FinCEN AML/CTF Priorities Part 9: Cybercrime

Terri Luttrell, CAMS-Audit
September 3, 2021
Read Time: min

Cybercrime threats continue to grow

In the FinCEN priorities release, cybercrime is listed as one of the most significant AML/CFT threats posed to financial institutions.

Would you like others articles like this in your inbox?

Cybercrime has been a hot topic for financial crime (FinCrime) professionals for some time. The growing sophistication of these illicit threats, along with recent cyber-attacks on the nation’s fuel and food supplies, underscores the dangerous nature of these cyber-enabled crimes. It is important that all financial institutions, regardless of size or geographic location, understand what cybercrime is and how it can affect their financial institution.  

In the FinCEN priorities release, cybercrime is listed as one of the most significant AML/CFT threats posed to financial institutions. Cybercrime is broadly defined as any illegal activity committed via the internet or otherwise involving computer technology. Examples of common cybercrime techniques are extortion, social engineering, phishing and malware, business email compromise (BEC), and ransomware. Criminals, including terrorist organizations, target financial institution websites, systems, and employees to steal customer and other proprietary information for illicit purposes and to disrupt normal business functions.      

FinCrime Priorities

Cybercrime is a significant threat

While the FinCEN priorities document (Priorities) specifically states that the eight priorities are in no order of importance, the length and language used in the cybercrime priority section show the significance of this growing threat. FinCEN states that the agency is particularly concerned with cyber-enabled financial crime, ransomware attacks, and the misuse of virtual assets, including the laundering of illicit proceeds. Cybercrime is on the rise within financial institutions and other businesses and continues to be at the forefront of the minds of those in the FinCrime industry. Bad actors are staying one step ahead of detection creating serious concern for financial institutions.  

According to the Federal Bureau of Investigation (FBI) in their 2020 Internet Crime Report, reported losses related to cybercrime exceeded $4.2 billion in 2020, a 20% increase over the previous year. Much of this increase can be attributed to growing sophistication from the illicit actors and the COVID-19 opportunities for more vulnerable targets and a switch to a remote workforce. Victims lost the most to business email compromise, romance schemes, and investment fraud. 

Where fraud prevention, AML, and IT security historically stayed in separate pillars of financial institutions, it is now imperative that each of the divisions communicate regularly, and cross-monitor for these threats. While FinCrime experts will not generally be IT experts, they should be well versed in cyber-enabled crimes and report when detected. Cyber risk mitigation in all areas is critical and should be detailed in the institution’s enterprise-wide risk assessment.   

FinCEN has issued many Cybercrime advisories in the past several years, and each continues to be relevant. These advisories cover trends, typologies, and red flag indicators for ransomware, phishing, extortion through remote applications, imposter schemes, and money mule scams. In addition, as the nation has seen global cyber threats, particularly from North Korea, Russia, and Iran, the Office of Foreign Assets Control (OFAC) also issued an advisory related to cyber-abled crime. Financial institutions should understand each of these advisories and reference them in their policies and procedures.   

Read our blog series on the FinCEN's priorities. Start with Part 1: Implications for Community Financial Institutions.
Read now
Monitoring Cybercrime

How to prevent cybercrime

How can a financial institution, or FinCrime professionals in any industry, prevent these types of fraud? Their fraud monitoring software should be able to detect certain fraud in their clients’ accounts, such as account takeover, ACH, new account, kiting, debit card, and check card fraud, at a minimum.  

Financial institutions are not immune to cyber threats and may be more at risk as criminals become more adept at thwarting cybersecurity efforts, especially if there are not enough mitigating measures in place. These steps can help financial institutions protect against cyber attacks: 

Assess infrastructure and its cybersecurity: Conduct regular reviews, both internally and by an outside security expert, to be sure it is up-to-date or identify the areas that need to be improved. 

Establish an enterprise-wide security policy and procedures: Prioritize the areas of most importance, such as the handling of sensitive data explicitly defining what is confidential and highly confidential information. This includes limiting access to information required to perform each employee’s role, security awareness to train personnel on social engineering techniques and how to report it.  

Implement an audit trail: The security team should have an audit in place to monitor and log all security threats, so an attack does not go unnoticed and forensic evidence is available. 

Include Cyberattacks in the Disaster Recovery or Business Continuity Plan: Make risk-based decisions on what to do in the event of a cyberattack and how to minimize business downtime and disruptions to service. Be aware of OFAC restrictions if there is a ransomware attack as payment of ransom to a designated individual or entity is not allowed. 

Encrypt the data: Data is one of the most important assets and a high-value target for criminals. Strong encryption of data and protecting the decryption keys are essential parts of data security. 

Use multi-factor authentication (MFA): Access to the financial institution’s website or mobile app is a prime target for criminals. Add an extra layer of protection by using biometrics, an authenticator app, or a one-time passcode so the user is the only one who can have access. 

Keep the firewall turned on: A firewall helps protect computers from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection. 

Install or update antivirus software: Antivirus software is designed to prevent malicious software programs from embedding on a computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without users’ knowledge. Most types of antivirus software can be set up to update automatically. 

Install or update antispyware technology: Spyware is just what it sounds like—software that is surreptitiously installed on your computer to let others peer into one’s activities on the computer. Some spyware collects information about people without their consent or produces unwanted pop-up ads on a web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at a local computer store. Be wary of ads on the Internet offering downloadable antispyware—in some cases these products may be fake and may contain spyware or other malicious code themselves. It’s like buying groceries—shop where you trust. 

Keep the operating system up to date: Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure each computer has the latest protection. 

Be careful what is downloaded: Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software. One should never open an e-mail attachment from someone he/she does not know and be wary of forwarded attachments from people he/she does know. They may have unwittingly advanced malicious code. 

Confirm that any unusual email that one wishes to respond to is from the stated party: If a person receives an unusual request, such as to send money on behalf of his/her institution, confirm with a phone call or personal visit that the sender is valid. Don’t get caught in a business compromise email scam. 

Turn off the computer: With the growth of high-speed Internet connections, many opt to leave their computers on and ready for action. The downside is that being “always on” renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker’s connection—be it spyware or a botnet that employs one’s computer’s resources to reach out to other unwitting users. 

Train, train, train: Cybercrime staff training is routine for many financial institutions on an annual basis, but if an institution has not implemented effective training, it is time to do so. Test the staff on occasion and remind those who click on links or answer phony emails what they have learned in training. 

The protection of the U.S. financial system, and our communities, is mission critical. Financial institutions are uniquely positioned to observe the suspicious activity that results from cybercrime, including cyber-enabled financial crime. Internet usage will continue to rise within the corporate and private worlds, but with these tips for prevention and detection, financial institutions and each person’s personal computers will be a step ahead in preventing cybercrime in the future. Cybercrime will continue to evolve, so stay proactive by attending training, reading articles, and keeping abreast of the newest trends. 

 

 

About the Author

Terri Luttrell, CAMS-Audit

Compliance and Engagement Director
Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size.

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.

 

Looking for Banker’s Toolbox? You are in the Right Place!

Banker’s Toolbox is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to Banker’s Toolbox Community Online.

Make yourself at home!