AML for NFTs: How Digital Artwork Is Used to Clean Dirty Money, and How to Stop It

The art world has gone digital, thanks in large part to the advent of so-called non-fungible tokens (NFTs). NFTs, like cryptocurrencies, use blockchain technology (a disaggregated database made up of immutable blocks of data), which makes it possible to attach a unique authenticating token—sort of like a digital signature—to a digital item, most commonly a piece of digital artwork. The primary difference between an NFT and a unit of cryptocurrency is that one NFT cannot be exchanged for another—they are, as the name implies, non-fungible. That non-fungibility enables creators of digital art to sell NFTs of their work for profit. That’s important, because unlike traditional artwork, it’s extremely easy to create perfect copies of digital artwork. But one cannot simply copy an NFT. Of course, one can copy the image itself, but the copy, though identical to the naked eye, will lack the authenticating token. Why, you might reasonably ask, would anyone pay for an NFT when they can get the original image for free? Critics have raised these and other questions, but it seems that a sufficient number of people derive pleasure from collecting the original artwork, or from supporting the artists, or from the belief that the price of NFTs will continue to rise, that trade in NFTs has become big business. An artist known as Beeple sold one NFT for $69 million. Platforms from cryptocurrency exchanges to the hundreds-years-old art auction house Sotheby’s (and potentially the movie theater chain AMC) have entered into the growing NFT market; in the third quarter of 2021, the trading volume of NFTs exceeded $10 billion.

As in other emerging high-value markets, however, NFTs present a money laundering risk. Indeed, NFTs sit at the intersection of two sectors that are already characterized by high money laundering risk: fine art and cryptocurrencies. Because of the uniquely-high money laundering risk posed by these digital assets, FinCEN should issue NFT-specific anti-money laundering (AML) compliance guidance, and Congress should extend the Bank Secrecy Act (BSA) to apply to NFT marketplaces.

Before proceeding to regulatory solutions, it’s worth elaborating on why NFTs pose a significant money laundering risk. As just noted, NFTs are particularly high risk because they combine two sectors that are already characterized by high money laundering risk, albeit for different reasons:

Continue reading

ENABLERS in the Legal Profession: Balancing Client Confidentiality Against Preventing Money Laundering

The anticorruption world is abuzz with discussion of the Pandora Papers, a major leak of financial documents that exposed how wealthy elites, including various political leaders and shady businesspeople, conceal their assets. But alongside revelations about the illicit expenditures of the rich and powerful, reporting based on the Pandora Papers also highlighted the role that lawyers and law firms have played in facilitating these arrangements—many of which are technically legal, but at least some of which suggest possible money laundering or other illicit activities.

This is hardly the first time that concerns have been raised about attorneys’ involvement in money laundering. Indeed, such concerns have existed for years, and have been repeatedly emphasized by groups like the Financial Action Task Force, and a 2010 study found that lawyers played a facilitating role in 25% of surveyed money laundering cases in an American appeals court. But perhaps because of the Pandora Papers revelations, U.S. legislators finally appear to be taking the problem seriously. Within days of the Pandora Papers leak, Members of Congress introduced a bill called the ENABLERS Act, which would expand the scope of the Bank Secrecy Act (BSA) so that many of the BSA’s requirements, including the duty to file suspicious activity reports (SARs) with the Treasury Department and to implement anti-money laundering (AML) controls, would apply to a broader set of actors—including attorneys and law firms.

The American Bar Association (ABA), which has consistently resisted pretty much every effort to impose even modest AML requirements on the legal profession, has strenuously opposed this aspect of the ENABLERS Act. The ABA’s principal objection is that many BSA requirements—especially the requirement that covered entities file SARs with the government—conflict with the lawyer’s ethical duty of client confidentiality—the attorney’s obligation not to reveal information gained in the course of representing a client to outside parties, including the government, save in a very narrow set of circumstances. (The duty of confidentiality is related to, but distinct from, the attorney-client privilege, which prevents a lawyer from testifying against her client in court regarding private communications that the attorney had with the client in the course of the legal representation, or providing such communications in response to a discovery request. Some critics have also raised attorney-client privilege concerns about SAR filings.) The ABA and other commentators have argued that extending the BSA’s mandatory reporting requirement to attorneys, as the ENABLERS Act would do, compromises attorneys’ ability to guarantee confidentiality, and thereby discourages the full, frank communications between attorney and client that are essential for effective legal representation.

The ABA has a valid concern, but only to a point. A broad and unqualified extension of BSA reporting requirements to attorneys could indeed impinge on traditional and important principles of lawyer-client confidentiality. But this is not a reason to leave things as they are. Rather, the ENABLERS Act and its implementing regulations can and should draw more nuanced distinctions, imposing SAR and other AML requirements on lawyers when those lawyers are acting principally as financial advisors, but enabling lawyers to preserve client confidentiality—including with respect to suspicious transactions—when lawyers are providing more traditional legal representation, for instance in the context of litigation.

Continue reading

A Dearth of Data in the De-Risking Debate

As readers of this blog are likely well aware, the fight against grand corruption is closely linked to the fight against money laundering. After all, kleptocrats and others involved in grand corruption need to hide the origins of their ill-gotten wealth. While the criminals who seek to launder their illicit cash are sometimes prosecuted for money laundering, much of the burden of the anti-money laundering (AML) regime falls on banks and other financial institutions. These institutions have obligations to perform due diligence on prospective clients—especially those clients with attributes suggesting high risk—and to report suspicious transaction to the government. Financial institutions can be held liable for failing to fulfill these obligations, and in some cases for their complicity in money laundering schemes. Yet many advocates believe that the current AML framework is not stringent enough, and have called for reforms that would impose additional obligations, and potential liabilities, on the financial institutions that handle clients and transactions that pose a high money laundering risk.

