Top Story Security Related

FinCEN has issued a reminder to financial institutions to remain vigilant regarding suspicious activity that may be indicative of relationship investment scams. The Commodity Futures Trading Commission launched the #DatingOrDefrauding national awareness effort to alert the public to relationship investment scams targeting Americans through wrong-numbered texts, dating apps, and social media. Losses from romance and confidence scams reported to the Federal Bureau of Investigation exceeded $650 million in 2023.

FinCEN has previously published several resources to help stakeholders identify and report illicit financial activity that may be indicative of relationship investment scams and other types of romance and confidence scams:

• Alert on Prevalent Virtual Currency Investment Scam Commonly Referred to as “Pig Butchering” by Perpetrators (September 2023)
• Advisory on Elder Financial Exploitation (June 2022)
• Financial Trend Analysis: Elder Financial Exploitation: Threat Pattern & Trend Information, June 2022 to June 2023 (April 2024)
• Financial Trend Analysis: Mail Theft-Related Check Fraud: Threat Pattern & Trend Information, February to August 2023 (September 2024)

Yesterday, OFAC and the Department of State imposed sanctions on over 30 persons, entities, and vessels in multiple jurisdictions for their role in brokering the sale and transportation of Iranian petroleum-related products. Among those sanctioned today are oil brokers in the United Arab Emirates (UAE) and Hong Kong, tanker operators and managers in India and People’s Republic of China (PRC), the head of Iran’s National Iranian Oil Company, and the Iranian Oil Terminals Company, whose operations help finance Iran’s destabilizing activities. The vessels sanctioned today are responsible for shipping tens of millions of barrels of crude oil valued in the hundreds of millions of dollars.

For a link to OFAC's list of the individuals, entities, and vessels affected by yesterday's OFAC action, see yesterday's BankersOnline OFAC Update.

The Treasury Department reports that the Financial Action Task Force (FATF) —the global standard-setting body for anti-money laundering, countering the financing of terrorism, and proliferation of weapons of mass destruction—concluded a plenary in Paris.

During the plenary, the FATF discussed ongoing work on evolving proliferation financing and terrorist financing risks, financial inclusion, and standards for domestic and cross-border payments, including agreeing to release draft updates for public consultation. The FATF also agreed to consult the public on an initiative examining complex proliferation financing and sanctions evasion schemes.

The FATF also endorsed changes to its recommendation to further reaffirm the importance of a risk-based approach to assessing and mitigating money laundering and terrorist financing risks, including ensuring preventive or mitigation measures are commensurate with the risks identified.

Finally, the FATF finalized work to help combat the online sexual exploitation of children, a heinous crime that preys on some of society’s most vulnerable. The soon-to-be-published report, based upon contributions from nearly 30 countries, analyzes the financial typologies associated with financial sextortion and live-streamed abuse of children.

• Outcomes of the FATF Plenary, February 21, 2025

OFAC has announced the launch of its new File Finder application for use on the OFAC website. The new browser-based application allows users to search through and efficiently navigate all of OFAC's website content.

Putting the user in control, File Finder searches all static content on OFAC's website (PDF documents, word documents, etc.) by document title, document type, and the contents of each document. Searchable content typically includes general licensees, Federal Register notices, executive orders (and other legal documents), press charts, advisories, specific guidance, as well as many other records.

The Securities and Exchange Commission has announced its creation of the Cyber and Emerging Technologies Unit (CETU) to focus on combating cyber-related misconduct and to protect retail investors from bad actors in the emerging technologies space. The CETU, led by Laura D’Allaird, replaces the Crypto Assets and Cyber Unit and is comprised of approximately 30 fraud specialists and attorneys across multiple SEC offices.

