Money flow, ds, ar, tax evasion 1 15-14

Part 2: Money and Commodities Flows

Data SecurityAsset Recovery

Tax Evasion and Enforcement

CFCS Examination Preparation SeriesJanuary 15, 2014

Presented ByCharles Intriago

Brian Kindle

Brian KindleEditorial and Training Advisor

Association of Certified Financial Crime SpecialistsMiami, FL

Charles A. IntriagoPresident and Founder

Association of Certified Financial Crime SpecialistsMiami, FL

Certification, News, Guidance, Training, Networking

The Credential That Shows Your Knowledge and Skill Across the Financial Crime Spectrum

CFCS Certification

About the Exam• There are 145 scenario based, four choice,

multiple choice questions• 125 scored questions and 20 unscored

questions• Four hour exam session with no breaks, at one

of over 700 testing centers or online proctored• Passing score is 63%• Results given immediately

Preparation Suggestions• Recommended three weeks of study, if you commit 6

– 8 hours a week• Review manual in detail, including referenced

materials in appendix• Prepare based on your own strengths and

weaknesses • Exam based on best practices, not what you might do

at your organization

Data Security

CFCS Examination Preparation SeriesJanuary 15, 2014

9

Definition and Overview

• Properly safeguarding, storing and disposing of the financial, personal and other sensitive data of an organization, its employees and its customers

• Data security and financial crime are increasingly interconnected• Data breaches lead to fraud, identity theft schemes• Organized crime rings turning to cyber financial crime• Internal data theft and malfeasance supports range of

financial crimes

10

What We Will Cover

• These are the primary topics we will cover today

• Types of Cyberattacks

• Preventing Cyberattacks

• Reacting To Cyberattacks

• Data Privacy

11

Common Types of Cyber Financial Crimes

• There are two main types of cyberattacks• Network based attacks• Relatively rare• What most people think of as hacking• Prevented by firewalls and ACLs

• Virtual attacks• Most common• Take many forms• Prevented by security policies

• Today we will focus on Virtual Attacks

12

Common Types of Cyber Financial Crimes

• Types of Virtual Attacks

• Social Engineering

• Malware

• Account Takeover

• Other Attacks

13

Common Types of Cyber Financial Crimes

• Social engineering

• Deceiving or manipulating target into turning over personal data, confidential information

• Uses similar tactics to “traditional” fraud

• Often involves multiple channels – e-mail, phone, social networks, in-person contact

14

Types of Social Engineering

• These are the common types of Social Engineering Attacks

• Phishing

• SMS Phishing (Smishing)

• Voice Phishing (Vishing)

• Spear Phishing

15

Types of Social Engineering

• Phishing

• Using false e-mail or other electronic message to manipulate recipient into providing confidential data

• There are many types of phishing attacks• Data Capture• Nigerian 419 Scam (Often Advance Fee Fraud)• Man-in-the-Middle Attack

• Data captured in phishing furthers identity theft, account takeover schemes

16

Types of Social Engineering

• SMS Phishing

• Smishing is achieved by sending SMS messages to people with links to website that will perform a data capture

• Becoming more common

• More successful than email phishing since most people are less cautious about SMS Messages

17

Types of Social Engineering

• Voice Phishing (Vishing)

• Vishing is basically using phone calls while posing as someone in authority to elicit sensitive information (like Passwords and logins)

• Most similar to standard confidence frauds from the past

• Far more successful than you would expect• Sometimes Vishing refers to leveraging VoIP

systems to commit a fraud, but is less common

18

Types of Social Engineering

• Spear Phishing

• This is very similar to a standard phishing attempt, but more targeted

• Uses some personal information to personalize the communication

• Far more likely to be successful than a standard phishing attack

19

Common Types of Cyber Financial Crimes

• Malware

• Computer Virus- a computer program that can replicate itself and extend from one computer to another through actions undertaken by the user to proliferate

• Trojan Horse or Trojan- a non-self-replicating type of malware which appears to perform a desirable function of a legitimate software application but instead facilitates unauthorized access to the user’s computer system

