2017 Year in Review: 10 stories covering ransomware surge, data breaches, glimpse of U.S. AML future
Thursday, December 28, 2017
Posted by: Brian Monroe
By Brian Monroe
December 28, 2017
When it comes to the seemingly eternal conflict between financial crime professionals and organized illicit groups, corrupt powermongers and cyber hackers, there have been some incredible highs and lows in 2017 as these adversarial forces shift, ebb and flow, adjusting to new battle tactics, defenses and vulnerabilities.
The year saw some trends continue, particularly the ongoing prevalence of cyberattacks across the board in scope, creativity and complexity. There were also shifts from the previous year - 2017 saw fewer multi-billion-dollar financial crime compliance penalties, as more actions with smaller values took the place of eye-popping hauls.
As well, national policy makers and global watchdog groups appeared to tacitly agree current strategies broadly are not working and something has to change, a resolve in the face of desperation and paltry actual results.
Similar to 2016, this year saw the rise of journalists as agents of change with another historic leak, dubbed the “Paradise Papers,” giving a view into the shadowy world of company service providers and the risks of anonymous ownership structures.
On the whole, though, it seems defeats outnumbered victories.
On one hand, the U.S. Department of Justice crushed two of the world’s largest darknet markets, closing the door on sites that offered everything from drugs and stolen credit cards to murder-for-hire and hacking-as-a-service plots – a major blow to criminals who thought they were insulated from authorities using virtual currencies in the blackest reaches of the web.
But those wins come against on overall bleak backdrop of soaring ransomware and business email compromise (BEC) attacks, including one record fusillade, Wannacry, that hit hundreds of thousands of computers in more than 150 countries – what many experts later dubbed the largest ever such attack.
Overall ransomware attacks globally more than doubled in 2017, a terrifying trend as analysts and investigators had christened 2016, “The Year of Ransomware.”
One firm, Barkly, put the ransomware attack picture in stark relief with one 2017 statistic: A company is hit with a ransomware attack every 40 seconds, down from every two minutes earlier in the year. In that same vein, a person is attacked every 10 seconds, down from 20 seconds just months earlier.
Similarly, in the last two years, ransomware costs have surged to $5 billion, up from just more than $300 million in 2015.
In tandem, the scourge of BEC attacks has exploded. In the last two years, attacks coming from that vector have surged more than 2,000 percent, with the U.S. Federal Bureau of Investigations stating it is now a $5 billion global industry.
The fruits of those labors, illicit funds, have also mostly moved untouched.
Several U.S. Congressional hearings and international analyses have come to a sobering conclusion: the billions of dollars spent on anti-money laundering (AML) compliance, international investigations, forfeitures and prosecutions stop less than a decimal point of actual laundered funds.
These scary statistics have not gone unnoticed by major economies.
The U.S. Department of Justice, U.S. Treasury and Congress, along with international groups like the Paris-based Financial Action Task Force, have proffered a glimpse of the future of financial crime. A number of hearings and proposed legislation have laid out strategies including greater public-private sector information-sharing, greater cooperation on asset seizure, and more convergence between compliance, investigations and cybersecurity.
Here are 10 ACFCS stories highlighting some of these trends, actions and policies that shaped 2017, giving of view of what is likely to come in 2018.
COMPLIANCE ROUNDUP: U.S. VIEWED AS MORE CORRUPT, HSBC CLEARS DPA, UK CREATES NEW FINCRIME UNIT
Our Roundup series covers a lot of ground quickly. That HSBC earlier this month was able to clear its $1.9 billion 2012 deferred prosecution agreement for AML and sanctions failures was a major industry talking point.
Earlier in the year, even a monitor expressed concern it could make the deadline. But the institution persevered, and eventually cleared, what was at the time a record penalty. How? Snapping up some of the biggest names in compliance, including many top former U.S. Treasury officials. To read the full story, please click here.
EU PUBLISHES LIST OF ‘UNCOOPERATIVE’ TAX JURISDICTIONS, EXPANDS CONTROVERSIAL AML BLACKLIST
Also this month, the European Union published a first-ever list of “non-cooperative” tax jurisdictions, eventually naming more than a dozen countries for a bevy of different tax-related failures, including facilitating offshore structures, not participating in global information sharing agreements or having “harmful preferential tax regimes,” among others.
At the same time, European Commission parliamentary officials expanded a second, separate controversial proposed blacklist focusing on countries with perceived weak AML defenses, including lax implementation, effectiveness or enforcement. That effectiveness standard had previously been shot down by fearful member states. To read the full story, please click here.
TREASURY PICKS TOP DOJ OFFICIAL TO HEAD FINCEN, BRINGS NEARLY 30 YEARS OF PROSECUTORIAL EXPERIENCE
In mid-November, the U.S. Treasury picked a new fulltime leader for the Financial Crimes Enforcement Network (FinCEN), choosing a top U.S. Justice Department official with nearly 30 years of prosecutorial experience, a critical post that had been left without a permanent leader for nearly two years. The agency directly creates the country’s AML laws.
