Are popular cryptocurrencies like Bitcoin and Ethereum private?

Absolutely not.

There are privacy enhancing tools and techniques that can be used to obscure crypto transactions, but in general most cryptocurrencies leave a very convenient trail to trace for investigators and law enforcement.

But not all cryptocurrencies are made the same.

This article will provide a brief overview of the most private cryptocurrencies, how they’re used for user privacy and sometimes to avoid detection of fraud or other cybercrimes, and how private cryptocurrencies can still be traced by professional crypto investigators using advanced blockchain forensics.

In case you’re unfamiliar with this topic, here’s a look at the 5 most common crypto scams and how they might involve the use of pseudo-private cryptocurrencies.

The 4 Most Private Cryptocurrencies:

Private Cryptocurrencies – Monero (XMR)

Often regarded as the most private of private cryptocurrencies, anonymity-enhanced “privacy coin” Monero (XMR) uses ring signatures and stealth addresses to make transactions nearly impossible to trace. Furthermore, their RingCT (Ring Confidential Transactions) method effectively hides transaction amounts, adding further difficulty to tracing.

In 2022, there was an increase in threat actors demanding payments in Monero for ransomware and other scams. Victims are often told that if they pay in Monero instead of Bitcoin, the ransom will be ~20% less. For example DarkSide, the hacking group behind the infamous Colonial Pipeline attack, accepted both XMR and BTC, but charged more for the latter due to traceability concerns.

Can Monero (XMR) be traced?

Cybersecurity experts are constantly developing new tools to combat Monero’s ever-evolving privacy technology. Blockchain analytics and crypto compliance firms such as CipherTrace and Chainalysis offer tools designed specifically for tracing XMR transactions that are available to government agencies, financial institutions, and law enforcement. The full extent of these tools’ capabilities remains unclear to the public.

Researchers from Carnegie Mellon University have released a study into the privacy features of Monero and Zcash in which they found 30% of XMR transactions to be traceable. Chainalysis claims an even better success rate. Some of the approaches Chainalysis uses were exposed in recently leaked slides Coindesk: Leaked Slides Show How Chainalysis Flags Crypto Suspects for Cops

Private Cryptocurrencies – Zcash (ZEC)

“If Bitcoin is like http for money, Zcash is https,” tout users of the network’s Zero-Knowledge Proof (zk-SNARK) mechanism, which grants the option for participants to shield transaction origins, destinations, and amounts. Zcash addresses can either be private (z-addresses) or transparent (t-addresses), and it’s the transactions between two z-addresses that are hard to trace because both ends are encrypted.

The majority of Zcash wallets and transactions are completely transparent, while z-addresses are a less utilized user privacy option. For these reasons, Zcash is not associated with illicit activity as often as XMR.

Can Zcash (ZEC) be traced?

Carnegie Mellon researchers in the above-mentioned study similarly found that only 0.09% of ZEC transactions within a 30-day period made full use of the protocol’s privacy features, leaving the rest traceable.

Chainalysis said in 2020 they were able to track 99.1% of all ZEC transactions. “Even though the obfuscation on Zcash is stronger due to the zk-SNARK encryption, Chainalysis can still provide the transaction value and at least one address for over 99% of ZEC activity,” said the firm.

While advanced blockchain forensics may be required to trace the most privacy enhanced transactions on ZEC, the vast majority can be traced as easily as Bitcoin.

Private Cryptocurrencies – Dash (DASH)

Dash is an open-source cryptocurrency project. It uses CoinJoin technology to parcel up several transactions and mix the addresses, effectively scrambling transactions and making them a lot harder to trace. While it has been described as a privacy coin, many have pointed out that it’s kind of just Bitcoin with extra steps, meaning the blockchain itself doesn’t have any enhanced privacy features, but the CoinJoin technology on top of it does.

The popularity of DASH rose in 2016-2018 but has largely fallen out of use for cybercriminals looking to steal or launder crypto.

Can Dash (DASH) be traced?

Dash’s ability to hide wallet addresses and transaction amounts relies on CoinJoin, which is a decentralized mixing protocol of its own. While blockchain intelligence firms have had success de-mixing transactions through CoinJoin in the past, it’s mostly based on probabilities and requires extensive on and off-chain data correlation.

That being said, Dash suffers from the same issues as Zcash in that the vast majority of users don’t properly implement the privacy enhancing features, and therefore most DASH transactions are easily traceable.

Private Cryptocurrencies – Verge (XVG)

Verge approaches privacy from a unique perspective by using multiple anonymity-centric networks such as The Onion Router (TOR) and Invisible Internet Project (I2P) to bounce communications over a distributed network. While they use an open ledger just like Bitcoin, the source of all transactions is hidden by default due to these layers of user anonymity.

As with Dash, Verge saw more use in the 2016-2018 era of cryptocurrency hacks and scams, and has since largely rebranded itself from a privacy-centered protocol to a user-friendly and secure cryptocurrency.

Can Verge (XVG) be traced?

While XVG transactions are highly secure and uniquely anonymous, the fact that they deploy an open ledger means it’s relatively easy for knowledgeable blockchain investigators to piece together transactions related to criminal or otherwise notable activity using a combination of on and off-chain data.

Cryptosec is a leading provider of security solutions in the rapidly evolving world of blockchain, cryptocurrency, DeFi. Their specialist investigations arm, Crypto Investigators, offers expert services in blockchain forensics and legal investigations, leveraging deep industry knowledge and advanced investigative techniques to navigate the complexities of the digital age.

The post Tracing Private Cryptocurrencies appeared first on Cryptosec.

“Where money goes, crime is never far behind.“

In our new digital world this age-old saying still rings true, especially in regard to the emergent cryptocurrency and NFT landscapes.

According to a recent report by blockchain analytics firm Elliptic, cybercriminals have laundered $4B through DEXs, bridges, and coin swaps since 2020. Much of that was related to the top 10 crypto hacks of all time, half of which have occurred since 2020, but much of it also comes from casual everyday crypto scams and investment schemes that plague the crypto community.

In this article we’ll discuss the 5 most common crypto scams and how you can avoid falling victim to them.

Crypto Scams – Bitcoin Investment Schemes

Bitcoin investment schemes usually come in the form of random private messages, spam comments, or ads online that promise to give extraordinary returns on Bitcoin investments. The scammer will claim to be a “professional investment manager” or something similar, and they’ll often provide fake credentials and a fabricated history of profitable trading to convince a target to trust them. Once their trust is gained, the scammer will direct the target to transfer their Bitcoin to the scammer, or request an upfront fee for “investment management”, and then they’ll disappear with the money.

Scammers use various deceptive tactics to gain the trust of their targets, including online celebrity impersonations, fabricated endorsements, fake websites that imitate authoritative sources, and a whole slew of other lies and falsehoods. For example, one popular Twitter scam is to take control of a ‘Verified” account (one with a blue check mark), change the name to match that of a popular crypto personality (Vitalik Buterin or Binance’s CEO, CZ, for example), change the picture and the bio too, and then spam investment schemes in the comments section of popular tweets.

It should be noted, of course, that while Bitcoin is the most popular cryptocurrency among these kinds of crypto scams, they can be done using any cryptocurrency.

How to Avoid Bitcoin Investment Schemes:

Since these types of crypto scams mostly rely on social engineering and gaining the trust of investors, the best approach you can take to avoid them is to be very sparse with who you trust online.

Be skeptical of any and all claims about high-return investment strategies, especially from people you don’t know, but even from those you do, as they could have just as easily fallen into a crypto investment scheme themselves. Furthermore, refrain from taking investment advice from or acting on celebrity endorsements, even when it’s from a verified account, because even celebrities can fall victim to crypto investment schemes or worse – their account could have been taken over by a malicious actor.

Crypto Scams – Rug Pulls and Exit Scams

To “pull the rug out from under [somebody]” is when you pretend to be their friend and offer support, but then betray them. In crypto it’s no different.

A ‘rug pull’, or ‘exit scam’, is a type of crypto scams in which a team (or individual) builds a cryptocurrency or NFT project with the sole intent to collect investment funds and then abandon the project. Sometimes this wasn’t the intent from the beginning, but a team faces insurmountable challenges or a failure to execute on their plans for some reason, and decides to drain the project’s liquidity and run off with the money. This usually happens rapidly, leaving investors no time to withdraw their funds before their investments drop to essentially $0, but there are also slower forms of rug pulls, where the team in charge of a given project slowly drains the liquidity over time.

In the case of deliberate exit crypto scams where a project is built for that sole purpose, often some flashy and unrealistic promises will be made and a range of endorsements will follow, from small-time crypto shillers all the way up to big name celebrities who don’t really understand what they’re being paid to promote. Additionally, fake claims about big partnerships with brand name companies and projects in the crypto or financial sectors will be used, and sometimes even deep fake videos or fabricated news websites will be made to give the impression of legitimacy.

