On September 15, 2023, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (“FinCEN”) announced a $15 million civil money penalty against a Puerto Rican International Banking Entity (“IBE”), Bancrédito International Bank and Trust Corporation (“Bancrédito” or “the Bank”). The public consent order details the Bank’s multiple violations of the Bank Secrecy Act (“BSA”), which occurred between October 2015 and May 2022. The penalty assessed against Bancrédito marks FinCEN’s first enforcement action against a Puerto Rican IBE, also known as a “gap institution” due to such entities lacking a federal functional regulator. This is also FinCEN’s first enforcement action involving a violation of a 2020 rule requiring gap institutions to have in place anti-money laundering programs by March 2021.
The United Arab Emirates (“UAE”) has long been at the forefront of embracing technological and financial innovation. For example, Dubai has emerged as a global hub for virtual assets (“VAs”) and cryptocurrencies. Earlier this year, the Dubai Virtual Assets Regulatory Authority (“VARA”) adopted its first Virtual Assets and Related Activities Regulations 2023 (the “Regulations”), along with four compulsory rulebooks, seven activity-specific rulebooks, and a virtual asset issuance rulebook (the “Rulebooks”). The Regulations provide much-anticipated regulatory certainty and offer financial security to investors in Dubai.
In a recent development, VARA announced a fine of AED 10 million (approximately USD 2.7 million) against new digital asset exchange OPNX, and individual penalties of AED 200,000 (almost USD 55,000) against its co-founders Su Zhu and Kyle Davies for failing to abide by the Regulations. These significant penalties demonstrate Dubai’s strict application of the Regulations, they contribute to and help exhibit the overall effectiveness of the UAE’s anti-financial crimes compliance framework, and they represent another significant step towards the UAE’s removal from the Financial Action Task Force (“FATF”) ‘grey list.’
In this article, we set out the structure of the Regulations and the rulebooks, highlight new amendments to the Regulations, and discuss the consequences of non-compliance.
Following allegations and complaints of hazing in its football program, Northwestern University retained a former United States Attorney General to conduct an internal review of the allegations and provide an analysis and risk assessment into the Athletic Department’s culture. While the reason for the review is unfortunate, this evaluation offers a critical tool for not only organizations and corporations, but also colleges and universities looking to enhance their sports program: independent culture assessments.
Northwestern Complaints and Lawsuits
In late November 2022, Northwestern’s administration received an anonymous complaint alleging multiple acts of hazing in the football program. Northwestern promptly retained an outside investigator to conduct an independent investigation into the allegations and publicly disclosed the existence of the ongoing investigation in January 2023. In July 2023, Northwestern released an Executive Summary outlining the investigatory process and summarizing the findings, which included initially suspending, and later terminating the head football coach.
Following concerns raised by the government of the United Kingdom (“UK”) about freedom of expression and the provision of banking services, the UK’s financial watch dog, the Financial Conduct Authority (“FCA”), recently commenced an investigation into bank account closures. This action follows in the wake of recent reports of banks allegedly closing customer accounts based on those customers’ political exposure or publicly asserted views or ideologies without proper consideration of whether those specific customers posed an elevated financial crimes risk.
This recent action spotlights the need for financial institutions to have effective anti-money laundering and countering the financing of terrorism (“AML/CFT”) compliance programs that do not incorporate blanket “de-risking” policies towards certain classes or categories of customers or potential customers.
The United Arab Emirates (“UAE”) has recently implemented a new compliance requirement related to the international importation of goods. Specifically, pursuant to UAE Cabinet Resolution No. 38 of 2022 on the Attestation of Documents, Commercial Invoices and Certificates of Origin at the Ministry of Foreign Affairs and International Cooperation (“MoFAIC”), all imports into the UAE worth AED 10,000 (approximately USD 2,723) or more must now be accompanied by a commercial invoice and other trade documentation attested by MoFAIC. The new rule came into effect on February 1, 2023.
As we explore in our blog, the corollary of having to present transactional documents to a UAE governmental ministry for verification could be a reduction in trade-based money laundering (“TBML”) involving a UAE port of discharge/unloading.
