Cybercrime and Money Laundering – Inextricably Linked
Financial institutions face rising threats from money laundering and cybercrime. Here’s why the two should be seen as linked…
Cybercrime and anti-money laundering – two priorities for regulators and two crimes which have flourished during the pandemic. This is one of the main reasons why financial services companies need to view the two as connected.
As both multiply, they are overlapping in many different ways. The first is the way in which cybercriminals use their ill-gotten gains. Once they have taken money from a successful attack, they then seek to launder it through the financial system. As cybercrime grows, so does the use of money laundering to clean the funds.
The second is that cybercriminals are looking to gain access to people’s accounts to use them for illegal activity. They may undertake actions such as illegal withdrawals or opening new accounts in order to carry out criminal activity. This places another layer of separation between them and the underlying activity and further complicates the challenge facing AML teams.
Yet another problem
Another problem stems from potential security flaws from AML systems. As AML requirements increase, financial institutions have been collecting increasing amounts of information about their customers. This will normally be housed inside AML systems.
The problem is that these systems may not be as secure as some company accounting systems. For cyber criminals, the prospect of firms collecting and disseminating so much information about their clients creates an opportunity to attack data which may not be as protected as it could be.
If your AML system is hosted on the cloud, that data could be vulnerable to any hack against that cloud provider. If it’s hosted locally, you may be more control, but it will still be vulnerable to attack, especially from less than scrupulous insiders. According to Kroll’s 2019/2020 global fraud and risk report, insider threats accounted for 66% of incidents reported by organisations.
Data in flight will also be vulnerable to interception while in transit. When staff are querying this data, it has to be moved from one location to another. In many cases it is transmitted in clear text which means it can be read by anyone who intercepts it. Programs such as packet sniffers can be placed on systems by cybercriminals during a data breach, or by employees, which copies data as it travels between the computer and AML server. If this data is not encrypted, it will be compromised.
Creating an integrated response
Companies need to understand that cybercrime and money laundering do not exist in isolation, and neither should cybersecurity or AML procedures. It is crucial to ensure data is encrypted when transmitted and that every system receives the same level of protection.
In doing so, the work of your IT department and AML teams will become increasingly interrelated as these threats grow in scale and sophistication.
To speak to us or subscribe to our newsletter please contact us here.
Or message us via the chat icon in the bottom right corner of your screen.