How to Avoid Rug Pulls and Exit Scams:

The euphemism “if it sounds too good to be true, it probably is” applies well here.

There’s another saying in the crypto community, “DYOR” (Do Your Own Research). To make good investment decisions, you need good information. This starts with learning all the various metrics that can be examined about an NFT or cryptocurrency project, such as its tokenomics (supply and distribution characteristics), market activity, and its team’s background. You’ll never fully remove the risk of getting rug pulled if you’re investing in high-risk assets like altcoins or NFTs, but you stand the best chance of not getting scammed if you cultivate and rely on your own extensive research criteria instead of trusting endorsements, celebrity or otherwise.

Crypto Scams – Phishing Scams

Phishing scams are nearly as old as the internet itself.

First coming in the form of spam emails and AOL messages, a phishing scam is when an attacker sends a malicious link that, if clicked, can potentially steal vital banking and identification information from an unsuspecting victim, and this now extends to cryptocurrency wallet keys and digital assets such as NFTs as well. The most common kind of crypto phishing scam involves a promotional message with a link that leads to a fake website or dApp (decentralized application) that asks the victim to connect their wallet and give permission to make transactions, after which their crypto is transferred out of their wallet.

You’ll notice many phishing scam attempts if you’re active in crypto-related communities across platforms such as Discord, Telegram, Twitter, Facebook, YouTube, and TikTok. Attackers will use spambots to mass DM (direct message) crypto community members or followers of popular crypto accounts with phishing links, and it’s this method of ‘throwing bait into a sea full of fish’ from which “phishing scams” derive their name.

How to Avoid Phishing Scams:

“Think before you click,” as the saying goes.

Any link on the internet has the potential to be a phishing scam, but some are far more suspicious than others. Learning about the most common phishing techniques, as we outlined above, is step one to avoiding them. Links from random DMs that make unrealistic claims and promises, emails that you weren’t already expecting, and even celebrities on social media should always be regarded with high suspicion, and basically never clicked. DYOR also applies here, as if you’re tempted to click on a link you can always conduct some background research first to verify multiple sources of the information and make sure you’re visiting the official website of interest.

Crypto Scams – Romance Scams

This is social engineering on steroids.

A romance scam is, like it sounds, when an attacker poses as a romantic interest to gain the trust and affection of a target. Sometimes spanning weeks or months, romance scams often involve elaborate impersonations of attractive men or women who weave complex webs of lies and excuses to emotionally manipulate their target before eventually leading them into an investment scheme or even flat out asking for money, often in the form of Bitcoin or other cryptocurrencies.

The most common places frequented by romance scammers are online dating apps, streaming and video websites, and general finance or cryptocurrency communities where they suspect they will find their primary targets which are lonely individuals with access to large sums of money. The FBI reported that in 2021 some 24,000 victims lost approximately $1B to romance scams in the United States alone.

How to Avoid Romance Scams:

This should go without saying, but if you meet a love interest on a dating site, or anywhere else on the internet, and they want you to send them money or make an investment of any kind before at least meeting in the real world, it’s almost guaranteed to be a scam. Set boundaries for yourself when engaging with people online.

Crypto Scams – Man-in-the-Middle Attacks

This is as close to “real hacking” as it gets in terms of the most common ways people get their crypto stolen.

A man-in-the-middle (MITM) attack is when a malicious actor gets in between two data access points and then has control over all incoming and outgoing information through a given channel. These kinds of attacks usually require the attacker to have close proximity to the target. For example, you go to your favorite cafe and connect to their free wifi but it lacks proper security, and now the hacker has gained access to your device through the wifi connection. They may intercept your incoming messages or send fictitious messages from contacts you trust, or they might gain access to your banking details, your identity, and your crypto wallet credentials.

How to Avoid Man-in-the-Middle Attacks:

While not using sketchy public wifi connections is an obvious one, you could also be at risk of MITM attacks if your home or office setups aren’t secure.

The first line of defense is to make heavy use of password protection on all devices and network access points. Second, you can use a VPN (Virtual Private Network) to encrypt the data you send online. Third, you can beef up your security by hiring professionals to orchestrate pentesting to look for vulnerabilities in your networks and recommend solutions.

Other Common Crypto Scams

The DeFi space is ripe with ways to lose your money.

Many so-called “meme coins” and NFT projects deeply resemble Ponzi schemes; social media giveaways are usually some combination of fake (meaning they never actually give out the prizes they “offer”) and malicious (phishing scams); DEXes, NFT marketplaces, and P2P exchanges can contain all sorts of bad code that can be exploited; and there are even fake “employees” and “employers” who present themselves as professionals in a business setting only to gain access to your information or crypto.

Innovators, developers, early adopters, cybersecurity experts, regulators, and law enforcement all need to work together to protect the people who use this new paradigm-shifting technology against the wide variety of crypto scams.

Cryptosec is a leading provider of security solutions in the rapidly evolving world of blockchain, cryptocurrency, DeFi. Their specialist investigations arm, Crypto Investigators, offers expert services in blockchain forensics and legal investigations, leveraging deep industry knowledge and advanced investigative techniques to navigate the complexities of the digital age.

The post The 5 Most Common Crypto Scams and How to Avoid Them appeared first on Cryptosec.

The situation is like a military leader trying to fight different enemies on different fronts. While those enemies remain in different fronts, it makes sense to send separate defense forces against them, each focused on fighting only the enemy assigned to it. But what if those enemies merge and launch joint attacks? A smart military leader would merge his forces against the joint attacks.

That’s not happening in financial institutions, though. Rather than having financial crime and cybercrime teams work together against this merged threat, institutions most often maintain them as separate entities. That’s as ridiculous as a military leader sending two separate units against an attacking force, but telling them not to coordinate their attacks, to fight only certain attackers and to ignore the other attackers.

That is the environment that currently threatens financial institutions in their war against financial crimes, fraud and cyberattack. Financial crime and cybercrime increasingly merge. Yet counter-financial crime teams and cybersecurity teams largely remain unconnected. How have we gotten here? And what can be done to meet this new challenge?

The growing convergence of financial crime and cybercrime

With our increased dependence on technology, money – which once was strictly a physical entity – has increasingly become 1s and 0s stored and processed on information systems and transferred through cyberspace. Vast amounts of money now reside in this ungoverned space where no government has full jurisdiction, making it a safe haven for criminals to operate with less detection.

It is only natural, then, that criminals increasingly move their efforts there. On one hand, the cyber world offers traditional perpetrators of financial crimes inviting access to amounts of money that would be almost impossible to obtain elsewhere. On the other hand, it offers a lucrative environment for skilled cyberattackers to monetize their skills.

This confluence of opportunity and anonymity facilitates crimes on a scale that otherwise would be beyond criminals’ reach. Such was the theft of US$45 million through a complex scheme that a large network of cybercriminals, common street criminals, and money launderers pulled off in a matter of hours at ATMs across the globe.

Even more staggering was the US$81 million theft from a Bangladesh bank (with similar attacks on additional banks, whose losses have not been publicly reported). This complex theft was accomplished by combining the skills of cybercriminals and fraudsters to subvert the bank’s SWIFT account, thus co-opting the global interbank transfer system over which billions of dollars move from bank to bank daily.

Other than their scope, these are not isolated incidents. Cybercriminals, perpetrators of financial crime – and even rogue governments like North Korea – collaborate to commit complex thefts. In fact, cybercrime has now become more profitable than the drug trade.

The continuing separation of financial crimes defense and cyber defense

Defense against these conjoined attacks is hampered when defense systems operate in separate silos. Criminal attacks on both systems are growing increasingly complex.

What drives financial crime defense into isolation

In the financial crime arena, it is important to realize that the term “financial crime” forms a broad umbrella over a variety of crimes, from fraud to money laundering to terrorist funding to sanctions violations and much, much more (learn more here).

Fraud – just one of the types of crimes that falls under the umbrella – comes in many forms, with each form often combated by specialized teams such as first-party fraud team, credit card acquiring fraud team, credit card issuing fraud team, online banking fraud team, etc. Even more, fraud teams are often divided into fraud strategy teams, fraud monitoring, fraud investigations, and more. Similar situation happens often for other types of financial crimes as well.

Regulations for each type of financial crime grow constantly – and often in isolation from regulations for related crimes. That motivates institutions to focus on each type in isolation, as does the tendency for an institution to dive deeper into preventing recurrences of whatever type of financial crime has most recently stung it, while paying less attention to other types. Thus, defenses become fragmented even within the financial crime arena.

On top of that, fraud defense systems are not designed to detect the cyberattack component of cyber-enabled financial crime. They typically are not capable of detecting the crimes until the cyberattacks have already compromised the institutions and perpetrators are seeking to monetize the data they acquired or launder the funds they illegally obtained.

