No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Financial Services

Banks Need to Be Able to Pinpoint Cryptocurrency Ransomware Payments. But Effective Methods Remain in Their Infancy.

FinCEN Has Identified Typologies of Cryptocurrency Ransomware Payments in Its Rundown of the First Half of 2021

by Ned Kulakowski
November 30, 2021
in Financial Services
Store bears a sign on its door saying it accepts bitcoin

Instances of ransomware attacks – and resulting payments via cryptocurrency – continue to increase at an accelerating rate. As the intermediary between victim and criminal, banks hold a great deal of promise in identifying this activity. But considering to the nature of cryptocurrency, that is one tall order.

A recent FinCEN report suggests that financial institutions are in for a rude awakening when it comes to financial crime. The first half of 2021 saw a frightening rise in the total value of suspicious activity reported in ransomware-related SARs ($590 million). This exceeds the value reported for the whole of last year by a staggering $416 million. Several money laundering typologies common among ransomware variants were identified – including the increased use of Anonymity-Enhanced Crypto Currencies (AECs) and mixing services to obscure the actor behind the ransomware attack. Financial institutions unwittingly facilitate these payments, and it is incumbent on them that they take measures to identify and report them.

#Ransomware Risks are Growing!

Per FinCEN, reports of ransomware attacks for the first HALF of 2021 were up 30% over ALL of 2020, while the value of reported attacks surged 42%. https://t.co/DnqNhAs3DP

— SEC Fort Worth (@FortWorth_SEC) November 11, 2021

The combination of know-your-customer (KYC) and anti-money laundering (AML) measures represents the best strategy developed to date. But at the end of the day, we don’t know well this works. We don’t even know for sure how many ransomware attacks are paid.

A Spike in Suspicious Cryptocurrency Payments

When one considers the millions of SARs filed over the course of the year in the U.S., the recent FinCEN report only details 635 that relate to ransomware. This shows that rule makers and financial institutions are just scratching the surface when it comes to detecting and reporting these attacks. A significant challenge for financial institutions is to determine what constitutes a ransomware threat in the first place. Herein lies the problem. If banks are unable to fully understand the nature of the attacks, then how are they able to report on them with any confidence?

That is where FinCEN comes in; it continues to identify new patterns. For example, Bitcoin is by far the most commonly used currency. Analyzing payments of 177 different coins, FinCEN identified $5.2 billion that was potentially associated with ransomware. FinCEN’s newest advisory from November 8 (PDF download) on ransomware confirms that the issue continues to grow. The use of cryptocurrencies, along with anonymity-enhanced currencies (AECs) like Monero and decentralized mixers will continue to hound financial institutions. This is proof, if any was needed, that the industry continues to face new challenges in the anti-money laundering space that go beyond the more traditional forms of financial crime.

It is clear, also, that both crime enforcement and financial institutions need combs with finer teeth. Both the FinCEN analysis cited above and the SAR reporting system suggest the practice of ransomware payments via cryptocurrencies. But they do not prove them. The onus has been placed on banks to determine what constitutes suspicious activity.

Traditional Monitoring Is Growing Obsolete

While many banks are conservative by nature, and instinctively do not want to directly dip their toes into the cryptocurrency spaces, the sheer size of this growing market means they are inevitably going to be banking some form of digital asset directly or indirectly, whether they like it or not. It is already a challenge for banks to comply with existing customer onboarding and transaction monitoring challenges, let alone anonymity-based activity of a virtual nature. So, as if it were hard enough trying to stamp out the more traditional forms of money laundering, now banks are faced with not one, but two additional threats at the same time.

Traditional approaches to KYC and transaction monitoring simply will not work when virtual currencies come into play. The growing concept of “Perpetual KYC,” whereby the financial institution takes a more dynamic role in observing their customers and potential changes to their profile, rather than following a more common, prescriptive refresh schedule, is one solution for not only addressing clients exposed to ransomware but also those who engage in the use of virtual assets.

Similarly, traditional transaction monitoring methods, already a challenge in finding the more well-established methods of money laundering, may not necessarily detect illicit uses of crypto assets. New algorithms and new methods of detection will be needed to appropriate monitor activity flowing through the blockchain.

Hitting a Moving Target

The answer requires a certain specialization that is still being worked out from both a transaction monitoring and a customer onboarding perspective. If traditional financial institutions are going to end up doing business in crypto assets and are even slightly behind in terms of technology, then they have a basic problem: they simply will not be able to keep up with the constant innovation being used by bad actors.

Embracing the use of technology solutions will further enable institutions to tackle these problems head-on. This is where the interplay between transaction monitoring, KYC, and event behavioral analysis comes in. When onboarding a client, banks will need as much accurate information as possible. Later down the road, the client may need to be reviewed in more detail. As a case in point, what happens if the client does start dealing in crypto? Or, what if the client engages in a one-off virtual currency transaction? A bank may have to revise its onboarding and periodic refresh procedures, and potentially apply a different level of due diligence to address these issues and find out, for example, precisely why the client has built up such big positions in certain crypto currencies.

While the latest FinCEN reports show that governments are becoming more proactive when it comes to trying to detect increasingly more sophisticated forms of financial crime, including providing more updates on ransomware attacks and suspect crypto payments, there is still a long way to go. As more quantifiable laws come into effect, financial institutions can ill afford to stand still. In order to keep up, a much more sophisticated, technology-based approach to transaction monitoring and customer onboarding is required to avoid not only being spooked by the big fine, but to help in the ongoing fight against financial crime.


Tags: CryptocurrencyFinancial Crimes Enforcement Network (FinCEN)
Previous Post

When Accounting for the Cost of Fraud, Don’t Forget the Toll It Takes on Customer Experience

Next Post

Compliance Automation Platform RegScale Formally Launches, Announces Early Investment

Ned Kulakowski

Ned Kulakowski

Ned KulakowskiNed Kulakowski is a senior financial crime consultant at Fenergo. As a compliance professional in the banking industry, Ned is an attorney and Certified Anti-Money Laundering Specialist (CAMS). Prior to joining Fenergo, Ned was a Senior Manager in the Financial Intelligence Unit at Scotiabank. During his time at Scotiabank, Ned assisted the FIU director with development, implementation and maintenance of AML transaction monitoring and financial investigations program. Ned also has prior experience as a litigation attorney, having represented individuals, non-profit organizations, insurance companies, and other corporate and governmental entities.

Related Posts

ftx arena miami

2023: The Year of Crypto Compliance

by Ben Richmond
January 11, 2023

The November collapses of FTX and BlockFi, two of the world’s biggest cryptocurrency exchanges, were shocking — and devastating for...

kleptocracy

Using FinCEN Alerts as a Roadmap to Comply With New Anti-Kleptocracy Regulations

by Jason Ross
January 11, 2023

FinCEN’s mandate to create a beneficial ownership database will continue creating ripple effects for businesses and individuals across all sectors....

beneficial owners

A (Beneficial) Owners Manual: Staying Compliant in Light of New FinCEN Rule

by Ian Herbert
December 7, 2022

New regulations will require companies to report accurate and up-to-date beneficial ownership information to the U.S. government. Keeping track of...

cta stack of paper

Corporate Transparency Act: What Is It, and How Will It Affect Small Companies?

by Gabor Szecsi
December 7, 2022

The 2021 Corporate Transparency Act included new reporting requirements that represent the most significant change in the formation of corporations...

Next Post
Compliance Automation Platform RegScale Formally Launches, Announces Early Investment

Compliance Automation Platform RegScale Formally Launches, Announces Early Investment

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT