regulates the collection and disclosure of private financial information.

The safeguards rule, which stipulates that financial institutions must implement security programs to protect such information.

The pretexting provisions, which prohibit the practice of accessing private information using false pretences.

The GLBA, particularly the safeguards rule, has been used by the CFPB and the Federal Trade Commission (FTC) to investigate and fine companies that violate standards when it comes to cybersecurity and data privacy.

Sklute said the FTC has settled more than 50 data security cases over the years under the GLBA.

She said that some of the best examples were cases involving Eli Lilly, Snapchat, and Wyndham Worldwide.

“The CFPB has been very aggressive,” said attorney Barrie VanBrackle, a partner with Orrick, Herrington & Sutcliffe.

“It takes a company down and a lot of others with it.”

For Sklute, the CFPB’s case against Dwolla using the safeguard provision of the GLBA means companies need to be careful of the promises they make about protecting customers from data breaches and other cybersecurity threats.

Among Sklute’s suggestions were maintaining communications between the legal and marketing teams, accurately reflecting policies and practices of the business, and avoiding consumer promises that are not legally or technically accurate.

Stout agreed, but focused her comments on how companies can mitigate the risk from a data incident.

She reminded event attendees it is not a matter of if, but when, a company deals with a data breach.

Among the factors that can decrease a financial firm’s exposure is creating an incident response team and training its employees.

What a business cannot control, Stout said, is the size and type of incident.

“Size is going to be one of the very few elements of a breach that are out of your control,” she said.

About PaymentsCompliance – We are a large and experienced team of payments professionals, journalists, lawyers and researchers who analyse the legal and regulatory changes affecting the global and emerging payments communities.

We provide actionable intelligence to stakeholders throughout the ecosystem in a concise and comprehensive format that allows our clients to make informed business decisions, uncover opportunities and reduce legal fees.