• Computer Worm - a standalone malware computer program that replicates for the purposes of spreading to other computers automatically

20

Common Types of Cyber Financial Crimes

• Malware

• Malicious or intrusive computer code used to obtain and transmit data to a third party

• Typically delivered by a compromised or malicious website, but can be delivered within other software packages

• Designed to run undetected, capture activity on a device (i.e. keystroke loggers) or allow a third-party remote access or control

21

Common Types of Cyber Financial Crimes

• Account Takeover

• Often the end result of other cybercrime, identity theft schemes

• Occur when attacker obtains login information, credentials for an individual or business financial account, performs unauthorized transactions

• Estimated $350 million to $ 1 billion lost from US commercial accounts in just the past year

22

Case Study: Epsilon Data Breach

• Epsilon is a marketing company that handles communications for over 2,500 companies

• Best Buy• Morgan Stanley• Capital One• Home Shopping network• Citi

23

Case Study: Epsilon Data Breach

• The Epsilon attack was a multi-tiered attack

• Began with a standard phishing attempt to Epsilon employees• The phishing attempt sent the employees to a malicious

website that installed malware• The malware allowed remote control of the computers of

those users that fell for the attack• This allowed the hackers to access internal systems and steal

contact information for countless customers from those computers

• Will likely now result in more targeted spear phishing attacks which will result in account takeovers

24

Planning for a Data Security Program

• Assess what needs protection, classify and prioritize data based on risk

• Take into account physical and human aspects of data security, not just technological issues• Physical security is a major vulnerability, a great deal of

security breaches are due to failings of internal security• Must have internal security policies as well as external

access policies

• Consider and plan for potential repercussions from data breaches and theft

25

Data Security Program Best Practices

• Manage log of changes• Multi-tiered access rights, highest levels of

access only from specific internal sources• Change all default, vendor-supplied credentials• Partition networks to isolate sensitive data• Strictly manage your data retention policy• Multi-factor authentication for network access• Data retention/deletion policies and process

26

Data Security Program Best Practices

• Train both your employees and customers to recognize fraud attempts

• Actively monitor your network• Restrict administrative connections to specific

internal sources and do not allow any external connections

• Implement firewalls and ACLs and keep them updated

• Implement internal policies to keep all software updated with automatic systems

27

Ongoing Data Security Monitoring and Testing

• Flagging, monitoring failed login attempts

• Enforcing password, authentication policies

• Password cracking tests

• Routine log monitoring

• Ongoing employee training, monitoring

28

Responding to a Data Breach

• Unfortunately, it is likely a matter of time before a data breach will occur

• An important part of you data security program should include how you react to data breaches

• There are often legal requirements, depending on your jurisdiction, for how to react

• It is far better to be proactive in controlling the narrative rather than to trying to ‘sweep it under the rug’

29

Data Breach Response Best Practices

In addition to closing the vulnerabilities that led to the breach, you should:• Identify the sensitivity of the data lost and the

impact on the subjects and the organization• Establish if the data can be accessed without

special software or techniques• Identify whether the data can be recovered• Notify the crisis management team• Establish a list of affected customers• Draft both public and direct communications• Prepare a PR Strategy

30

Essentials of a Data Privacy Program

As custodians of personal data about your customers there are certain responsibilities in keeping that data secure. You should:• Designate an employee(s) to manage the

Information Security Program• Identify and asses the risk of losing customer

data in each area of the company• Test and monitor on an ongoing basis• Assure service providers with access to the data

are compliant with your data security program• Know how to respond to Law Enforcement

requests for data

31

International Data Privacy LawsEU Data Privacy Directive• In addition to protecting customer data from data

breach, companies have a great deal of regulation as to how and when they can release customer data

• While there are several international laws, and numerous local ones that depend on the jurisdiction, the EU DPD is a strong example

• The EU DPD is very restrictive for protecting data privacy, it requires:• Consent from the customer• Necessary for compliance with a legal issue• Necessary for meeting a legitimate interest

32

Key Lessons

• Securing human side is more important aspect of data security

• Cyberattacks rely heavily on old-fashioned fraud

• Data security and privacy policies should focus on limiting access to data

• “Stricter” is not always better

Practice Question

Your financial institution has been subject to several hacking attempts over the last few weeks. While none have been successful, you worry that it might be a matter of time. To keep your network secure, you have decided to update your network security policies.What is an important step to include in your network security policy?