What drives cybercrime defense into isolation

Meanwhile, in the cybercrime defense arena, the complexity involved in detecting the financial crime component of cyber-enabled financial crime is far more sophisticated than what is typically involved in traditional cybersecurity. Cybersecurity systems are vulnerable when falsified identities rather than cyberattack methods are used to breach defenses, such as in the 2015 IRS breach of its Get Transcript application that was used to obtain sensitive information of hundreds of thousands of U.S. taxpayers.

In contrast to financial crime defense, cybersecurity systems are not nearly as adept in detecting suspicious patterns of activity from various sources as fraud detection systems are. They, thus, are less likely to take swift action on patterns that, while not necessarily immediately compromising the system, nevertheless represent activity that could damage the institution.

The human factor that drives isolation

Add to that the human tendency to compartmentalize. When faced with regulations that treat different types of threats in isolation, the tendency is to keep them isolated. When dealing with hierarchies that are already separate, the tendency is to maintain the status quo. When dealing with increasing complexity in the types of threats, the tendency is to not add even more complexity by trying to navigate a solution that would require a shakeup of existing structures and systems.

The knee-jerk reaction, then, to the growing complexity – and merging – of both kinds of attacks is to continue investing in each defense function separately – hire more people, invest in more technology solutions – without seeing the many synergies between the different functions. For example, I know a bank that has over 20 different financial crime teams and more than 40 different analytics tools and teams supporting them, all doing the same thing – analyzing transactions and other data to detect malicious behavior – with only slightly different goals.

The evolution of cybersecurity

In the past, our cybersecurity approaches focused primarily on the first few steps of the cyberattack life cycle – preventing attackers from gaining access to our systems. We – cybersecurity practitioners – hardened our systems, installed antivirus solutions, patched software vulnerabilities and blocked blacklisted IPs and URLs. Cybersecurity used to be focused on perimeter security.

We found that merely protecting the perimeter wasn’t enough, though. We also encountered internal malicious activities on our networks. So, we started gathering insights from our networks, servers and endpoints. We started collecting logs and network flows and increasingly focused on analyzing those to detect anything suspicious.

Over time, though, cybercriminals devised many ways to circumvent traditional perimeter-focused security measures, as well as our initial attempts at using analytics to detect malicious activities. And those criminals became very successful at it. They distribute their attacks across many IPs. They act slowly and patiently to avoid triggering alarms. They take the time and effort to mimic normal transactions.

As a result, they often appear as a regular employee to initial defense systems and successfully maintain access to victims’ systems without detection for long periods of time. A 2016 report on security breaches shows that the median time before companies discover attackers in their networks is 146 days globally, and a startling 520 days in the Asia-Pacific region.

With cybercriminals so good at mimicking regular insiders, we started monitoring more and more of the whole technology stack, looking for changes to files and systems that might indicate something suspicious. We increasingly correlated all that information. Instead of just checking whether a user has logged in with the right password, we started verifying whether the user has also logged in from a regular device and IP.

We started applying analytics on even more data. Improved solutions allowed us to check whether a user logged in at regular times, from which location, how much data they uploaded or downloaded and whether their actions deviated from their usual activity pattern.

We check whether the user’s recent login location and time matches their previous one. If it doesn’t, our system can tell us whether it is even realistic that the user traveled the distance between the two locations in the time between the two logins.

We automatically check the user’s behavior pattern is usual for their business group or demographic peers. We use advanced analytics approaches to establish behavioral baselines and patterns, and employ UEBA – User and Entity Behavior Analytics – to build statistical models that alert us if a device or a user tries to execute an action that statistically deviates from their pattern or the pattern of their business or peer groups.

In addition, we even have solutions that monitor internal user communication (e.g., emails or phone calls) and perform sentiment analysis to help identify disgruntled employees.

By collecting threat intelligence information, we better understand cyber attacker modus operandi and build those illicit behavior patterns into our detection system to improve our chances of detection.

In short, we found, that cybersecurity in today’s threat environment requires far more than the perimeter protection that was our original focus. We found, by analyzing system logs and networks over time, that it also requires using advanced analytics across as much data as possible, spanning everything from device data to user business transactions to the context in which users execute transactions, and supplementing that with threat intelligence.

The evolution of financial crime detection

Meanwhile, in the Counter-Financial Crime space, we took a slightly different approach. Initial analytics solutions there monitored financial transactions to detect fraudulent activity. We looked at how fraudsters, money launderers and terrorist financiers behave and built rules into our analytics solutions to help us detect those patterns of illicit activities. For example, if a new customer tried to transfer a large amount of money to countries flagged for terrorism support or to offshore tax havens, we received an alert.

Our financial crime/fraud detection solutions kept getting smarter. In financial crime, we started looking at the time and location from which transactions initiated. We started automatically checking whether travel time between two different ATM withdrawals was realistic. We started learning more about our customers, as well as parties they interact with in financial transactions, and started building patterns of behavior and using statistical models to detect anomalous behavior.

We realized our analytics could become even better if we knew more about the devices our consumers use. If we see the same device try to execute numerous online payments with numerous different credit cards, we should investigate. The same device used to apply for different cards or loans under different names also indicates something suspicious. So, we started building patterns of behaviors for devices as well as users.

We then went further down into technology stack. Some fraud detection solutions monitored device behavior even when the device was not connected to financial institution. For example, if a device visited a website known for distributing malware, the next time that user connected to online banking, the institution received an alert that the device might be at risk (although without identifying the specific site visited).

A growing confluence

Thus, even as cybersecurity and financial crime defense systems remain independent of each other, the best practices that each uses increasingly move toward the initial approaches of the other.

Cybersecurity started from monitoring technology systems and comparing activity on them to known cyberattack methods. We then combined that over time with advanced analytics about users, their business groups, and transactions, moving up the technology stack as an additional way to detect malicious activity from user behavior.

In the financial crime/fraud space, we traveled in the opposite direction. We started from analyzing user behavior and comparing it to behaviors common to financial crime efforts. We then combined that over time with information coming from technology, moving down the technology stack as an additional way to detect financial crime attempts by analyzing user and device interaction with financial systems.

Thus, cybersecurity detection solutions and financial crime detection solutions, which were completely separate in the past, increasingly overlap today.

Taking steps toward combining the silos

The first step toward combining the silos could be to look at the technology. When financial institutions decide to refresh their technology, they could seek a single set of solutions to use for both cybercrime and financial crime detection as a single, unified team. Even if combining the teams is not immediately feasible, working to improve communication between separate teams and separate solutions would still help the institution better combat what remains a unified threat. With more comprehensive data flowing between teams, more threats could be detected.

Many banks currently check the location of ATM withdrawals. If a user makes one withdrawal in Hong Kong and another one an hour later in Moscow, most systems flag the withdrawals because of the impossibility of a user traveling that distance in an hour.

With more comprehensive data available, this safeguard could be extended across all channels. For example, if a user logs in to online banking from Hong Kong and then tries to make an ATM withdrawal in Moscow one hour later, the financial institution should similarly be alerted. Surprisingly, though, because of lack of communication between teams in most banks, very few today do even these kinds of simple checks across the two payments channels. Let alone correlating data across all the channels and all potential data sources.

Thankfully, this is beginning to change. Some more advanced financial institutions started combining those different detection teams under one organization and a single executive to benefit from the detection across the silos. Increasingly, financial institutions are also building cyber-fusion centers – a single place in which all different detection solutions are brought together and monitored by a combined team.

Wrap-up

The environment in which the war against financial crime and cybercrime is fought continues to change, and the ways we fight it must continue to change, as well, for financial institutions to stay ahead. Regulations need to reflect this new reality, and the separate forces defending separate towers in the battlements against this frequently merged enemy need to recognize the common cause they fight and the benefits of working together.

Financial crime teams and cybersecurity teams each have unique skills and tools that, used jointly, can protect their institutions more effectively. The more these teams work together, the better they can identify and frustrate the efforts of criminal elements that seek to compromise their institutions.

Cryptosec is a leading provider of security solutions in the rapidly evolving world of blockchain, cryptocurrency, DeFi. Their specialist investigations arm, Crypto Investigators, offers expert services in blockchain forensics and legal investigations, leveraging deep industry knowledge and advanced investigative techniques to navigate the complexities of the digital age.

The post Why Financial Crime and Cybersecurity Need to Team up appeared first on Cryptosec.

Although such individuals sometimes fight the spread of WMD, the front lines feature a different type. The bulk of front-line defenders are less likely to have military backgrounds than financial ones.

That’s because the most vulnerable place to identify and block those who spread WMD is through their financial dealings. So, we look at the world of sanctions violations and proliferation financing to see how those who traffic in such dangerous commerce are identified and thwarted.

Understanding the weapons of mass destruction related terms

Two key terms fill discussions of the fight against WMD: sanctions violations and proliferation financing.

