Posts

The Reason Treasury Has Never Complied with Reagan’s EO: Rampant Privacy Violations

For years, I’ve been noting that the Treasury Department, virtually alone among intelligence agencies, does not have procedures to comply with EO 12333’s restrictions on spying on American citizens. Today, BuzzFeed explains why: Treasury’s foreign intelligence wing, OIA, has been engaging in domestic spying. Effectively, they’ve been piggy-backing on FinCen’s access through the Bank Secrecy Act to get information on Americans.

The story describes two big violations. First, when OIA gets masked reports, they call banks to learn the identities of the Americans masked in the reports.

Some sources have also charged that OIA analysts have, in a further legal breach, been calling up financial institutions to make inquiries about individual bank accounts and transactions involving US citizens. Sources said the banks have complied with the requests because they are under the impression they are giving the information to FinCEN, which they are required to do.

One source recalled an instance from 2016 in which OIA personnel, inserting themselves into a domestic money-laundering case, sought information from a Delaware financial institution. In other cases, according to a second source, FinCEN gave OIA reports with the names of US citizens and companies blacked out. OIA obtained those names by calling the banks, then used those names to search the banking database for more information on those American citizens and firms

OIA has also been permitting other agencies — it names CIA and DIA — to put temporary duty officers to access classified banking networks.

Sources also claimed that OIA has opened a back door to officers from other intelligence agencies throughout the government, including the the CIA and the Defense Intelligence Agency. Officials from those agencies have been coming to work at OIA for short periods of time, sometimes for as little as a week, and thereby getting unrestricted access to information on US citizens that they otherwise could not collect without strict oversight.

Dean Boyd has a pretty funny non-denial denial of this charge in the article.

The Defense Intelligence Agency did not respond to a request for comment. CIA spokesman Dean Boyd said, “Suggestions that the Agency may be improperly collecting and retaining US persons data through the mechanisms you described are completely inaccurate.”

I suspect the source of this problem is that Treasury is split into two, with one group doing foreign intelligence and another doing domestic intelligence.

Under a seminal Reagan-era executive order, a line runs through the Treasury Department and all other federal agencies separating law enforcement, which targets domestic crimes, from intelligence agencies, which focus on foreign threats and can surveil US citizens only in limited ways and by following stringent guidelines.

Compare that with FBI, which hasn’t been split in two since the PATRIOT Act, and so can access vast swaths of intelligence on Americans by pretending to be looking at foreigners.  I also suspect the reason this hasn’t been changed at Treasury is because it would piss off the banks, making it clear that the mandated spying assistance under the Bank Secrecy Act implicates their customers too.

Monday Morning: The Urge to Merge

In my eyes, indisposed
In disguises no one knows
Hides the face, lies the snake
The sun in my disgrace

— excerpt, Black Hole Sun by Soundgarden

Looks like this week is all about mergers. Enjoy this simulation on replay several times while listening to Soundgarden’s Black Hole Sun while we dig in.

Roll Call

  • Yahoo’s vulnerability brings all the nasty suitors to the yard (MarketWatch) — If Daily Mail wins, Yahoo will be one massive tabloid, and Tumblr will become a cesspool. Bidding’s open until next Monday; what other potential buyers may emerge this week?
  • Big names in hotels to join after shareholders approve Marriott offer for Starwood Hotels (UPI) — The vote came last Friday after Chinese insurance holding group Anbang withdrew from bidding.
  • Merger of beer producers SABMiller and A-B InBev still in holding pattern (Milwaukee Business Journal) — The deal is languishing for approval by South Africa’s Competition Commission. Part of SABMiller was once South African Brewing.
  • UK balks at Hutchins and Telefonica tie up (Reuters) — Cousins across the pond better watch out; this proposed merger, even if shot down by regulators, portends another telecom marriage ahead. With UK’s Competition and Markets Authority recommending a spin-off of either Three Mobile or O2 mobile network business in order to approve the deal, a divestment of one of these may happen anyhow.

The Yahoo and Hutchins-Telefonica deals bear scrutiny for their potential for mass surveillance depending on how the proposals play out. Yahoo could end up operating under UK laws, and some part(s) of either Hutchins or Telefonica could end up with a non-UK or non-EU partner.

All of these proposed mergers were in the works before the Panama Papers were released; none them appear to be motivated solely by tax reduction, but instead by economies of scale and weak market conditions. It’d be nice if executives of all companies raking in profits realized that failing to pay their hourly workers well has a direct impact on overall market demand. Their businesses could retain autonomy instead of spending time and money on M&A they could spend on employees’ wages.

