How has COVID-19 impacted Cyber laundering?

Introduction

The financial recession officially began in December 2007 and ended in 2009, spanning across 19 months. Fast forward to March 2020, when the World Health Organisation (WHO) declared the outbreak of the COVID-19 virus a public health emergency of International Concern. The world is now two years into the COVID-19 pandemic, overtaking the recession in terms of length and very soon will overtake the recession in terms of the cost. The COVID-19 pandemic is estimated to have cost the world $12.5 trillion so far, and there is no indication as to when the WHO might declare the end of the pandemic.

COVID-19 has impacted the financial services industry and led to a rise in the following trends:

  • Cyber laundering;
  • Transaction monitoring;
  • Fraud impacting the asset management and insurance industries; and
  • Fintech.

BDO Global Financial Services will be issuing a series of thought leadership pieces touching on each of the above. In this article we will be focusing on the impact of COVID-19 on Cyber laundering.

Since 2019, perpetrators of money laundering have taken advantage of the economic upheaval and technological developments to pursue increased opportunities for financial related crimes. Digital payments and blockchain technology have helped create new avenues for criminals to launder funds at unprecedented levels. Meanwhile, the backdrop of the pandemic has played into the hands of criminals, enabling them to capitalise on sudden, widespread panic, change and disruption.

Cybercrime

Cybercrime and the dangers thereof existed long before the COVID-19 pandemic did. With more and more people confined to their homes, this led to an increased usage of the internet (for both work and play). An increased percentage of the global population connected to the internet has provided additional opportunities for cybercriminals to take advantage of the more vulnerable segments of the population and has resulted in an increase in revenue for the criminals and an increase in expenses for the targeted internet users.

Cybercrime can take place in many forms with more of the common cybercrime techniques being phishing which is the practice of inducing internet users to reveal their personal information for purposes that are fraudulent in nature.

To give one a better understanding of the type of cybercrimes (which includes methods of cyber laundering) reported in the financial year 2020-2021, the below diagram[1] provides a summary of a financial crime report based on cases reported in Australia:

Financial Crime Australia 2020-2021


Financial crime report 2020 -2021 (Australia). Source: www.cyber.gov.au

Cybercrime is up by 600%[2] since the COVID-19 pandemic as a result of sophisticated phishing email schemes and malicious actors acting as WHO representatives. Network security vulnerabilities that allow for malware attacks has become more sophisticated with the increase in machine learning phishing email schemes.

The diagram[3] below gives an indication as to the size of cybercrime displayed as a percentage of the GDP of a country. This graph estimates the total global cost of cybercrime in GDP terms.

Cybercrime as a percentage of GDP

 

                    Source: CSIS

Cyber Laundering

The criminal practice of cyber laundering pertains to when criminals launder money using the internet. This occurs through a multitude of ways. The internet has opened a large window for money launderers with many untapped opportunities to conduct criminal activities.

The diagram[4] below details the phases in the traditional money laundering process:

When it comes to cyber laundering, examples of each phase are as follows:

  1. Placement: the placement stage involves the physical disposal of cash. An example of this placement phase, could be the deposit of cash through a financial institution which is not regulated or via the deposit of money into an ATM by certain individuals who earn a commission for this “service” rendered (these individuals are often referred to as “smurfs”).​
  2. Layering: the layering stage involved complex financial transactions to hide the true origin of the funds (this is the phase where criminals benefit the most from making use of online financial services). A typical example related to cyber laundering is when criminals open a bank account digitally (which makes it difficult to verify an individual’s identity) and controlling a collection of bank accounts where payments are made to the various bank accounts in the “collection”. This creates an audit trail within a very short space of time.
  3. Integration: the integration phase is the final phase in the money laundering process where the funds appear to be legitimate. A popular technique used in this phase is to create a “front” online service company. The company would offer services that result in profits reflecting in their records. The catch is that these services might never have been rendered and the “profits” are in essence, laundered money.

In terms of the technicalities behind cyber laundering, there are two different types.

  1. Instrumental digital laundering; and
  2. Integral digital laundering.

Instrumental digital laundering will use two of these phases (layering and integration) whilst integral digital laundering will be the complete three phase process as mentioned in the paragraphs above.

The alarming fact is that cyber laundering is also a lead method of funding terrorist activities and multiple other criminal organisations. The following are a few examples of how cyber laundering can occur:

  • Social media, such as Facebook and Instagram, has been used to attract users to deposit funds for illegitimate causes for example through illegitimate campaigns through the “GoFundMe” platform. The fraudsters would then deposit this money into different bank accounts or would withdraw the money.
  • Identity theft occurs through phishing. This information could then be used to commit credit or ATM fraud and thus unauthorised transfers would occur through internet banking.
  • In some countries, online gambling is illegal. Some criminals in those countries will still do so, and transfer the money to their bank account, thus legitimising the funds. Online gambling companies that are legal, are institutions that are required to report suspicious transactions to the local financial crime regulator and those that are illegal have no reporting obligations bestowed upon it.
  • Forged documents are often used to trick businesses to pay funds to what look like legitimate corporations for multiple purposes. The cash would then be withdrawn or transferred to a proxy account.
  • An international wire transfer through money mules is a prevalent type of cyber laundering.
  • An online lottery scam has also proven to be an effective measure for criminals. Criminals will tell individuals they have won the lottery. To release the winning lottery cheque, a certain amount will be required as an administrative fee which will be sent to the criminal’s bank account. This money would then be withdrawn. The criminal would use legitimate looking documentation to add credibility.