Sanction violations are actions that defy the efforts of sanctioning bodies to stop acts that destabilize nations and threaten lives. Sanctions are designed to bring a target nation, organization (such as a terrorist group or crime syndicate) or individual in line with established norms. They enforce diplomatic and economic penalties on targets in the hope of motivating them to bring their actions back within established standards. These sanctions may be applied by individual countries or by larger groups, such as the United Nations.

Although sanctions may target a variety of harmful behaviors, most often they target those who seek to obtain WMD. Initial sanctions cut targets off from technology or equipment that could help them acquire WMD or the means to build or deliver them. If those targets persist, restrictions grow increasingly severe, to the point where sanctions may isolate them from trade of any goods other than those that supply innocent citizens’ basic needs.

In seeking to stop targets from engaging in sanctions violations, sanctions enforcement looks for evidence of proliferation financing. Proliferation financing refers to providing funds or financial services used in any way to manufacture, acquire, develop, export, transport or stockpile WMD for use by persons or governments that are banned from possessing them. It applies also to the materials or technologies needed for these weapons’ production, or to systems that could be used to deploy such weapons against others. Thus, proliferation financing’s goal is to equip nations or parties with WMD despite their demonstrated likelihood of using them without regard to – or for the express purpose of causing – a catastrophic loss of life.

How sanctions work

Sanctions provide a carrot-and-stick motivation to encourage targets to conform to international standards. If a target abandons the efforts that triggered sanctions, it receives the carrot of fewer restrictions and access to broader trade. If it persists in its efforts, it receives the stick of seeing their trade with sanctioning nations wither to the most basic goods.

Sanctions can take many forms. Sanctioning bodies may suspend diplomatic relations with targets and end any aid or services to them. Sanctioning bodies may enforce financial penalties, such as seizing any of a target’s assets located within the sanctioning body’s jurisdiction or freezing accounts of the target or its citizens/members. Sanctions may affect what trade goods the target can buy from or sell to sanctioning nations or their citizens. Or they may ban individuals associated with the targeted nation/organization from entering countries that enforce the sanctions.

Penalties for companies or individuals that engage in sanctions violations can range from fines to prison time. Helping a target evade sanctions carries the harshest penalties. Exceptions to sanction restrictions may be granted if a company can demonstrate that its interaction with a target is necessary and will not reduce the sanction’s effect. Exceptions, however, must be licensed by the sanction enforcers and subject the licensee to special reporting requirements to ensure that the license is not abused.

The role financial institutions play in enforcing sanctions

Financial institutions use many of the same approaches they use to guard against money laundering and terrorist funding to guard against proliferation financing. Know Your Customer (KYC) and Customer Due Diligence (CDD) practices lead specialized financial institution teams to thoroughly investigate whether prospective customers: 1) are who they say they are; 2) do not have ties to individuals or organizations known to have participated in money laundering, terrorist funding or proliferation financing. They do this using documents provided by applicants, as well as available public information, a variety of government watch lists and special intelligence from agencies charged with gathering information on these classes of criminals.

KYC/CDD teams then monitor customers’ financial activities after they are approved. They use risk ratings and profiles of those customers that the teams developed during the application investigation. These help KYC/CDD teams anticipate what kinds of financial activities each customer is likely to conduct. Activities contrary to expectations will trigger greater scrutiny from KYC/CDD teams.

KYC/CDD monitoring doesn’t stop with just the customers, either. Teams also monitor individuals and institutions with whom customers do business, to ensure that customers are not engaging in suspicious transactions with parties or institutions that may be involved or complicit in illegal financial actions. These are all basic KYC/CDD practices.

Monitoring for sanctions violations requires even more of KYC/CDD teams than their basic practices, though. Teams must also understand current sanction requirements. What countries, organizations and individuals are currently targeted? What specific restrictions apply to each? What individual licenses that permit limited interactions with targets exist? In cases where multiple bodies have placed sanctions on a target, financial institutions must also determine how each body’s sanctions apply to the current situation.

Then, too, they must understand specific typologies used in proliferation financing. Proliferators, like money launderers and terrorist funders, seek to make their transactions look like legitimate trade. They seek weak links – such as free-trade zones or countries whose attitude toward illicit money movement is lax – through which they can channel funds with the least risk of detection.

Some typologies are obvious. These include transactions that involve individuals or entities with connections to a targeted nation/organization, or individuals/entities with ties to weak links that proliferators can use as shipping destinations from which goods can be diverted to the target.

They may also involve transactions in which the stated use of materials or equipment described in the request for a letter of credit seems inconsistent with the customer’s usual business needs. Or, the destination listed for a prospective shipment is a freight-forwarding company.

Other typologies are subtler. These include requests for letters of credit based on vague or incomplete information. Proliferators often provide descriptions for intended purchases that seek to conceal the true nature of equipment or materials.

Asking for a letter of credit based on another institution’s letter of credit is also a red flag. Proliferators often use layers of letters of credit to conceal a trail of illicit transactions. Similarly, complex transaction trails that lead through a series of companies in a series of countries can also suggest suspicious activity.

By understanding potential red flags, financial institutions can better detect proliferators’ attempts to use them as channels for proliferation financing. The Financial Action Task Force’s (FATF) 2008 paper on proliferation financing is an excellent resource for this.

Wrap-up

Financial institutions are positioned to play a key role in helping to enforce sanctions and block proliferation efforts. In fact, when proliferation funding runs through the traditional international financial system, KYC/CDD teams may be the best chance of identifying many of the transactions and activities connected to proliferation financing. Understanding current requirements and typologies – in addition to regular KYC/CDD practices – is crucial to stemming sanction violations and the proliferation of WMD.

(This is a guest post by Mojca)

Cryptosec is a leading provider of security solutions in the rapidly evolving world of blockchain, cryptocurrency, DeFi. Their specialist investigations arm, Crypto Investigators, offers expert services in blockchain forensics and legal investigations, leveraging deep industry knowledge and advanced investigative techniques to navigate the complexities of the digital age.

The post Financial Institutions: Key in Fighting Weapons of Mass Destruction appeared first on Cryptosec.

Do the two warrant similar treatment in detection methods? Or do their dissimilarities call for different detection approaches?

How are they similar?

Money laundering and terrorist financing share three similarities:

1.    They involve a source of money or objects that have monetary value.

2.    They involve moving the money through channels that conceal the original source.

3.    This money movement and concealment of the source enables recipients to use the end funds in ways that would otherwise have exposed the initiator to legal jeopardy.

How are they different?

Admittedly, those three similarities are fairly high-level. Their differences are at a deeper level.

Source of funds

Money laundering and terrorist financing usually differ in their respective source of funds. With money laundering, the initiator is an individual or organization that obtained the money through criminal activity. This may be a single individual, as in the case of embezzlement or tax evasion. Or it may be large criminal organizations. The source, in money laundering, is always funds obtained by illicit activity.

With terrorist financing, a criminal origin is not always the case. The initial source may be legitimate. It may be wealthy benefactors who agree with terrorist goals and want to support terrorist activity. It may be groups that pose as charitable organizations, gather funds supposedly for humanitarian aid but then, either with or without donor knowledge, transfer the funds to terrorist groups or operatives to support their activity.

That’s not to say that the source in terrorist funding is never from criminal activity. Increasingly, terrorist organizations have turned there for funding. In fact, many well-funded terrorist groups have engaged in criminal activity to eliminate reliance on donors and thus become self-supporting. Kidnappings and ransom demands by paramilitary groups, as well as trade in blood diamonds, human trafficking and arms dealing have become a growing terrorist funding source.

So, although terrorist financing might use criminal activity as a funding source, the difference between money laundering and terrorist financing is this: In money laundering, the source of funds is always criminal activity; in terrorist financing, funding sources may be either legitimate or illicit.

Transaction amounts and transfer methods

Money laundering and terrorist financing differ also in the typical size of monetary transactions involved and the methods used to move them. In money laundering, the amount of funds is generally large. This requires initiators to be both more careful and more creative in the ways they move funds.

Most often, they start by breaking funds into smaller amounts to avoid triggering immediate alerts tied to size of deposits. Then they place those smaller amounts into financial institutions as multiple deposits in multiple accounts under multiple names, to make the placement of funds look as natural as possible.

Then they transfer that money, bit by bit, into other financial institutions – often in countries whose banking laws allow greater anonymity and, from there, into yet other institutions. By continually moving the money through multiple institutions, they seek to create layer upon layer of transfers until the paper trail is too complex to trace back to its source.

Along the way, they may use informal financial systems that protect sender’s and recipient’s identities, such as the Middle Eastern hawala, Chinese fei chi’en or South American Black Market Peso Exchange. They may also send the money through shell companies that exist to create false invoices that give the impression that money was received for real goods or services, thus making it look legitimate.

