22 Sep 2020
Filipino remittance firms were investigated in the aftermath of the 2016 cyber-heist that siphoned off $81 million from the central bank of Bangladesh. Documents now show that a few years before the daring theft, these remittance firms had moved millions of U.S. dollars in “suspicious” transactions, raising the question as to why they were not stopped in their tracks much earlier.
A cache of secret bank reports shows that Philrem Service Corp. (Philrem) and Werquick Inc. sent more than $1 billion of what were deemed “suspicious” wires from 2012 to 2016, mostly using their accounts in BDO Unibank Inc. (BDO), Rizal Commercial Banking Corp. (RCBC), and Metropolitan Trust Bank Co. (Metrobank).
These activities were flagged in Suspicious Activity Reports (SARs) submitted by various U.S. banks to the U.S. Treasury Department’s Financial Crimes Enforcement Network or FinCEN. Because the U.S. dollar is the world’s currency, sending money from one country to another requires conversion to U.S. dollar.
This means that funds have to pass through a bank operating in the U.S. These U.S. banks must file SARs to FinCEN if it sees suspect activity. FinCEN is the U.S. financial intelligence unit similar to the Anti-Money Laundering Council (AMLC) of the Philippines.
The SARs were shown to PCIJ by BuzzFeed News and the International Consortium of Investigative Journalists, which led more than 400 reporters in 88 countries to investigate trillions in banking secrets. Information contained in these reports is not necessarily evidence of wrongdoing or criminality, but they have been closely examined to identify transactions and relationships that inform news stories in the public interest.
The cross-border investigation exposes the secret world of international banking. Journalists across the globe found that the world’s biggest banks fail to stop suspicious activities, allowing anonymous actors go unchecked while millions of dollars in taxpayer’s money get looted. (Explore the FinCEN Files data here.)
Since the FinCEN files cover activities involving Filipino parties mostly from 2012 to early 2016, the reports can be seen as a precursor to the 2016 Bangladesh Bank heist. The SARs indicate how vulnerable the Philippine financial system had been to money laundering as moving funds apparently can be done without naming or verifying the source and beneficiary as well as specifying the purpose of the transfers.
The AMLC could not disclose whether it had investigated the remittance firms prior to the heist, but it maintained that anti-money laundering rules and regulations covering money service businesses (MSBs) such as Philrem and Werquick had been in place since 2011.
The Bangko Sentral ng Pilipinas (BSP), which oversees banks and non-banking financial institutions, issued Circular No. 706 in 2011 to include MSBs as “covered institutions” or “covered persons.” Covered institutions or persons refer to banks, offshore banking units, quasi-banks, trust entities, non-stock savings and loan associations, pawnshops, foreign exchange dealers, money changers, remittance agents, electronic money issuers and other financial institutions that are subject to BSP supervision and/or regulation.
These covered institutions, AMLC said, “were and are still required to comply with anti-money laundering (AML) and counter-terrorism financing (CTF) obligations,” which includes customer identification, recordkeeping, and reporting of covered and suspicious transactions.
MSBs and banks have always had the primary responsibility of complying with AML and CTF obligations under the law. The firms involved in the heist, AMLC said, “failed to comply with these requirements, such as customer due diligence, recordkeeping, and covered and suspicious transaction reporting and, in turn, were vulnerable to be used as conduits for money laundering and terrorism financing activities.”
Philrem & Werquick
Philrem, the remittance company linked to the $81-million transfer of stolen funds from the Bangladesh central bank, is a big subject in the FinCEN files. It appears in at least six SARs, joining the ranks of Dubai gold trader Kaloti and billionaire Roman Abramovich who are both subjects of multiple reports.
Werquick, a money service business owned by Philrem’s Salud R. Bautista, is the subject of two SARs.
Philrem executives are embroiled in several cases related to the heist, including those filed by the AMLC, the Bureau of Internal Revenue, and the Bangladesh central bank. The BSP revoked the firms’ registrations in 2016.
From the more than 2,100 SARs included in the FinCEN files, a total of 27 SARs, filed between 2010 and 2016, refer to Filipino individuals and companies as originators and beneficiaries of “suspicious” wires. These PDF reports contain narratives of more than 1,700 transactions worth at least $644 million. All figures used in this story are estimates as they do not include transactions cited in prior SARs. The PCIJ also does not have the spreadsheet attachments on file. The actual amounts could be higher.
Of the total $644 million, 70 percent of the transactions were made by Philrem ($335 million) and Werquick ($124.1 million). The narratives in the SARs point to much larger figures though, with one report citing amounts reaching up to $1.6 billion. The breakdown of this amount is not fully available, however. PCIJ is only able to examine wires with transfer details.
The FinCEN files include five unique SARs pertaining to Philrem alone, one referring to Werquick only, and one dedicated to both Philrem and Werquick. The seven SARs were filed between 2013 and 2016, covering transactions that took place from 2012 to 2016. Majority of the transactions ran in the millions of dollars; the lowest amount was $29,250 while the highest was $94.5 million involving 64 wire transfers.
