In this week’s Financial Crime Wave, Estonia laundering update, U.S. regulators detail ways smaller banks and credit unions with similar risk profiles can pool anti-money laundering resources, a U.K. regulator tackles crypto exchange laundering, oversight, Estonian banks see more than $1 trillion in foreign financial flows, some tied to money laundering, and more.
U.S. Treasury, bank, credit union regulators give blessing for smaller institutions to pool AML resources to increase efficiency, effectiveness, lower costs: joint statement
The U.S. Treasury and federal banking and credit union regulators Wednesday issued a rare joint statement focusing on smaller institutions, essentially giving their blessing for these operations to pool financial crime compliance resources to lower costs, improve efficiency and potentially get access to more expertise and independence. The Financial Crimes Enforcement Network (FinCEN), the Office of the Comptroller of the Currency (OCC) Federal Reserve (Fed), Federal Deposit Insurance Corp. (FDIC) and National Credit Union Administration (NCUA) stated it was time to make a more formal ovation to smaller entities on the subject.
In these cooperative arrangements, say regulators, smaller financial institutions, such as community banks and credit unions, could get access to trainers – training is one of the key prongs of an AML program – with more expertise than they may have had the budget for individually. The arrangements may be similar in how banks juggle dual use employees, for instance, when a bank is so small that the AML officer must wear other hats and may also have oversight of certain business functions.
The statement gives several examples where regulators feel sharing resources could work and a few where they won’t. One area that multi-bank partnerships could work is internal controls:
- reviewing, updating, and drafting BSA/AML policies and procedures;
- reviewing and developing risk-based customer identification and account monitoring processes; and
- tailoring monitoring systems and reports for the risks posed, (via FinCEN).
EU Commission getting tough on Malta related to money laundering scandal, is demanding member state to strengthen AML enforcement
A European regulatory and watchdog body will for the first time order a member state to strengthen enforcement of its anti-money laundering (AML) rules after a string of scandals across Europe’s banking system. The European Commission is preparing to use little-known powers in EU law to issue binding demands on Malta’s financial regulator after an EU watchdog found “systematic” weaknesses in its enforcement of AML rules.
Brussels’ intervention follows a series of scandals in Europe in the past year including high-profile cases at Denmark’s Danske Bank, Dutch bank ING and Latvia’s ABLV. The revelations have exposed a dangerous lack of co-operation among national banking authorities in the EU and Brussels, raising security concerns about illicit foreign money entering the continent. In response, the commission has prepared new regulations to boost the resources and powers of the European Banking Authority to fight dirty money flows, giving the authority extra staff and a clearer legal powers. It is also moving to make greater use of existing powers in EU law, (via the Financial Times).
U.K. Financial Conduct Authority publishes thematic review of financial crime occurring in the virtual currency space, in its, “Money Laundering and Terrorist Financing Risks in the E-Money Sector,” with reviewers heaping relatively high praise for both understanding of AML programs and terror finance risks, implementation and reporting of aberrant activity. Overall, the “majority of EMIs we visited had effective AML systems and controls to mitigate their money laundering and terrorist financing risk,” according to examiners. “We generally observed a positive culture, and good awareness and understanding of their financial crime obligations.
The EMIs generally demonstrated a low financial crime risk appetite. Most have relatively few high-risk customers in their e-money customer base.” However, some firms did fail to properly document and record their risk analyses, assessments and decision-making related to filing suspicious activity reports while in another instance, the “business-wide risk assessment is too generic and not tailored to the firm’s specific business model and product offerings,” (via the U.K. FCA).
EU Council adopts new regulation to bolster controls on cash entering and leaving the EU
The regulation will improve the existing system of controls on cash entering or leaving the EU, according to a statement by the council, adding that the move puts the country in line with the latest international standards set out by global AML standards-setting body the Paris-based Financial Action Task Force. In practical terms, the new regulation extends the definition of cash to cover not only banknotes but also other instruments or highly liquid commodities such as cheques, traveler’s cheques, prepaid cards and gold. The regulation is also extended to cover cash that is sent by post, freight or courier shipment.
