Cyber & AML/CTF – Time to Unite!!

By Nick Guest, Cypress Resources

We formally began the fight against financial fraud over thirty-five years ago with the creation of the Bank Secrecy Act (BSA). This addressed the source, volume and movement of monetary instruments through our financial systems. Roughly fifteen years later, in 1986, the Money Laundering Control Act (MLCA) established money laundering as a federal crime. It wasn’t until fifteen more years and the horrific attacks on the World Trade Centers, on September 11th, 2001, that we realized that money laundering was just one facet of the criminal activity in our world’s financial systems. This birthed one of the most powerful and far-reaching pieces of legislation in history, the USA PATRIOT Act in 2001, which united AML and CTF into a common fight, a common goal. Now we stand here in 2016, fifteen years after that dreadful day in history, facing what is setting up to be the most difficult battle of all, cybercrime. Faceless, placeless, and fundamentally global. I can’t explain the fifteen-year phenomenon (which I only realized writing this article), but it is time to integrate our defenses once again.
Cybersecurity and Anti-Money Laundering/Counter-Terrorism Financing (AML/CTF) must be approached in a unified and cohesive manner. The days of Cyber being fought by department A (typically IT-centric) and AML/CTF being fought by department B (BSA/AML Compliance) must end. These efforts must be merged and interwoven so that the necessary information can be viewed and shared in time to stop and catch the criminals. This recent article in the NY Times shows the risks that cybercrime poses to our global financial system. Over the past two years, over 100 FIs have been attacked by Cybercriminals, who have made off with roughly one billion dollars. Cybercrime threatens the solvency and reputation of individuals, entities, Financial Institutions (FI), FinTech providers, AML transaction monitoring software, cryptocurrencies and the list continues. Cyber threats are no longer just a problem for individuals. Organizations, especially FIs, are the new target, and everything indicates the threats will only increase.
The NY Times article, “How a Hacker’s Typo Helped Stop a Billion Dollar Bank Heist,” makes a strong case for Cyber and AML/CTF forming a united front. Cyber thieves/hackers cannot only access your personal information; they can clearly penetrate the data security of major organizations, including our FIs. There are a slew of reasons why Cyber and AML/CTF must join forces, including, but not limited to the following situations:
  1. If Cyber hackers are able to facilitate transactions on behalf of a person they don’t even know, this creates a situation for AML/CTF departments that is next to impossible to rectify.
  2. If Cyber hackers are able to penetrate the firewalls of major FIs, they will have all of the information they need to understand exactly how and what FIs are doing to mitigate AML/CTF risks and spread that information on the Dark Web to further facilitate money laundering and terrorist financing.
  3. If illicit transactions do occur, what precedent, rules or regulations do we have in place to safeguard an individual’s money in their bank, or latest FinTech platform? If a hacker takes down an FI, does the FDIC Insurance cover those losses? We know that cybercrime committed against an individual is NOT covered by FDIC Insurance.
  4. With nearly everything going mobile or non face-to-face, including account opening, cyber criminals have the opportunity to open accounts and conduct transactions while hiding behind a fake IP address, making KYC, beneficial ownership validation and true AML/CTF next to impossible.
  5. If cyber criminals access internal systems of an FI, they can manipulate alerts, investigations, previously missing documentation, and alter the actual controls that are meant to defend against money laundering.
  6. Terrorist financing is a serious risk of cyber breaches. Being that terrorists just want to get the money from point A to point B, they can use innocent customer accounts to send wires and other digital payments to fund terrorism. Once the transaction clears and the money leaves the U.S. (or “originating country”), it is next to impossible to recover.


If criminals can be successful in their cyber breaches, they will move their time, money, resources and extensive networks to the easiest entry point. They will migrate away from conducting transactions through shell companies and other common money laundering and terrorist financing methods, where they must actually visit and interact with an FI. They can simply utilize cybercrime to facilitate transactions on behalf of unwitting customers with only profit to gain. They remove themselves from ever being caught or convicted, because cybercrime can be completed in a basement in (insert a country), where little if anything can be done about it. Even if caught in a single instance, they can simply set up shop in a neighboring basement. With the use of proxy servers and other masking methods protecting IP addresses and other important information needed to prosecute digital criminals, catching these transactions only stops that one instance. The NY Times article shows how Cyber can make AML/CTF virtually impossible by the fact that, “More than a month after the attack, Bangladeshi officials are scrambling to trace the money, shore up security and identify weaknesses in their systems. They said there is little hope of ever catching the hackers, and it could take months before the money is recovered, if at all.”

In March of 2015, the OCC stated:

“While often viewed as separate areas, the goals of BSA/AML and cybersecurity are increasingly converging. Terrorists, drug cartels, and cybercriminals all have a need to generate cash and move money, and it would seem that many of them would share some of the same goals. There are lessons to be learned from our decades-long experience in BSA enforcement that can be applied to the cybersecurity area, and vice versa.”

Cyber is not a siloed risk. With everything, including our money, being digital, the power of data and information grows daily. Breaching that information could cause catastrophic damage in nearly every area of our financial system and economy. Kaspersky, an international software security company, has created a real-time CyberThreat Map, which shows the sheer volume of attacks that are being dealt with by the minute.

