How does financial crime interact with other complex threats – and how do organisations protect themselves whilst allowing business to continue?
Firms, regulators and governments alike have been asking this critical (and, at times, overwhelming) question with increasing frequency. Yet, from the rise of disruptive technologies to cybersecurity threats, many organisations are still searching for a clear answer – a solution that, in the words of one of our clients, is both sustainable and adaptable to the pace of change, yet customised to suit the risk exposures and profile of the institution itself. We are delighted to introduce our insights dedicated to navigating these challenges in our latest Financial Crime Quarterly, all drawn from our latest work in the field.
The challenge of converging issues – financial crime, fraud, technological advancements and cyber-attacks – is not merely a theoretical one, either. We have been tracking, with rising concern over recent months, a number of increasingly sophisticated threats against financial institutions, central banks, law enforcement and the regulatory community – not to mention the digital, financial, and physical infrastructure of entire jurisdictions. Last year, in one of the more recent (and concerning) episodes, US authorities published an industry warning about an ongoing campaign by the so-called ‘BeagleBoyz’, a North Koreanlinked cybercriminal group, using remote-access malware tools to siphon more than US$2 billion from financial services institutions in more than 38 countries.
Some of their techniques we have seen before (and have written about): the targeting of cryptocurrency exchanges and payment institutions, often with various obfuscating devices and associated malware, to facilitate criminal activity across numerous countries, including (and certainly not limited to) Australia, Belgium, Canada, China, Denmark, Estonia, Germany, Ireland, Italy, Luxembourg, Malta, the Netherlands, Poland, Russia, Saudi Arabia, Slovenia, Spain, the UK and the US.
But it is not just limited to emerging technologies and FinTechs. For mainstream financial institutions, the red lights of cyber risk are too bright to ignore. Last year, hundreds of banks (which are particularly vulnerable) and even wholesale participants were subject to attacks that stole funds and created significant disruption – including a prominent stock exchange that was forced offline for a week after a denial of service (DDoS) attack forced a stoppage of trading. Many of these institutions realised their cyber defences were ripe for exploitation, but only in hindsight. And these advanced threats go on in the background, relatively unnoticed, whilst jurisdictions and firms deal with the more ‘traditional’ concerns, from staying competitive in a challenging economic climate to financial crime investigations and the FATF assessment process. Ironically, the ‘traditional’ challenges are increasingly morphing into concerns emerging from a number of similar risk vectors, forcing executives and policy-makers to fight multiple battles at once.
Yet there is a reason for optimism. Deeper understanding and advancements in knowledge about the interaction of these risks is already emerging – and it is an overview of which is exactly what the pages of this newsletter intend to provide.