The new legislation extends the obligation of any citizen entering or leaving the EU and carrying cash to a value of €10 000 or more to declare it to the customs authorities. The declaration will be required irrespective of whether travelers are carrying the cash in person, in their luggage or means of transport. At the request of the authorities they will have to make it available to be checked. If the cash is sent by other means (“unaccompanied cash”), the relevant authorities will have the power to ask the sender or the recipient to make a disclosure declaration. The authorities will be able to carry out controls on any consignments, packages or means of transport which may contain unaccompanied cash. Member states will exchange information where there are indications that cash is related to criminal activity which could adversely affect the financial interests of the EU. This information will also be transmitted to the European Commission, (via the EU Council).
September to remember when it comes to AML in EU
In this story, Bloomberg wraps up some of the major AML actions in Europe during September, as the month was a memorable, and painful, one, for many banks. September was the month when long-running failures to stop money-laundering came back to bite some of Europe’s largest banks.
Regulators from Switzerland to the Nordic region and Germany reprimanded institutions for failing to do enough to prevent illicit money flows. While some paid for past misdeeds, others were chastised for continued shortcomings and even had monitors assigned to help prevent future missteps, (via Bloomberg).
Welcome to National Cybersecurity Awareness Month: So here are some tips and tactics to stay cybersafe, including digital hygiene at home, work, and more
This month marks fifteen years of observing National Cyber Security Awareness Month (NSCAM) in October. The program was started way back in 2004, by the U.S. Department of Homeland Security and the National Cyber Security Alliance to educate Americans about ways to stay safer and more secure online.
NCSAM 2018 arrives at a very different — and dangerous — time in cyberspace. Built around the theme of “Our Shared Responsibility,” the NCSAM program focuses on a different aspect of cybersecurity each week. This year’s weekly topics are:
- Week 1: Oct. 1–5: Make Your Home a Haven for Online Safety – Learn how to keep your family, friends and home safer and more secure against the exploding range of cyber threats.
- Week 2: Oct. 8–12: Millions of Rewarding Jobs: Educating for a Career in Cybersecurity – Learn about the amazing and plentiful professional opportunities available in the cybersecurity industry for everyone from high schoolers to career retoolers.
- Week 3: Oct. 15–19: It’s Everyone’s Job to Ensure Online Safety at Work – Learn about the shared responsibility for cybersecurity in the workplace and discover great resources for workforce education, training and cyber awareness.
- Week 4: Oct. 22–26: Safeguarding the Nation’s Critical Infrastructure – Learn about the public’s role in cybersecurity in our critical infrastructure industries.
California takes historic step to require smart device makers to ensure products are password-protected before they hit store shelves or are used by customers
In the ongoing fight between hackers and tech-savvy smart device makers, one state has taken a historic step drawing a line in the stand requiring companies to ensure all products are password protected before they reach store shelves – or will require a customer to create one before they can get online. Last Friday, California became the first state in the US to pass an internet of things (IoT) cybersecurity law. California Governor Jerry Brown signed Bill SB-327 into law which addresses information privacy, specifically pertaining to connected devices. The legislation aims to protect consumers of smart home devices against potential privacy risks from unauthorized parties gaining access to user information.
The law requires manufacturers of IoT devices to provide “reasonable security features” designed to protect user privacy. The ‘features’ are largely determined by password requirements: Manufacturers must give a unique, pre-programmed password for each device or require users to establish a new means of authentication before the device can be operated for the first time, (via Security Baron).
AI and AML: Use cases to improve financial crime compliance efficiency, data analysis, immediate outcomes
Even with banks paying more than $300 billion in penalties for AML compliance failings, unfortunately, many FIs’ compliance management functions continue to lack potency, and truth be told, remain an Achilles heel. FIs’ compliance management challenges have, in fact, only further compounded in recent years – what with the massive rise in volume, frequency and complexity of new and revised regulatory mandates.
