As part of our Future of Financial Crime Series we interviewed top industry professionals and thought leaders to learn what trends are shaping the financial crime landscape and what to expect for the coming years.
Here is a collection of the best answers to the question:
What’s the State of Financial Crime?
Moyara Ruehsen, Professor of Financial Crime Intelligence and Director, Financial Crimes Management Program of the Graduate School of Int’l Policy & Management, Middlebury Institute of International Studies.
We are facing a perfect storm of factors, some of it due to the pandemic, and some of it due to rapid technological innovation. This has resulted in an exponential increase in all types of fraud, as well as cryptocrime, such as ransomware.
We also do not have the resources to investigate and prosecute all of these criminals. That is what I find most discouraging. Yes, the financial sector can always step up its game by improving the quality of SAR filings, but even today we don’t have enough investigators at the local or federal level, who are able and willing to pursue even a fraction of the actionable intelligence in the many high-quality SARs that are already being generated as we speak. That is the sad reality.
Ned Kulakowski, Esq., CAMS, Senior Financial Crime Consultant, Fenergo
Financial crime continues to run rampant through the vastly interconnected global financial system. Although the public as a whole may not realise it, financial crime affects everyone, from individuals to corporations to local small businesses. Despite financial institutions increasingly providing resources to focus on the problem, and continued regulatory and governmental focus, bad actors continue to find ways to exploit the system and commit predicate offenses related to money laundering and numerous other fraudulent acts. The good news is that many governments and their regulatory arms have made recent strides in tackling these challenges. For example, in the United States, the Anti-Money Laundering Act of 2020 (“AMLA”) has shepherded in sweeping changes to the Anti-Money Laundering (“AML”) and Counter-Terrorist Financing (“CTF”) regime, the largest since the passage of the USA PATRIOT Act 20 years ago. Over the next few years, we will see the numerous aspects of these regulations take effect, and many financial institutions and their technology partners have already begun preparing to address these new requirements. Hopefully, new regulations such as the AMLA in the US and its counterparts around the world will bring in a new era in fighting financial crime.
Mark Ghatan, Esq., Director of Investigations, Polaris Corporate Risk Management LLC
While the form and methodology of different criminal enterprises vary from case to case, bad actors overwhelmingly leverage technology today. When it comes to financial institutions, criminals prey on the lagging threat identification capabilities of their victims. By the time an institution identifies an ongoing plot, it is often already too late: ransomware can live in systems for months before being detected and exploited; the plots of rogue insiders often go unnoticed, even as they disseminate valuable IP or trade secrets; and fraudulent gains or embezzled funds can be siphoned off in a million directions through cutting edge Fintech products and cryptocurrency ecosystems. Criminal imitations of your company – often known as “spoofs” – utilise technology to fool even executive-level employees into giving up the keys to the castle. At Polaris, we’ve seen all these trends continually play out – but unfortunately, our clients are too often playing catch-up.
Jason Pierce, CPA, CMA, CFM, CVA, MAFF, Senior Vice President, J.S. Held LLC
In a word: Increasing. The pandemic created opportunities for criminals to capitalise on more people working from home and their reliance on technology. While the median fraud loss from businesses decreased from $150,000 in 2016 to $125,000 in 2020 and total losses decreased from $6.3B to $3.6B, respectively (See ACFE Report to the Nations, 2016 and 2020), this does not properly reflect the increased opportunities from COVID. The Coronavirus P&RSA Act provided over $400B in grants and loans, which included approximately $800MM in PPP funds. This created many opportunities for fraudsters to obtain funds. Worldwide, the G20 countries committed to spending $21B to fight the pandemic in 2020, which emphasises the scale. The SBA has addressed many of the fraud detection challenges after “lowering the guardrails” to expedite the COVID-19 process. (See: SBA Inspection Report 21-02 and Fraud Talk Podcast, December 23, 2020).
While financial crimes are increasing, so is enforcement. The Department of Justice recently obtained a guilty plea in the Northern District of Georgia regarding a $6 million fraudulent PPP scam. Operation Trojan Shield also resulted in 800 arrests through a collaboration between the US FBI/DEA, Europol and other global organisations.
Matt McGuire, Co-founder and Practice Leader, The AML Shop
Financial crime persists nearly unrestrained. For decades the international community has focused on a common set of standards to prevent, detect, and deter the movement of financial proceeds – deputising financial institutions and other gatekeepers. Those standards have created a morass of administrative burden and produced hoards of intelligence. Hoarding has been proven widely effective. Many are now focused on the later ends of the intelligence lifecycle, particularly, law enforcement, prosecution, and adjudication of cases – the actions which are designed to deprive criminals of their liberty and ill-gotten gains to reduce crime.
The typologies surrounding the movement of financial crime proceeds are dominated by opaque ownership structures and ancient identification methods. Countries around the world have slowly started to adopt common standards to unveil those structures and those hiding behind them.