Banks and other skeptics often resist these reforms, arguing not only that the various proposals will do little to reduce money laundering, but also that more stringent AML regulations will lead to a phenomenon known as “de-risking.” This piece of industry jargon refers to the practice of ending or avoiding relationships with individuals or businesses perceived as “high risk” for money laundering. Of course, we want banks to eschew an individual client or transaction with characteristics that suggest a high probability of money laundering. But when banks and others warn about de-risking, they are referring to a phenomenon in which banks refuse to do business with broad categories of clients – for instance, those from particular countries or regions, or in specific lines of business – despite the fact that most of the individuals or firms in that category do not actually present a serious money laundering risk. If the monitoring costs and legal risks associated with certain kinds of accounts are too high relative to the value of those accounts, the argument goes, it’s easier for banks to simply close all of the accounts in the “de-risked” category. But this indiscriminate closure of allegedly risky accounts cuts off many deserving people, firms, and organizations from much-needed financial services.

Is de-risking really a significant problem? Skeptics might observe that the financial industry has incentives to resist more stringent AML regulation, and their warnings of de-risking may be, if not deliberately pretextual, then at least self-serving. That said, other actors, including non-profit groups, have alleged that they have experienced account closures due to de-risking. So the concern is likely a real one. Still, to set rational AML policy, we would want to know not just whether de-risking is a potential problem (it is) or whether it occurs sometimes (it probably does); we would want to know whether it is a systematic and serious problem, one that would likely be exacerbated by a significant enhancement of banks’ AML obligations.

So, what do we know about the extent and magnitude of de-risking in response to AML regulations? The short answer is: not much.

Continue reading

Small Town Corruption: The Cautionary Tale of Jasiel Correia

Elected at the age of 23 to serve as mayor of Fall River, Massachusetts, Jasiel Correia looked like a wunderkind. A tech entrepreneur who founded his own startup, Correia was the youngest-ever mayor of his hometown, the golden boy who promised to use his technological prowess and puckish energy to bring his aging town into the 21st century

Then it all came crashing down. In 2018, Correia was charged with various personal misdeeds, including tax and wire fraud, related to his tech company. A defiant Correia maintained his innocence and rejected calls for his resignation. Then, a second round of charges hit, this time alleging public corruption. Correia purportedly took over $600,000 in bribes from marijuana business license applicants—including one marijuana business owner who paid the Mayor $100,000 and promised him 2% of his future sales revenue in exchange for a lucrative operating permit. By the time Mayor Correia went to trial, he faced 24 separate criminal charges, and on May 14, 2021, the jury found him guilty of 21 of those 24 counts.

Mayor Correia’s downfall might seem like a relatively minor matter involving local corruption in one small city. (Such stories are, alas, all too common.) But this incident usefully highlights the corruption risks associated with devolving regulatory authority to local governments. While there are certainly virtues of giving local governments power over local affairs, we need to be clear-eyed about the dangers that local control can pose, particularly in the context of regulating lucrative industries like legal marijuana. The Fall River example highlights several such risks:

Continue reading

ML for AML: Is Artificial Intelligence Up to the Task of Anti-Money Laundering Compliance?

Fighting corruption—especially grand corruption—requires effective anti-money laundering (AML) systems capable of efficiently and correctly flagging suspicious transactions. The financial institutions responsible for identifying and reporting suspicious transactions employ automated systems that identify transactions that involve certain red flags—characteristics like transaction amount, location, or deviation from a customer’s typical activity; when the automated system flags a transaction, this triggers further review. But—given the ever-increasing volume and complexity of financial transactions that occur each day, as well as the increasing sophistication of kleptocrats, criminal groups, and others in disguising their illicit activities to avoid the usual red flags—picking out the genuinely suspicious transactions can be extraordinarily difficult. Even the cleverest compliance system designer couldn’t hope to incorporate every potential red flag into the automated system.

The need to stay one step ahead of the bad actors has fueled greater interest in how new advances in data processing technology may help make automated suspicious transaction detection systems more effective. Techno-enthusiasts are particularly interested in deploying deep learning artificial intelligence (AI), as well as classic algorithms that fall under the machine learning (ML) umbrella, in the AML context. ML and AI systems extract patterns from training datasets, and “learn” (by induction) what data patterns are associated with particular identifiable categorizations. Email spam filters provide a simple example. A spam filter, which can be created to conduct a process known as classification, sorts input variables into two categories: “spam” and “not spam.” It makes its categorization based on individual characteristics of the emails (such as the sender, body text, etc.). In the AML context, the idea would be to train an algorithm with data on financial transactions, so that the system “learns” to identify suspicious transactions even in cases that might lack the usual red flags that a human designer would program into an automated system. Advocates hope that ML/AI systems could be used both to filter out the false positives (transactions which are flagged as suspicious but turn out, on review, not to raise any concerns—an estimated 99% of all flagged transactions), while also identifying unusual, potentially fraudulent behavior that may be overlooked by human regulators (false negatives). Indeed, industry experts are understandably enthusiastic about AI systems that will cut costs while improving accuracy, and proponents claim that “AI holds the keys to a more efficient and transparent AML stance[,]” urging that “[b]anks must take hold of this new [AML] weapon[.]”

To the extent that AI tools can improve upon the admittedly-clunky automated systems currently in use, it could be a step forward. But ML/AI systems have a less than stellar track record in other contexts, and a model targeted at AML compliance presents some unique challenges.

Continue reading