The SARs were filed by the Bank of New York Mellon (BNYM), one of the oldest and largest banks in the U.S. It maintains correspondent banking relationships with Philippine banks to enable them to transact in U.S. dollars.
The biggest amount was reported in the SAR dated April 12, 2016, where BNYM scanned for wires from November 2012 to March 2016 and found 5,001 “suspicious” transfers worth $1.03 billion involving Philrem and Werquick. The report took note of Philrem’s involvement in the Bangladesh Bank heist that happened two months prior, in February 2016. BNYM included Werquick as it learned from news reports that it is also owned by Salud R. Bautista.
The seven SARs that flagged Philrem’s and Werquick’s activities cited several reasons:
- “The true ordering customers are not disclosed in the wire details;”
- “The source of funds and the purpose of the transaction cannot be ascertained;”
- “Some of the counterparties appear to be shell-like or unverifiable entities;”
- “Many of the wires were sent in large, round-dollar (and occasionally repetitive) amounts;”
- “Many were sent between the same counterparties within a short period of time;” and
- “The wires were sent from the Philippines, a high-risk jurisdiction for money laundering and other financial crimes.”
PCIJ sent a request for comment to Philrem owners Salud and Michael Bautista and its compliance officer Anthony A. Pelejo through their lawyers. The parties have not officially responded to PCIJ’s queries, but one of their lawyers indicated that his clients were not inclined to comment considering the ongoing case.
Two key observations emerge consistently across all seven SARs.
First, Philrem and Werquick as known money remitters were sending wires on behalf of “unknown third parties,” which meant that the “source of funds and the purpose of the transaction cannot be ascertained.”
PCIJ’s analysis of Philrem’s and Werquick’s transactions showed that $235.2 million or more than half of the estimated total $459 million worth of transfers were sent without information on who actually sent the money. The actual senders meanwhile were identified in the wires worth a total of $229.6 million.
Second, the two companies, according to BNYM, were also sending wires to shell-like companies. Shell entities can be created and used for legitimate purposes, but BNYM itself noted in many of its reports that these types of companies are a concern for money laundering and other financial crimes given that “they are easy to form, inexpensive to operate, and are structured in a manner designed to conceal the transactional details of the entities.”
“The use of shell entities provides an opportunity for foreign or domestic entities to move money by means of wire transfers, whether directly or through a correspondent banking relationship, without the entity owners having to disclose their true identities or the nature or purpose of transactions,” BNYM said.
In the SAR filed on May 8, 2015, for instance, BNYM reported that over 32 percent of the funds sent by Philrem, or approximately $319 million, from Jan. 1, 2013 to March 20, 2015, did not identify a true remitting customer. BNYM also found that nearly 48 percent of the $319 million in funds was credited to numerous shell-like entities that have accounts with three banks in Hong Kong. These shell-like entities were also receiving wires in similar large, round-dollar, and/or repetitive/trending amounts, BNYM noted.
Why report suspicious activities?
Stephen Cutler, director of tech firm Guide Meridian and former legal attaché of the Federal Bureau of Investigation to Manila, said the main reason financial institutions must know money transfer details, such as names and identifiers of senders and receivers, and the reason for the transaction, is to reduce the risks of abuse of the system by criminals or terrorists.
Even simple questions, with documentation for the answers, he said, would deter criminal activity such as online sexual exploitation of children, drug trafficking, arms trafficking and corruption. Keeping such information, he said, would also provide law enforcement agencies with lead information on people who move money from illegal sources.
“This information is critical in order to reduce the risk of criminal exploitation of our financial system,” Cutler said in an email interview.
A United Nations Office on Drugs and Crime report estimated that in 2009, proceeds generated from drug trafficking and organized crimes amounted to 3.6 percent of the global gross domestic product, with 2.7 percent or $1.6 trillion being laundered.
In the Philippines, a 2018 AMLC study that assessed the country’s exposure to external threats based on suspicious transaction reports showed that illicit funds from environmental crimes, illegal trafficking of persons, kidnapping for ransom, and terrorism have entered the country. Illicit funds from smuggling have also originated from the country, while proceeds from other predicate offenses circulated within the country’s financial system.
AMLC in a July 2020 forum reported a big uptick in suspicious transactions when the Covid-19 pandemic and the ensuing quarantines began. From March 1 to April 24, 2020, the number of suspicious transactions related to violations of the Anti-Child Pornography Act of 2009 ballooned by 11,380 percent from the same period in 2019. The number of suspicious transactions involving drug trafficking and other related offenses also increased – by 189 percent compared to the same period last year.
What the rules say
To prevent their systems from being used for criminal activity, financial authorities worldwide require banks and money remitters to set up AML and CTF programs. “Know-your-customer” (KYC) policies are included in these programs to allow institutions to identify and verify customer identity and the source of funds.
The Implementing Rules and Regulations (IRR) of Republic Act No. 9160 or the Anti-Money Laundering Act (AMLA) likewise recognize the risk associated with dealing with wire or fund transfers, where according to the law, a bank may unknowingly transmit proceeds of unlawful activities or funds intended to finance terrorist activities.