Speaking of Panama Papers: revelations still shaping policy and politics

  • U.S. Treasury still working on tax rules to reduce tax avoidance and evasion by offshoring (Bloomberg) — Many large holding company structures use intra-group loans to move money out of the U.S. The new rules which may limit these moves may affect not only U.S. corporations but foreign corporations with subsidiaries in the U.S.
  • UK’s PM David Cameron facing heat about tax avoidance strategies used by his family (Scotsman) — Strategies included a tax-free gift of 200,000 pounds to Cameron from his mother. He is supposed to appear before Parliament for questioning.
  • Mossack Fonseca still getting hacked due to poor security response (The Register) — At what point do we ask if MossFon is really just a honeypot, given continued insufficient security?

Just for fun: Rockets!
If you didn’t watch SpaceX’s Falcon 9 launch on Friday, you really ought to make some time to do so for entertainment purposes. The first stage of the rocket returned successfully for reused, nailing a landing on a drone ship — a DRONE SHIP AT SEA. I missed the fact the landing pad was a drone vessel when I watched the first attempts. It’s a really narrow thing, landing on a speck of a pad in the ocean which is pushed around a bit by ocean currents in spite of the drone ship’s programming and/or remote control. (I would love to know who named the drone ship, ‘Of Course I Still Love You’ and why…)

What’s similarly remarkable is the SpaceX team — their excitement is off the map, rather like watching a K-12 FIRST LEGO robotics competition than an aeronautics business at work. Note in the video the team’s reaction just seconds (about 27:30) to the first stage return landing; it’s as if they KNEW they had it nailed before it happened. Wouldn’t you love to know just how they knew?

Also for grins: compare SpaceX’s landing on Friday (start at 23:48 into video) to competitor Blue Origin’s recent rocket return. Blue Origin is owned by Amazon’s Jeff Bezos; the return is so smooth and slick, but it’s in the west Texas desert where potential disruption of the landing has been minimized. Important to keep in mind that SpaceX actually delivered a payload after reaching orbit, where Blue Origin is still limited to sub-orbit elevation.

With that our week’s been launched — let’s go!

The CIA (&etc) Money Orders

NSL v 215Both the NYT (Charlie Savage and Mark Mazzetti) and WSJ (Siobhan Gorman, Devlin Barrett, and Jennifer Valentine-Devries) tell the same story today: the CIA is collecting bulk data on international money transfers. Given that someone has decided to deal this story to two papers at the same time, and given the number of times the Administration has pre-leaked stories to Gorman of late to increasingly spectacular effect (even making most national security journalists forget the very existence of GCHQ’s notoriously voracious taps at cable landings just off Europe) I assume this may be some kind of limited hangout.

It’s not that I doubt in the least that CIA gets and uses financial data. I don’t even doubt the government uses PATRIOT authorities to do so (as both stories assert).

But it would be unlikely that this data comes in through an FBI order and does not also get shared with Treasury and National Counterterrorism Center (if not NSA), both of which would have better infrastructure for analyzing it, and both of which we know to use such data for their known intelligence products. Indeed, in response to a question from both papers about this practice Western Union points to Treasury programs.

 A spokeswoman for one large company that handles money transfers abroad, Western Union, did not directly address a question about whether it had been ordered to turn over records in bulk, but said that the company complies with legal requirements to provide information.

“We collect consumer information to comply with the Bank Secrecy Act and other laws,” said the spokeswoman, Luella Chavez D’Angelo. “In doing so, we also protect our consumers’ privacy.”

And at WSJ a consultant to the industry points even more firmly towards Treasury.

Money-transfer companies are “highly, highly aware of their obligations under the Patriot Act,” said Robert Pargac, a director in global investigations and compliance at Navigant Consulting Inc. who has worked at several such companies. Western Union said last month it would be spending about 4% of its revenue in 2014 on compliance with rules under the Patriot Act, the Treasury Department’s Office of Foreign Assets Control and other anti-money-laundering and terrorist-financing requirements.

We know that, at least until 2008, the FBI maintained that it could share materials that came in through Section 215 with any agency so long as that agency asserted it had a need for the information, and there’s little reason to believe the FBI has changed that policy. So I would assume at least Treasury and NCTC gets this data as well. It may be all this story indicates is that — as they do with much Section 702 data — CIA gets its own access to the data. That’s a minimization story, not a collection story, because we’ve known this data was collected (as WSJ points out).

