By Taylor Humphreys, FinCrime Threat Intelligence Analyst at BAE Systems

Cyber crime as a mechanism to commit financial crime (fincrime) has escalated in the last decade as the digital age has grasped our lives. The complex interplay between cyber crime and fincrime is becoming more visible, with countries such as the UK raising cyber crime’s profile in the Economic Crime Plan, and with European anti-money laundering (AML) regulations articulating cyber crime as a predicate offence.

As digitisation efforts continue (indeed the Covid-19 pandemic accelerated many of these), and as threat actors become more sophisticated and specialised in their crime craft and/or money laundering capabilities, the overlap between cyber crime and fincrime is one that cannot be ignored and must remain a priority among financial institutions.

The cyber crime/ fincrime overlap

Traditional distinctions between cyber crime and fincrime are blurring. If a cybercriminal has a financial motivation, there will be an overlap between cyber crime and fincrime, because the illicit proceeds will need to enter and move through the financial system for criminals to benefit monetarily from the cyber intrusion element of the crime.

This interplay is far more complex in reality. Agile threat actors are constantly adapting, resulting in a race between threat actors, regulators, law enforcement and financial institutions. As cyber criminals develop more lucrative attacks, the opposing side must, in response, race to increase protection, detection and disruption efforts. An issue which has only been exacerbated by the Covid-19 pandemic, as we have seen a sudden switch to remote working and socialising, with cyber hygiene following slowly behind. This has afforded cybercriminals a greater pool of potential targets and opportunities for compromise.^[1]

Financial institutions face increased responsibility

Financial institutions are at risk of being directly targeted by cyber criminals, with ‘cyber heists’ or Business Email Compromise (BEC) attacks being examples of known and recent methods. For example, North Korean state-sponsored threat actors stole $81 million from the Bank of Bangladesh in a cyber-heist in 2016, and a more recent case in 2019 saw the attempted theft of approximately €13 million from the Bank of Valletta. ^{[2] [3]}

However, financial institutions also risk facilitating the monetisation of cyber crime in relation to AML failures because they are directly exposed to the process.

In working to better understand cyber crime as a predicate offence to money laundering, financial institutions will be in a better position to detect and report suspicious activity perceived to be in relation to cyber crime. This will help to enhance the quality and accuracy of suspicious activity reporting, better equip law enforcement to investigate cyber crime, help protect financial institutions from the potential repercussions of inadequate AML efforts, and help in the whole-of-society approach to tackle cyber crime.

Significantly, cyber crime was explicitly recognised as a predicate offence to money laundering for the first time in the European Union’s 6^th AML Directive, published July 2021. The Directive defined 22 predicate money laundering offences to harmonise the understanding of money laundering across the EU. For banks to comply with the new Directive, they must be aware of the predicate offences, know how to identify them, and act upon suspected suspicious activity.

The EU Directive is for EU Member States and those that choose to follow their rules. Yet, cyber crime has been on the EU regulator’s agenda for several years and it can reasonably suggest that in the future other regulators may also recognise cyber crime as predicate offence to money laundering and alter regulations accordingly.

Key insight

BAE Systems Digital Intelligence investigates the money flow of different types of cyber crime and simulates the associated behaviours. We have defined and outlined different types of cyber crime in terms of their cyber intrusion element, detailing typical techniques, tactics, and procedures.

• Illicit funds move from the victim’s bank account to cryptocurrency
• Illicit funds move from the victim’s bank account to the perpetrator’s bank account (knowingly)
• Illicit funds move from the victim’s bank account to a money mule’s bank account (unknowingly)
• Illicit funds are withdrawn from the victim’s bank account via cash or cheque
• Follow on fraud; directly buying goods or services

It is important to note that one type of cyber crime may fit into multiple categories. Crime is not a linear concept, and not all criminals will think and behave alike, criminals can adopt many different methodologies but still arrive at the same end result.

Final thoughts

Ultimately, in categorising different types of cyber crime, mapping their associated money flows, and understanding the typical ways in which threat actors launder cyber crime proceeds, it becomes possible for financial institutions to identify potential indicators of suspicious activity.

Through such efforts of developing a comprehensive library of criminal behvaiours and outlining the different types of cyber crime in greater detail, we can apply the relative categorisations to generate an even greater understanding of criminality.

Research like this is of vital importance if the industry is to understand the criminal typologies we face and stay ahead of emerging money laundering trends

About Author:

Taylor is a Security Consultant at BAE Systems Digital Intelligence, working across the Cyber Threat Intelligence team and the FTS team with four years of academic study dedicated directly to the fields of crime, security, and intelligence.

Motivated to assist the financial sector in using data to better detect criminality, Taylor researches and articulates different types of cyber criminal behaviours to be used to test the effectiveness of financial institution’s AML solutions. To do this, Taylor triages intelligence from law enforcement, subject matter experts, financial institutions, open-sources and regulators, to provide an articulation of cyber criminality that most closely resembles real-world criminal behaviours.