typical business transaction, U.S. law enforcement faces a major new challenge. Electronic commerce is fraught with opportunities for fraud and other abuse, especially money laundering. Government and industry face a major hurdle in developing a regulatory scheme to police cyber-commerce adequately without stifling the multiple sectors that will participate in it and the millions of businesses and consumers who stand to benefit from it. Federal authorities responsible for a broad array of regulation and enforcement are already focusing on cyberspace as a new "jurisdiction." For example, in recent weeks, federal arrests resulting from two investigations conducted using on-line services have made headlines across the nation. In the first case, Secret Service agents, using an undercover computer bulletin board, arrested several individuals involved in illegal trafficking of the codes that program cellular telephones. In the second, FBI agents posed as minors communicating via America Online, leading to a dozen arrests on charges of soliciting minors and disseminating child pornography. Although technology service providers have not been implicated in these two instances, a New York court recently found in a case involving Prodigy and the broker-dealer Stratton Oakmont that on-line services may be civilly liable for the illegal content of materials distributed through their service by subscribers. With the advent of nouveau money like "e-cash," cyber-commerce is likely to be the next on-line enforcement priority, particularly as the government embarks on its increasingly aggressive anti-money-laundering campaign. How will cyber-commerce be regulated and what will be the liability of the financial institutions, on-line service providers, and other businesses that develop, market, or use Internet payment systems? The essence of cyber-commerce is a rapid-fire, anonymous transaction - a virtual dream come true for criminals seeking to "cleanse" ill-gotten gains. Today's money launderers are involved in a host of underlying crimes from drug trafficking to white-collar crimes, such as fraud, embezzlement, and insider trading. Though often depicted carrying large suitcases of cash, criminals have turned to more sophisticated means of legitimizing funds, using, for example, shell corporations to circulate wire transfers among international accounts. The government estimates that $300 billion is laundered each year through financial institutions around the world. In response, U.S. law enforcement has turned to regulating the financial services community, forcing institutions that serve as the "point of reentry" for laundered money to play a vital role in identifying the launderers. Primarily through the Bank Secrecy Act, the government is increasingly requiring financial institutions to monitor and report suspicious customers and transactions. In one well-publicized case, bankers at American Express Bank International were sentenced to jail after being convicted of participating in a money-laundering scheme. In this case, the government had little direct proof that the bankers knew the source of the money was illegal. The company ended up paying a fine in the millions of dollars. Beginning next January, certain types of financial institutions and money transmitting businesses will be required to maintain specific records of all fund transfers they make. These may include companies that facilitate "virtual cash" and "e-cash" transactions for customers. In addition, the Treasury Department is drafting new "know your customer" legislation requiring firms to complete more extensive due diligence on their customers. Though know-your-customer questionnaires have traditionally been designed to ensure the customer's suitability and creditworthiness, in the future, businesses facilitating money transfers - by wire or by computer - will likely be asked to share the burden of trying to determine whether customers and their money are clean. Already burdensome to the financial services sector, this regulatory scheme will not travel well in cyberspace. Businesses looking to enter the cyber-commerce markets differ fundamentally from customary financial institutions and money transmitters. For example, a typical Internet transaction is likely to involve an on-line service provider, a network of computers, a merchant, and one or more financial institutions, in addition to the customer. In a system where there are no face-to-face transactions, to what extent can institutional participants be held accountable for knowing the background of each customer? Moreover, is it reasonable to expect customers to provide detailed personal information in cyberspace where security is uncertain? The sheer volume of transactions will make comprehensive oversight impracticable. Regulators might instead take a trouble-shooting approach, drafting laws restricting transactions involving high-risk countries or sites and requiring computer systems to be designed to highlight excessive or unusual transaction volume or amount. For example, the Congressional Office of Technology Assessment last week announced a report on the viability of developing software that would flag suspicious wire transfers. Regardless of whether such software is implemented publicly or by private institutions, the key will be defining the types of transactions to be flagged. The know-your-customer rule - requiring institutions to make judgments about the integrity of the customers they serve - should be triggered only by transactions involving large amounts. In the meantime, how can technology vendors, banks, financial institutions, and other businesses that are involved with moving money through cyberspace prepare? First, the company must determine whether and to what extent it falls under the current slate of regulations. Second, it should anticipate how it might be affected by the government's next move - the know-your-customer regulations due from the Treasury Department. Third, it should analyze how and where a money launderer might misuse its services and develop internal guidelines to help prevent such misuse. Finally, it should consider contacting the appropriate law enforcement agencies directly, to join and inform the debate on how to regulate cyberspace in a manner that will help root out money launderers without inhibiting this extraordinary new form of commerce. Mr. Meister is a lawyer in the white-collar crime defense group at New York-based Rogers & Wells.
Access to authoritative analysis and perspective and our data-driven report series.
No credit card required. Complete access to articles, breaking news and industry data.
Have an account? Sign In