For FIs, wading through thousands of pages of these new/revised regulations and ensuring effective ongoing compliance is a herculean task. Managing this enormous effort is a costly affair – FIs have had to increase their compliance staff size and/or leverage support of third-party firms, and many expect they will seek budgetary increases for more compliance resources. But AI in AML can help in many areas, including:
- Mapping of regulatory changes: AI/ML solution can help FIs automatically identify, analyze, interpret and even implement to an extent the new/revised regulatory mandates.
- Regulatory compliance assurance: Using AI/ML solution, FIs can ensure effective and ongoing compliance with multitude of relevant regulatory mandates.
- KYC management. FIs can benefit from AI/ML solution in numerous KYC aspects, such as – identity & background pre-checks for remote KYC, customer onboarding, real-time transaction-based KYC anomaly detection, and KYC workflow automation.
- AML/fraud management: For AML, the context-sensitive AI/ML solution would support advanced and adaptive real-time monitoring for high-risk entities – including against the SDN, OFAC and other sanctions lists, and/or related to unstable geographies, (via Finextra).
A look at how AI can bolster cybersecurity defenses, even while criminals try to leverage machine minds for their own gains
Just like predictive analytics, cybersecurity will derive the maximum possible benefit from artificial intelligence due to its power to amplify human capacity and augment decision-making and automate rote tasks. Companies can’t afford to rely only on their manpower and human knowledge to resist the growing flood of cyber attacks. Companies are needing to spend more time on security, and staying up-to-date with the evolving technologies and methods is becoming difficult. The risk, then, is that cyber pirates will increasingly compromise companies and individuals. AI can help save time, increase production efficiency, and improve processes to fight against cyber attacks.
A Ponemon Institute study found that human supervision will remain a requirement, though they did establish some key findings demonstrating the value of AI. AI could:
- Help cut costs
- Minimize data breaches
- Improve productivity
- Provide deeper security
- Support identification and authentication technologies
- Help identify application security vulnerabilities
- Save investigation and detection time
As well, some scary statistics for context: Back in 2016, there was a new malware every 4.6 seconds — in 2017, this evolved to 4.2 seconds. Symantec reports that 1 in the 13 URLs that they analyzed were malicious in 2017, while this number was 1 in 20 in 2016. Cybersecurity Venture predicts that cyber criminality will cost the world $6 trillion annually by 2021, which will make it “more profitable than the global trade of all major illegal drugs combined.” From a global perspective, the IT market that covers every aspect of cybersecurity is estimated to reach $170 billion by 2020 — more than twice the 2015 number, (via the DZone).
An inconvenient truth – environmental crime and threat finance
Environmental crimes are the most important stream of revenue in conflict finance today. This is the stark finding of the “World Atlas of Illicit Flows” which was released last week by the Global Initiative Against Transnational Organized Crime and Interpol. The report details how armed non-state actors and terrorist organizations are now relying, to an unprecedented extent, on revenue that comes from the exploitation of natural resources. Environmental crimes are a broad category and include everything from illegal logging and mining to selling illegal charcoal. The report estimates that these crimes now earn groups between $110 billion – $281 billion a year, a 44% increase from 2016 – making environmental crimes the third most profitable in the world after drugs and counterfeit goods.
The impact of these crimes is twofold: firstly they damage the environment and secondly their profits perpetuate conflicts which damage societies and cost lives. The Atlas advises that we find ourselves in this situation due to a lack of criminal investigations and limited enforcement by the international community which has given a “free ticket” to criminal groups. As illicit interest continues to grow in this sector, it is important to increase awareness of these crimes so that it becomes as difficult as possible to profit from them, (via Comply Advantage).
