In September 2020, SWIFT (a global member-owned cooperative and provider of secure financial messaging services) published a report to support market participants in understanding the money laundering techniques which underpin large-scale cyber-attacks.

The report sets out the end-to-end journey commonly used by criminals to launder funds obtained through illicit cyber-crime related activities, and focusses on how criminal activity is conducted during the three stages of money laundering (placement, layering and integration). For example, SWIFT explains the use of money mules in ATM-related heists; how other third parties (such as front companies and financial representatives) can be exploited; and the growing appeal of virtual currencies in the money laundering arena.

SWIFT highlights five strategies which firms should consider to mitigate the risks highlighted in the report. These include:

  1. Enhancing domestic information sharing, especially between the public and private sectors.
  2. Facilitating international information sharing, in particular pertaining to jurisdictions identified as high risk by the Financial Action Task Force (FATF).
  3. Investing in technology to enable the identification and disruption of money mule activity.
  4. Enhancing customer due diligence and reporting requirements and standards, especially in jurisdictions where these are known to currently be weaker and thus entice criminals for exploitation purposes.
  5. Increasing investment and training in cyber-security initiatives focussing on data centric security.

These are particularly important given that SWIFT anticipates that large-scale cyber-crime is likely to continue and evolve, as criminals find new ways to leverage technology, exploit gaps and circumnavigate controls.
Whilst many institutions heavily invest in technology and resource to combat financial crime, including that stemming from cyber-crime, SWIFT notes that cyber-attacks not only lead to commercial damage but also bring institutional reputational repercussions. Therefore, firms are urged to not become complacent and keep these continually-evolving risks at the forefront.