Finance professionals interviewed by PCIJ on background said that banking with money service businesses is considered high-risk for money laundering because the “true customers and intentions” can be hidden by using money remitters as a conduit of a predicate crime.
Sought for comment, the AMLC said it was unable to, while the BSP said it was not privy to the SARs submitted to FinCEN.
PCIJ wanted to verify whether money remitters were required to provide the banks with details of its own customer or the actual sender of the money.
When asked about bank requirements for money remitters that transfer money on behalf of their customers during the period covered in the SARs, as well as the current process, AMLC said the requirements on fund or wire transfers have generally been consistent since 2012.
Under the 2012, 2016, and 2018 IRRs of the AMLA, covered institutions must establish policies and procedures designed to prevent them from being used to transfer proceeds of unlawful activities or funds intended to finance terrorism. They must obtain information such as “name of the originator, name of the beneficiary, and account number of the originator and beneficiary, or in its absence, a unique transaction reference number.”
Moreover, AMLC said that since 2012, the IRRs of the AMLA mandate refusal to accept fund transfer instructions under the certain circumstances, such as:
- wire/fund transfer from a non-customer originator, unless it has conducted the necessary customer due diligence to establish the true and full identity and existence of said originator, or;
- transfer to non-customer beneficiary, unless the intermediary bank has conducted customer due diligence to establish the true and full identity and existence of such beneficiary; or
- for high-risk customers, where additional information cannot be obtained, or any information or document provided is false or falsified, or the result of the validation process is unsatisfactory.
BSP meanwhile cited Circular No. 706 in 2011, which put in place customer identification requirements for compliance by banks and non-bank financial institutions. The same circular sets the following customer identification requirements for fund/wire transfers:
- the beneficiary institution must conduct customer due diligence to establish the true and full identity and existence of a non-customer beneficiary before accepting instructions to pay out fund transfers to said beneficiary;
- the originating institution must conduct customer due diligence to establish the true and full identity and existence of a non-customer originator before accepting instructions to fund/wire transfer from him/her;
- in cross-border transfers, the beneficiary institution must conduct enhanced due diligence on the beneficiary and originator if the latter is a high-risk customer; and
- cross-border and domestic fund/wire transfers amounting to P50,000.00 or more or its equivalent must include the following originator information through the payment chain: i) name; ii) address or national identity number or date and place of birth; and iii) account number or unique reference number.
Section 923 of the Manual of Regulations for Banks (MORB) also outlines the respective obligations of originating, intermediary and beneficiary financial institutions in the wire/fund transfer chain. The rules emphasize the need for both originating and receiving financial institutions to verify the identity of originators and beneficiaries.
In the SARs, it appears that Philrem and Werquick were able to send multimillion in U.S. dollars without identifying or verifying the source of the funds, the true beneficiary, as well as the purpose of the transactions.
As early as November 2011, in the SAR filed on Dec. 13, 2013, BNYM had directed BDO that any wires sent by order of Philrem must include originating customer information. But the same practice apparently continued for years. In the succeeding SARs filed on June 24, 2014, Sept. 10, 2014, and May 8, 2015, Philrem apparently was allowed to transfer money without information about the actual originators of the money. Data extracted from the SARs showed that at least $82.3 million worth of the wires with no known originator were done by Philrem using its BDO account. Two wires worth $700,000 and $38,223 each meanwhile were transferred by Werquick through BDO, again with no details where the money came from.
Documents showed that RCBC and Metrobank have also facilitated transactions in which the identity of the actual sender was unknown or the funds were transferred to shell-like entities. At least $94.3 million was transferred via RCBC while $25 million passed through Metrobank, according to PCIJ’s data analysis.
In one of the SARs, a company whose identity could not be verified via online research received a total of P206.25 million in four wires from Philrem between February 2014 to March 2016. BDO and Metrobank were used to transfer money to the company’s bank account in Hong Kong.
BNYM flagged the wires because “they were often sent only a few days apart, and all were sent in large, round-dollar amounts, with most in the amount of $1,000,000, $1,500,000, or $2,000,000.” BNYM could not also find information on the company on the LexisNexis research database or any internet research, suggesting it is a shell company. PCIJ’s own search in the company registries of Hong Kong, Singapore and the Philippines did not turn up results as well.
BNYM noted that Philrem primarily banked with BDO, but it also held accounts with Metrobank and United Coconut Planters Banks (UCPB). Werquick meanwhile was recorded to have sent wires through BDO and RCBC.
One of the SARs mentions UCPB as one of Philrem’s banks, but PCIJ did not find details of transactions made through this bank in narrative reports. The document stated that UCPB as well as BDO had responded to BNYM’s KYC requests on Philrem.
By Karol Ilagan, Philippine Center for Investigative Journalism, 21 September 2020
Read more at the Philippine Center for Investigative Journalism
RiskScreen: Eliminating Financial Crime with Smart Technology
Count this content towards your CPD minutes, by signing up to our CPD WalletFREE CPD Wallet