Eventually, though, the money is reintegrated back into financial institutions under the real names of the initiators, but now with a string of transactions that give the illusion of being revenues from legitimate businesses. At this point, the initiators can use the money as legitimate wealth, because the trail back to its illicit source has been obscured beyond the ability of law enforcement to trace.

Contrast that to terrorist financing, where the amount of funds generally is smaller. These smaller amounts – and the original legitimacy of the funds – require less creativity to move without triggering alerts. In fact, one of the greatest challenges in detecting terrorist funding transactions is that they so closely mimic legitimate money movement. This makes it easier to use financial institutions – either at the beginning of the process, at the end or all the way through.

That doesn’t mean that financial institutions are the only means used. Couriers sometimes smuggle cash from country to country, to move it into countries that have more relaxed detection systems. Or the hawala is sometimes used. But, again, traditional financial systems are heavily used because of their ability to move money vast distances at the push of a computer key.

So, both money laundering and terrorist funding rely heavily on the lightning-quick ability of financial institutions to move cash. This is important to remember as we continue looking at the similarities and differences of the two processes.

Intended destination and purpose of funds

When we look at the intended destination and purpose of funds, money laundering and terrorist financing are completely different. In money laundering, funds come full circle back into the criminals whose illicit activities created them. The goal is long-term: to disguise criminally obtained funds so they build a seemingly legitimate accumulation of personal wealth for their criminal perpetrators while keeping the criminal activity that generated them secret.

With terrorist financing, on the other hand, funds move from the hands of donors who usually obtained them legitimately, into the hands of criminals who intend to use them to commit illegal acts. The goal is short-term: to pay terrorist operators to commit highly public criminal acts (terrorist attacks) while concealing the originator’s connection to those acts.

So, the destination and purpose of funds is dramatically different. Money laundering starts with perpetrators of criminal acts and returns all funds to those same perpetrators, only now looking legitimate and keeping the perpetrators’ past criminal activity secret. Terrorist financing pays others to commit crimes that receive maximum publicity, yet keep the donors’ involvement secret.

How can money laundering and terrorist financing be detected?

For all their differences, both rely on financial institutions at some point in their transfer process. This creates a vulnerability that can enable detection. In many ways, detection methods for both are similar.

In both processes, following recommended AML/CTF practices enables detection. Know Your Customer (KYC) and Customer Due Diligence (CDD) practices require specialized units in financial institutions to perform thorough verifications of prospective customer identities and backgrounds before the institution accepts them as customers.

Units dig deeper into customer applications to determine whether the customer is the account’s beneficial owner or only a representative. If so, the units must investigate the beneficial owner as well as the representative.

KYC/CDD units also compare prospective customers, representatives and beneficial owners against money laundering and terrorist watch lists to whether determine they – or any individuals with whom they have connections – are on those lists. Only through this exhaustive screening process can the institution accept the prospective customer.

The initial investigation is not the end of the KYC/CDD unit’s work, though. It also involves understanding the typical banking activities the institution can expect of each customer and continuously monitoring for possible signs of money laundering or terrorist financing involvement.

Monitoring doesn’t stop with the institution’s customers, either. It also involves assessing the reputation of institutions to or from which customers send or receive transfers. It involves flagging customers who maintain relationships with questionable institutions or engage in transactions with countries considered lax in their detection efforts. And it involves applying counter-terrorist intelligence provided by government agencies to further inform assessments of customers and related institutions.

Conclusion

The differences between money laundering and terrorist financing are striking in origination, scope, use and purpose. Yet their joint reliance on financial institutions offers opportunities for detection.

Even terrorist financing, with its additional challenges of smaller transaction amounts and initial legitimacy of most funds, can be detected by a dedicated detection team. The key is for the institution to actively practice strong KYC/CDD procedures in all aspects of opening accounts, monitoring activity for suspicious behavior and assessing the legitimacy of funds transferring both into and out of those accounts. These practices offer the best chance for an institution to detect and avoid efforts to use it for money laundering or terrorist funding.

(This is a guest post by Mojca)

Cryptosec is a leading provider of security solutions in the rapidly evolving world of blockchain, cryptocurrency, DeFi. Their specialist investigations arm, Crypto Investigators, offers expert services in blockchain forensics and legal investigations, leveraging deep industry knowledge and advanced investigative techniques to navigate the complexities of the digital age.

The post Combatting Money Laundering & Terrorist Financing appeared first on Cryptosec.

While we might sympathize with victims of such schemes, we often fail to see how far-reaching financial crime is. The reality is that financial crime affects every one of us personally, as well as impacting whole economies. So, what is financial crime? What does it do to us? And what is being done to fight it?

What is financial crime?

The term “financial crime” is an umbrella term covering a broad range of crimes rather than a specific act. Almost any non-violent crime that dishonestly generates wealth for the perpetrators falls under financial crime. Financial crimes typically involve some form of deceit, subterfuge or the abuse of position of trust, which distinguishes them from common theft or robbery.

In addition to the direct financial crimes the term also includes activities focused on hiding the illegal source or illegal destination of funds and placing them beyond the reach of the law. Examples are money laundering which tries to transform the proceeds of crime into ostensibly legitimate assets by hiding/changing the source of funds; or terrorism financing which attempts to hide the destination of funds so they could be used for criminal purposes.

Asset misappropriation, or embezzling, is the most common type of financial crime, because so many people assigned to handle their company or organization’s money have means to commit these crimes. These crimes, though, are often minor and they have the highest rate of detection, because those who perpetrate them are usually inexperienced in covering their actions. Furthermore, these crimes usually hurt only those with a direct stake in the company or organization, limiting the scope of damage.

Tax evasion is another common type of financial crime that affects more people. It siphons government revenues away from the economy. It also forces taxpayers to shoulder a heavier burden to replace lost revenues. Even here, though, when tax evasion is done on an individual basis, the overall effect to the society, while not negligible, is smaller than many other types of financial crime.

Different types of fraud, too, are a subset of financial crime. Fraud has a significant impact to the society. Association of Certified Fraud Examiners estimates that a typical organization loses 5% of revenue to fraud each year. Consumer fraud is also a huge problem with various estimates putting 5% – 15% of adult population being victims of fraud.

With cybercrime, or more specifically, cyber-enabled financial crime, we start to see increasingly a broader scope. Cost of cybercrime is estimated to reach $6 trillion by 2021 and is already now estimated to be significantly larger than prostitution, illicit drug trade and human trafficking combined. It enables criminals to target more victims, such as the theft of more than USD 300 million from more than 100 banks and financial institutions in Europe and the U.S. through malware and hacking. Cybercrime can also support traditional criminal activity, with the goal of the hack not being direct monetary gain, but rather acquisition of information that aids criminal activity. We see such cybercrime in the hacking of port data in Antwerp. The hack helped smugglers who had hidden drugs in incoming cargo containers identify and seize those containers before they could be delivered to the rightful owners.

However, it’s with the money laundering and terrorism financing that, in my opinion, we start to see the broader reach of financial crime. The large amount of funds crime puts in the perpetrators’ possession could ultimately lead to detection and prosecution unless that money can be successfully made to look like it came from legitimate sources. This process of “legitimizing” illicit funds, known as money laundering, is what ultimately leads to such massive financial impact on governments, financial institutions, businesses and individuals. Tackling money laundering and terrorism financing has the potential not only to reduce the direct impacts, but also to impact terrorists’ ability to mount attacks, as well as make any type of crime less profitable and riskier to criminals.

Assessing the economic costs of money laundering

Definitive figures on money laundering are elusive. Monetary figures for these crimes don’t appear in normal measurements of economic activity.

Estimates, however, made by organizations tasked with fighting these crimes show enormous impact. A 2009 United Nations Office on Drugs and Crime report estimated criminal proceeds for that year at USD 2.1 trillion – equal to a staggering 3.6% of that year’s global GDP. The intergovernmental agency charged with enforcing global standards for fighting money laundering and terrorist financing, the Financial Action Task Force (FATF), puts the impact of money laundering into perspective by comparing it to the GDP of an economy the size of Spain.

Understanding social costs

Even with those numbers, how can money laundering, a practice that most people see as having no effect on them, do such damage? Consider what money laundering requires to succeed.

It tears that massive amount of money out of the economic system. That greatly increases taxpayers’ burden while reducing the services they receive.

It costs the government additional funds for law enforcement to fight not only the financial crimes, but also the underlying crimes that generated the laundered funds. Such crimes have massive social impact in terms of violence and healthcare costs.

It raises the cost of banking. Banks must employ specialists to detect and disrupt the complex schemes that 1) move money through multiple institutions, 2) increase volatility of each bank’s holdings, 3) threaten the safety of depositors’ money and 4) erode depositors’ trust. These effects are so severe that they even produced bank failures in some countries. They also increase volatility in developing nations’ economies, as money launderers move money from country to country in the same way.

