On March 1, 2022, the U.S. Department of the Treasury (“Treasury”) published its National Risk Assessment for Money Laundering, Terrorist Financing, and Proliferation Financing (the “NMLRA”), identifying the national threats, vulnerabilities, and risks facing the U.S. financial system.  The NMLRA is 74 pages long and comprehensively covers many different perceived threats and vulnerabilities, including the misuse of legal entitiesvirtual assetsreal estateinvestment advisors, and casinos.  This post therefore selects three key issues for closer analyses.

First, cybercrime (a topic we cover frequently) in the form of ransomware received the dubious honor of representing “a larger and growing share of the overall money laundering threat in the United States.”  Second, professional money laundering organizations (“PMLOs”) continue to peddle their illicit services internationally to launder the proceeds of cybercrime, narcotics trafficking, and other schemes on behalf of organized criminal enterprises.  Third, merchants and professionals, such as lawyers, real estate professionals, and financial services employees, continue to perform – knowingly or unknowingly – critical functions in support of money laundering schemes and obfuscating the source of ill-gotten gains.


Partly due to the COVID-19 pandemic, cybercrime is on the rise.  Whereas the 2018 NMLRA reported that in 2016, the FBI received 298,728 internet-facilitated fraud complaints totaling over $1.3 billion in losses, in 2020, the FBI received 791,790 complaints totaling over $4.1 billion. As the NMLRA points out, those figures likely significantly underestimate the amount of loss, because only a fraction of cybercrime is reported to the FBI.

Ransomware, as current events suggest, sharply increased in the last year.  Suspicious Activity Report data analyzed by FinCEN revealed not only that the number of reported ransomware incidents increased 42% in the first half of 2021 compared to all of 2020, but that the median ransomware-related payout increased to $100,000.  Part of the surge in ransomware attacks could be attributable to the proliferation of “ransomware-as-a-service,” whereby ransomware developers market and sell their malware to bad actors without the technical know-how to perpetrate the attack themselves.  Additionally, municipalities, hospitals, and other critical infrastructure are now common ransomware targets.

In keeping with OFAC’s September 2021 advisory warning of potential sanctions for paying or facilitating ransomware payments to sanctioned entities (covered here), the NMLRA cautioned that “[t]he U.S. government continues to strongly discourage the payment of cyber ransom or extortion demands, which can be used to finance future attacks or other illicit activity,” and that “[r]ansomware payments may therefore not only fund activities that harm U.S. national security but also risk violating OFAC regulations.”

The NMLRA identified two additional cyber-threats: (1) business email compromise, in which bad actors pose as company officers via email and convince others in the company to transfer money to spoofed accounts; and (2) the compromise and sale of financial information, in which a bad actor harvests consumers’ personal information in large scale and sells it in online black markets to fraudsters.

Professional Money Laundering Organizations

The NMLRA pays special attention to PMLOs – groups that facilitate money laundering on behalf of other criminal enterprises continue to proliferate globally.  These entities, for a fee, transport money from illicit activities into the retail banking system or to other individuals or entities.  Two schemes highlight how PMLOs can both co-opt unsuspecting third parties into the money laundering process, and operate independently.

The first scheme is money-broker PMLOs, which purchase at a discount illicit proceeds from drug sales.  The money-broker PMLO then acts as an intermediary to exchange and transfer funds across international borders and obfuscate the funds’ sources.  In one example, the money-broker PMLO, in exchange for a commission, allegedly collected drug money in the United States and arranged for a corresponding amount of foreign currency to be transferred to the Drug Trafficking Organization (“DTO”).  As cover, the money-broker PMLO arranged for the delivery of electronics from the United States to Colombia.  This scheme avoided detection at customs because no physical money ever crossed the border.

The second scheme, dubbed Chinese Money Laundering Organizations (“CMLOs”), is a growing, if perhaps idiosyncratic, method by which wealthy Chinese nationals circumvent China’s capital flight restrictions and simultaneously facilitate money laundering on behalf of drug trafficking organizations in Mexico or elsewhere.  For example, a Mexican DTO in the United States will sell dirty dollars to the CMLO, which pays the DTO in pesos.  The CMLO then advertises the dirty money for sale to Chinese nationals via internet bulletin boards or private WeChat forums.  The Chinese nationals buying the dollars circumvent China’s strict limits on exporting capital, and use the dollars to fund their lifestyles in the United States, purchase real estate or pay school tuition.

The NMLRA describes these PMLOs as purely criminal organizations – they exist solely to provide and launder illicit cash to those that are cash-starved.  Further, the new PMLO trend is the co-opting of an array of third-party professionals.  These professionals’ roles are discussed below.

Complicit Merchants and Professionals

The NMLRA identifies four types of professionals posing a money laundering risk: (1) merchants; (2) attorneys; (3) real estate professionals; and (4) financial services professionals.  We repeatedly have blogged on money laundering concerns regarding third-party professionals, including herehere and here.

Unlike PMLOs, which the NMLRA considers a “threat,” these professionals represent vulnerabilities to the security of the financial system because they, wittingly or unwittingly, may become “complicit” and “help effectuate . . . money laundering schemes.”  This language is perhaps understated—the NMLRA provides a litany of examples of professionals’ alleged knowing and active engagement in a money laundering scheme.  For example, perfume store owners in Texas purportedly accepted loose bulk cash that was described to them as “narco dinero,” and for which the owners did not file the required Form 8300 to the Internal Revenue Service.  In another example, a real estate broker allegedly purchased residences for overseas buyers, knowing that the homes would be used to illegally grow cannabis and taking steps to disguise the source of the funds.

While these cases are clear examples of professionals abusing their positions, the NMLRA’s discussion of an attorney’s “representation” of a narcotics trafficking organization may be the strongest example of a professional service allegedly transforming into criminal assistance.  According to the superseding indictment filed in Baltimore, an attorney received drug proceeds from his client and the client’s associates, then used that money to promote the client’s unlawful business, pay for legal representation for his client’s co-conspirators, and pay himself commission for the laundering activities.

However, the NMLRA’s list regarding a few outlier prosecutions of knowingly complicit professionals does not address a much more difficult issue, which is the degree of due diligence that an average professional should conduct when onboarding a new client (and thereafter).  The vast majority of fact patterns confronting professionals are much less clear and dramatic than the examples set forth in the NMLRA – and what type of KYC steps professionals not directly regulated by the Bank Secrecy Act should take in a given case is often a challenging question.