Practice QuestionA. Educate your online customers to detect phishing attempts and other fraudulent email scams.B. Disable auto deletion of old data, including access logs, and move them to an archive server.C. Only permit administrative connections via the Internet through HTTPS or SSH connections.D. Require confirmation from network Engineering before resetting any lost passwords.

Practice QuestionAnswer A is correct as this is a recommended step in all network security policies. While not high tech or glamorous, educating your staff and your customers to recognize phishing and fraudulent emails is a fundamental and highly successful way to prevent fraud.

Answer B is incorrect as this is the opposite of a good data retention policy, and has nothing to do with a network security policy.

Practice QuestionAnswer C is incorrect as a good security policy will not allow any administrative connections through the internet, even via secure connections like HTTPS or SSH. Administrative connections are those that allow you to log into internal devices and make changes to how they function. This task should only be allowed from internal connections.

Answer D is incorrect as it is not very scalable and network engineering is the wrong group to manage this anyway. There are hundreds of password resets that are performed every day by most large financial institutions. There is no way that the network engineering staff would be able to keep up with the requests. They would also have no way to determine if the requests should be approved or denied.

37

Practice Question

Your organization has a large online presence, providing all key services online. You have recently found out that a hacker has gained access to your secure network, stealing millions of customer usernames and passwords. You think the access was gained via social engineering.

Your company’s success depends on your keeping this data secure, so your organization wants to put procedures in place to ensure it can prevent any such further attacks. As an initial step you have terminated internet access for engineering and IT.

What would be the MOST effective further action for your firm to immediately take to prevent this specific type of attack from happening again?

38

Practice Question

A. Restrict external access on all routers and servers allowing administrative access only from workstations in the engineering and IT departments.

B. Staff should not be allowed to download any materials from the internet or private disks to the organization's local drives.

C. Require all customers to change their passwords on a regular basis to access their accounts and require strong passwords.

D. Upgrade all network firewalls and ensure they are running current software.

39

Practice Question

Answer A is correct as this is a viable and recommended security strategy. Not only should administrative access be restricted to only internal computers (no outside internet connections), it should be restricted to only those groups that have a viable business purpose for logging into those devices, such as engineering and IT. If someone manages to acquire information to access the network, via social engineering or otherwise, there is not much they would be able to do with that information if they had to be sitting at a desk in your engineering department to actually use it.

Answer B is incorrect. While this is a viable, if extreme, security measure, it does not prevent this specific type of attack from happening again. Though a common security measure in some very secure government and private-sector facilities, it does nothing to prevent social engineering attacks. The question specifically asks for ways to prevent that type of attack.

40

Practice Question

Answer C is incorrect. While this too is a viable customer security policy, it would not be a component of a network security policy. It also would do nothing to prevent social engineering attacks.

Answer D is incorrect. Once again upgrading firewalls and ensuring they are running current software is a good network security policy, but does not prevent “this specific type of attack from happening again.”

Money and Commodities Flows

CFCS Examination Preparation SeriesJanuary 15, 2014

42

Financial Crime and Money Transfer Mechanisms

• Mechanisms to move, transfer and employ criminal proceeds are essential to perpetrating financial crimes

• Methods to move money and other financial assets are limited only by imagination of the financial criminal- wire transfers, international trade, informal value transfer systems, prepaid cards, etc.

• As new mechanisms evolve, pre-existing money transfer methods remain, leaving complex and growing network of threats

43

Checks and Bank Statements

• While declining in use, checks in combination with bank statements can still be useful to map flows of money or other assets.