Canada overhauling AML rules to strengthen financial intelligence flows, increase value, depth of bank filings
The Department of Finance Canada is proposing an overhaul the country’s existing anti-money laundering/counter-terrorism financing regime, both to strengthen the timeliness and intelligence value of filings to fight financial crime and be more in line with global standards. The amendments proposed earlier this year to the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA), if enacted in their current form, will introduce numerous changes.
A main objective of the reform effort is to improve the quality of financial intelligence made available to law enforcement and thereby improve efforts by authorities to combat money laundering and terrorist financing. To achieve this, the proposed amendments would impose additional compliance requirements on the private sector to provide high-quality financial intelligence, effectively recruiting financial institutions to fight on the front lines, (via Reuters).
Senators call for investigation into real estate money laundering law vulnerabilities
Two Democrats say there is far less oversight on the residential side than the lending side. The risk of money laundering in residential real estate is high. That’s according to two U.S. senators who are calling for an investigation to probe the potential vulnerabilities of existing U.S. money-laundering provisions, according to the Wall Street Journal. Chris Van Hollen of Maryland and Sheldon Whitehouse of Rhode Island, both Democrats, sent a letter to the Government Accountability Office, saying the real estate sector has less far oversight when it comes to money laundering than the lending sector. That fact, they wrote, presents “increased risk of access by foreign and domestic criminal organizations,” the Journal reported.
In South Florida, federal authorities are looking to seize 16 high-end properties that are alleged to be tied to the defendants of a $1.2 billion Venezuelan money laundering case. The letter comes a day after a sweeping New York Times investigation found that President Donald Trump and his family engaged in a series of elaborate schemes — including some that could be illegal — to avoid paying taxes on the family’s vast real estate empire. The lawmakers’ request includes an assessment of the Department of Treasury’s Financial Crimes Enforcement Network, or FinCEN, (via the Real Deal).
StanChart braces for possible new Iran fine of about $1.5 billion, potentially more than double prior sanction
British bank Standard Chartered Plc is bracing for a possible new fine of about $1.5 billion as a result of previous Iranian sanctions violations, Bloomberg reported on Monday, which would be more than double a prior fine in 2012 of $667 million for similar failings. The current investigation centers around sanctions violations that would have occurred after 2007, the time when the bank told authorities it had stopped doing business with countries on U.S. blacklists.
The Bloomberg report said the size of the fine was a preliminary assessment based on some of the communications between the bank and regulators, and that final discussions had not yet begun. The bank itself warned in its most recent annual report that resolving the U.S. probe could mean “substantial monetary penalties.” This could be another setback for StanChart, which is trying to boost profitability after years of restructuring. StanChart, which has operations across Asia and Africa, has been investing in compliance and financial crime prevention after facing a series of penalties and regulatory investigations, including in Nigeria, Angola, Dubai and Hong Kong, (via Reuters, Bloomberg).
Standard Chartered wants greater sharing of financial intelligence to better fight crime, comply with regulatory expectations: Q&A with general counsel
In this Wall Street Journal question and answer session, Standard Chartered General Counsel David Fein discusses the vital role banks play in fighting financial crime by sharing data among many banks in close coordination with law enforcement in a financial intelligence unit (FIU) model, similar to how country-wide FIUs act as a central repository for bank filings on a broad range of suspicious activity, including money laundering, fraud and terror financing.
Currently, Standard Chartered is an active member of financial intelligence sharing partnerships in the U.S., U.K., Hong Kong and Singapore and is hoping to expand those connections to more banks, law enforcement agencies and countries. Fein, a former U.S. prosecutor, told the Risk & Compliance Journal about some of the lessons learned from the nascent collaborations. In this interview, he touched on issues including:
- Why do we need financial information sharing partnerships (FISPs)?
- How can FISPs improve the fight against financial crime?
- Is there a conflict between data privacy and financial intelligence sharing?
- The volume of SARs just keeps growing, and yet only about 10% of them are useful. Do we need a culture shift to move away from pre-emptive filing?