The CETU will utilize its staff’s substantial fintech and cyber-related experience to combat misconduct as it relates to securities transactions in these priority areas:

• Fraud committed using emerging technologies, such as artificial intelligence and machine learning
• Use of social media, the dark web, or false websites to perpetrate fraud
• Hacking to obtain material nonpublic information
• Takeovers of retail brokerage accounts
• Fraud involving blockchain technology and crypto assets
• Regulated entities’ compliance with cybersecurity rules and regulations
• Public issuer fraudulent disclosure relating to cybersecurity

The Treasury Department has reported that OFAC has imposed sanctions on James Kabarebe, Rwanda’s Minister of State for Regional Integration. Kabarebe is central to Rwanda’s support for the March 23 Movement (M23), a U.S.- and UN-designated armed group that has rapidly expanded its territorial control in eastern Democratic Republic of the Congo and is responsible for human rights abuses. OFAC also sanctioned Lawrence Kanyuka Kingston, an M23 and Congo River Alliance senior member and spokesperson, alongside two of Kanyuka’s companies registered in the U.K. and France.

The State Department has reported it has designated eight organizations as Foreign Terrorist Organizations (FTOs) and Specially Designated Global Terrorists (SDGTs).

For a link to the details of these designations, see the February 20, 2025, BankersOnline OFAC Update.

The Financial Accountability and Corporate Transparency (FACT) Coalition has reported that Judge Jeremy D. Kernodle, of the Tyler Division of the U.S. District Court for the Eastern District of Texas, has lifted a preliminary injunction issued in Smith v. United States Department of the Treasury, removing the last legal roadblock to the enforcement of the Corporate Transparency Act (CTA). The decision aligns with another decision made by the Supreme Court in a similar case in January.

FinCEN has updated an Alert on its Beneficial Ownership Information page to say that the "beneficial ownership information (BOI) reporting requirements under the Corporate Transparency Act (CTA) are once again back in effect." FinCEN added that, "because the Department of the Treasury recognizes that reporting companies may need additional time to comply with their BOI reporting obligations, FinCEN is generally extending the deadline 30 calendar days from February 19, 2025 [to March 21, 2025], for most companies. Companies with disaster-relief extensions to dates later that March 21 must meet their later deadline for filing.

Also, FinCEN said that, during the 30-day period, it will assess its options to further modify deadlines, while prioritizing reporting for those entities that pose the most significant national security risks. FinCEN also intends to initiate a process this year to revise the BOI reporting rule to reduce burden for lower-risk entities, including many U.S. small businesses.

FinCEN issued FinCEN Notice FIN-2025-CTA1 to further explain the new deadlines for reporting.

The fourth 2024 issue of the Federal Reserve's Consumer Compliance Outlook (CCO) is now available on the CCO website. This issue includes articles on:

• The Federal Reserve System’s Top-Issued Fair Lending Matters Requiring Immediate Attention and Matters Requiring Attention
• Top Federal Reserve System Compliance Violations in 2023 Under the Equal Credit Opportunity Act
• Top-Cited Federal Reserve System Compliance Violations in 2023 Under the Truth in Lending Act for the TILA RESPA Integrated Disclosure
• Complex Bank-Fintech Partnerships
• Interagency Statement on Elder Financial Exploitation

FinCEN has issued a notice to email subscribers that its Interactive SARs Stats webpage has been updated to include SAR data through calendar year 2024. Interactive SAR Stats is an application that enables users to view FinCEN’s trend data for aggregated counts of defined suspicious activities that financial institutions report to FinCEN.

The Treasury Department this morning reported that OFAC, Australia’s Department of Foreign Affairs and Trade, and the United Kingdom’s Foreign Commonwealth and Development Office are jointly designating Zservers, a Russia-based bulletproof hosting (BPH) services provider, for its role in supporting LockBit ransomware attacks. LockBit, a Russia-based ransomware group best known for its ransomware variant of the same name, is one of the most deployed ransomware variants and was responsible for the November 2023 attack against the Industrial Commercial Bank of China U.S. broker-dealer. BPH service providers sell access to specialized servers and other computer infrastructure designed to evade detection and defy law enforcement attempts to disrupt these malicious activities. OFAC is also designating two Russian nationals — Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov — who are key administrators of Zservers and have enabled ransomware attacks and other criminal activity.

Click here for more information on the individuals and entities designated or otherwise blocked today.