Cyber laundering becomes effective due to anonymity created on the internet where one’s location can be spoofed, or types of encryption methods used. Law enforcement is therefore deceived. 

Cybersecurity

As the intensity and scale of cybercrime increases, the many new internet users (as a result of the increased usage during the pandemic) were not prepared for the significant increase in cyber threats which are evolving as we speak. With increased activity on the internet conducted by cyber criminals, cybersecurity becomes even more challenging to achieve as well as the costs that are linked to cybersecurity measures.

Cybersecurity, during the first weeks of the pandemic, meant that information and communication technology (ICT) teams had to focus on implementing the basics when it came to working remotely for the employees within their organisations. This involved the establishment of large scale remote connections, integration of collaborative solutions (such as Microsoft Teams meetings) and network capacity. With the limited timeframe in which to implement these measures came the pressure of ensuring that these measure were secure. Cybersecurity has since become one of the most key issues we face in the digitization emergency that the pandemic brought.

There have been massive efforts to combat the growing problem of cybercrime and cyber laundering. Binance, a crypto trading platform, has become the first Blockchain and Cryptocurrency industry’s first to join the National Cyber-Forensics and Training Alliance (NCFTA). The NCFTA is a nonprofit corporation focused on identifying, validating, mitigating and neutralising cybercrime threats. Through these partnerships, the platforms used to trade cryptocurrency will be better suited to combat fraudulent activities. The diagram [1]below indicates the size of the global cyber security market:

Size of global cybersecurity market worldwide ($billion)

Source: Statista

Cybersecurity has always been on the radar of regulators, but with the recent cyberattacks that have proven to be unprecedented, cybersecurity has become a priority for many regulators across the world. A few trends that we are seeing the most legislative activity include the following measures:

  • Government bodies are required to implement cybersecurity training, to establish and ensure that the formal security policies, standards and practices, are followed as well as to plan for and test how to respond to a security incident.
  • Regulating cybersecurity within the banking and insurance industry (to mention a few of the financial services industries).
  • The formation of specific working groups, task forces, councils or commissions with the objective of leading the research of trends in cybercrime and to advise on cybersecurity issues.
  • Implementation of supporting programs or incentives for cybersecurity training and education.

What to be on the lookout for in 2022?

As a result of the pandemic’s impact on business as well as lifestyle, various types of fraud and cybercrime will continue to be high-risk in 2022. We can expect an increase in the following types of cybercrime to continue in 2022:

  • Phishing scams and ransomware attacks spurred on by continued remote working;
  • Cryptocurrency exchanges will be exposed to increased attacks;
  • Fraudulent payments as a result from an increase in e-commerce activity;
  • Identity theft as a result of government assistance programs implemented as a result of the impacts of the pandemic;
  • Internet Of Things (IoT) and 5G traffic between API services and apps which could become targets; and
  • Shortage in skillsets when it comes to the hiring of cyber security personnel. 

Money laundering has evolved over time, although its characteristics have remained unchanged. Regulation of cyber laundering has become critical and has meant that countries have been forced to focus on establishing legal frameworks to combat the fraudulent practice. Just as money laundering has maintained the same set of characteristics, regulatory and legislative reform of cyber-laundering should be based on the same founding principles or pillars. The pillars that form part of the anti-cyber laundering (ACL) legal regime can be summarized as follows:

  1. Prevention
  2. Enforcement
  3. Compliance

One key takeaway from the COVID-19 pandemic is that change is inevitable and we need to continuously learn, adapt and evolve to ensure that we come out stronger. Despite the hardship that COVID-19 brought, it has also brought rapid developments that impact every area of our lives. As cyber laundering and cyberterrorism continues to evolve, it becomes ever so challenging for regulatory authorities to prevent and enforce compliance with legislation.

As 2022 is expected to bring about an increase in existing cybercrimes (along with new methods), we expect to see regulatory authorities adopt an approach that is similar by ensuring that legislative efforts are proactive and not reactive in its nature. The spokesman for Bank of China, Wang Zhaowen once said: “The clampdown on money laundering and corruption is the common responsibility of all the countries in the world.”

 

[1] Source: https://www.cyber.gov.au/acsc/view-all-content/reports-and-statistics/acsc-annual-cyber-threat-report-2020-21
[2] Source: https://purplesec.us/resources/cyber-security-statistics/
[5] Source: Statista

 

For more information please contact the authors of this article: 

Kevin Moodley, Director, Financial Services Technology

BDO South Africa, kemoodley@bdo.co.za

Bianca Early, Regulatory Manager Financial Services

BDO South Africa, bearley@bdo.co.za