Last week, FinCEN (Financial Crimes Enforcement Network) issued a formal Advisory to Financial Institutions and published FAQs outlining specific cybersecurity events that should be reported through Suspicious Activity Reports (SARs). This Advisory follows former FinCEN Director Jennifer Shasky Calvery’s recent statements reminding “financial institutions to include cyber-derived information (such as IP addresses or bitcoin wallet addresses) in suspicious activity reports.” It also follows the launch of the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT). Although the Advisory does not change existing Bank Secrecy Act (BSA) requirements or other regulatory obligations, the Advisory highlights a series of cybersecurity events–such as Distributed Denial of Service (DDoS) attacks and ransomware incidents–that should be reported on SARs filed with FinCEN, even though they often (but not always) fall outside the traditional notion of a data breach or a compromise of personal information.
Jonathan has specialized expertise in white collar matters with extensive experience in Bank Secrecy Act, FCPA, and financial fraud investigations. Jonathan is regularly called upon to lead representations in high profile and high stakes settings and has the rare distinction of successfully first chairing both an Enron case and an FCPA case at trial.
Jonathan comes to Orrick after having spent over 11 years at the Department of Justice serving in a number of capacities including as an inaugural Deputy Chief of DOJ's Money Laundering & Bank Integrity Unit, a Senior Trial Attorney in DOJ's Criminal Fraud Section, an attorney adviser in the Office of Legislative Affairs and as an Assistant United States Attorney in Miami, Florida.
Jonathan has a deep understanding of how the Department of Justice operates internally and externally, in particular with other federal agencies such as the SEC, Treasury/FinCEN and the State Department, as well as with state and international law enforcement.
As a result of
Jonathan’s wide range of government and private practice experience, Jonathan
brings a unique and well-rounded perspective with which to assist clients. He is regularly asked to speak at national
conferences on anti-corruption, anti-money laundering, personal liability, and
responding to DOJ investigations.
Jonathan graduated from Georgetown University Law Center and received his undergraduate degree from UCLA. Jonathan is currently an adjunct professor at Georgetown University Law Center where he teaches a class on Federal Criminal Trial Strategy.
Significant Recent Matters:
- United States v. Mikerin, District of Maryland. Represent a Russian foreign official against federal extortion and money laundering allegations.
Represent a non-profit agency in connection with several Congressional investigations.
Represent a casino in connection with a Department of Treasury anti-money laundering investigation.
Conduct numerous internal investigations involving a wide-range of allegations including, accounting fraud, visa fraud, corporate theft and self-dealing, and corruption.
Provide general FCPA, Bank Secrecy Act, and anti-money laundering compliance and pre-transaction diligence advice.
Advise numerous clients on the intersection of federal and state law relating to marijuana and banking.
Significant Prior Matters:
- United States v. HSBC Bank USA, 12-763, Eastern District of New York. AML/BSA. Supervised prosecution of HSBC for anti-money laundering violations. Resulted in a Deferred Prosecution Agreement requiring HSBC to develop and maintain the most comprehensive anti-money laundering compliance program in the banking industry.
- United States v. MoneyGram, 12-291, Middle District of Pennsylvania. AML/BSA. Supervised prosecution of MoneyGram for anti-money laundering and wire fraud violations. Resulted in a Deferred Prosecution Agreement and restitution to victims of $100 million.
- United States v. Green et al., 08-0059, Central District of California. FCPA. Lead prosecutor in prosecution of two Los Angeles-based film executives for Foreign Corrupt Practices Act, money laundering, and tax violations. Following a three-week jury trial, both defendants were convicted of conspiracy and substantive Foreign Corrupt Practices Act, money laundering and tax offenses.
- United States v. Howard, 03-0093, Southern District of Texas. Enron. Co-lead prosecutor in prosecution of the Vice President of Finance and Chief Financial Officer of Enron’s Broadband Unit for wire fraud and falsification of Enron’s books and records. Following a one-month jury trial, defendant was found guilty on all counts.
- United States v. Bermingham et al., 02-0597, Southern District of Texas. Enron. Lead prosecutor in prosecution of three NatWest bankers charged with wire fraud for participation in a scheme with Enron’s then-Chief Financial Officer to skim $19 million from an Enron investment. All three defendants pled guilty.
Posts by: Jonathan Lopez
As new legislation aimed at facilitating greater cybersecurity information sharing between private industry and government takes effect (i.e., Cybersecurity Information Sharing Act), FinCEN Director Jennifer Shasky Calvery recently called for “financial institutions to include cyber-derived information (such as IP addresses on bitcoin wallet addresses) in suspicious activity reports.” Director Shasky Calvery’s statement dovetails with the Federal Financial Institutions Examination Council (FFIEC) Cybersecurity Assessment Tool (CAT) launched last year that we discussed previously, which lists “threat intelligence and collaboration” through information-sharing forums as one of five key “domains” for assessing cybersecurity preparedness. Regulated entities should take stock of this shifting risk management and compliance landscape, and evaluate the need for changes (and investments) to existing cybersecurity tools necessary for information collection, analysis and sharing.