I would like to thank the Greater New York Chapter of the Association of Corporate Counsel for inviting me, and each of you for coming here today. It is a perfect opportunity to talk about what I believe are shared goals: Free markets. Fair competition. Economic growth and investment.
Our office is committed to working with the business community to detect and prevent crime.
Your presence here suggests that you are as interested in finding ways to work together as I am. The message I deliver today is one of partnership with those in this room who believe in good corporate citizenship to not just help keep our markets fair, but also our communities secure. My personal message is that I believe we share those same goals, and the challenge we all have to address is how together we will achieve them.
Whether you are general counsel to a large financial institution, a developer, or a chain of grocery stores, compliance in your businesses has never been more crucial than it is today. Today in America, particularly in the financial sector, public distrust has reached levels not seen since the Great Depression. We see resentment in blogs and on late-night TV shows and in rallies and sit-ins. But that’s only half the story. We also see deep distrust of financial institutions within the commercial sector itself, as investors wonder whether they can trust ratings agencies, regulatory bodies, or even the conclusions of their own research staffs.
Corporations large and small need to have a meaningful understanding of their risk exposure. And when they do not, there is uncertainty in markets, and that uncertainty is what causes credit markets to freeze and investor confidence to plummet. And you know that when banks stop lending, the crisis can, and very nearly did, bring down a great economy. At this point in time, particularly, the work of compliance professionals and counsel advising companies is as important as any profit center. Your work is crucial to the survival of your institutions, just as your work is crucial to the function of credit markets, to the advancement of commerce and business, and to our economy as a whole.
Certainly, your work is crucial to law enforcement. Today I would like to offer some examples of how the work that you and your colleagues do every day brings to light major fraud, protects the integrity of our economy, and helps us ― as the chief state prosecutor’s office for the county that holds the most important street in the world for global finance ― build the cases that act as a deterrent to double-dealing in the financial markets, and fraud in the business community.
It starts with the voluminous Suspicious Activity Reports many of your institutions in the financial sector file each day. For those of you that don’t know, SARS are reports financial institutions are required to file when they notice suspicious transactions in their business. Many in your compliance departments must believe SARS are like letters to Santa Claus; you send them in, but you don’t know if anyone reads them. Well, let me start by putting that issue to rest.
Since 2010 when I became District Attorney, our office has created a cutting edge Financial Intelligence Unit within our Major Economic Crimes Bureau. There, we employ trained analysts to sift through SARS daily for evidence of serious crimes; tracing suspicious funds and identifying criminal patterns, finding and connecting the dots to build successful cases.
Since 2010, we have reviewed thousands of SARS. That review has launched scores of new grand jury investigations, helping us solve cases involving not just fraud, but even violent crime. One SAR, for example, alerted us to financial activity that related to an open homicide in the Bronx. Another led us to a “free-riding” scheme, in which the defendant opened multiple trading accounts and, by taking advantage of the delay in clearing transactions, sold stock he did not own, skimming the profits while walking away from the losses.
In yet another case, a single SAR, filed by a financial institution, led us to a stolen art ring and enabled us to seize $15 million in proceeds from the sale of stolen art, and millions more in artworks.
In order to investigate fully the SARs you file, and take full advantage of your efforts in preparing them, we have added significant manpower to get the job done right. We have dedicated in-house investigators, analysts, and Secret Service agents assigned to our office, to assist in these investigations. We also have active, valuable partnerships with the IRS and FBI.
As you might imagine, by examining these SARs in real time and following the trails they begin, my office often sees new trends in money laundering and fraud as they develop. This is information you and your businesses may need to know. And so we’ve begun what we call a business share forum. These forums allow us to share with business sectors, in a small and informal setting, the intelligence we glean from our investigations. We’ve had meetings with many businesses and so far the feedback has been enthusiastic.
Many issues have been discussed during these meetings, including hot topics like health care fraud, mortgage fraud, cybercrime and identity theft. But I would like to focus on one topic, because it is of great urgency.
The world has, for some time, received compelling warnings that Iran is on the verge of developing weapons of mass destruction. The only way short of war to stop this threat is economic sanctions. But economic sanctions are only as effective as businesses, especially in the financial sector, and we, in law enforcement, are vigilant. There is a huge financial incentive for arms merchants and nuclear proliferators to bypass international sanctions, and an enormous desire by terrorists to see that they succeed.
Some of you may be aware of actions my office has taken over the past four years, in partnership with the U.S. Department of Justice and the Treasury Department, to investigate foreign financial institutions engaged in the practice we have come to call “stripping.” With respect to billions of dollars in international payments clearing through New York banks, wire transfers are stripped of the codes indicating the source of funds, and so non-complicit financial institutions in the United States may unwittingly process these transfers, unaware that they are in aid, directly or indirectly, of terrorism, nuclear proliferation, or human rights abuses.
The investigations we have brought to successful conclusion are well-known: Lloyds TSB Bank, Credit Suisse, Barclays, ING, Standard Chartered, and HSBC. And, we expect to have more announcements of work in this area in the future.