Kenneth Blanco, acting Assistant Attorney General of the Justice Department’s Criminal Division, would be taking over for acting director and longtime agency fixture Jamal El-Hindi, who himself was holding down the fort for Jennifer Shasky Calvery, a trail-blazing leader who improved the agency’s relevance and results. She later took a top compliance position at HSBC. To read the full story, please click here.
‘PARADISE PAPERS’ LEAK REVEALS HOW THE RICH, POLITICOS, HIDE OFFSHORE WEALTH, CLASHES WITH AML RULES
The late-year leak of millions of records tied to exclusive offshore services firm Appleby, used by the rich, famous and politically-connected, gave new insight into the secret tactics of the world’s elite to hide their ownership interests and shield their wealth from the prying eyes of tax authorities – coming on the heals of 2016’s “Panama Papers.”
The leak occurred against a backdrop of greater global focus on the risks of anonymous corporate ownership structures – ostensibly legal vehicles that have been used for illegal ends, including tax evasion, corruption, money laundering and terrorist financing – and growing momentum in countries like the United Kingdom, Europe and, to a lesser degree, the United States, to end such practices. To read the full story, please click here.
NATIONAL CYBERSECURITY AWARENESS MONTH: ACFCS OFFERS KEY ANALYSIS, RESOURCES TO RESPOND, RECOVER
In October, as a finial to Cyber Awareness month, and to more fully arm ACFCS members and the rest of the financial crime compliance community and corporations writ large, ACFCS bundled some critical content to help operations not become a statistic in the growing cyber war.
The story included coverage and teachable moments from several major actions throughout the year, including the Equifax Breach, the HBO hack, and Resource Roundups on ransomware and BEC attacks. To read the full story, click here.
ABA URGING TREASURY TO CREATE COMPLIANCE OMBUDSMAN AS AML ‘KNOWLEDGE-BASE,’ ENFORCEMENT MEDIATOR
In September, the American Bankers Association (ABA), representing the nation’s $17 trillion banking industry, urged changes in a comment letter covering several key areas of AML compliance, chiefly in the areas of how banks monitor customer transactions and report suspicious activities, the depth of investigations and related regulatory punitive measures.
Some of the ideas detailed by the ABA included creating an AML compliance “gatekeeper,” an independent entity that would act as a go-between between the various competing interests that banks must juggle under current compliance structures: regulators, law enforcement, auditors, customers and shareholders. To read the full story, click here.
U.S. LEADS GLOBAL ONLINE, UNDERCOVER EFFORT TO CRUSH LARGEST UNDERGROUND ‘DARK MARKET'
In July, U.S. authorities lead an international consortium of law enforcement partners in shutting down the largest ever online “Dark Market” site, a destination for scum and villainy bartering in the currency of crime, including opioids, hacking tools, counterfeit goods and stolen identities.
In that raid, the U.S. Department of Justice, working in concert with law enforcement agencies in the United Kingdom, the Netherlands, Thailand, Europol and others, brought down AlphaBay, a site that allowed hundreds of thousands of people to buy and sell an array of illegal goods and services over the Internet for the last two years – users had believed with impunity. To read the full story, click here.
IN $540 MILLION CIVIL FORFEITURE TIED TO 1MDB, INSIGHT ON FRAUDSTERS, LESSONS FOR AML OFFICERS
In June, the U.S. government issued a more than half a billion-dollar civil forfeiture order seeking to recover assets bought with money stolen from a Malaysian sovereign wealth fund, referred to as 1MDB, in a case that highlighted the risks of banks dealing with complex private equity and securities firms.
The $540 million forfeiture complaint detailed the financial crime compliance vulnerabilities and tactics – including evasion by customers, support by corrupt insiders and dishonest senior management – that allowed a small cabal of individuals to pilfer $4.5 billion from the 1Malaysia Development Berhard (1MDB) in what many called at the time the world’s largest fraud. To read the full story, please click here.
NEW U.S. BILL WOULD REVAMP AML LAWS WITH 'WISH LIST' OF TRANSPARENCY, ENFORCEMENT MEASURES
In June, a new U.S. bill entered the Congressional fray seeking to modernize and strengthen money laundering laws, bolster corporate transparency by criminalizing concealment of beneficial owners and allow money laundering charges to be tacked on to tax crimes.
The draft legislation sought to batten down many longstanding gaps in the country’s financial crime countermeasures, improve intelligence to law enforcement and gain insight into virtual currency hoards when anyone leaves or enters the country. To read the full story, click here.
BANKS, LOBBYING GROUPS PUSHING TO TRIM AML RULES, STREAMLINE SARS, MAKE FINCEN TOP REGULATOR
Seemingly presaging the Congressional bill to come, in February, the oldest banking association in the United States, representing the nation’s largest and most influential banks, proposed a drastic overhaul of compliance rules it believed would bolster the quality of intelligence to law enforcement, boost innovation and resources and reduce regulatory penalties.
In many ways, the proposals released by the Clearing House Association (CHA) would have represented a tectonic shift in compliance focus, potentially giving banks more freedom to prioritize current risks on a more real-time basis, guided by the very law enforcement investigators they are trying to serve, rather than regulators focused on assessing procedures.
The desired immediate outcome: more results for law enforcement and less burden for banks. To read the full story, please click here.