It increases violence, government corruption and corporate crime, as money launderers execute their plans by any means necessary. It causes failure of legitimate businesses and loss of workers’ jobs. Front companies compromised by money launderers can operate the legitimate parts of their businesses at a loss, placing legitimate competitors at an economic disadvantage and force them to fail.

Then, when it no longer serves money launderers’ interests to use those front companies, money launderers can pull out and go elsewhere, leaving those companies – or entire industries that they have taken over by forcing competitors to fail – to collapse.

These are only some of the social costs. Others include weakening of national economies, devaluing of nations’ currencies as money launderers manipulate exchange rates to maximize their profits, stripping foreign currency reserves from developing nations and loss of economic opportunities for those nations.

How money laundering operates

So, with these economic and social costs in mind, let’s examine how money laundering operates. And, because terrorism funding operates in a similar way and is usually detected through the same techniques, we’ll look at it, as well.

Traditional money laundering

In traditional money laundering, a group or person engaged in illicit activity seeks to make their influx of money look legitimate. To do this, they divide it into smaller amounts that are less likely to arouse suspicion and deposit them in multiple financial institutions under multiple names. This process may include smuggling cash into other countries to spread the deposits over multiple jurisdictions.

With these deposits complete, money launderers repeatedly transfer funds to other institutions, often in countries whose banking laws protect the anonymity of account owners from investigation. Ultimately, the illicit source of the funds disappears in the long chain of transfers.

Another money laundering method is to establish dummy businesses. These appear to be legitimate, but their main purpose is to accept illicit money and generate receipts that make the money appear to be payments for legitimate products or services. Using bribery, extortion or strong-arm tactics, criminal organizations can take over entire industries in developing nations and use them to launder illicit funds.

The “revenues” of these dummy businesses can then return to the originator of the transaction chain as seemingly legitimate profits. The originator can then use them without fear of the funds being traced to the crimes that generated them.

Terrorism financing

Terrorist funding operates slightly differently. In terrorist funding, terrorist supporters often obtain the original funds legitimately. Although funds often have no taint of criminal activity, the purpose or the destination of the funds is criminal and thus the perpetrators try to hide the destination. Donors also want to protect their anonymity to avoid prosecution or financial action against them. Thus, the funds must still be rendered untraceable.

Laundering terrorist funding uses the same chain of financial transfers to anonymize sources. It also uses the hawala money transfer system common in the Middle East, which allows anonymous transfers of cash. Takeovers of businesses and industries is less common in terrorist funding, largely because the focus is on moving money to terrorist operatives rather than maximizing the funds before they return to the originator.

This highlights the difference between traditional money laundering and terrorist funding. In traditional money laundering, the original money came from criminal acts and goes through a chain of transactions so it can come back to the originator apparently legitimate. In terrorist funding, the original money was often made legitimately, but the chain of transactions goes to operatives who will use them to commit crimes.

Because of this, detection of terrorist funding can also occur when the funds reach their destination. To successfully achieve the goals of terrorist funding, those engaged in it must anonymize the money at both ends of the chain. This gives those who fight terrorism funding a second place to detect illegal activity.

What’s being done

Efforts to combat financial crime are no less broad in scope than the problem. Those efforts require international involvement. No one country can fight these crimes alone. When criminal organizations and terrorist groups meet resistance in one country, they simply move to another.

Therefore, international organizations like the FATF, along with the United Nations, the World Bank and many smaller, regional organizations, enforce uniform standards for Anti Money Laundering (AML) and Counter Terrorist Funding (CTF) globally. The FATF helps nations adopt its internationally endorsed global standard, The FATF Recommendations (known for many years as the 40 Recommendations, even after its number grew beyond 40) and monitors compliance.

These recommendations are more than suggestions. FATF demands that countries fully implement the recommendations in their financial systems, places any country that does not comply on its list of “uncooperative countries” and urges nations that follow the Recommendations not to have financial dealings with countries on the list.

AML and CTF standards for banks include prohibiting anonymous accounts or accounts in fictitious names; practicing due diligence to ensure that new customers and wire transfers do not support illegal activities; and confirming compliance to AML and CTF standards of foreign financial institutions before transacting business with them. In addition, financial institutions must know their customers’ banking patterns well enough to identify deviations; report all suspicious financial activity; maintain an internal taskforce to protect the institution against money laundering and terrorist funding efforts; and follow all other standards proposed by FATF and set by local financial regulators.

A long way to go

All this does not mean that these financial crimes are close to final defeat, though. Money launderers and terrorist groups are notoriously resilient. When one avenue for their activities closes, they simply open another.

The only deterrent to these crimes is constant watchfulness on the part of financial institutions and enforcement agencies. Compliance to such basic standards as customer due diligence and knowing customer banking patterns can reduce these crimes by preventing new financial crime conduits from taking root. But I’ll talk about that more in my next post.

Wrap-up

Financial crimes, such as money laundering and terrorist financing, have ramifications that reach far beyond their immediate victims. Financial crimes harm everyone from superpowers to large corporations to individuals.

The financial crime problem is massive and constantly changing as money launderers and terrorist groups strive to stay one step ahead of detection. Progress is being made, but more needs to be done in terms of international cooperation and identifying new strategies employed in these crimes. Vigilance is essential if nations, businesses and individuals are to see a reduction in the damage inflicted by these crimes.

(This is a guest post by Mojca)

Cryptosec is a leading provider of security solutions in the rapidly evolving world of blockchain, cryptocurrency, DeFi. Their specialist investigations arm, Crypto Investigators, offers expert services in blockchain forensics and legal investigations, leveraging deep industry knowledge and advanced investigative techniques to navigate the complexities of the digital age.

The post Financial Crime, Money Laundering and Terrorism Financing appeared first on Cryptosec.

What are the effects of these widespread crimes that fly under the radar of much of the population? And why are these effects so massive?

Understanding the economic cost of money laundering

It’s hard to pin down a dollar amount for what money laundering costs the global economy. Normal economic activity measurements can’t track funds generated by activities that go to great lengths to remain hidden from public awareness.

That hasn’t stopped organizations that fight these crimes, however, from making estimates. And those estimates show immense impact. A 2009 report by the United Nations Office on Drugs and Crime assessed that year’s proceeds from criminal activity at USD 2.1 trillion. That amount is equal to an astonishing 3.6% of that year’s global GDP.

The Financial Action Task Force (FATF), an intergovernmental agency tasked with establishing global standards to combat money laundering and terrorist financing, once compared the amount of funds diverted from the global economy into the hands of money launderers to the GDP of the entire economy of Spain. The impact of money laundering on the global economy is staggering.

Recognizing the social costs

So, how does money laundering, a crime that many people think doesn’t affect them, have such a huge impact? First, the fact that it is so often successful in making illicit funds freely spendable for the criminals that generated them makes those criminal acts safer for criminals to commit, and therefore more attractive to them as a way of achieving wealth.

The criminal acts that money laundering facilitates rip vast amounts of money out of the economy. They pull funds out of productive activities that could grow the economy and benefit many people Instead, they divert those funds into a complex system of empty financial transfers that benefit only the few perpetrators of the original crimes. The loss to the economy greatly increases honest taxpayers’ share of the load, while simultaneously reducing the services they receive.

Those criminal acts also increase demand for law enforcement resources to fight the violent and personal crimes that money laundering facilitates. This diverts further tax revenues. Instead of spending that could boost the economy and provide more jobs and services for people, the government must spend more to fight both the original crimes and the financial crimes that make the original crimes profitable.

Healthcare costs rise because of violence and drug addiction spawned by the original crimes. And social costs are staggering, in terms of lives either ruined or lost through the commission of them.

In addition to increased violence and the human costs associated with crime, money laundering and the crimes it facilitates also increases government corruption and corporate crime, as money launderers reach beyond financial institutions in their quest to turn tainted money into clean money.

They seek regulators who will turn a blind eye to money laundering schemes in return for a payoff. They leverage decision-makers in businesses to run tainted funds through their books and provide those funds with a paper trail that makes them look like legitimate revenues and expenses.

In doing so, money laundering can cause businesses to fail and workers to lose their jobs. It makes businesses that agreed to serve as money laundering conduits dependent on tainted cash inflow for survival. Then, as soon as the business draws unwanted attention from law enforcement, money launderers pull out, move on to create new conduits leave their front businesses to fold.

The effect of money laundering on businesses extends beyond just the compromised businesses. Front companies used by money launderers often operate the legitimate parts of their businesses at a loss, because their profits from money laundering outweigh profits they could make from legitimate business. This places their competitors at an economic disadvantage. Legitimate competitors are reliant on legitimate revenues to survive. When compromised businesses consistently undercut legitimate businesses’ prices, the legitimate businesses are squeezed increasingly toward collapse.

This squeezing out of legitimate competitors often is part of the money launderers’ plan. By eliminating or buying out failed competitors, money launderers can take over entire industries in a country. That gives them a virtual monopoly where, in addition to using compromised businesses for money laundering, they can also drive up prices that businesses in other industries must pay to use the compromised industry’s services.

