There are many ways in which a criminal can illegally acquire money electronically. Whether it’s through malicious malware, phishing, vishing and smishing scams, account takeovers or other vectors, a commonality across all these attack methods is that fraudsters will need to move the illicit funds fast to avoid being caught and have the sum confiscated.

This is where the three stages of money laundering come into play, according to the United Nations Office on Drugs and Crime (UNODC): placement, layering and integration. In traditional money laundering schemes, the placement of funds begins when dirty money is put into a financial institution. When funds are stolen online through digital transactions at financial institutions, the process immediately jumps to layering.

This is done in three main ways:

  1. Moving funds within the financial system;
  2. Moving funds into unregulated financial e-cash systems; and
  3. Removing funds from the financial system altogether.

Moving Funds Within the Financial System

Moving funds within the financial system generally only occurs with very large sums of money. Some of the most common methods for this include the use of:

  • Offshore accounts;
  • Anonymous shell accounts;
  • Money mules; and
  • Unregulated financial services.

Offshore Accounts

Individuals can transfer stolen funds into an offshore account in a locale where bank secrecy laws are very strict. These countries and territories are often referred to as tax havens.

Financial institutions, trusts, shell corporations and other financial groups in these regions may welcome money from almost anywhere and often do not require disclosure of information regarding where the money originated from. In turn, these institutions do not file any reporting back to the country in which the funds were generated.

Anonymous Shell Accounts

A shell company, bank, account or corporation is an entity that conducts no real business. It is essentially a cover used to hide and move funds. The purpose of these accounts is to deceive others into thinking the business is legitimate while laundering money and evading taxes.

According to the Federation of Tax Advisers, shell accounts “conceal the identity of the beneficial owner of the funds, and the company records are often more difficult for law enforcement to access because they are offshore, held by professionals who claim secrecy, or the professionals who run the company may act on remote and anonymous instructions.”

Money Mules

A money mule is a person who receives and transfers funds acquired illegally for others. Most mules receive a commission for their efforts.

When bank accounts are compromised by cybercriminals and international organized crime groups (OCGs), money mules are an essential part of moving victims’ money through the financial system and assisting criminals in cashing out the compromised accounts.

Unregulated Financial Services

Unregulated entities may offer a variety of services that can be applied for criminal purposes. Many things fit into this category, such as:

  • Electronic Money: Stored-value cards allow electronic money to be put onto the card directly and then used to purchase goods and services.
  • Casinos: In recent years, the Financial Crimes Enforcement Network (FinCEN) placed regulatory requirements on casinos due to the large sums of money and high frequency of transactions at these establishments. Not every country and territory follows these guidelines, however, allowing savvy criminals another pathway to move their illicit funds. A recent example of this is a Bangladesh bank heist where cybercriminals targeted the SWIFT system to move money before extracting it through a casino in the Philippines.
  • Underground Networks of Money Dealers: This refers to conduits through which money is transferred via informal methods. These underground systems can be used for legitimate remittances but are also used for money laundering, criminal activity and terrorist financing.

Preventing Money Laundering

Financial institutions have attempted to stop this type of criminal behavior through Customer Due Diligence (CDD) and Beneficial Ownership regulatory requirements. These requirements call for the identification of the true owner of an account to stop the abuse of anonymous shell corporations.

Mary Beth Goodman, a former member of the National Security and International Policy team at the Center for American Progress, wrote in American Banker that “beneficial ownership rules are actually good for business because they would lead to reduced corruption and increased competitiveness. Beneficial ownership rules reduce risk by allowing banks and other companies to know who they are doing business with and minimize their financial exposure to others’ misdeeds.”

These rules may be difficult to enact and follow; it can be a herculean effort to identify the true owner of a shell corporation or trust. Criminals know this and will purposely shuffle money from one anonymous offshore account to another, moving money through the financial system before it ends up in an account from which it can be withdrawn.

Financial institutions are continuously monitoring their security systems and watching account activity. Through the use of device identification, biometrics, transaction velocity monitors, geographical dispersion and customer behaviors, they are able to flag more attempted fraudulent activity than ever before. Having a systematic approach to financial security and financial crime prevention is essential to address vulnerabilities that fraudsters are eager to exploit.

More from Banking & Finance

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…

What Do Financial Institutions Need to Know About the SEC’s Proposed Cybersecurity Rules?

On March 9, the U.S. Securities and Exchange Commission (SEC) announced a new set of proposed rules for cybersecurity risk management, strategy and incident disclosure for public companies. One intent of the rule changes is to provide “consistent, comparable and decision-useful” information to investors. Not yet adopted, these new rules – published in the Federal Register on March 23 – could change reporting requirements. Take a look at some of the big-ticket items and what your organization needs to know.…

SEC Proposes New Cybersecurity Rules for Financial Services

Proposed new policies from the Securities and Exchange Commission (SEC) could spell changes for how financial services firms handle cybersecurity. On Feb. 9, the SEC voted to propose cybersecurity risk management policies for registered investment advisers, registered investment companies and business development companies (funds). Next, the proposal will go through a public comment period until May 9.  The Importance of Cybersecurity in Finance The 2021 X-Force Threat Index found that financial services were the most targeted industry. Manufacturing beat out…

Top Security Concerns When Accepting Crypto Payment

From Microsoft to AT&T to Home Depot, more companies are accepting cryptocurrency as a way to pay for products and services. This makes perfect sense as crypto coins are a viable revenue source. Perhaps the time is ripe for businesses to learn how to receive, process and convert crypto payments into fiat currency. Still, many questions remain. How can you safely enable customers to pay with Bitcoin or other digital currency? What are the security risks that come with cryptocurrency? Let’s…