• Financial crime professional should look for:• Payees on checks• Comparison of endorsers to determine consistency• Volume of checks and pattern of account use show in

bank statement• Large checks or others that do not fit general use of

account• Notes and numbers written on the back of a check by

bank employees

44

Wire Transfers

• All-purpose vehicle to move funds in all financial crime scenarios

• Examples of red flags include:• Funds transfers to known tax/secrecy havens• Wire transfers with no legitimate business purpose• Customer with low account balance sending or receiving frequent

wire transfers• Rapid succession of wire transfers in similar or exact amounts• Customers in cash-intensive businesses that send large wire

transfers• Unusual funds transfers by correspondent banks• Customers using cash or bearer instruments to purchase wire

transfers

45

Trade Price Manipulation

• Also known as trade-based money laundering, continues to be a popular vehicle to move illicit proceeds

• Requires two or more persons working together to move funds using combinations of over-valued and under-valued imports and exports Parties may understate the price of imported goods or overstate the price

of exported goods.

Parties may overstate the price of imported goods or understate the price of exported goods.

46

Trade Price Manipulation

Assume Person A wishes to move money from Country X to Person B in Country Y.

• Person B buys 10,000 widgets in Country Y and exports them to Person A in Country X with an invoice for $100 per widget, although he only paid $10 per widget.

• Persons A or B go to a bank to obtain trade financing to finance the exportation or importation of 10,000 widgets at $100 apiece.

• Person A pays Person B the $1 million that is invoiced.

By this transaction, Person A is able to move an excess of $900,000 disguised in international trade.

47

Trade Price Manipulation

• Why so popular?• Difficult to detect• Lack of accurate, timely data on goods and

commodities pricing in many jurisdictions • Volume of legitimate trade• Able to move funds across borders

• Key concern for institutions engaged in trade finance – letters of credit, factoring, etc.

48

Trade Price Manipulation

• Red flags for TBML include:• Payments to vendors in cash or wire transfers by

unrelated parties• Packaging inconsistent with commodity or shipping

method• False reporting on type, quantity or quality of

commodities imported/exported• Carousel transactions- repeated importation,

exportation of same high-value commodities• Trading in commodities that do not match business

49

Money Service Businesses

• Like banks and other financial institutions, MSBs are vulnerable for use by financial criminals. Some reasons for this include:

•Simplicity and certainty of transactions

•Global reach of network of MSBs

•Cash nature of initial steps of transactions

•Fewer customer identification rules are imposed

• Because of the high volume of customers, reduced possibilities of verification of customer identification

• Customer relationships sometimes less formal, customers rotate

50

Informal Value Transfer Systems

• System for transferring value through exchange of goods or currency from one person in one country to person in another country

• Not banks in the traditional sense

• Maintain their own financial accounts but do not rely on global financial system to move funds

• Common examples include:• Black market peso exchange• Hawala

51

BMPE

Narcotics proceeds in US dollars sold to “cambistas” in

US or MexicoCambistas swap

dollars with import/export

businesses that need pesos

Import/exporters or cambistas

purchase goods in US dollars

Goods transported or smuggled

Cambistas pay off narcotics rings in

pesos

Drugs smuggled into US and sold

52

Money Transfer through Securities Trading

• Trade in securities is multi-trillion dollar sector of global economy, can be very difficult to monitor

• Securities trading can be used to launder and move criminal proceeds, also be manipulated to earn illicit proceeds

• More commonly used in layering, integration for money laundering, as in wash trading

• May involve complicity of broker or employee

53

Money Transfer through Securities Trading

• Common indicators of suspicious activity in securities industry include:

•Changing share ownership when making cross-border transfer•Liquidating what would usually be a long-term investment

within a short period•Using a brokerage account similar to a depository account•Opening multiple accounts or nominee accounts•Engaging in transactions involving nominees or third parties

54

Prepaid Cards and Financial Crime Risks

• Also called “stored value cards,” can represent easily transferred, highly portable means to move funds

• Sometimes can be obtained with less due diligence than opening bank account or obtaining credit card