This kills productive economic activity that normally occurs in competitive environments and diverts even more money into the pockets of money launderers. And, as it did with businesses driven to failure in the compromised industry, it extends the threat of business failure and job loss into other industries that need the services of industries that money launderers control.

The damage doesn’t stop there, either. Eventually, governments recognize the criminal influence over compromised businesses or industries and act to bring those racketeers to justice. But those behind such schemes have no stake in the businesses and industries they control, other than the money laundering conduit that they provide. So, when facing potential legal action, money launderers simply pull out their funds and start over somewhere else. This leaves those businesses or industries that were propped up by illicit funds to collapse, with consequent loss of jobs and widespread damage to surrounding businesses.

Money laundering also affects the financial community. The more tainted money that runs through a financial institution, the more volatile that bank’s holdings will be. That volatility can threaten the safety of honest depositors’ money with the possibility of bank failures, as has occurred in some countries.

Even entire developing countries can be at risk. Where money launderers can use their influence to manipulate exchange rates to their advantage, they will do so. This often costs developing nations their foreign currency reserves and stifles economic opportunities.

Conclusion

Clearly, the impact of money laundering is far greater than many people think. Far from being a victimless crime, it supports and enables the damage that violent crime inflicts on society, and it has massive economic impact from government to industries to businesses to individuals. Money laundering is essential to address in government, in law enforcement and in financial institutions.

Cryptosec is a leading provider of security solutions in the rapidly evolving world of blockchain, cryptocurrency, DeFi. Their specialist investigations arm, Crypto Investigators, offers expert services in blockchain forensics and legal investigations, leveraging deep industry knowledge and advanced investigative techniques to navigate the complexities of the digital age.

The post Destructive Societal Costs of Money Laundering appeared first on Cryptosec.

Anti-Money Laundering (AML) and Counter Terrorism Funding (CTF) are not the most popular subjects in banking circles. Bankers often find Know Your Customer (KYC) and Customer Due Diligence (CDD) regulations confining and cumbersome. Those regulations are elaborate and strenuous, to the point where even some KYC/CDD team members consider them tedious. The value of Anti-Money Laundering and Counter Terrorism Financing, though, far outweighs its disadvantages. We see this as we look at why financial institutions sometimes choose to cut corners on compliance. And we see the consequences of doing so.

Why institutions cut corners

One common reason that some institutions relax their practices is bad economic conditions. Banks struggling to stay afloat when funds from legitimate sources decrease may start accepting questionable transactions. This was often the case toward the end of the past decade when the global monetary crisis made legitimate funds scarce.

How much did difficult economic times give money launderers increased access to financial institutions? The head of the UN Office on Drugs and Crime estimated the amount of tainted funds entering the global banking system at USD 352 billion during that time, as failing banks strained to survive.

Tough economic times are not the only reason banks cut corners, though. Some institutions do it even when the economy is strong. Sadly, cutting corners on Anti-Money Laundering and Counter Terrorism Financing regulations sometimes occurs as a misplaced effort toward better customer service.

New customers sometimes object to providing all the information that KYC/CDD teams need to carry out a proper investigation, and bankers may fear offending them and driving them away. So, in the name of giving customers a positive experience, the bank cuts corners. While positive customer experiences are certainly to be encouraged, practices that compromise compliance should never be the means to do so – not when it leaves an opening for money launderers or terrorism funders to penetrate the institution.

A third way that decisions to cut corners can compromise Anti-Money Laundering and Counter Terrorism Financing practices is outright corruption. While no one wants to consider this a possibility at their institution, it does sometimes occur. When bank officials turn a blind eye to money laundering or terrorism funding, KYC/CDD practices are easily weakened.

Finally, cutting corners sometimes comes right from those who work most closely to prevent tainted funds from entering their institutions – the KYC/CDD teams themselves. Feeling pressure from bank management to process new accounts faster than a thorough investigation allows, the team may streamline investigations. They may even eliminate or simplify steps they find most tedious.

Consequences for anti-money laundering noncompliance

The results of cutting corners, however, can be ruinous. They can range from damage to the bank’s reputation to crippling fines to downright bank failure. Even the least of these, reputational damage, can be disastrous.

The decision of some Latvian banks to quietly accept money laundering funds looked profitable to bank officers. It opened a large source of new income. The officers soon came to regret their decision, though. Rumors soon circulated that the banks were involved in money laundering, leading legitimate customers to fear that this would put their accounts at risk, perhaps even to the point of bank closure. Those customers withdrew their money in droves, leaving the bank with an even higher concentration of money laundering funds. That made things progressively worse. More and more outside banks refused to do business with the Latvian banks. That isolated them, made their assets even more volatile and left them ever more vulnerable to failure.

Noncompliance can also cost banks heavily. The Agricultural Bank of China received a USD 215 million fine for facilitating money laundering. HBSC received an even larger fine, amounting to a colossal USD 1.9 billion.

But the threat of closure or massive penalties that those banks suffered are nothing compared to what two Swiss banks in Singapore experienced. The Monetary Authority of Singapore closed BSI Singapore and Falcon Private Bank in 2016 because of gross misconduct in handling questionable transactions and relationships.

Benefits of compliance

Clearly, the devastating consequences for lax Anti-Money Laundering and Counter Terrorism Financing enforcement make the reasons for cutting corners look foolish. Yet the reasons for enforcing rigorous KYC/CDD practices go beyond merely avoiding negatives. Plenty of positive reasons exist, as well.

AML/CTF regulations are a first step toward stopping violent criminals or terrorists. It helps stop people who ruin lives, or even take them, through their crimes. Strenuously following Anti-Money Laundering and Counter Terrorism Financing practices identifies and provides evidence against them.

Detecting illicit activity through Anti-Money Laundering and Counter Terrorism Financing practices can lead to the apprehension not just of one criminal, but a whole string of them – drug traffickers, terrorists, identity thieves and others who bring unmeasured heartache and loss to innocent people.

Anti-Money Laundering and Counter Terrorism Financing compliance also protects banks’ integrity. It safeguards banks from the reputational damage, penalties and vulnerabilities that banks experience when concentrations of illicit funds increase.

Finally, far from the fears of offering customers a negative customer experience that leads some banks to cut corners, Anti-Money Laundering and Counter Terrorism Financing compliance actually helps legitimate customers have a better, more enduring customer experience. It gives those customers a relationship with a safer, stronger, more stable bank that is better able to keep their funds safe and secure.

Conclusion

Anti-Money Laundering and Counter Terrorism Financing admittedly is strenuous. It has to be to stand up to the constant attempts by money launderers and terrorists to penetrate banks and compromise financial networks for those criminals’ dishonest gain. Anti-Money Laundering and Counter Terrorism Financing is essential, though, to maintaining healthy financial institutions, a healthy economy and a reduction in the violent crimes money launderers and terrorists commit. It may be tempting to cut corners in compliance, but rigorous compliance has benefits that far outweigh the disadvantages.

Cryptosec is a leading provider of security solutions in the rapidly evolving world of blockchain, cryptocurrency, DeFi. Their specialist investigations arm, Crypto Investigators, offers expert services in blockchain forensics and legal investigations, leveraging deep industry knowledge and advanced investigative techniques to navigate the complexities of the digital age.

The post Value of Anti-Money Laundering & Counter-Terrorism Financing appeared first on Cryptosec.

In that stage, detection teams proficient in Know Your Customer (KYC)/Customer Due Diligence (CDD) practices for combatting money laundering do extensive investigations to detect efforts to place illicit funds in their financial institution. Unfortunately, many placements still succeed.

That moves the battle that KYC/CDD teams fight to the second money laundering stage, Layering. Layering involves building a complex web of money transfers to obscure the funds’ criminal source.

As they do in the Placement stage, KYC/CDD teams target the vulnerabilities in the Layering stage in the hope of frustrating money laundering efforts. So, we look at Layering to see the variety of techniques money launderers use to try to “legitimize” their illicit funds, the vulnerabilities in those techniques and how KYC/CDD teams seek to exploit them.

The goal of layering

At this stage, money launderers’ funds sit in accounts in various financial institutions, successfully placed. As long as those funds remain where they were deposited, though, they are at risk. Although they were placed successfully, money launderers have far more money to place on an ongoing basis.

If funds sit in an account and that account is later detected, those funds can be seized. So, money launderers want to keep funds moving until they have passed through so many hands that investigators will be unable to connect them to the criminal acts that generated them. In doing so, money launderers attempt not only to confuse any investigators who try to follow the paper trail, but actually to create a paper trail that makes those funds appear legitimate.

Money laundering: moving the funds

Money launderers’ first step in layering is to confuse the trail. To do this, they again divide the funds in their accounts. This sends various fragments of original deposits to multiple accounts in other banks and prevents investigators from tracking illicit funds by following a certain dollar amount.