The system is plagued by ransomware schemes, putatively driven by sanctioned countries seeking alternative sources for income. So too is the system experiencing an increase in influence scams, and those which exploit non-face-to-face interactions with financial institutions and among peers.
Financial institutions are still staffing large departments to try and meet evolving regulator expectations.
Jannies Burlingame, CPA,CRMA, Chief Financial Officer at Aptera Motors
Technology has evolved rapidly during the last two decades. In the most recent years, fraudsters exploited the pandemic to take advantage of individuals and businesses. The Coronavirus Aid, Relief, and Economic Security (CARES) Act were all vehicles used by financial criminals to target unemployment insurance, Paycheck Protection Program (PPP) loans, and Small Business Economic Injury Disaster Loans. Traversing freely online and taking advantage of zero geographical boundaries, phishing of Personally Identifiable Information (PII) was especially popular for the filing of unemployment insurance claims.
Parlaying on accelerated growth in technology, cyberattacks targeting financial data have also skyrocketed in the past 18 months globally. Companies ranging from mom and pop to fortune 1000 are reporting a colossal increase in breaches and cyber threats. The unfortunate truth is resource-rich companies can afford to invest in information security processes to mitigate the potential impact of financial data breaches. Smaller companies, on the other hand, are more susceptible to ransomware, phishing, and hacking.
Doug McCalmont, CAMS, CGSS, Founder of BlocAlt Consulting LLC
Exposed to borderless technological innovation: Today, financial services are in a period of dramatic change, I would argue a change that dwarfs the introduction of the Internet to financial services in the late 1990s. Since that time, global commerce, communication channels, and other technological advances have provided developed economies with a much closer relationship with the developing world and vice versa. For regulated financial service firms, this “opening” of emerging markets creates an estimated one-billion-person addition to their current customer base. At the same time, providing individuals in the developing world with access to banking and investing services could grant those geographic regions with financial capital to improve living conditions.
However, the world is much smaller today than it was even 10 years ago, and computer hacking has provided economically disadvantaged regions with a tool to earn proceeds from illicit activities. The 2016 North Korean hack of the Bangladesh Central Bank is a perfect example of two countries (one aggressor and one victim), at one point significantly disconnected from the global economy, now having opportunity and exposure to be involved in an unprovoked economic heist. As we are witnessing today, the reach of bad actors into random geographic regions for illicit economic gain will continue to increase.
Christopher Liew, CFA, Founder of Wealth Awesome
The COVID-19 pandemic ushered in an even higher volume of cashless and digital payments. As many businesses transitioned to online systems as a means of survival, cybercriminals also kept up with the times and improved their fraudulent schemes such as making phishing emails look more convincing, impersonating bank telemarketers to collect financial information over the phone, bogus sellers and buyers, hacking online wallets, loan fraud, identity theft, and so much more.
Because of this new age of digitalisation, the Anti-Money Laundering Act of 2020 or AMLA 2020 became law and will force many changes to the compliance programs of financial institutions. The Financial Crimes Enforcement Network (FinCEN) will be required to upgrade and modernise its software systems while regulators are also required to update their risk assessment programs and avail interoperable software systems or make use of multiple software apps to further prevent financial crimes to pass through and proliferate.
Roy Zur, CEO of ThriveDX SaaS
According to IBM online crime and breaches have reached an average cost of 1.07M USD per attack.
While a zero-trust approach and investment in AI technology has aided in reducing costs for these institutions when it comes to incident response, the cost of financial crime compliance globally is the highest it’s ever been.
In other words, companies are being targeted more than ever and at the same time being regulated at an unprecedented scale globally.
While this can seem daunting for those in the financial crime field, we are seeing a rise in cybersecurity training for all employees as well as skills training for those in tech.
The financial crime we focus on specifically is account takeover fraud and new account fraud solutions for the financial services community. These two types of fraud are two of the biggest problems facing the financial services industry, with much of this type of fraud being driven by the digital transformation happening across the industry. A few short years ago, banks and credit unions would try out offering the option of opening new accounts online, only to be burned by the associated fraud, at which point they would retreat.
The days of “trying it out” are long gone; going digital is now a must. It is a competitive issue and thus, financial institutions are barreling forward and now having to build fraud detection strategies on the fly to combat the ever-evolving fraud.
Fraud is also more organised and complex than it has ever been. First-party fraud, synthetic fraud and identity fraud schemes are all being exploited at a rapid pace. What is behind all of this is twofold. First, all the data breaches and creation of synthetic identities and second, credential stuffing which allows criminals to significantly scale their attacks and use thousands of identities in minutes.
Nathan Grant, Senior Credit Industry Analyst, Credit Card Insider
Online shopping has seen an increase over the last few years, and the pandemic has forced an even bigger spike since people were forced to make more purchases from home than ever before. Financial criminals follow these trends and target consumers wherever they’re spending money.
