The Convergence of Cyber and Financial Crime: The Power of Collaboration

Guy Sheppard, Head of Financial Crime Compliance, APAC, SWIFT

Guy Sheppard, Head of Financial Crime Compliance, APAC, SWIFT

Cyber and financial crime are traditionally seen as separate disciplines requiring distinctive preventive and management measures. With the emergence of new challenges and more sophisticated cybersecurity breaches in recent years, the two functions have started converging. Financial crime risks today originate from a number of new sources, including vulnerabilities stemming from digitization and automation, integration of financial systems within countries and internationally, and also a substantial growth in digital trade transactions.

Cybercriminals are well-organized and the most active groups observed in SWIFT member bank hacks are focusing on asset theft and demonstrating, with increased frequency, an excellent knowledge of the SWIFT system. They are patient, and the average reconnaissance period exceeds 100 days. They are also evolving and counter updating InfoSec protocols by gaining security accesses to circumvent multi-factor authentication, or crashing the system entirely to disrupt fund recovery exercises, as well as increasingly launching their attacks in plain sight during peak periods as opposed to out-of-hours as they used to do. In some instances, they are collaborating with traditional enemies of bank financial crime teams, such as organized criminal gangs, to assist in cash-outs.

This may explain why threat actors like Bluenoroff, a financial systems specialist division of the now infamous Lazarus group, appear to have preferences for the profile and geographical location of the victim banks. In some cases, the same bank has been hacked multiple times. For this reason, institutions are finding that the existing approaches for addressing cyber and financial crime are not sufficient when employed in silos. Collaboration across both fields becomes necessary for organizations to become more efficient and effective at understanding and managing this very dynamic and new type of risk.

A Tale of Two Cities – Cybercrime and Financial Crime

Before embarking on a successful risk management strategy, one has to first understand the relationship between cybercrime and financial crime. Cybercrime traditionally operated in a signature-based, advice-based analytics environment where businesses looked at existing evidence of suspicious activities. Financial crime, on the other hand, moved on from this a long time ago into large-scale data-based analytics which allows organizations to expose unknown attacks before they occur, instead of reviewing suspicions activity that has already been uncovered.

Nevertheless, these lines are blurring with the advent of new technology, as fraud and cybercrime activities have become more complex and interconnected. The clock is ticking for financial institutions that have yet to address the distinctions and differences of cyber and financial crime.

A Holistic Approach Towards Risk Management

When a network is compromised, regardless of the intention of the attack, the access points are the same. Gaining a thorough understanding of the risks and threats in cyber and financial crime is a holistic exercise that businesses, financial institutions, regulators and law enforcements need to undertake to break the business models of criminals. Techniques and technologies should be used cross-functionally to enable synergies across processes, tools and people, as well as capitalize on common controls.

Cyber threats are a constant source of worry and threat for the business community as much as they are for financial institutions, governments and key infrastructures. Regulation and compliance requirements are also more complex than ever, and carry major cost and efficiency implications for organizations across all sectors. Addressing the vulnerabilities with a collective approach and more effective technologies, global standard and practices is a priority.

Forging a Way Forward

As we move towards a real-time world, anti-money laundering (AML), know your customer (KYC) and sanctions compliance will continue to face new challenges. High-quality data and analytics are also becoming an imperative for organizations to improve efficiency and ensure greater transparency. Targeted attacks are more common than ever, as criminals become more sophisticated and ambitious in acquiring an understanding of how these systems work and how to remain undetected when moving money around the world.

The need to future-proof processes, respond appropriately to the risk of the evolving financial crime, and augment the cybersecurity landscape more effectively should be the top priorities. Without looking at the convergence and collaboration of investments and information sharing, organizations will continue to slip into a downward spiral of chasing quick fixes for new threats.

It is time to join forces and put on our best defense to combat these crimes that go beyond financial loss for banks and businesses, but also cause immeasurable harm to industries, societies and individuals across the globe. It is time to ask ourselves what we, as a community, can do to disrupt the financial crime ecosystem.