- What must banks do to generate reports with a more holistic view of illicit finance? (via the WSJ).
This Week in Securities Litigation: SEC dings TD Ameritrade on missed SARs, PDVSA settles on FCPA, Voya hit on lax cyber practices, and more
The chief regulator of the U.S. securities sector has had a busy end of September when it comes to enforcement for an array of compliance failures, levying a flurry of various sanctions and penalties, including tussling with Tesla, dinging TD Ameritrade on anti-money laundering (AML) and chastising Voya on weak cybersecurity program implementation and responsiveness to a hacker intrusion. The Securities Exchange Commission (SEC) charged Tesla co-founder Elon Musk with fraud in a recent complaint, resulting in a $40 million settlement that will remove the vacillating visionary as chairman for several years, but leave him as CEO.
The complaint centers on the now infamous “funding secured” tweet regarding taking Tesla private, although the document also lays out the background to that action and subsequent activities. The filing follows a swift investigation, conducted in a matter of weeks. The Commission also filed two settled FCPA actions this week. One involved Brazilian oil and gas company Petrobras which also entered into a non-prosecution agreement with the DOJ. The other is a settled action the former CEO of Sciedad Quimica Y Minera De Chile, S.A. Some other snapshots:
- SARs: In the Matter of TD Ameritrade, Inc. – Over a two-year period, beginning in 2013, the firm terminated its business relationship with 111 independent investment advisers due to unacceptable business, credit, operational, reputation, or regulatory risks. In some instances, TD filed SARs, but didn’t in all cases due to a “failure to consistently and appropriately refer terminated advisers to its AML department.” The firm has pledged to improve the AML program and also pay a $500,000 penalty.
- Cyber-security: In the Matter of Voya Financial Advisors, Inc. – The firm in 2013 gave access contractors access to company information, with a hacker impersonating these contractors in April 2016 through a password reset ruse. Voya found out about the intrusion three hours later and failed to fully top them gaining access to key information of terminate their current access. The intruders obtained access to some 5,600 customers and got documents from at least one. For various cyber and other failures, Voya must pay $1 million, (via JD Supra).
DOJ charges Russian GRU officers with international hacking, illicit disinformation campaigns trying to cover up use of chemicals for weapons, people
A grand jury in the Western District of Pennsylvania has indicted seven defendants, all officers in the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces of the Russian Federation, for computer hacking, wire fraud, aggravated identity theft, and money laundering. From December 2014 through May 2018, prosecutors alleged the group attempted to hack U.S. individuals, companies and international organizations to help Russian interests, including watchdog bodies investigating the country’s international competition doping and chemical weapons scandals. A key to the strategy was to “de-legitimize” these bodies by peppering them with false, red herrings to make their overall investigations seem suspect,
The defendants, all Russian nationals and residents, are Aleksei Sergeyevich Morenets, 41, Evgenii Mikhaylovich, Serebriakov, 37, Ivan Sergeyevich Yermakov, 32, Artem Andreyevich Malyshev, 30, and Dmitriy Sergeyevich Badin, 27, who were each assigned to Military Unit 26165, and Oleg Mikhaylovich Sotnikov, 46, and Alexey Valerevich Minin, 46, who were also GRU officers.
The indictment alleges that defendants Yermakov, Malyshev, Badin, and unidentified conspirators, often using fictitious personas and proxy servers, researched victims, sent spearphishing emails, and compiled, used, and monitored malware command and control servers. When remote hacking efforts failed to capture log-in credentials, or if the accounts that were successfully compromised did not have the necessary access privileges for the sought-after information, teams of GRU technical intelligence officers traveled to locations around the world where targets were physically located.
Using specialized equipment, and with the remote support of conspirators in Russia, these close access teams hacked computer networks used by victim organizations or their personnel through Wi-Fi connections, including hotel Wi-Fi networks. After a successful hacking operation, the close access team transferred such access to conspirators in Russia for exploitation, (via DOJ).