You can’t be good at mitigating AML/CTF risk and ignore cyber risk. If you have holes in your cyber controls, then your AML Program is at risk. The scariest part is that the current cobweb of legacy IT systems and patchwork fixes to these programs makes identifying cybercrime-initiated transactions very difficult. This creates the risk that innocent, law-abiding citizens and FIs could easily be dragged through the mud before it’s determined that they had nothing to do with the offense. These types of allegations and publicity can permanently damage a good reputation, which is next to impossible to get back. Just ask a victim of serious identity fraud. The next seven years of your life will be affected heavily for something that you had nothing to do with.

Cyber is extremely scary given the massive surge of FinTech and other similar online vehicles that allow for near real-time movement of funds across the globe. FinTech, while absolutely necessary and here to stay, is an obvious target for cybercriminals. If they can hack a FinTech company’s systems, they could move large amounts of money by taking over an account and quickly moving the funds of an unwitting customer to a destination where there is no ability of recovery.

Any type of cyber breach, including Distributed Denial of Service (DDOS) and other types of cyber attacks, may have other underlying intentions that organizations are blind to. A DDOS attack could easily be a diversion to overload an FI’s resources, while the real reason for the attack was to penetrate a specific set of data/information to be used to facilitate money laundering and terrorist financing. Anytime during and after a cyber breach, including things like DDOS attacks, all other AML/CTF systems and programs must be on heightened alert, because many of their defenses and resources are occupied with recovering from the data breach.

We see AML solutions becoming more and more automated, requiring less human attention (or so we think). Notice in the NY Times article, that the only reason the criminals didn’t get off with all the money is because of a typo in one of the transfers (“fandation” vs. “foundation”). This small variation may be something that a system could see as a minor discrepancy, allowing the transaction through. Luckily, someone at Deutsche Bank noticed the misspelling and inquired for additional information, which led to them to the criminal activity. This reiterates the fact that these automated solutions, while necessary, are built on big data, algorithms, artificial intelligence, etc. which can be defeated by these hackers. They can access, analyze, understand and wait for the right time to strike. If cyber hackers can simply breach these systems and gather the algorithmic data needed to understand what will create a red flag in the automated system, we have a major problem. This would allow money launders and terrorist financiers to conduct transactions “knowing” they will not be flagged, because they literally run their own end-user testing with the stolen data sets. Once they have the transactions structured in a way to circumvent the technology, let the illicit transactions begin (just make sure to “spellcheck”).  

We (all of us) are the first line of defense in cyber space. The new saying about being hacked is, “it’s a matter of when, not if.” This unfortunately has been proven true. Cybercriminals attack at every level and look for the weakest link. That link almost always falls on an individual, or group of individuals that do not take proper Cyber precautions on their devices, including phones, tablets and computers. This is the entry point of many cyber attacks, because while systems may have few vulnerabilities, humans are vulnerable to emotions, sales, enticing promises, system generated prompts (“click here to clean your system”), etc. There remains a culture of Cyber that is not nearly strict enough. I still see passwords taped to monitors, logins and passwords put in “notes” on phones and computers, viewing 2-step authentication as too bothersome, and probably the biggest, not using and regularly changing STRONG passwords. If your password is less than 8 characters and only has letters and/or numbers, a brute force attack can and will break the password in less than 24 hours in most cases. The case from the NY Times involving the Central Bank of Bangladesh has now been linked to a “Remote Access Trojan [which] gave the hackers access to computers inside the central bank. Investigators believe that the hackers surveilled the bank for weeks or perhaps longer in order to submit transfer requests that would exactly match the Bangladesh bank’s normal behaviors related to such requests.” The perpetrators not only intimately knew the Bangladesh Bank’s internal processes, they “gained by spying on bank workers”, per We have to be more aware of our personal and professional cyber vulnerabilities and do everything possible to combat against them.

While all things Cyber are not AML related, and vice versa, they cannot be viewed as separate risks. Cyber can be a powerful tool to assist in money laundering and terrorist financing. Weak cyber controls are a motivation for cybercriminals to target specific information needed to conduct illicit transactions. Cyber is the scariest threat we have, because it allows for all types of massively destructive activity, including money laundering and terrorist financing. Cybercrime threatens our way of life more than any other threat. I say this because terrorism, trafficking, money laundering, etc., can be increased significantly through cybercrime. Cyber and AML/CTF historically have involved different groups and different goals, but terrorist and money launderers have found common ground in technology via the World Wide Web. The criminals see the weakest link to facilitate fraud and it’s Cyber. So begins the monetary, social and criminal fights of our generation, cyber-laundering and cyber-terrorism. We must unite to prevent a serious global cyber crisis. There is simply too much on the line not to. 

For more information on BSA/AML/CTF solutions, follow the Cypress Resources’ blog.

Learn more about Profitable Compliance HERE

The author, Nick Guest, is the Director of Risk for Cypress Resources, an Advisory Board Member for the Money Laundering and Financial Crimes Institute (MLFC), and a member of ACAMS. Connect with Nick on LinkedIn and Twitter (@NickGuestCR)

Editor’s Note: The views expressed by the author are not necessarily those of the Global Cyber Alliance.