Lots of business now happens online. Unfortunately, so does crime. Unlike its land-based counterpart, internet crime such as fraud and data theft can be initiated almost anywhere in the world, complicating detection, deterrence and retribution. This has troubled law enforcement for over a decade; policing internet crime used to be slow and inefficient labor. But that’s changing.
The FTC provides recourse for complaints about online fraud and identity theft. Last year, it received almost 1.7 million such complaints, with total damages alleged in excess of $1 billion. But the FTC is not the chief policeman against internet crime. The FBI is.
With the help of the National White Collar Crime Center and the Bureau of Justice Assistance, the FBI created the Internet Crime Complaint Center (IC3), a multiagency task force. The IC3 collects business data, consumer complaints and commercial complaints about various internet-based offenses* at record speed and from numerous sources and then refers the information to law enforcement and regulatory agencies at every level. It also works with industry (e.g. online retailers, financial institutions, internet service providers and parcel delivery providers) to gather additional information such as reports of unusual internet or financial activity.
No doubt that’s impressive, and the IC3 has become a powerful weapon against internet crime. But with strong weapons comes collateral damage. The speed and penetration at which the IC3 amasses complaints of suspected unlawful activity—and remember, these are just complaints, not verdicts—can pervert the IC3’s intended purpose and entangle innocent people into costly investigations.
An IC3 superfile invites attention from law enforcement much too quickly and indiscriminately, especially if the complaints concern securities law violations, state gambling law violations or criminal fraud charges (including federal wire and bank fraud claims). This is troublesome for operators in emerging markets, where the laws are uncharted right until some ambitious operators step in—followed by the government, which excuses its lateness by accusing those operators of breaking the law.
Usually, those operators become the targets of an FTC, SEC or state regulatory investigation. This is not pleasant—but it is nothing compared to a criminal prosecution, which can utterly destroy an emerging company. A referral from the IC3’s information haul is a nearly irresistible lure to investigators and prosecutors, inevitably leading to the initiation of prosecution.
You don’t want to be on the FBI’s radar. The Department of Justice has stated that fighting corporate fraud is one of its top priorities, and it’s not fooling around. In April 2015, the United States Sentencing Commission amended the federal sentencing guidelines to stiffen penalties for many white collar crimes. After that amendment, the DOJ ordered its attorneys to focus on individuals in any criminal or civil investigation and to give cooperation credit to corporations only where they provide all the relevant facts about the people involved.
In so stringent a climate, watch out: even hazy business practices reported to the IC3 are likely to be investigated and punished harshly if law enforcement agents decide a crime was committed.
Proactive preventative measures are the most cost-effective means of dealing with internet-facilitated criminal activity and avoiding significant damage to your business. Don’t wait for the problem to come to you, because the first thing prosecutors do in these investigations is to seize or forfeit all or most of a company’s assets. At that point, the business may be dead already, even if it is later shown that it didn’t break any laws.
*e.g., fraudulent sales (i.e., nonpayment or nondelivery); illegal lotteries or gambling; investment fraud; identity theft, malware; data theft, copyright theft, credit card fraud; confidence scams, harassment, business email compromise; and many others.