Then there’s the evidence both papers point to to show that this is a Section 215 program. Read more

Obama’s Treasury Department: Our Sanctions Regime Is SEKRIT

Screen shot 2013-02-20 at 12.48.34 PMTreasury’s Office of Foreign Assets Controljust sent out its invite for a symposium helping the Financial Industry learn about how to comply with sanctions. The symposium will include the following:

The Financial Symposium will feature a Keynote Address by OFAC Director Adam Szubin and presentations by key OFAC personnel on topics such as:

  • Changes to the Iranian Transactions and Sanctions Regulations, NDAA and CISADA
  • Enforcement guidelines and enforcement actions
  • SDN List updates and information on the designation process
  • Securities and Insurance
  • Licensing procedures and guidance
  • Compliance with U.S. economic and trade sanctions

In addition to formal presentations, OFAC staff will be available throughout the day for individual questions and ad hoc roundtable discussion on issues unique to the financial industry.

It’s actually fairly important that the sanctions regime be well-publicized. Not only does it help ensure compliance from any entity that might be considered liable. But that’s what gives it legitimacy: not just the fact that sanctions and their rationale appear well thought out (if you believe Iranians should have no access to medical devices and dental equipment, that is), but also that sanctions are somewhat fairly applied (which they’re not).

Apparently, Obama’s Treasury Department doesn’t see it this way.

 The event is closed to press.

The War on Terror-and-Drugs Turns Inward

The Treasury Department named the US-Central American gang Mara Salvatrucha (MS-13) a Transnational Criminal Organization, meaning it can apply terrorist-type financial sanctions against the group and its members.

This strikes me as a worrying new precedent. Previously, Treasury had sanctioned Los Zetas, Brother’s Circle, the Camorra, and two Yakuza groups. While all operated in the US–Los Zetas has significant operations–MS-13 was first formed in the US, in Los Angeles, with close ties to El Salvador. Treasury says Immigration and Customs Enforcement has arrested 4,078 MS-13 gang members, so this affects a significant number of Americans.

In other words, this will repeat and probably escalate what we saw after 9/11–asset freezes of American citizens with little due process–in such a way that disproportionately affects one ethnic or religious group.

I also wonder whether this move intends to give additional legal cover for DEA’s operations in Central America–backed by Special Forces–particularly Honduras. At a time when many of the leaders of the countries that will be targeted are increasingly opposed to the war on drug, we’re ratcheting up the legal framework to make it look just like terrorism.

Maybe this is all very smart law enforcement. But it’s the creeping application of intelligence-based enforcement without much debate about whether such an approach infringes on Americans’ rights.

Why Is the Superintendent of Financial Services Policing our Iran Sanctions?

NY’s Superintendent of Financial Services, Benjamin Lawsky, yesterday dropped the hammer on the UK’s Standard Chartered Bank, accusing it of doctoring financial documents to facilitate the laundering of Iranian money through its US banks.

Like Yves, I think one of the most striking details about this story is that SFS–and not Treasury’s Office of Foreign Assets Controls–is making the accusation.

But it also appears that Lawsky has end run, as in embarrassed, the Treasury and the New York Fed. As part of its defense, SCB contends it was already cooperating with Federal regulators:

In January 2010, the Group voluntarily approached all relevant US agencies, including the DFS, and informed them that we had initiated a review of historical US dollar transactions and their compliance with US sanctions…The Group waived its attorney-client and work product privileges to ensure that all the US agencies would receive all relevant information.

The agencies in question are “DFS, the Department of Justice, the Office of Foreign Assets Control, the Federal Reserve Group of New York and the District Attorney of New York.”

[snip]

The lack of action by everyone ex the lowly New York banking supervisor is mighty troubling. The evidence presented in Lawsky’s filing is compelling; he clearly has not gone off half cocked. Why has he pressed forward and announced this on his own? The Treasury Department’s Office of Terrorism and Financial Intelligence has supposedly been all over terrorist finance; the consultants to that effort typically have very high level security clearances and top level access (one colleague who worked on this effort in the Paulson Treasury could get the former ECB chief Trichet on the phone). For them not to have pursued it anywhere as aggressively as a vastly less well resourced state banking regulator, particularly when Iran is now the designated Foreign Enemy #1, does not pass the smell test.

Normally, we’d see accusations like SFS released today from Treasury’s OFAC, perhaps (for charges as scandalous as these) in conjunction with the NY DA and/or a US Attorney. And yet OFAC has had these materials in hand for 2 years, and has done nothing.

In fact, we have a pretty good idea what OFAC’s action would look like, because earlier this year it sanctioned ING for actions that were similar in type, albeit larger in number (20,000 versus 60,000) and far larger in dollar amount ($1.6 billion involving Cuba versus $250 billion involving Iran). Both banks were doctoring fields in SWIFT forms to hide the source or destination of their transfers.