The first lines of defense in protecting financial information while shopping online is by verifying that information is being entered on a website that is secure, and by choosing the safest way to pay.
Customers should look for a secure lock symbol in the browser’s address bar and “https” in the url of the merchant website to ensure that the site is securely encrypted. Also, it’s important to be mindful that credit cards are more secure than debit cards when making online purchases, with better federal and issuer protections.
If offered on a website, customers should consider paying with digital wallets such as Apple Pay or Google Pay since both services use tokenisation to add another layer of security to the transaction, no matter what payment method is used.
This ensures that even if a site where a purchase was made has become part of a data breach, no actual financial information will be on the line.
Alexa Serrano, CAMS, AML specialist, Banking Editor at Finder
As the financial industry changes, financial criminals continue to adapt. Many of the avenues of crime aren’t new. For instance, check fraud isn’t new. But during the pandemic last year, we saw criminals adapting this method of fraud by impersonating the IRS and sending mailed stimulus checks to vulnerable Americans. Also, in 2019, the FTC Consumer Sentinel Network Data Book reported that 650,572 reports out of 3.2 million were related to identity theft. And in 2020, fraud and identity theft were up by 20.1% compared to the last quarter with credit card fraud accounting for 41.78%.
Although technology can be used as a tool to fight financial crime, it can also be used as a vector for crime. More and more, we’re seeing an increase in not only phishing emails but also text messages stating that they’ve either tried to deliver a package or that fraudulent activity has been spotted in their financial account.
Businesses lose on average about 5% of their top-line revenue to fraud. When this amount is multiplied by the gross world product of $88 trillion U.S. dollars, the amount of fraud is $4trillion dollars. These losses are attributable to insiders, or occupational fraudsters, and outsiders, or predatory fraudsters. The losses are also attributable to traditional financial crimes, e.g., investment frauds like Ponzi schemes, healthcare scams, insurance fraud, and banking crimes.
Tax evasion and theft of intellectual property also account for an enormous amount of fraud. These financial crimes account for a significant amount of wealth transfer and retention among individuals, business sectors, and countries. Fraudsters are changing with the times and make creative use of technologies like computers, cell phones, and the internet to commit their crimes. Accordingly, the fraudsters may be in a different country and not even really know the organisations they are victimising.
Financial crime is the crime of the 21st century. The global e-commerce market is predicted to grow to 4.9 trillion US dollars by 2021. In 2018, one in every ten dollars spent globally was spent online, and by 2022 online sales will make up 17% of all global consumer sales. (1) We are seeing sophisticated criminals and state actors capitalising on what technology has provided from online fraud, ransomware, phishing scams and romance scams that have successfully bilked 1000s of citizens of their life savings and hampered companies including hospitals from carrying out their responsibilities.
Cryptocurrency has changed the dynamics for money laundering, requiring many countries to play catch-up relative to legislating appropriate controls on these new actors. This has also resulted in law enforcement having to play catch-up relative to entrenching appropriate controls on these new actors. This has also resulted in law enforcement having to play catch-up relative to entrenching appropriate skills thereby enabling effective investigative abilities in this new reality.
Dax White, Managing Partner at The White Law Group, LLC
The biggest financial crime being committed every year is the garbage some financial advisors peddle on to their clients legally. High-risk, illiquid “alternative investments” that pay financial advisors huge upfront commissions and almost never work out for the investors.
We speak with literally hundreds of these investors every year and the vast majority are retired individuals who were sold on the income component of these products without being sufficiently advised of the enormous risks.
More traditional financial crime is of course tragic but the peddling of alternative investments (a multi-billion dollar legal industry) is ruining the financial lives of thousands of retired investors every year and it has been for quite some time.
Oleg Kurchenko, Founder and CEO of Binaryx
COVID-19 and wide-spreading digitisation made their impact on business and at the same time, opened new ways for financial criminals as well.
The shift to working remotely and national lockdowns have led to even faster adoption of e-commerce and digital payments, which caused cash displacement in many jurisdictions, disrupting criminal payment corridors.
The top three things COVID-19 brought to the fintech space were growth of fraud cases, increased risk appetite, and enhanced pressure on operational processes.
Ethan Taub, CEO and founder of Goalry
Because of the pandemic, many more people have been at home. This is an issue because many don’t have the protection needed in order to secure their internet connection from malicious users. Not only have spam emails and fake texts increased but there is something we have all done that has put us at risk: shopping online. Of course it is unlikely to be an issue to many, but those without a protected connection or those who have a virus on their computer are at risk with each purchase. Viruses like keyloggers are able to log all keyboard inputs which include emails and passwords for banking sites.
Ransomware has also become a major issue, even over the past few months when the fallout of the pandemic was settling. Big companies are being threatened to hand over money or other data of the business, employees and the public who use their services are at risk. This is worse for shopping and banking sites as a member of the public’s account information could lead them to having all of their money and information stolen and used.