No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Financial Services

Banks Need to Be Able to Pinpoint Cryptocurrency Ransomware Payments. But Effective Methods Remain in Their Infancy.

FinCEN Has Identified Typologies of Cryptocurrency Ransomware Payments in Its Rundown of the First Half of 2021

by Ned Kulakowski
November 30, 2021
in Financial Services
Store bears a sign on its door saying it accepts bitcoin

Instances of ransomware attacks – and resulting payments via cryptocurrency – continue to increase at an accelerating rate. As the intermediary between victim and criminal, banks hold a great deal of promise in identifying this activity. But considering to the nature of cryptocurrency, that is one tall order.

A recent FinCEN report suggests that financial institutions are in for a rude awakening when it comes to financial crime. The first half of 2021 saw a frightening rise in the total value of suspicious activity reported in ransomware-related SARs ($590 million). This exceeds the value reported for the whole of last year by a staggering $416 million. Several money laundering typologies common among ransomware variants were identified – including the increased use of Anonymity-Enhanced Crypto Currencies (AECs) and mixing services to obscure the actor behind the ransomware attack. Financial institutions unwittingly facilitate these payments, and it is incumbent on them that they take measures to identify and report them.

#Ransomware Risks are Growing!

Per FinCEN, reports of ransomware attacks for the first HALF of 2021 were up 30% over ALL of 2020, while the value of reported attacks surged 42%. https://t.co/DnqNhAs3DP

— SEC Fort Worth (@FortWorth_SEC) November 11, 2021

The combination of know-your-customer (KYC) and anti-money laundering (AML) measures represents the best strategy developed to date. But at the end of the day, we don’t know well this works. We don’t even know for sure how many ransomware attacks are paid.

A Spike in Suspicious Cryptocurrency Payments

When one considers the millions of SARs filed over the course of the year in the U.S., the recent FinCEN report only details 635 that relate to ransomware. This shows that rule makers and financial institutions are just scratching the surface when it comes to detecting and reporting these attacks. A significant challenge for financial institutions is to determine what constitutes a ransomware threat in the first place. Herein lies the problem. If banks are unable to fully understand the nature of the attacks, then how are they able to report on them with any confidence?

That is where FinCEN comes in; it continues to identify new patterns. For example, Bitcoin is by far the most commonly used currency. Analyzing payments of 177 different coins, FinCEN identified $5.2 billion that was potentially associated with ransomware. FinCEN’s newest advisory from November 8 (PDF download) on ransomware confirms that the issue continues to grow. The use of cryptocurrencies, along with anonymity-enhanced currencies (AECs) like Monero and decentralized mixers will continue to hound financial institutions. This is proof, if any was needed, that the industry continues to face new challenges in the anti-money laundering space that go beyond the more traditional forms of financial crime.

It is clear, also, that both crime enforcement and financial institutions need combs with finer teeth. Both the FinCEN analysis cited above and the SAR reporting system suggest the practice of ransomware payments via cryptocurrencies. But they do not prove them. The onus has been placed on banks to determine what constitutes suspicious activity.

Traditional Monitoring Is Growing Obsolete

While many banks are conservative by nature, and instinctively do not want to directly dip their toes into the cryptocurrency spaces, the sheer size of this growing market means they are inevitably going to be banking some form of digital asset directly or indirectly, whether they like it or not. It is already a challenge for banks to comply with existing customer onboarding and transaction monitoring challenges, let alone anonymity-based activity of a virtual nature. So, as if it were hard enough trying to stamp out the more traditional forms of money laundering, now banks are faced with not one, but two additional threats at the same time.

Traditional approaches to KYC and transaction monitoring simply will not work when virtual currencies come into play. The growing concept of “Perpetual KYC,” whereby the financial institution takes a more dynamic role in observing their customers and potential changes to their profile, rather than following a more common, prescriptive refresh schedule, is one solution for not only addressing clients exposed to ransomware but also those who engage in the use of virtual assets.

Similarly, traditional transaction monitoring methods, already a challenge in finding the more well-established methods of money laundering, may not necessarily detect illicit uses of crypto assets. New algorithms and new methods of detection will be needed to appropriate monitor activity flowing through the blockchain.

Hitting a Moving Target

The answer requires a certain specialization that is still being worked out from both a transaction monitoring and a customer onboarding perspective. If traditional financial institutions are going to end up doing business in crypto assets and are even slightly behind in terms of technology, then they have a basic problem: they simply will not be able to keep up with the constant innovation being used by bad actors.

Embracing the use of technology solutions will further enable institutions to tackle these problems head-on. This is where the interplay between transaction monitoring, KYC, and event behavioral analysis comes in. When onboarding a client, banks will need as much accurate information as possible. Later down the road, the client may need to be reviewed in more detail. As a case in point, what happens if the client does start dealing in crypto? Or, what if the client engages in a one-off virtual currency transaction? A bank may have to revise its onboarding and periodic refresh procedures, and potentially apply a different level of due diligence to address these issues and find out, for example, precisely why the client has built up such big positions in certain crypto currencies.

While the latest FinCEN reports show that governments are becoming more proactive when it comes to trying to detect increasingly more sophisticated forms of financial crime, including providing more updates on ransomware attacks and suspect crypto payments, there is still a long way to go. As more quantifiable laws come into effect, financial institutions can ill afford to stand still. In order to keep up, a much more sophisticated, technology-based approach to transaction monitoring and customer onboarding is required to avoid not only being spooked by the big fine, but to help in the ongoing fight against financial crime.


Tags: CryptocurrencyFinancial Crimes Enforcement Network (FinCEN)
Previous Post

When Accounting for the Cost of Fraud, Don’t Forget the Toll It Takes on Customer Experience

Next Post

Compliance Automation Platform RegScale Formally Launches, Announces Early Investment

Ned Kulakowski

Ned Kulakowski

Ned KulakowskiNed Kulakowski is a senior financial crime consultant at Fenergo. As a compliance professional in the banking industry, Ned is an attorney and Certified Anti-Money Laundering Specialist (CAMS). Prior to joining Fenergo, Ned was a Senior Manager in the Financial Intelligence Unit at Scotiabank. During his time at Scotiabank, Ned assisted the FIU director with development, implementation and maintenance of AML transaction monitoring and financial investigations program. Ned also has prior experience as a litigation attorney, having represented individuals, non-profit organizations, insurance companies, and other corporate and governmental entities.

Related Posts

stablecoins

Exploring CorpFin’s New Perspective on Covered Stablecoins

by King & Spalding
May 12, 2025

Guidance clarifies when digital assets function as payment tools rather than investment vehicles

roller coaster ride upside down

CTA: How Did We Get Here?

by Richard Hathaway
March 26, 2025

With its dramatic reversal early this month and newly issued interim rule, the Treasury Department has carved a clear fork...

corporate transparency act documents

Court Reinstates CTA, FinCEN Extends Filing Deadlines

by Staff and Wire Reports
December 24, 2024

Most deadlines extended to Jan. 13

top stories 2024 collage

Top Stories of 2024

by Jennifer L. Gaskin
December 11, 2024

Seismic shifts are threatening to reshape the modern compliance landscape, from Supreme Court decisions tossing out decades of regulatory advantages...

Next Post
Compliance Automation Platform RegScale Formally Launches, Announces Early Investment

Compliance Automation Platform RegScale Formally Launches, Announces Early Investment

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights