24th February 2021
Cybercrime and Money Laundering
The threat posed by cybercrime money laundering methodologies has been exacerbated by the Covid-19 pandemic. With an increase in online financial activity and changes in customer behavior, criminals have been able to target vulnerable individuals and institutions more easily and take advantage of regulatory blind spots.
Given the threat, and the potential for significant penalties, banks, financial institutions and other obligated entities should ensure that they understand the compliance risks they face and be prepared to deploy a suitable cybercrime AML response.
What is Cybercrime?
Although there is no universally codified definition, cybercrime is generally understood to be any crime that is perpetrated online or that involves the use of a computer. Cybercrimes may be separated into two categories of crime:
- Cyber-events: Acts which involve compromising or gaining unlawful access to a computer or computer system along with its services, resources and information.
- Cyber-enabled crimes: Illegal activities that are facilitated with the involvement of a computer or computer system, including fraud, drug-dealing, sexual exploitation, weapons trafficking, etc.
With the emergence and growing ubiquity of online commercial and financial services (especially during the Covid-19 crisis), criminals have had greater opportunities to derive profits from online fraud and theft and, with that, a greater need to conceal the source of their illegal funds.
Computers and computer systems offer money launderers a degree of anonymity and the opportunity to move illegal funds quickly between accounts while avoiding the customer due diligence and transaction monitoring checks that conventional AML/CFT systems would normally impose.
Cybercrimes involve a wide variety of approaches and methodologies. Specific examples include:
- Illegal access to computers and networks via email phishing, hacking attacks or any means of deception.
- Fraud and forgery committed with the use of computers.
- Online content-related crimes including the sharing of child pornography or incitements to violence or racism.
- Intellectual property crimes such as the unauthorized reproduction, distribution and sharing of copyrighted materials such as films, music, and software.
Cybercriminals may use the approaches set out above to steal financial data, card payment data, user identities, or to perform extortion (using the threat of more severe cyber-attacks).
Predicate offence: Cybercrime is considered a money laundering predicate offence in the sense that it generates illegal proceeds that need to be disguised by laundering before they can be entered into the legitimate financial system. The European Union’s 6th Ant-Money Laundering Directive (6AMLD) codifies this by including cybercrime in its list of 22 money laundering predicate offences, joining existing predicate offences like human trafficking, drug trafficking, counterfeiting, and theft.
In adding cybercrime to the 6AMLD list of money laundering predicate offences, the EU has introduced a new compliance obligation: under 6AMLD rules, firms must screen their customers and transactions for evidence of cybercrime money laundering activities – a process which involves performing risk assessments and examining transactional behavior.
Cybercrimes often exhibit ‘red flag’ characteristics that can aid firms in detecting and preventing money laundering and in enhancing their compliance performance. In response to the global pandemic, the Financial Crimes Enforcement Network (FINCEN) recently released a series of advisories calling on financial institutions to be particularly vigilant for cybercrime Covid-19 related attempts to launder money. With those advisories in mind, red flags that indicate cybercrime money laundering include:
- Unusual transactional behavior such as suddenly increased frequencies or volumes of online transactions.
- Online transactions involving parties located in high risk countries.
- Recently-opened online accounts that receive large deposits or conduct large transactions that are inconsistent with the customer’s profile or account history.
- A high number of payments made with prepaid cards or with virtual currencies such as Bitcoin.
- Online merchant accounts opened after 2020 with the singular purpose of selling medical equipment or goods that are highly sought after in a pandemic context (masks, hand sanitizer, etc.).
- Correspondence sent to or from customers that indicate phishing attempts, for example subject matter relating to Covid-19, frequent misspellings in text of correspondence, or suspicious address credentials.
- Email or social media solicitations for fraudulent charity donations.
- Charitable organizations that do not have in-depth history or cannot be independently verified as legitimate organizations.
Under Financial Action Task Force (FATF) recommendations, banks, financial institutions and other obligated entities must put risk-based AML/CFT programs in place to deal with the AML/CFT threats that they face. In practice this means that firms must conduct risk assessments of their customers and deploy a proportionate AML response. In the context of cybercrime, this means that firms must work to identify their customers and to monitor their transactional behavior on an ongoing basis with the following AML/CFT measures and controls:
- Customer due diligence: Since cyber-criminals often exploit the anonymity of online financial services, firms should conduct suitable due diligence to establish and verify customer identities and the nature of the business in which they are engaged.
- Transaction monitoring: Cybercrimes often involve the rapid transfer of illegal funds to different accounts in locations around the world. With that in mind, firms should monitor their customers’ transactions for indications of attempts to launder money.
- Sanctions screening: Firms must screen their customers against relevant international sanctions and watch lists such as the OFAC Sanctions List and the UNSC Consolidated List.
- PEP screening: Politically exposed persons (PEP) are at a higher risk of being involved in cybercrime-related money laundering. Accordingly, firms must screen their customers to establish their PEP status and adjust their AML response accordingly.
- Adverse media monitoring: Adverse media and negative news stories often indicate that customers are involved in attempts to launder the proceeds of cybercrime. Firms should monitor for adverse media stories that involve their customers on an ongoing basis, including both conventional screen and print media and online sources.