The Department of Justice made a major announcement last week that demonstrates that it is serious about finding those who defraud various COVID-19 relief programs and holding them accountable to the fullest extent of the law.
Over the course of the last three months alone, working in concert with numerous law enforcement partners, including the FBI and various Offices of Inspector General, DOJ brought more than 700 law enforcement actions of one kind or another. Criminal charges were filed against 371 defendants, 119 of whom pleaded guilty or were convicted at trial. Courts imposed more than $57 million in restitution. One hundred seventeen civil cases were filed, resulting in more than $10 million in judgments. Forfeitures exceeding $231 million were secured.
In our previous post, here, we explained how the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) used its authority under the Global Magnitsky Human Rights Accountability Act (“GloMag”) to sanction brothers Ajay, Atul and Rajesh Gupta (the “Guptas”), and their business associate Salim Essa, effectively barring them from the U.S. financial system. OFAC took this action based on alleged massive corruption involving public funds and public office.
The UAE and South Africa ratified an extradition treaty in mid-2021. Interpol subsequently issued red notices for the Guptas, and the UAE arrested Atul and Rajesh Gupta in mid-2022. However, the Dubai Court of Appeal ruled earlier this year that the Guptas could not be extradited to South Africa because of the failure of the South African authorities to meet strict standards for legal documentation in the extradition treaty between the two countries. In this post, we examine the Dubai Court of Appeal’s ruling and what it means for the South African authorities moving forward.
The Guptas face widespread allegations of bribery and money laundering, related to their alleged looting of upwards of 500 billion South African rand (approximately USD 26 billion) from state coffers over the course of a decade or more. The Guptas fled to Dubai in 2018 when former South African President Jacob Zuma was unseated. South Africa has since been taking efforts to bring the Guptas back to South Africa to stand trial.
On February 13, 2023, the Dubai Court of Appeal rejected South Africa’s extradition request, since it“did not meet the strict standards for legal documentation as outlined in the extradition agreement between the UAE and South Africa that entered into force in April 2021.” Specifically, it is reported that the extradition request failed to include an active arrest warrant as is required by the terms of the extradition treaty.
South Africa’s Justice Minister, Ronald Lamola, said the country would “promptly appeal” the Dubai Court of Appeal’s decision, while the UAE’s Justice Minister, His Excellency Abdullah bin Sultan bin Awad Al Nuaimi, underscored that the “South African authorities are able to resubmit the extradition request with new and additional documentation.” To that end, the countries continue to cooperate and, on June 15, 2023, they established a joint task force to re-examine the request for extradition.
As extradition has become ever more important given the growth of transnational criminal organizations, including those involved in terrorism, drug trafficking, and cybercrime, it is imperative that extradition requests—which seek the surrender of someone across borders for prosecution or punishment—be submitted and adjudicated precisely in line with the terms that two countries have agreed upon and memorialized in treaty-form.
The UAE has ratified a raft of extradition treaties (bringing the total number of extradition treaties to which it is a party to 37, with a further eight awaiting ratification) and, at the time of writing, has approved 30 extradition requests this year alone, including a high-profile request from Denmark for the extradition of Sanjay Shah, who is accused of defrauding Danish tax authorities of over 9 billion Danish crowns (approximately USD 1.32 billion).
 Reuters, UAE ratifies extradition deal with S. Africa as hunt for Guptas intensifies, (June 9, 2021).
 United Arab Emirates Ministry of Justice, UAE arrests Rajesh Gupta and Atul Gupta in Response to International Request, (June 7, 2022).
 Reuters, UAE Dismisses S. African request to extradite Gupta brothers, (April 7, 2023).
 Eyewitness News, Justice department, UAE join forces to extradite Gupta Brothers, (June 7, 2023).
 Reuters, UAE starts extradition process of British suspect in Danish fraud case, (April 5, 2023).