ING:

Beginning in 2001, ING Curacao increasingly used MT 202 cover payments to send Cuba-related payments to unaffiliated U.S. banks, which would not have to include originator or beneficiary information related to Cuban parties. For serial payments, up until the beginning of 2003, NCB populated field 50 of the outgoing SWIFT MT 103 message with its own name or Bank Identifier Code, Beginning in the second quarter of 2003, NCB populated field 50 with its customer’s name, but omitted address information. ING Curacao also included its customer’s name, but no address information, in field 50 of outgoing SWIFT messages.

SCB:

Rather than institute  [a required to ensure the funds didn’t come from Iran], SCB instead conspired with Iranian Clients to transmit misinformation to the New York branch by removing and otherwise misrepresenting wire transfer data that could identify Iranian parties. For example, regarding necessary wire transfer documentation, SCB instructed CBI/Markazi to “send in their MT 202‟s with a [SCB London‟s business identifier code] as this is what we required them to do in the initial set up of the account. Therefore, the payments going to NY do not appear to NY to have come from an Iranian Bank.” (emphasis added). SCB also accomplished this subterfuge by: (a) inserting special characters (such as “.”) in electronic message fields used to identify transacting parties; Read more

JPM and ING: Some Trading with the Enemy Is More Equal than Other Trading with the Enemy

ING just signed a $619M settlement with Treasury for sanctions violations, largely with Cuba, but also with Iran, Burma, North Korea, Sudan, and Syria. Aside from the fact that that’s the biggest sanctions settlement ever, I’m interested in it because of just how different Treasury’s publication of ING’s settlement looks from JPMC’s $88.3M settlement last August.

The difference largely comes down to one big detail: Treasury didn’t release the actual settlement with JPMC, but did with ING. Rather than the JPMC settlement, Treasury released just a PDF version of the public announcement on a blank sheet of paper (compare smaller civil penalties, for example, where they release just a link and a PDF of the details, link and PDF). With ING, the settlement appears in full, on letterhead, with the signatures of ING’s General Counsel and Vice Chair at the bottom, not far below the terms of the settlement. And the settlement reads like an indictment, with a 6 pages of factual statements. Indeed, ING signed Deferred Prosecution Agreements with both the NY DA and DC US Attorneys Offices.

And the information included in the settlement is quite interesting. Most interestingly, the settlement describes how ING manipulated SWIFT reporting to hide its transfers with restricted countries.

Beginning in 2001, ING Curacao increasingly used MT 202 cover payments to send Cuba-related payments to unaffiliated U.S. banks, which would not have to include originator or beneficiary information related to Cuban parties. For serial payments, up until the beginning of 2003, NCB populated field 50 of the outgoing SWIFT MT 103 message with its own name or Bank Identifier Code, Beginning in the second quarter of 2003, NCB populated field 50 with its customer’s name, but omitted address information. ING Curacao also included its customer’s name, but no address information, in field 50 of outgoing SWIFT messages.

Read more

US Let China Buy Treasuries Directly During Debt Ceiling Crisis

Reuters has a story on how the Treasury Department allowed China to start buying US Treasuries directly last June.

The documents viewed by Reuters show the U.S. Treasury Department has given the People’s Bank of China a direct computer link to its auction system, which the Chinese first used to buy two-year notes in late June 2011.

China can now participate in auctions without placing bids through primary dealers. If it wants to sell, however, it still has to go through the market.

The change was not announced publicly or in any message to primary dealers.

Now, Reuters offers a number of potential reasons why China might want to do this: it would get a better price by by-passing Wall Street, it reflected growing confidence its money managers could buy debt more efficiently than through primary dealers.

But I can’t help notice the timing.

Last summer, just as it was becoming increasingly clear that Republicans were willing to crash the economy to win the debt ceiling debate, China started buying US debt directly.

I have no idea whether that would enable Treasury to exceed the debt limit without notice–assuming everything else worked the same, it presumably wouldn’t. But as Reuters reported last year (almost at the same time this latest change was taking place), when China wanted to keep buying 30% or more of our treasuries at auctions in 2009, we fudged the rules to allow them to do that. Then by letting China buy directly last year, as The Big Picture shows, Treasury gave the appearance that China was net selling debt, rather than (presumably) continuing to buy a great deal of it.

At the very least, then, the Obama Administration has twice enacted ways to hide the degree to which China has us by the balls, keeping interest rates low while gaining more and more of a threat over us. Given the timing, though, I can’t help but wonder whether it also serves to hide something else about our debt.