Often what grabs headlines in these investigations are the monetary settlements. To date, these cases have resulted in the forfeiture of roughly three billion dollars, a critical deterrent to wrongdoing. But even those financial settlements pale in comparison to the crucial principle of respect for international sanctions. It is not hyperbole to say that the most important values in the international community – respect for human rights, peaceful coexistence, and a world free of terror – depend on the effectiveness of those sanctions.
Where the compliance programs at these banks went wrong, and how their employees were able to violate U.S. laws in such a widespread manner, is a story for another day. But it does underscore the importance of strong compliance programs. A few billion dollars later, along with massive, unfavorable publicity, no doubt those corporate boards and their counsel are wishing better ones had been in place.
Some critics have asked why my office, a local prosecutor’s office, gets involved in investigations that reach all the way across the globe. The better question is how we could not. I believe we have no choice, and every obligation to act. Manhattan is a center for global finance, and the Manhattan District Attorney has a long history of policing the world’s markets and financial institutions. Financial transactions that begin and end on foreign shores are very often cleared just a few blocks from my office.
By virtue of who we are, and where we sit, we are essential partners with financial institutions, some of which you represent, in the fight against money laundering, fraud, and international terrorism. By leading the fight against international financial crime, and working cooperatively with our federal brethren, we strive to preserve the integrity of our markets, the strength of our financial sector, and the security of our City and Nation.
In resolving those “stripping” cases, we have utilized Deferred Prosecution Agreements, called DPAs, which offer an alternative to indictment and provide a means in the right cases of holding a company accountable with monetary penalties and significant policy changes, without necessarily putting the company out of business to the detriment of innocent shareholders and employees.
From a compliance and mitigation of risk perspective, use of DPAs has encouraged corporations to cooperate. And nowhere is this more true or visible than in the sanctions investigations we have conducted. The internal investigations in these cases cost tens of millions of dollars and require scores of analysts. And they rely on the production of records from jurisdictions that often have bank secrecy or data protection laws. These cases depend on the extensive cooperation of the corporation itself in order to provide a full picture of the conduct in question.
Full cooperation also provides the institution with an opportunity to advocate on its own behalf and to demonstrate true and meaningful reform. And failure to cooperate greatly increases the risk that a corporation will be indicted without ever taking advantage of the opportunity to present mitigating facts. As long as the cooperation is meaningful, and consists of more than simple compliance with legal obligations to respond to subpoenas, we will take careful notice.
Whether or not a corporation has in place a real compliance program, self-reports, and cooperates fully to even be eligible for DPA considerations rests in the hands of general counsel. Your decisions about how to respond to information suggesting corporate misconduct will definitely affect the results you achieve for your client in navigating a criminal investigation with our office.
As District Attorney, I realize that it is important to communicate with companies about what is expected of them in the conduct of their business and to inform them of how we conduct our business.
One of the first policies we announced after I took office focused on the prosecution of organizations. That protocol, “Considerations in Charging Organizations,” which is publicly available, sets forth an overview of what we look at and what we expect when investigating companies. It very much seeks to deter misconduct before it happens by placing great emphasis on the organizations efforts to address corruptive problems and put in real compliance programs.
The guidelines we set out, which may well be unique for a local prosecutor’s office, cite that factor and several others in guiding our prosecutors in the important decision of whether or not to file criminal charges against a business entity, and very much seek to guide all of you as you structure your business operations and make decisions in your interactions with government agencies.
Our office is unlike any other prosecutor’s office in terms of the volume, complexity and scope of the cases we handle. They range from the large-scale financial investigations I have described, to rape, robbery, murder, and lesser offenses. My office handles over 100,000 new cases a year, more criminal cases in a year than the U.S. Department of Justice handles annually nationwide. This volume of cases presents an incredible wealth of intelligence – intelligence that we use to drive our prosecution strategies and to track criminal trends. Let me illustrate this point by turning to cybercrime and identity theft, and to explain how today, working cooperatively with general counsel and compliance experts at businesses like yours, we are taking on and making inroads in fighting the fastest growing crime in the country.
In some police precincts in Manhattan, it is, in fact, the most frequently reported crime. I know you have seen these cases, because oftentimes funds are withdrawn from your institutions, or credit is obtained, under assumed identities, or identities and financial information are stolen from your companies. In some cases, large identity fraud rings have reached into your institutions to corrupt personal bankers and tellers as part of their scheme.
Every month some 300 cases come into our office based on summary arrests for identity theft. Each of these cases is entered into a database, and the data is scrubbed for patterns and connections. Before we created the Cybercrime and Identity Theft Bureau, each of these cases was simply a minor felony offense for possession of a forged credit card or a fake ID. But by tracking and analyzing these cases, we are now able draw connections that reveal broader organized criminal conspiracies. And, as I noted, these criminal networks often extend far beyond our City or even our nation.
One recent example involves a multi-year investigation and prosecution of a cybercrime ring that extended from the Ukraine to Brooklyn, whose members were convicted of trafficking more than 95,000 stolen credit card numbers, resulting in millions of dollars of credit card fraud.