• Prepaid card fraud is sometimes tied to credit/debit card fraud and account takeover schemes- stolen cards and account value is used to purchase prepaid cards

55

Prepaid Cards and Financial Crime Risks

• Ways to mitigate prepaid usage for financial crime include:

• Understanding how and why card will be used• Monitor reload activity, set limits on reloads• Identify source and location of reloads• Monitor number and type of cards issued to any given

customer• Conduct due diligence to understand all parties involved in

issuance of cards

56

Key Lessons

• Channels for illicit transactions are multilayered and increasingly complex

• Professionals should be able to recognize key attributes, red flags in many payment and value transfer systems

• Understanding “normal” behavior in any given transaction, customer relationship is essential

57

Review Question

• You are an investigative professional who has been asked look in to an import/export firm that specializes in tropical fruits, vegetables and other agricultural products. The firm is suspected of involvement in a trade-based money laundering operation.

You gather the following intelligence. What would be the best indicator of TBML, and a lead to focus your investigation?

a) The firm’s articles of incorporation do not list its beneficial owners

b) The firm has made large numbers of domestic wire transfersc) The firm has a number of invoices for exports of high-end

electronics d) The firm has received a letter of credit from a large, well-

known financial institution

58

Practice QuestionA young woman who is a national of Country A, works as a caregiver for a family in the U.S. She sends much of her earnings to support her family back in Country A by giving the amount in cash to a local grocer, whose family heritage is also in Country A.

Once the grocer receives the cash, he calls his partner who runs a market in one of the larger cities in Country A. From there, the young woman's family can pick up the money sent.

What is the name commonly used to describe this form of remittance transaction?

A. Cash transferB. HawalaC. Referral BankingD. Black Market Peso Exchange (BMPE)

Asset Recovery

CFCS Examination Preparation SeriesJanuary 15, 2014

• Traditional approach:Asset tracing: Attacking profits, discover where assets are hidden and freeze them

• New approach: Money flow investigation: Attacking money flow, discover how money flowed back to criminal, identify vulnerabilities, seek to interdict funds

Concepts of Asset Recovery Investigations

• To justify asset recovery operation, professionals should prepare:

• List of assets for which recovery is sought• Actual or appraised value for each asset• Names and contact information of persons who may

have interest in asset• Listing of registered owners, lien holders on assets• Statement explaining legal theory or justification behind

freezing each asset• Copies of all investigative or analysis reports in the case• Copies of all court orders previously issued in the case

Making the Case for Asset Recovery Operations

• Investigators • Forensic accountants • Lawyers • Analysts and support staff

Typical Members of Asset Recovery Team

Initial Considerations for Asset Recovery Team

• Does asset have value? Heavily encumbered What will it cost to preserve it during process

• Are there innocent owners who may impede recovery?

Equitable Weapons of Courts

• Restraining and mandatory injunctions

• Civil search warrants

• Break and search orders

• Accounting

• Constructive trust

• Appointment of receivers

•Many others found in CFCS manual

Other evidence-gathering tools

• Production orders

• Search warrants

• Customer information orders

• Account monitoring orders

• Disclosure orders, subpoenas or summons

66

Typical records kept by financial institutions

• Transaction and wire transfer recordso ID requirements on transactions over $3,000

• Know Your Customer and other customer datao Due diligence reportsoPhoto IDso Signatureso Information on customer relationshipso Information on source of customer’s wealth or funds

67

Regulatory Records

• Subpoena Required- Bank Examination Records- Applications Records- Ownership and Location Information- Financial Data

68

Receivership

• Serve to locate, safeguard, recover assets

• Trustees, receivers, administrators, liquidators, officeholders

• Step in shoes of directors, entitled to all information

69

Subpoena Tips

• Comprehensive production of records- Subsidiaries, affiliates, etc.- Use “bank terminology”

• Wire transfers- Fedwire or SWIFT- Authorization document, letter or form

70

Asset forfeiture

• Criminal forfeiture- against the defendant or person

• Civil forfeiture- in rem’ - against property - proceeds, instrumentality of crime