North Korean Hackers have stolen more than $1 billion and attacked, destroyed untold number of computers globally: reports
New research by the cybersecurity firm Fire Eye demonstrates that the APT38, a North Korean government–linked hacking group, is targeting financial institutions around the world in an attempt to pilfer over $1.1 billion since 2014. The group has also conducted widespread espionage and reconnaissance against international financial institutions. These operations often leave the victims’ computer systems completely destroyed. “The group has compromised more than 16 organizations in at least 11 different countries, sometimes simultaneously, since at least 2014. Since the first observed activity, the group’s operations have become increasingly complex and destructive,” reads the report released Wednesday.
“APT38 executes sophisticated bank heists typically featuring long planning, extended periods of access to compromised victim environments preceding any attempts to steal money, fluency across mixed operating system environments, the use of custom developed tools, and a constant effort to thwart investigations capped with a willingness to completely destroy compromised machines afterwards,” the report continues. The group generally targets financial institutions and inter-bank financial systems to obtain large sums of money. Banks have been targeted in the U.S, Vietnam, Turkey, Mexico, India, Ecuador, Chile and Bangladesh, among other countries. The group has also targeted financial governing bodies and media organizations that focus on economics. During the height of the bitcoin bubble of 2016, the hackers targeted media outlets that covered cryptocurrency-related stories, (via Newsweek).
Logged out from your Facebook account automatically? Well you’re not alone
Facebook just admitted that an unknown hacker or a group of hackers exploited a zero-day vulnerability in its social media platform that allowed them to steal secret access tokens for more than 50 million accounts, (via the Hacker News).
Looking for a hack to bypass the passcode or screen lock on iPhones?
Jose Rodriguez, an iPhone enthusiast, has discovered a passcode bypass vulnerability in Apple’s new iOS version 12 that potentially allows an attacker to access photos and contacts, including phone numbers and emails, on a locked iPhone XS and other recent iPhone models. Rodriguez, who also discovered iPhone lock screen hacks in the past, has posted two videos (in Spanish) on his YouTube channel under the account name Videosdebarraquito demonstrating a complicated 37-step iPhone passcode bypass process, (via the Hacker News).
Nordea Bank reportedly tied to money laundering scandal with links to Russia, though bank denies formal investigation
Nordea is suspected of being part of a major international money-laundering scandal involving a Russian client and a tax company. For almost four years, the fraud squad has tried to pursue a criminal case against a Russian client and a company in Belize in Central America, suspected of having ‘washed’ approximately 322 million Norwegian kroner using bank accounts in Nordea. The money-laundering is believed to have taken place in the bank’s now closed international branch for global clients in Vesterbro between 2010 and 2013.
n the current case, an account was set up in Denmark by a client from Russia, with the sole purpose of transferring money out of the country. According to Berntoft, such actions are a clear indicator of money-laundering activities and require “a very good explanation from the customer.” Julie Galbo, chief risk officer in Nordea, declined to comment on this specific case. Nevertheless, she acknowledged that anti-money laundering procedures at Nordea had been insufficient in the past and ensured that major improvements have been made in recent years, (via the CPH Post). But the bank has denied its under a formal investigation, (via Reuters).
Banks in Estonia handled $1 trillion in foreign financial flows, dwarfing growing Danske scandal
Danske Bank A/S has become almost synonymous in Denmark with laundering. But there are growing signs that it only represents a small slice of Europe’s dirty money machine. For the Scandinavian country’s biggest bank, the scandal started in Estonia, where Danske has admitted that much of $235 billion in non-resident flows between 2007 and 2015 can be deemed suspicious. Though a huge figure, it represents less than a quarter of cross-border transactions that passed through the country at the center of the dirty money saga, according to figures provided to Bloomberg by the central bank in Tallinn. Yet it does speak to more of a systemic issue for the Baltics, according to Sven Stumbauer, managing director for New York-based consultancy AlixPartners. The region was keen to become a private banking center for eastern Europe, he said.
