Financial Crime in the Digital Age – Key Takeaways from FCG’s event
Escalating fraud attacks. Profits higher than the drug trade. Financial crime in the digital space are on the rise and are becoming one of the biggest online threats.
On the 20th of October, FCG gathered around 60 banking and finance professionals in Oslo to address the topic of cyber-related crime and virtual currencies.
Speakers included Sebastian Claydon Takle, Financial Cyber Crime Centre (FC3) DNB, Eirik Sneeggen Kripos, National Cyber Crime Centre (NC3), Ola Westerberg, investigative journalist, and member of ICIJ, together with Henrik Skådinn, Senior Manager FCG Norway and former superintendent of The Norwegian Police Service and Louise Brown, anti-corruption auditor, FCG Financial Crime Prevention team in Sweden.
Sharing Intelligence to Make a Difference
Criminals trade services and establish platforms for knowledge transfer in the digital sphere. To fight cyber-related financial crime, transparency and information sharing between financial entities is key. It is a precarious balancing act, but banks may need to be more open about their exposure, says Sebastian Claydon Takle. Unless significant amount of data in transaction monitoring is available, we lack the possibility to identify deviations in behavioural patterns and normal trends. The alternative, Claydon Takle emphasized, would be to sit down and wait for the attack.
Sharing public data from DNB Norway, Takle told the audience that DNB identified fraud worth 920 million NOK in 2021, of which 734 million was stopped. Same year, DNB experienced a 60% increase in fraud cases and in between 2018 and 2020 digital fraud increased with 300%, pointing towards more advanced arrangements and a growing digital criminality.
Bitcoin is often used as payment method for ransomware. Criminal actors access the system of a company, requesting large sums of money, up to 600 million USD in one known case. Victims include listed companies, but few choose to go public with incidents. According to the practice of DNB, Claydon Takle said, incidents are reported to the Financial Police when several incidents can be linked to one specific actor.
Economies of Scale
There is an apparent connection between fraud and money laundering. 33% of the organised crime identified to be involved in money-laundering is also involved in fraud. Organised criminal networks operate both locally and internationally, often across multiple criminal income streams including narcotics and weapons trading.
BEC (Business Email Compromise) increased by 180%, and the number of customers subject to phishing attempts increased by 568% according to Takle. This type of fraud and threats are dominating the overall threat view and it is not expected to change for the better, Takle concluded.
Advanced criminal networks have grown to the size comparable to state-owned enterprises, built up over time with a very long-term view to develop competence and criminal tactics.
”One unique criminal network has earned 3 billion EUR in one investment fraud which took between five and eight years to carry out. It says something about the leverage these actors have. The capabilities of the opposite side may be hard to defeat. Even if you discover it, there is little chance to stop it”, explained Eirik Sneeggen from Kripos. “Cryptocurrencies are used to cover their tracks, but it is also a pull-factor. And clearly, unless you can use the money, there is no purpose.”
Opportunities and Limitations with Cryptocurrencies
It is not enough to move money in between accounts today, the money will be found. Criminal proceeds need to be moved out of the banking system, into a less established and unregulated system and this is where cryptocurrencies come into play. Decentralized finance is seeing a strong growth in the market. There is limited exchange between crypto and fiat currencies. No one needs to identify themselves and no one asks for information. The darknet is utilized to centralise narcotics trading into one place, then connecting it to cryptocurrencies. Criminals are always the first to use new technologies, and what we are seeing now is an increased use of so-called mixing services, according to Eirik Sneeggen, allowing criminals to cover their traces even further.
However, the challenge for criminals leveraging digital currencies is that it serves the purpose of placing and keeping money, but it is not a good place to use the money. How do you spend a million NOK worth of Monero?
Developing Relevant Competence
In cases of social manipulation, including fake news and scams, cryptocurrencies are not only effectively used as a medium for financial transactions but also as a pull factor. In the past, fraudsters used highly complex and little understood financial products to attract victims. Today they use virtual currencies and fake valuations as there is limited experience and data to compare with.
The questions we must ask are what makes it possible to manipulate victims and what makes anyone willing to disregard red flags? To tackle these challenges, we need to understand what areas competence is needed, and secondly, understand what kind of competence is needed.
The experts discussed different methods for financial institutes to manage and prevent this type of crime. Such as detecting rapid changes in transactional patterns, analyse behavioral patterns linked to age and sex, especially regarding young customers, and the use of Virtual Private Networks (VPN) and The Onion Router (TOR), to enable anonymous communication. Knowing your customer and understanding their level of knowledge about cryptocurrencies are also ways to fight financial crime in the digital age. Furthermore, employees need further knowledge and access to tracing tools to investigate mixing and learn how the darknet is used.
Combined with substantial amounts of data, a broad set of different and interdisciplinary competencies are required to establish teams able to identify deviations and scenarios. If teams are built on the same type of competencies, everyone will only come up with the same answer.
Henrik Skådinn of FCG Norway, concluded the event with the recommendation that organizations may consider focusing their approach on financial crime prevention, more so than focusing on regulatory compliance. Today many systems and structures are still addressing formal procedures to a greater extent than purpose.
The step forward could be to ask the question “How would you organisation act if there were no regulatory requirements, and how that would impact efficiency?”.
Read more on Financial Crime Prevention here.