• Substitute assets

71

Asset forfeiture

72

International Assistance

• Freezing Orders - Mareva injunctions

• Pure Bill of Discovery - Norwich Pharmacal

• Production Order - Bankers Trust Orders

• Stand and Deliver - Anton Piller Orders

• Lis pendens

• Letters rogatory

73

International Assistance

Mutual Legal Assistance Treaties (MLATs)

• Taking testimony of persons• Providing documents, records and evidence• Service of documents• Locating or identifying persons• Executing requests for search and seizure• Identifying, seizing and tracing proceeds of crime

74

International Assistance

• Foreign ministries, nation's chief legal officer

• Embassies – yours and theirs

• “Back channel" assistance, for location of witnesses, authentication of records

• Direction to useful public sources to uncover true beneficial owner

75

Enforcement of Judgments

• Uniform Foreign Money Judgments Recognition Act

• Domestic judgments often are enforced in

other countries based on "comity"

76

Liability of Third Parties

• Third parties can be valuable, if difficult, targets for asset recovery operations

• Preliminary questions on liability - Identify payees - Find related entities - Check public records-Understand regulatory requirements

77

Liability of Third Parties

• Preliminary questions on liability- Intelligence sources - Affiliated entities- Gratuitous donees - Fraudulent conveyances - Overpaid investors

Possible Third Party Targets

• Banks • Broker-dealers, investment advisers, etc. • Company directors • Employees• Lawyers • Auditors and certified public accountants

Key Lessons

• Understand viable targets for asset recovery options

• Understand information sources, including open sources like corporate registries

• Many asset recovery operations have cross-border component – recognizing international tools is essential

Review Question

• You are employed as part of an asset recovery team seeking to recover funds from a corrupt government official indicted for bribery and embezzlement in Canada. You have identified financial accounts and properties the official held in several common-law countries, including Australia and the UK.

You are concerned that the official may attempt to transfer funds out of his accounts or dispose of properties while legal proceedings against him are still underway. What is one legal tool you could use to prevent the official from transferring these assets?

A. Letters rogatoryB. Anton Pillar orderC. Mareva injuctionD. Production order

Tax Evasion and Enforcement

CFCS Examination Preparation SeriesJanuary 15, 2014

82

Overview and Definition

• Conduct designed to intentionally and illicitly avoid paying tax liabilities

• Often a thin line between tax evasion and legal “tax avoidance”

• Evasion is a financial crime itself and a common element of all other financial crimes

Convergence of Tax & Money Laundering Enforcement

• Global trend toward criminalization of tax compliance, enforcement will continue

• Convergence with other areas of law -- criminal law, money laundering, asset forfeiture, international evidence gathering

83

Convergence of Tax & Money Laundering Enforcement

84

• In February 2012, FATF issued revised recommendations on anti-money laundering

• For first time, tax offenses expressly listed as predicate for money laundering crimes

85

Tax Shelters

• Mechanism by which taxpayer may protect assets or income from taxation, or delay tax application

• Investments in pension plans and real estate are common examples, many shelters are completely legal

• Shelters can be deemed abusive by tax authorities when designed solely for avoiding or evading taxes

86

Tax or Secrecy Havens

• Jurisdictions that provide secrecy or other means of protecting assets from taxation• Individuals, corporations, other entities can shift

assets to havens through physical relocation, subsidiaries, shell corporations• Havens have been subject to increasing global

pressure

87

Characteristics of Tax or Secrecy Havens

• No or nominal taxes• Lack of effective exchange of tax information• Lack of transparency in the operation of legislative,

legal or administrative processes• Anonymous company formation• Negotiated tax rates• Inconsistent application of tax laws• Little or no regulatory oversight

88

Characteristics of Tax or Secrecy Havens

• No requirement for physical presence, allowing for shell corporations

• Self promotion as offshore financial center

• Examples of tax or secrecy havens• Seychelles• Panama• US states of Delaware, Nevada

89

Methods of Tax Evasion and Tax Fraud

• Income tax evasion can be straightforward as under-reporting income, overstating deductions, or not declaring offshore accounts