“Instead of more traditional private banking, they started doing more transactional banking, meaning the money comes in and goes out more or less immediately,” he said. Banks doing business in Estonia handled about 900 billion euros, or $1.04 trillion, in cross-border transactions including non-resident flows between 2008 and 2015 (the central bank couldn’t provide comparable data for 2007). In a statement on Wednesday, the central bank said it’s not possible to equate non-resident accounts with cross-border transactions, but said it couldn’t provide an estimate for the share of non-resident flows. Not all non-resident flows are suspicious, though in the Danske case, money launderers allegedly singled out such accounts, (via Bloomberg)
A look at some of the big U.S. banks that reportedly helped Danske Bank’s Estonian branch launder hundreds of billions of dollars for Russia
This opinion piece analyzes how some of the largest U.S. banks may have played a role in the historic money laundering case involving Danske Bank’s Estonian branch, which has resulted in the bank’s chief executive stepping down and a black eye for Denmark. Money laundering is a multi-bank phenomenon. Danske Bank Estonia has been revealed as the hub of a $234 billion money laundering scheme involving Russian and Eastern European customers. But Danske Bank Estonia couldn’t do this by itself. Much of the money was paid in U.S. dollars, and for that, it needed help from other banks. Banks that had access to Fedwire, the Federal Reserve’s electronic settlement system. Big banks, in other words. It appears that four big banks helped Danske Bank Estonia make its dodgy transactions. J.P. Morgan, Bank of America and Deutsche Bank AG all made dollar transfers on behalf of the Estonian branch’s non-resident customers.
And according to the Wall Street Journal, Citigroup’s Moscow branch may have been involved in some financial transfers in and out of Danske Bank Estonia. But how much responsibility do these banks bear for these transfers? Could they reasonably have been expected to know – or suspect – that the money was dirty? Banks that make transactions on behalf of other banks are known as “correspondent banks”. In the past, correspondent banks often had little information about the originator or final recipient of the money they were transmitting. They simply trusted that their customer bank was acting legally and that its customers were above board. Old habits die very hard: in 2016, the correspondent banks involved in the FIFA corruption case, which include Citigroup, HSBC, Wells Fargo and Barclays, all claimed that they could not have known that the transfers were corrupt, (via Forbes).
The five red flags of wire fraud: Look for errors, misspellings, unexplained urgency, haste
When trying to sniff out the rising specter of wire fraud, even in high-pressure environments, key rules of thumb include looking for mistakes, irrational customer urgency, changes to odd, risky locales and an insistence to only communicate via email. Cybercriminals are getting more aggressive in targeting your money through wire transfer requests.
The number of attempts is on the rise, and scammers are getting bolder and more sophisticated in their efforts to trick you into wiring funds. Increasingly, the tool of choice for these criminals is email. “Many of the cases we are seeing involve social engineering or phishing for confidential information,” said Briane Grey, corporate security manager for City National Bank.
Scammers may pose as a colleague, client, or someone you or your company has done business with recently, in an attempt to get your confidential account information, or convince you to wire funds. In some cases, if they have access to your mail or invoices, they may pretend to be a vendor asking for funds to be wired to a new account. Here are five key red flags:
- Red Flag #1: The sender places a “rush” request.
- Red Flag #2: The sender refuses phone calls and insists on communicating via email only.
- Red Flag #3: The sender uses odd or incorrect words, spelling or phrases.
- Red Flag #4: The nature or the amount requested is unusual or inconsistent with previous practice.
- Red Flag #5: The return email is incorrect, (via Crains).
A new report from the Wall Street Journal found that $88.6 million in illicit funds have been funneled through 46 documented cryptocurrency exchanges
As much as $9 million of these funds is reported to have gone through Switzerland-based digital currency exchange ShapeShift, (via Unhashed).