Uncover Regional Regulatory Trends
Explore the evolving anti-money laundering regulatory landscape, examining global trends and key themes in major economies from the US and the EU to China and Australia.
Download nowOn February 22-24, the second Financial Action Task Force (FATF) plenary under the two-year Singapore Presidency of T. Raja Kumar took place. A core focus was the increasing scale and number of ransomware attacks, particularly highlighting the misuse of virtual assets (VAs) allowing criminals to escape undetected with large amounts of money.
Other discussions at the plenary centered around:
In November 2022, the Financial Crimes Enforcement Network (FinCEN) published a Financial Trend Analysis report on ransomware trends in Banking Secrecy Act (BSA) data between July 2021 and December 2021. The analysis found that reported ransomware-related incidents had increased by over 50% from 2020. Furthermore, research from AAG found that US organizations accounted for 47% of ransomware attacks in 2022.
To counter illicit finance related to cyber-enabled crime more effectively and better understand the challenges at large, the FATF announced it had completed research analyzing the methods criminals use to carry out their ransomware attacks and how the ransom payments are laundered. While the full report will be issued in March 2023, the FATF provided the following guidance for authorities to help them tackle the laundering of ransomware payments:
In light of the upcoming report, the FATF also agreed to create a roadmap to strengthen the implementation of FATF Standards on VAs and virtual asset service providers (VASPs). A review will take place regarding the current levels of implementation across the global network. The FATF aims to report back on its stocktake during the first half of 2024.
When presenting its 2022-2024 objectives in July 2022, the FATF noted that many jurisdictions are finding it challenging to stop or contain cyber-enabled schemes. Our 2022 and 2023 global compliance surveys echo this challenge, with cybercrime emerging as the top predicate offense of concern for compliance teams two years in a row.
As ransomware tactics continue to evolve and diversify, firms should implement robust cybersecurity controls alongside business continuity and resiliency plans. Cyber defenses should also be boosted and good cyber hygiene practiced. Additionally, compliance teams should ensure they are familiar with the ransomware typologies identified by FinCEN in its November 2021 advisory and calibrate their internal controls accordingly. These popular trends and typologies include:
Compliance staff should ensure they keep up-to-date with the FATF’s upcoming ransomware guidance, paying close attention to the list of risk indicators that will help public and private sector entities detect suspicious activities related to cybercrime. Additional FATF guidance due to be published in March includes a document aimed at helping firms implement revised beneficial ownership requirements to stop shell companies from being “a safe haven for illicit proceeds with links to crime or terrorism.”
When filling out suspicious activity reports (SARs) related to ransomware, FinCEN reminds compliance staff to include the key term: “CYBERFIN-2021-A004” and select SAR field 42 (Cyber Event).
To learn more about the key takeaways from February’s plenary session, read our coverage here.
Explore the evolving anti-money laundering regulatory landscape, examining global trends and key themes in major economies from the US and the EU to China and Australia.
Download nowOriginally published 02 March 2023, updated 22 August 2024
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.
Copyright © 2024 IVXS UK Limited (trading as ComplyAdvantage).