Money launderers may transfer parts of the original deposit to banks in offshore accounts, in countries where banking laws offer account holders anonymity. Moving funds there makes it hard for investigators to follow the trail, because those financial institutions refuse to provide investigators with the information they need.

The money launderers may transfer other parts to banks in countries that are lax in following detection practices, or whose officers are actively complicit in money laundering. This, too, makes it hard for investigators to follow the trail. Other parts may be transferred from bank to bank in varying amounts to give an impression of legitimate money movement.

KYC/CDD: monitoring and risk assessment

KYC/CDD teams don’t sit idly by as this happens, and their investigations on account applications don’t end when an applicant is approved. As part of the process of investigating applicants, KYC/CDD teams develop a profile of each customer, based on known income sources and activity.

Each profile suggests the type of banking activities the institution can expect this customer to transact, based on the activities of other customers of a similar profile. This provides a basis for monitoring customer activity. Activity that falls outside expectations (e.g., larger than usual deposits, transactions with institutions not normally patronized by individuals of that profile type) trigger an investigation and possible reporting to authorities.

In addition, KYC/CDD teams don’t treat every customer the same. They assign each customer a risk rating. This determines the level of scrutiny teams apply to monitoring various customers. The higher a customer’s risk rating, the closer scrutiny teams will pay as they monitor for anomalies that may point to money laundering involvement.

This risk level may change over time. The more anomalous activities an account owner performs, the higher his or her risk level will rise. For example, frequent transfers to offshore accounts or foreign banks by someone whose application information doesn’t suggest such transaction will face greater scrutiny.

The institutions with which customers interact also affects KYC/CDD risk assessment. Detection teams assess those institutions to determine their reputation for compliance to Anti Money Laundering (AML) practices. Transacting business with banks that are lax will earn that customer greater scrutiny and possible reporting.

Money laundering: moving outside the financial system

The layering process goes on and on, creating an ever more complex paper trail to obscure the illicit source of the original funds. Although KYC/CDD teams’ monitoring and risk assessment continues to flag questionable transactions, the deeper the layering and the farther from the original crime, the more natural transactions appear, making detection harder.

This is especially true when funds move outside traditional financial networks, into alternate exchange systems, such as the Middle Eastern hawala, Indian hundi, Chinese fei chi’en or South American Black Market Peso Exchange. These systems rely on brokers who arrange transfers from one person or location to another without any cash physically changing hands or any records being generated.

Another way that money launderers move cash is by physically smuggling it across borders to break the paper trail that financial networks generate. They may also buy and sell luxury goods, such as diamonds or artwork, to further confuse the trail. At any rate, money launderers employ a dizzying array of techniques to accomplish their goals.

Money launderers: legitimizing the funds

Ultimately, the goal of the layering stage is to give money launderers’ funds the appearance of having been obtained legitimately. This, too, is done largely outside the financial system and outside the scope of KYC/CDD teams. It passes into the hands of law enforcement authorities tasked with fighting racketeering.

Money launderers may leverage businesses to serve as conduits for legitimizing illicit funds. For such companies, legitimate work becomes secondary to their ability to receive illicit funds and create invoices that describe those funds as payments for goods or services.

Or money launderers may mix their money with that of cash-intensive businesses they control. Casinos, bars, restaurants and check-cashing operations are ideal for this, as they receive large flows of cash. Money launderers can easily add illicit cash to the mix and hide it in these business’ accounts, hoping investigators will not compare account totals to financial statements. Or they can doctor financial statements, disguising illicit funds as part of legitimate revenues.

Conclusion

The whole money laundering stage of layering, when complete, enables perpetrators of crimes to receive their money back in the final stage of money laundering: Integration, in which the funds are available to use freely, with a paper trail that makes them appear to have been obtained legitimately.

The cat-and-mouse game between money launderers on one side and KYC/CDD teams and law enforcement agencies on the other is a continuous process throughout the layering stage. Each side tries new approaches to get a step up on the other, with wins and losses achieved on each side.

The wins that KYC/CDD teams earn, however, come only through clear understanding of the money laundering process and the vulnerabilities inherent in its stages. By ongoing vigilance and steady growth in solid AML practices, financial institutions can slow the flow of money laundering through their doors and enjoy greater stability.

Cryptosec is a leading provider of security solutions in the rapidly evolving world of blockchain, cryptocurrency, DeFi. Their specialist investigations arm, Crypto Investigators, offers expert services in blockchain forensics and legal investigations, leveraging deep industry knowledge and advanced investigative techniques to navigate the complexities of the digital age.

The post Fighting Money Laundering at the Layering Stage appeared first on Cryptosec.

Table of Contents

One key to fighting money laundering is understanding its process and the vulnerabilities in each stage of it. The first stage is Placement. Placement entails depositing illicit funds into financial institutions.

Several vulnerabilities lie in this stage. So, we look at it to see what questions money launderers must answer in this stage to overcome their vulnerabilities, and how detection teams skilled in Know Your Customer (KYC)/Customer Due Diligence (CDD) practices seek to exploit them.

How can we deposit large amounts of money?

During placement, money launderers have a sum of money of such magnitude that depositing it as a lump sum would trigger mandatory reporting requirements and draw the attention of authorities. So, money launderers break that sum into multiple deposits to avoid exceeding mandatory reporting thresholds. The more money they need to place, the more deposits they need to make.

This raises another problem for them. Making multiple deposits that lie just under reporting thresholds in a single account within a few days will raise red flags. Dozens of accounts opened in a single bank under a single name will also raise the bank’s suspicions and lead to detection. So, money launderers use multiple banks and multiple names to keep deposits small enough to look natural. The more deposits they need to make, the more complex their depositing scheme must become.

Response: KYC/CDD teams screen applicants

To exploit this vulnerability, Anti–Money Laundering (AML) regulations require financial institutions to have KYC/CDD teams check identities of all prospective customers before the bank can do business with them. If any depositor name is tied to money laundering or other criminal activity, the application may be rejected and the information turned over to authorities.

How can we get past initial screening?

Money launderers know that most of them will appear on criminal watch lists. That reduces the number of legitimate identities they have available for opening accounts. They can enlist people who have, at least at that moment, no personal connection to money laundering or other criminal activity and attempt to hide the actual account owner’s identity behind these account owners in name only.

Response: KYC/CDD teams dig deeper

Here, too, AML practices target this vulnerability. The KYC/CDD team doesn’t stop when an applicant name doesn’t appear on money laundering watch lists. They go further to check whether applicants have ties to anyone on the watch lists.

In addition, the KYC/CDD team will investigate whether the applicant will be the actual account owner, or merely a third-party representative. If the latter is the case, the team must investigate both the representative and the owner.

How can we get names that won’t show up on watch lists?

With names of money launderers and their associates likely to turn up in KYC/CDD team investigations, money launderers need legitimate names to get past KYC/CDD scrutiny. With most names that are available to them suspect, they turn to stolen or fake identities in their attempt to place deposits.

Response: KYC/CDD teams verify identities

Financial institutions target this vulnerability, as well. AML requirements lead KYC/CDD teams to make intensive investigations to confirm that identities of depositors on the applications are not stolen or faked.

These investigations dig deep into the documents presented at application to look for any sign of the applicant being fake or not the person he or she claims to be. In most cases, KYC/CDD teams verify identities and new customers successfully open an account. But the time and effort put into these investigations are worth it.

Recognizing the ongoing struggle

With the intensive investigations conducted on prospective depositors, and the stringent safeguards that trigger alerts of suspicious deposits, many money laundering deposits are prevented. But not all are.

When you look at the questions that money launderers need to answer in order to succeed and the responses KYC/CDD teams have to those schemes, it might seem like KYC/CDD teams have all the answers, that no money laundering attempt could possibly succeed. Unfortunately, despite the best efforts of KYC/CDD teams, most money laundering attempts succeed and thus enter the financial system.

With the vast amount of illicit funds they generate, criminal organizations can easily write off losses from detected deposits as a simple cost of doing business. Money launderers experiment constantly with new schemes and techniques to avoid detection. Techniques that fail are abandoned or tweaked to eliminate the element that triggered detection. Techniques that succeed are adopted and used extensively, until KYC/CDD teams enact new safeguards to defeat those techniques.

Placement attempts may not all be detected, but efforts do bear fruit. And for each detected attempt and each investigation escalated to law enforcement authorities, the burden that money laundering places on financial institutions – and society – are that much less.

Cryptosec is a leading provider of security solutions in the rapidly evolving world of blockchain, cryptocurrency, DeFi. Their specialist investigations arm, Crypto Investigators, offers expert services in blockchain forensics and legal investigations, leveraging deep industry knowledge and advanced investigative techniques to navigate the complexities of the digital age.

The post Fighting Money Laundering at the Placement Stage appeared first on Cryptosec.