Olivier is a Research Fellow at RUSI’s Centre for Financial Crime and Security Studies. Prior to joining RUSI in 2017, he worked with the Financial Action Task Force (FATF), the global standard-setter in the areas of anti-money laundering and counter terrorist financing (AML/CTF), where he focused on evaluating the effectiveness of countries’ AML/CFT efforts. From 2011 to 2015, Olivier advised the World Bank Group Sanctions Board on allegations of fraud and corruption in development projects co-financed by the World Bank Group. He previously worked on the implementation of the United Nations Convention against Corruption at the UN Office on Drugs and Crime.
When Europol Director General Rob Wainwright addressed RUSI’s Centre for Financial Crime and Security Studies annual conference he noted recent cases of successful international cooperation against cybercrime. For example, Operation Avalanche was directed against a cybercrime syndicate of more than 20 organised criminal groups and required cooperation across 30 jurisdictions. At the same time, Wainwright noted that there was insufficient synergy between cybercrime and anti-money laundering (AML) units in many public and private institutions.
This raises a question as to how AML tools can be more effectively used to tackle the proceeds of cybercrime.
One potential response discussed during the subsequent panel at the RUSI gathering is the cyber financial intelligence unit recently established by Standard Chartered Bank. The unit uses cyber-related information to complement financial crime intelligence to better identify, disrupt and report illicit proceeds from cybercrime. This is in line with guidance issued by the US financial intelligence unit in October 2016, requesting financial institutions to include cyber-related information when filing suspicious activity reports (SARs).
It was noted that money laundering techniques relating to the proceeds of cybercrime often involved traditional methods such as ‘money mules’. For example, this could mean that a fraudster might wire funds from a victim’s account to that of a ‘mule’, who will withdraw the funds in cash and transfer them to the fraudster via a money service business. A recent investigation by the UK National Crime Agency uncovered the use of approximately 400 accounts to launder £6.9 million originating from cybercrime.
While cash is still king in the context of money laundering, Britain’s Crown Prosecution Service has observed that virtual currencies are also gaining popularity due to the anonymity that some of them offer to users.
In order to support investigations involving virtual currencies such as Bitcoin, private companies have developed techniques to map out transactions and connect multiple Bitcoin addresses that are controlled by the same wallet.
According to data collected by Chainalysis, a New York-based forensic firm, 7.8% of Bitcoin transactions involve ‘mixing’, a process that bundles several transactions together and therefore considerably reduces the traceability of financial flows.
Discussions at the ‘Financial Crime 2.0’ conference addressed not only the risks associated with new technologies, however, but also the opportunities. Specifically, speakers discussed the potential of new technologies, including regulatory technologies (RegTech), to increase not only the efficiency of AML efforts, but also their effectiveness, which is likely to be a key objective for the national economic crime centre.
The representative of a UK bank, that has implemented an automated know-your-customer (KYC) system, explained that the new system had allowed the institution to increase the frequency of reviews and had enabled skilled staff to focus on high-risk situations. Designing the outputs of an automated system in a way that is close to the ‘look and feel’ of a manual system has helped to ensure that staff are comfortable working with digital systems.
As financial institutions harness the opportunities of new technologies, there was consensus that this effort should take place in tandem with an increase of the governments’ analytical capacities. In addition, a RegTech representative expressed the view that governments should issue clearer guidance to financial institutions to clarify regulators’ expectations regarding the use of technologies.
He pointed out that, while certain US remediation programmes generally provide useful details on good practices, this should be made available before an institution is fined.
Coordinating the use of technologies against financial crime across sectors will be critical to the mandate of the UK’s new national economic crime centre (NECC), announced on 11 December by Home Secretary Amber Rudd. The NECC should also draw on the experience of other jurisdictions that have explored innovative approaches to data-driven financial crime supervision and enforcement.
While SARs can provide valuable information, they are often filed when the funds in question have already moved. Advanced data analytics therefore provide a critical addition to the SARs regime. Examples of data-driven supervisory efforts were presented by representatives of De Nederlandsche Bank (DNB, the Dutch financial supervisor) and the Italian Financial Intelligence Unit (FIU).
DNB receives information from money service businesses (MSBs) operating in the Netherlands on all money transfers they conduct to and from the country. DNB processes the collected data using advanced analytics and determines the risk level of MSBs and agents on that basis.
This new data-driven approach has led to supervisory action, with one MSB licence being revoked and 20 agents being closed, as well as to various criminal prosecutions. It has also raised awareness in the sector about the use of MSBs for criminal purposes and therefore contributed to stronger internal controls.
The Italian FIU analyses aggregate data on cash transactions and financial flows that financial institutions are required to submit monthly. Using quantitative methods, the FIU has been able to detect anomalies at the country- or province-level.
These anomalies may point to potential cases of trade-based money laundering, or – when compared with data on suspicious activity reports – cases of under-reporting. The findings inform not only the FIU’s work, but provide critical input to law enforcement and the financial sector in their efforts to tackle financial crime.
To meet its objectives to address the financial crime risks facing the UK, the NECC will have to not only make the existing tools work more efficiently, but also to lead a wider discussion on innovative approaches that will increase the system’s overall effectiveness.
The views expressed in this Commentary are the author’s, and do not necessarily reflect those of RUSI or any other institution.
This article was originally published by the Royal United Services Institute (RUSI).
- EncroChat: Deciphering of the End-to-End Encryption Service Used by Criminals Cybercrime
- Preserving Digital Footprints and Cyber Resilience: Training the Swiss Police Cybercrime
- Ransomware in Six Questions (by the Ministerial Delegation to the Security Industries and the Fight Against Cyberthreats, French Ministry of the Interior) Cybercrime