ACFCS Back to the Future of Fincrime Snapshot Day One: Terror finance and crypto coins, U.S. AML regime updates, cyber defense, and more

The Skinny:

  • Day One of ACFCS’ Back to the Future of Fincrime Virtual Summit saw more than 4,000 professionals register for a plethora of packed general sessions and breakout working groups.
  • Attendees learned to better understand the nexus between crypto value and terror groups.
  • Top minds also analyzed the upcoming changes to the U.S. financial crime compliance and sanctions regimes, including the power of breaking down corporate opacity barriers.
  • Current and former top government counter digital incursion specialists also tackled cybersecurity trends, attack and defense strategies and more.

By Brian Monroe
bmonroe@acfcs.org
January 26, 2021 

Day One of ACFCS’ Back to the Future of Fincrime Virtual Summit saw more than 4,000 professionals register for a plethora of packed general sessions and breakout working groups to better understand the nexus between crypto value and terror groups, upcoming changes to the U.S. financial crime compliance and sanctions regimes, the power of breaking down corporate opacity barriers, cyberattack and defense strategies and more.

Here are some snapshots:

Taking down a terror group by taking over their funding site

Terror groups are very savvy but don’t completely understand virtual currencies like Bitcoin just yet as they believed the pseudo-anonymous asset was completely anonymous – leading illicit groups to openly advertise addresses that could be tracked on the immutable blockchain.

Investigators started one case after looking at a tweet for funding, eventually taking over a site and using funds for terror attacks to help victims. One comment that got attendees and speakers guffawing: With total control of the former terror site, U.S. government agents successfully “rick-rolled” a terror group.

Attendees also learned that terror groups, in some cases, make great business decisions. In some cases, terror groups switched to purportedly selling personal protective equipment (PPE) to fund operations, right before the pandemic took hold.

But the U.S. is not turning a blind eye to terror groups, and other criminal groups, including narco cartels, sanctions evaders, corrupt oligarchs, cyber-enabled fraudsters and their ilk.

The U.S. just recently updated the country’s financial crime compliance defenses in what many are calling a “once in a generation” event with the passage of the Anti-Money Laundering Act (AMLA).

The AMLA Act is centered around creating richer and more relevant intelligence by fincrime compliance teams, more ammunition and funding for the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) to analyze and closing the loop with stronger public-private information sharing partnerships, while at the same time removing the longstanding stumbling block of impenetrable beneficial ownership bastions. 

In irony, build trust in cyber defenses with ‘zero trust’ mantra

But it is more than physical attackers banks and other operations have to worry about.

When it comes to cyberattack trends, attendees learned more companies are facing ever more creative and aggressive ransomware attacks.

Even worse, sophisticated attacks are not always coming from organized criminal groups or foreign nation state adversaries, like Russia, North Korea and China. Some are now coming from even lower ranking opportunists, who purchased off-the-shelf digital attack kits on darknet markets.

Panelists also touched on the most recent cyber failure making the news: The Solarwinds hack and the dangers of when a bad guy gets a viral payload into a formerly trusted piece of software, leading to a disastrous infection and intelligence infiltration many are calling the worst in the country’s history.

How can institutions respond?

Speakers touched on the concept of “zero trust” cybersecurity measures, meaning layered defenses, including around the human access side, systems and company itself.

Key takeaways for AML teams: capture, share more knowledge in, out of compliance

Overall, the sessions had a bevy of takeaways for professionals: More cross training of AML, fraud, corruption and cyber teams. In tandem, deploy that knowledge to all areas of the bank, including the front line, business line, correspondent banking portals and all former fincrime compliance foils.

With more pressure on effectiveness and the need for AML teams to create intelligence with a “high degree of usefulness to law enforcement,” the updated incoming standards, there will also be pain points and improvements need tied to bread-and-butter compliance requirements, such as risk assessments.

Risk assessments might have to be more focused and tailored, such as a risk assessment for sanctions, a risk assessment for human trafficking, a corruption risk assessment – but this might change depending on new national AML priorities coming as part of updates to rules, regulations and FinCEN.

Fincrime compliance teams might also need more details and defenses for the backend methodologies and models for your risk assessments, transaction monitoring and sanctions filtering systems, even as regulators and investigators call for all institutions to broadly innovate in an invitation to bolster effectiveness and results.

The tacit tension in the bargain: You can do more as an ally of law enforcement, with regulators dinging you less on minor failings a la death by a thousand cuts, but failures could be more painful and expensive.