Earlier this year, we published a post on the first Tri-Seal Compliance Note (“First Note”) issued by the United States Department of Justice’s (“DOJ”) National Security Division (“NSD”), the Department of Commerce’s Bureau of Industry and Security (“BIS”), and the Department of the Treasury’s Office of Foreign Assets Control (“OFAC”). When issuing the First Note, DOJ announced that the U.S. regulatory agencies would continue to release joint advisories on the enforcement of economic sanctions evasion, export control violations, and similar economic crimes.
On July 26, 2023, NSD, BIS, and OFAC released their second Tri-Seal Compliance Note (“Second Note”) summarizing each department’s approach to their voluntary self-disclosure (“VSD”) policies. The purpose of the Second Note is to encourage U.S. companies to voluntarily disclose and remediate potential administrative or criminal violations, and emphasize the importance of compliance with U.S sanctions, export controls, and other national security laws. The departments encourage VSDs by offering relief to companies who voluntarily disclose potential violations, but also, in some instances, tightening the penalties for companies who do not disclose potential violations.
Below, we set out each department’s approach to VSDs.
Join subject matter experts across policy, litigation, and regulation for an engaging discussion around privacy, cybersecurity, and AI. This live event will be in our Washington DC office and will include perspectives from in-house leaders, a former FBI agent, an incident response forensic expert, world-class public policy experts, and our privacy and cybersecurity professionals. The half-day program will offer topic-focused panels, including:
- Compliance and vendor management – Best practices for risk-management in the event of a vendor data breach, as well as overall privacy compliance, from a regulatory, litigation, and in-house perspective. The team will unpack the current vendor-management playing field and the top trends in 2023.
- Cybersecurity incident planning and response – New laws and regulations are encouraging businesses to enhance their security protections. SPB’s cybersecurity team will join cybersecurity forensic expert PacketWatch to offer practical insights on preparing for today’s regulatory, legal and threat landscape; and how to respond effectively in the event of a cybersecurity incident.
- Litigation and enforcement – Regulators are increasingly focused on cybersecurity issues and AI. This panel will discuss litigation trends and enforcement priorities across various regulatory agencies, including the Federal Trade Commission (FTC), Securities and Exchange Commission (SEC) and Department of Justice (DOJ). Former regulators, including Jeffrey Sallet, the prior associate deputy director of the FBI, and our litigation and enforcement experts will share insights on how to proactively approach a cyber-regulatory investigation, including best practices for responding to subpoenas and civil investigative demands. The panel will also address litigation challenges and negotiating resolutions with the relevant regulatory and law enforcement agencies.
- Policy perspectives – Explore the opportunities and challenges that federal lawmakers face as they pursue policies that address the emerging technology of artificial intelligence (AI). As industry calls for a national legislative framework, lawmakers are scrambling to fully understand the technology in hopes of crafting legislation that provides guardrails without hindering innovation. The discussion will also address how policymakers at the state level are contributing to the national AI dialogue and its potential impacts on the economy.
Details and registration: Avoiding Litigation and Navigating Regulatory Challenges Amid Growing Privacy, Cybersecurity and Artificial Intelligence Scrutiny | Events | Insights & Events | Squire Patton Boggs
Earlier this month, the Supreme Court of the United States decided Dubin v. United States, No. 22-10, 2023 WL 3872518, at *1 (U.S. June 8, 2023), in favor of the defendant. Justice Sonia Sotomayor wrote the opinion for the Court, which held that 18 U.S.C. § 1028A(a)(1), aggravated identity theft, is violated only when the misuse of another person’s means of identification is at the crux of what makes the underlying offense criminal.
Defendant David Dubin was convicted of healthcare fraud after over-charging Medicaid for teenagers seeking mental health testing at emergency centers in Texas. Dubin falsely claimed the employees performing the testing were licensed psychologists who command a higher rate from Medicaid. However, the employees were only licensed psychological associates. Because the falsified bills also included the patient’s Medicaid reimbursement number, Dubin was also charged with aggravated identity theft, which carries a two-year mandatory minimum consecutive sentence, and he was convicted of this charge as well.