And–as Reuters implicitly notes–this change also means we willingly gave the greatest hacking entity in the world direct access to our Treasury auctions.

To safeguard against hackers, Treasury officials upgraded the system that allows China to access the bidding process.

[snip]

The United States has, however, displayed increasing anxiety about China as a cybersecurity threat. The change Treasury officials made to their direct bidding system before allowing access to China was to limit access to the system to a specially designed private network connection controlled by the Treasury.

Oh, okay then. Because the specially designed private networks DOD runs on have proven so resistant to China’s attacks.

Some Pigs Money Launderers Are More Equal Than Other Pigs Money Launderers

Treasury is going to ratchet up sanctions against Iran today, designating it as a primary money laundering concern.

he Treasury Department plans to designate Iran as an area of “primary money laundering concern” on Monday, a U.S. official said, a move allowing it to take steps to further isolate the Iranian financial sector.

[snip]

The decision — which the official said was to be announced by Secretary of State Hillary Clinton and Treasury Secretary Timothy Geithner on Monday — appeared designed as a warning about the risks of dealing with Iran’s financial institutions.

Maybe if the government would actually punish those who traded with Iran–like JP Morgan Chase–rather than imposing fines but then funneling them more money than the fines, it would have an effect on entities dealing with Iran’s financial institutions?

More importantly, the Treasury Department must think “money launderer” means something different than I understand it to mean. Because these guys are still operating as a favored financial jurisdiction for Americans and American companies.

A small group of Cayman Islands “jumbo directors” are sitting on the boards of hundreds of hedge funds as demand for independent directors booms in the Caribbean tax haven.

At least four individuals hold more than 100 non-executive directorships each, and 14 have more than 70 – each worth as much as $30,000 a year.

One has been listed as on the boards of 567 Cayman entities, almost all of which were hedge funds.

So long as we allow Cayman Islands and the hedgies to set up a kind of dangerous hybrid, where the hedgies themselves get to make sure the Cayman banks operate “ethically” as they launder the hedgies money, whatever concern we try to muster about Iran will ring false.

But I guess that’s increasingly par for the course.

Does Treasury Believe Spreading Our Flawed Banking System Is a Solution to Terrorism?

Sheldon Whitehouse had a hearing on terrorist finance the other day. There was an interesting exchange that I think bears notice.

The hearing focused, in part, on hawalas, not least because DOJ recently prosecuted Mohammad Younis, the guy whose hawala Faisal Shahzad used to fund his terrorist attempt. Richard Blumenthal suggested (around 75:50 and following) that that funding may have come from Pakistani authorities (implicitly, the ISI). The FBI’s acting head of counterterrorism wouldn’t answer a question about that in public session.

A more interesting response came from Treasury’s Assistant Secretary for Terrorist Financing, Daniel Glaser. Sheldon Whitehouse asked him (at 92:50 and following) whether we were making progress on solving the problem hawalas create for counterterrorism efforts. Here’s my transcription of Glaser’s response:

Daniel Glaser: The reason hawala and other forms of informal remittances and informal money services exist is because there’s large communities around the world that don’t have access to formal financial services or affordable financial services. So the long-term quote-unquote solution to hawala is a generational one and it is about building an international financial system that everybody around the world has access to. Now, since that’s a long-term solution, we need to address the problem in a shorter term way as well.

[snip]

The way we try to approach it beyond the long term effort to make financial services available to everybody is regulatory prong, enforcement, international standards, and general economic development.

While Glaser described a four-pronged approach in his written testimony (and described in more detail in the parts of his response that I’ve snipped), he said the ultimate solution would come when international financial services were available to everyone.

So the way to solve terrorism, then, is to make sure everyone banks at Jamie Dimon’s bank?

That’s an exaggeration, of course. And unless and until bankers get squeamish about the way the US government is accessing SWIFT, integrating everyone into the formal finance system would give counterterrror investigators transparency into terror financing. But given the state of the banking system–given how much more damage the international financial system has done to the world in the last decade than terrorism (leaving aside the effect of couter-terrorism and false counter-terrorism, like the Iraq War) it troubles me that a high ranking Treasury Department official believes one solution to terrorism is modern banking.

Now Glaser strikes me as an incredibly intelligent and sincere guy–coming from him this “generational solution” sounded like a completely sincere idea. So while this comment made my spidey sense tingle, it didn’t in the way it would have if, say, TurboTax Timmeh Geithner had said it.

Nevertheless, here are some issues it raises.

Read more