Table of Contents
Cybercrime and Money Laundering
In a data-driven financial landscape, cybercrime has emerged as a big concern for regulators and institutions alike, with criminals exploiting computer systems and online financial services to perpetrate concealment , fraud and other crimes. In 2015, cybercrime cost the worldwide economy around $3 trillion, the reupon figure expected to rise to $6 trillion in 2021. The value of cybercrime is predicted to grow by around 15% annually over subsequent 5 years, reaching around $10.5 trillion in 2025.
![]() |
Cybercrime and Money Laundering |
code on a screen: cybercrime and concealment
The threat posed by cybercrime concealment methodologies has been exacerbated by the Covid-19 pandemic. With a rise in online financial activity and changes in customer behavior, criminals are ready to target vulnerable individuals and institutions more easily and cash in on regulatory blind spots.
Given the threat, and therefore the potential for significant penalties, banks, financial institutions and other obligated entities should make sure that they understand the compliance risks they face and be prepared to deploy an appropriate cybercrime AML response.
What is Cybercrime?
Although there’s no universally codified definition, cybercrime is usually understood to be any crime that’s perpetrated online or that involves the utilization of a computer. Cybercrimes could also be separated into two categories of crime:
Cyber-events: Acts which involve compromising or gaining unlawful access to a computer or computing system alongside its services, resources and knowledge .
Cyber-enabled crimes: Illegal activities that are facilitated with the involvement of a computer or computing system , including fraud, drug-dealing, sexual exploitation, weapons trafficking, etc.
With the emergence and growing ubiquity of online commercial and financial services (especially during the Covid-19 crisis), criminals have had greater opportunities to derive profits from online fraud and theft and, with that, a greater opportunity to conceal the source of their illegal funds.
Computers and computer systems offer money launderers a degree of anonymity and therefore the opportunity to maneuver illegal funds quickly between accounts while avoiding the customer due diligence and transaction monitoring checks that conventional AML/CFT systems would normally impose.
Types of cybercrime
Cybercrimes involve a good sort of approach and methodologies. Specific examples include:
Illegal access to computers and networks via email phishing, hacking attacks or any means of deception.
Fraud and forgery committed with the utilization of computers.
Online content-related crimes including the sharing of kid pornography or incitements to violence or racism.
Intellectual property crimes like the unauthorized reproduction, distribution and sharing of copyrighted materials like films, music, and software.
Cybercriminals may use the approaches above to steal financial data, card payment data, user identities, or to perform extortion (using the threat of more severe cyber-attacks).
Predicate offence: Cybercrime is taken into account a concealment predicate offence within the sense that it generates illegal proceeds that require to be disguised by laundering before they will be entered into the legitimate economic system . the ecu Union’s 6th Ant-Money Laundering Directive (6AMLD) codifies this by including cybercrime in its list of twenty-two concealment predicate offences, joining existing predicate offences like human trafficking, drug traffic , counterfeiting, and theft.
In adding cybercrime to the 6AM list of cash laundering predicate offences, the EU has introduced a replacement compliance obligation: under 6AMLD rules, firms must screen their customers and transactions for evidence of cybercrime concealment activities – a process which involves performing risk assessments and examining transactional behavior.
Cybercrime Red Flags
Cybercrimes often exhibit ‘red flag’ characteristics which will aid firms in detecting and preventing concealment and in enhancing their compliance performance. In response to the worldwide pandemic, the Financial Crimes Enforcement Network (FINCEN) recently released a series of advisories calling on financial institutions to be particularly vigilant for cybercrime Covid-19 related attempts to launder money. With those advisories in mind, red flags that indicate cybercrime concealment include:
Unusual transactional behavior like suddenly increased frequencies or volumes of online transactions.
Online transactions involving parties located in high risk countries.
Recently-opened online accounts that receive large deposits or conduct large transactions that are inconsistent with the customer’s profile or account history.
A high number of payments made with prepaid cards or with virtual currencies like Bitcoin.
Online merchant accounts opened after 2020 with the singular purpose of selling medical equipment or goods that are highly wanted during a pandemic context (masks, hand sanitizer, etc.).
Correspondence sent to or from customers that indicate phishing attempts, for instance material concerning Covid-19, frequent misspellings in text of correspondence, or suspicious address credentials.
Email or social media solicitations for fraudulent charity donations.
Charitable organizations that don’t have in-depth history or can’t be independently verified as legitimate organizations.
How to Comply
Under Financial Action Task Force (FATF) recommendations, banks, financial institutions and other obligated entities must put risk-based AML/CFT programs in situ to affect the AML/CFT threats that they face. In practice this suggests that firms must conduct risk assessments of their customers and deploy a proportionate AML response. within the context of cybercrime, this suggests that firms must work to spot their customers and to watch their transactional behavior on an ongoing basis with the subsequent AML/CFT measures and controls:
Customer due diligence: Since cyber-criminals often exploit the anonymity of online financial services, firms should conduct suitable due diligence to determine and verify customer identities and therefore the nature of the business during which they’re engaged.
Transaction monitoring: Cybercrimes often involve the rapid transfer of illegal funds to different accounts in locations round the world. Therefore, firms should monitor their customers’ transactions for indications of attempts to launder money.
Sanctions screening: Firms must screen their customers against relevant international sanctions and watch lists like the OFAC Sanctions List and therefore the UNSC Consolidated List.
PEP screening: Politically exposed persons (PEP) are at a better risk of being involved in cybercrime-related concealment . Accordingly, firms must screen their customers to determine their PEP status and adjust their AML response accordingly.
Adverse media monitoring: Adverse media and negative news stories often indicate that customers are involved in attempts to launder the proceeds of cybercrime. Firms should monitor for adverse media stories that involve their customers on an ongoing basis, including both conventional screen and medium and online sources.