Just a couple of months ago, following a ten-week trial, a jury convicted the remaining defendants, including one of the premier vendors of stolen credit card data in the world, who operated out of his apartment in Kiev and was extradited by our office to the United States, when we caught him vacationing in Greece. Recognizing the seriousness of these offenses, the judge imposed long prison terms, the longest being a 22-to-44 year sentence to state prison. That is an indication that state court judges have begun to appreciate the seriousness of these crimes, and that if you refer a case to our office, we will do whatever we need to do to ensure justice is served.
We are seeing a shift in the face of cybercrime and identity theft criminals. A few years ago, identity theft was a white collar crime with strong ties to Russia and Eastern Europe. While this remains true, in part, we also have seen a shift in the local face of identity theft. More and more, we see traditional street gangs turning to embrace this new form of criminal income. Now when we execute search warrants in cybercrime cases, we often seize not just hard drives, but hundreds of thousands of dollars in hard cash, and stashes of weapons.
And just as we once saw organized drug gangs with very specific roles – lookouts, hand-to-hands, enforcers, managers, and bosses – so too are we now seeing the same kind of organization for cybercrime and identity theft rings.
In the unlikely event you didn’t know it already, let me tell you that corporate, bank, and business INSIDERS are recruited to steal personal identification information from customers and clients. They are paid for the information by the recruiters, who in turn give the information to their managers. The managers have technicians who manufacture credit cards and IDs, which are given to shoppers. The shoppers buy high-end products which are turned over to the managers, who then sell the products to online fences who peddle them through the internet all over the world. The so-called grey market for internet goods is a multi-billion dollar market, much of it based on goods stolen from identity theft and other criminal schemes.
The managers also traffic in stolen personal identification information in a global online market, buying and selling stolen identities with identity thieves all over the world.
These crimes are not abstractions far removed from large corporations. They are committed through and against your institutions. In particular, we are seeing a large uptick in crimes committed by “insiders,” employees in companies who are entrusted with access to key identity information or intellectual property.
Now, I’m well aware that insider crime has always existed. But the economic loss that today’s corrupt IT professional can cause dwarfs the corporate checks that yesterday’s bookkeeper made out to phony companies.
My Office is in the final stages of prosecuting a case where an insider at the United Jewish Appeal in Manhattan, and several other insiders at additional companies, stole hundreds of donors’ bank account and credit card information and then sold the data to an identity theft ring operating out of Brooklyn. After using wiretaps and other legally permissible means of electronic surveillance, more than 50 people were indicted as corporate insiders for these crimes. Sentences ranged as high as 6-to-18 years in state prison for the insider at UJA, a first time offender.
We were able to recover some, but not all, of the millions of dollars stolen as a result, and also worked very closely with the UJA to understand their systems and suggest substantial changes to prevent future fraud. This is a perfect example of the positive interplay between a prosecutor’s office and the private sector. Root out the criminality, and work to prevent it from occurring again.
The balance between security and insider access is of particular importance in the area of intellectual property. My Office is actively involved in fighting intellectual property crimes, in light of the increase in both digital piracy and theft of digital intellectual property. Because of how easily business information is stored and used, we have seen more and more that current and former employees are able to access an ever-expanding amount of sensitive and proprietary information.
My Office can bring and has brought criminal charges for the unlawful duplication and criminal possession of computer related material, including where a current employee has permission to access or duplicate certain computer material within the scope of his employment, but instead duplicates that data for some other, unauthorized purpose. This part of our work is illustrated by our recent indictment of a former Goldman Sachs computer programmer who is charged with taking proprietary computer code from Goldman Sachs and sharing it with a competitor.
You will see in the near future other prosecutions by our office of former employees who the evidence demonstrates stole from their employer intellectual property related to high frequency trading strategies, in the hopes of using it to start their own trading firm. The victim company alerted my Office concerning the alleged theft of code, and has cooperated fully with the investigation. As part of the investigation, through legal process, we were able to secure and essentially freeze the stolen code in cloud computing services where it had been stored as part of the alleged crime.
The key to all of this is corporate responsibility. Without you, business and legal advisors, responsible companies can never put in place the controls they need to conduct their business properly.
In closing, I want you to know we are gearing up for our fourth annual financial and cybercrime symposium, to be hosted once again by the New York Federal Reserve Bank in November and attended by about 400 people – state and local law enforcement, regulators, and BSA and AML officers from financial institutions in Manhattan and elsewhere, and representatives from many industries. The cross-pollination among industry representatives, law enforcement officers, and prosecutors, is of incalculable value. Every year, we all come away with ideas and methods to use in our efforts to prevent crime.
It is said that risk managers spend 99 percent of their time contemplating events with less than 1 percent likelihood of occurring. But we are living in days in which we have already witnessed the occurrence of too many such extraordinary events. We all know the stakes are enormous. So it remains to us, all of us here today, to remain vigilant, focused, and to act in concert. Together, I am utterly confident we can not only better ensure the integrity of financial institutions, protect the viability of markets, increase the effectiveness of international sanctions, and safeguard the health of our economy, the security of our communities, and the prospects for a brighter future.