Blurring the lines: how technology is shaping illicit finance typologies

Written by David Carlisle on Tuesday January 2, 2018

One is the prospect that technology can substantially improve the fight against financial crime. Advances in branches of artificial intelligence, such as machine learning, offer the possibility that fraud and money laundering can be identified with greater accuracy, bringing efficiency gains to compliance functions.

But there lurks another more troubling prospect: that criminals are also reaping the benefits of rapid technological advancement to adapt illicit finance techniques – perhaps more quickly than new, advanced solutions can keep apace.

Recent public sector assessments and several high-profile cases offer a detailed view into how technology is shaping illicit finance typologies while creating new challenges for detection and disruption.

In its 2017 national risk assessment of money laundering and terrorist financing, the UK government noted that while many long-standing money laundering methods – such as the use of cash – continue to prevail, it sees ‘increasing exploitation of technology’ among money launderers and that ‘distinctions between typologies are becoming increasingly blurred’. 

This view is supported by Europol’s recent Internet Organised Crime Threat Assessment (IOCTA), released in October.

For example, the IOCTA notes an increase in organised criminal groups’ (OCGs) use of payment card fraud to advance other crimes. Europol suggests that OCGs are using compromised payment card data – often obtained from the dark web – to make purchases on transportation and accommodation websites to further human trafficking, drug trafficking and other cross-border crimes. As technology transforms the payments landscape, often for the good, it also lowers barriers to entry for criminals into new enterprises, enabling them to exploit a wide-array of platforms and services across an increasingly interconnected but shrinking world. Determining where one crime stops and another begins becomes increasingly difficult.

Europol has also noted another recent trend: the rapid growth of money mule activity, particularly in relation to cybercrime. Money muling is far from new. Drug traffickers have long relied on mules to carry cash across borders. But Europol has noted a significant growth in money mule activity – nearly 90% of which relates to cybercrime – owing to the widespread availability of online bank accounts. The proliferation of online platforms that can enable money muling may add layers through which criminal networks can place funds across large distances, making it more challenging for law enforcement to trace criminal financial flows, though there have been some notable successes.

Several recent newsworthy cases also suggest a persistent merging of techniques, platforms and typologies.

For example, a recent case in Canada contains elements of old-school fraud techniques combined with the clever use of new technology. Fraudsters posing as tax collectors convinced victims that they owed back-taxes to the Canadian government. Victims were convinced to withdraw cash from their bank accounts and deposit the funds at Bitcoin ATMs, from which the criminals laundered the proceeds using the cryptocurrency.

North Korea’s entry into the world of cyber-enabled financial crime also demonstrates how new technology is reshaping illicit finance typologies. Subject to vigorous international sanctions, North Korea has not been content to rely solely on traditional sanctions-evasion techniques such as the use of front companies or middlemen. Rather, North Korea has developed a concerted strategy of financial thievery that relies on cybercrime, including theft of funds directly from central banks, sponsoring ransomware attacks and hacking Bitcoin users and platforms.

Sanctions enforcement and counter-cybercrime efforts, it seems, are no longer wholly distinct disciplines.

More broadly, historical models and assumptions about who financial criminals are, and how they operate, are shifting. The ability to profit from a greater range of cyber-enabled financial activity means that cybercriminals are becoming increasingly organised and industrialised, while traditional organised crime groups are becoming increasingly technologically adept.  These and other trends – such as the growing conscription of children into money mule schemes or the widespread proliferation of transaction laundering activity involving e-commerce merchants – suggest that financial institutions must rapidly reconsider how they identify, assess and monitor risk.

It would of course be oversimplified to conclude that technology is purely an ill that increases crime. Financial criminals have adapted their methods throughout history, and will undoubtedly continue to do so.

However, these recent trends suggest that technological change is moving at such a pace, and is reshaping criminal behaviour in such a manner, that a paradigm shift is required for the AML/CFT regime to remain relevant.

The Clearing House, an association of large US banks, has called for wholesale reform of the AML/CFT regime to ensure it is equipped to deal with the modern threat landscape.

But it is not the public sector alone that must adapt. Compliance functions, if they are to remain effective, must adjust as well.

As a first step, compliance teams must undertake in-depth and meaningful financial crime risk assessments that consider the impact of new technologies and evolving typologies. This requires going beyond generic considerations of how products and platforms could be exploited with simple money laundering techniques; rather, a meaningful risk assessment should test how specific, complex scenarios might impact a business and whether tailored controls are in place to prevent those specific risks.

Second, transaction monitoring solutions should be integrated with these business-specific risks and vulnerabilities in mind. Systems cannot be implemented purely ‘out of the box’, but must be adapted to enable the detection of risk indicators indicative of more obscure and complex typologies that leverage a broader range of data points than most legacy systems.

Third, whatever promise technology holds for improving detection, staff awareness remains critical and must not be short-changed. Compliance staff need to be educated on new technologies, methods and related criminal trends, and how these relate to their business, so they can stay ahead of the curve.

Lastly, compliance functions should promote a culture that encourages staff to challenge commonly-held assumptions. This requires forward-thinking, proactive leadership among senior compliance staff. 

Financial criminals of the future will inevitably try to blur the lines further. The compliance professional must insist on keeping pace and maintaining focus.

This piece was written for ICA by David Carlisle, guest contributor.

Author bio

David Carlisle is a London-based consultant focusing on financial crime risk management and regulatory compliance, advising financial institutions, non-profits and other organisations on devising strategies for managing risks related to illicit finance. He is an associate fellow at the Centre for Financial Crime and Security Studies at the Royal United Services Institute, a London-based defence and security think tank. From 2007 - 2011, David worked for the US Treasury's Office of Terrorism and Financial Intelligence, where he advised senior treasury officials on counter-illicit finance strategies.

If you would like to take part in the ICA’s Big Compliance Conversation and contribute to a like-minded community, please get in touch at contributions@int-comp.org.