• Can be extraordinarily complex, involving offshore accounts and layers of corporate entities

• Tax codes of many jurisdictions are complicated, proving tax evasion requires willful intent to defraud

90

Methods of Tax Evasion and Tax Fraud

• Smuggling and evasion of customs duties• Employment tax fraud• Falsified worker status• Pyramiding• Third-party withholding• Cash payments

• Evasion of value added tax (VAT)• “Missing trader” fraud, carousel fraud

91

Red Flags of Tax Evasion

• Failing to follow advice of accountant, attorney or preparer

• Failing to inform a tax professional of relevant facts • Evidence from employees about irregular tax withholding,

suspicious business practices• Missing or altered books and records• Transfer of assets to an offshore location or secrecy haven• Tax and related documents appear to be backdated• Use of many tax numbers by single person or entity• Submission of suspicious wage and other statements

• March 2010 – FATCA signed into US law• February 2012 – Temporary IRS Regulations Issued• Numerous IRS Notices Since • January 17, 2013 – Final IRS Regulations Issued• Key Effective Date – January 1,2014

FATCA

• Essentially deputizes ‘Foreign Financial Institutions (FFIs)’ to act as extension of IRS enforcement network• Identifying US Taxpayers holding financial accounts or

investments in their institutions

• Reporting financial assets, US source income annually to IRS

• Withholding 30%, on behalf of the IRS, on certain payments coming from US for noncompliant accounts, institutions

• Reporting, withholding on accounts and payments to other FFIs that do not comply with FATCA

FATCA Overview

94

Intergovernmental Agreements

Model I and Model II Agreements

• Model I requires FFIs to report information on US accountholders to their tax authorities, which collect and deliver it to IRS

• Model II requires FFIs to report information on US accountholders directly to the IRS.

• IGAs will require some countries to change their tax, privacy laws

• Some IGAs require reciprocal reporting – US institutions must report accountholders to tax authorities of signatory nations

95

FATCA Gaining Momentum

• 70 countries now engaged in talks with US

Treasury

• FATCA Partners now include 7 countries (UK,

Mexico, Denmark, Ireland, Switzerland, Spain,

Switzerland, Norway)

• Tax transparency now a worldwide initiative

• Participation ‘not an option’

96

G20 and Bank Information Exchange

97

Key Lessons

• Understand structures used to evade taxes,

especially offshore legal entities

• Understand common types of tax fraud

schemes, including those involving VAT

• Recognize how FATCA works and how it is

laying groundwork for international tax

enforcement regime

98

Practice Question

Your bank holds a business account for a local tax preparation service.

What would MOST likely trigger further investigation by the compliance department in the bank?

A. Numerous deposits of tax refund checks in the names of different individuals but with common addresses

B. Multiple deposits of checks in the same amount written by different tax service customers

C. Variances in the frequency of transactions depending on the calendar cycleD. A request by the customer to have payments made to the Tax Office

through a certified check process

99

Practice Question

• Answer A is the correct answer due to the fact that this is a classic red flag for tax fraud. Multiple tax refund checks for different individuals going to the same address should set off warning alarms in nearly every jurisdiction.

• Answer B is incorrect because this perfectly fits the customer’s profile. The deposit of checks from different tax service customers is what you would expect as each customer paid their bill for the service. You would also expect many of them to be in the same amount for a typical tax preparation service since the fee for tax preparation would be the same for many customers.

100

Practice Question

• Answer C is incorrect because, once again, this fits the customer profile. You would expect variances depending on the calendar cycle as this is largely a seasonal business based on tax reporting deadlines.

• Answer D is incorrect because there is no indication of tax fraud in this response. The customer is making payments to his jurisdiction’s tax authorities using a certified check, which is simply a check for which a bank has confirmed sufficient funds exist to cover the amount of the check. This is not a viable means to commit tax fraud, and would more likely indicate no fraud is taking place.

Your Questions

Thank you for attending

Next Session is Friday, January 17, 1 PM ET