The first quarter of the 21st century is closing in—but for financial crooks, some things never change. Bank robbing, money laundering and even pickpocketing¹ are as popular as ever and many of the old scams have been made much easier, thanks to the internet. Modern-day crooks can operate at any time of the day, even “work from home” in their pajamas, while having an endless array of targets that they could get to within milliseconds at their disposal, and an abundance of sophisticated tools they can use to carry out their crimes and cover their tracks.

The year 2019 promises to be no different. The old “favorites” will still be around, but bad actors will also create new scams, focusing in on new vectors and vulnerabilities, while continuing to mine the tried and true targets. What new threats will institutions—and the people who rely on them—face?

Mules Moving More Money

According to Europol, a “money mule” is “a person who transfers illegally obtained money between different payment accounts, very often in different countries, on behalf of others.”² The law enforcement body should know; just this month, it arrested 168 mules and identified some 1,500 others worldwide.³ The arrests were made in over 20 EU states, and the criminals involved were responsible for over 25,000 transfers, totaling more than 36 million euros.

But the operation—dubbed fourth annual European Money Mule Action (EMMA4)—clearly just scratches the surface. According to U.K. fraud prevention group Cifas, there have been “dramatically increasing numbers of young people acting as ‘money mules,’” with that number doubling in the last 10 years.⁴

In just one iteration of the scam, digital bank Monzo recently revealed that students who had graduated and were going abroad sold their bank account credentials to scammers for a small sum—providing money launderers with another channel through which to funnel their illegal cash.⁵ Things have gotten so bad that Europol has launched a social media campaign aimed at young people with the hashtag #DontbeaMule⁶—a clear indication that this scam will continue to grow over the coming year.

2019 Expected to Be a “Fine” Year

Since 2009, financial institutions have been fined over $17 billion in anti-money-laundering (AML)-related penalties but the fines that will be imposed on Danske Bank alone in 2019 could reach nearly half that figure. According to some analysts, the Danish bank, accused of laundering hundreds of billions of dollars at its Estonian branch, could be in the hole for as much as $6 billion,⁷ or even $8 billion,⁸ when regulators finally uncover the full story of what some have called the biggest money laundering scandal in history.⁹ The investigation, which is ongoing, is likely to be wrapped up sometime in 2019, with a record AML penalty imposed on Danske Bank.

Danske Bank was far from the only institution to be investigated and fined in 2018—regulators opened investigations or slapped fines on institutions like Commonwealth Bank of Australia,¹⁰ the U.K. division of India’s Canara Bank,¹¹ Standard Chartered Bank,¹² Deutsche Bank,¹³ Mitsubishi UFJ Financial Group¹⁴ and Goldman Sachs,¹⁵ among others.

New and stricter EU AML protocols¹⁶ were widely implemented this year, and those protocols are only going to get tougher in 2019.¹⁷ The U.S. is also expected to further its AML prosecution in 2019,¹⁸ with new rules that will likely impact enforcement.¹⁹

Electronic Money Laundering Takes the Next Great Leap

It is not just “traditional” money laundering that has jumped by leaps and bounds; electronic money laundering, in which actors take advantage of the online financial system, is also on the uptick. Black Friday 2018 set all sorts of records for biggest online sales ever, most money spent online ever, etc. Given the ubiquity of online shopping, it is natural that bad actors would take advantage any way they can. That could include hacking websites,²⁰ stealing customer credit card data,²¹ or “credential stuffing” scams—when sites are trolled for user information in order to gain access to online bank accounts and other sensitive data.²²

As online shopping grows, electronic money laundering is likely to grow in popularity as well. In this scam, cybercriminals leverage legitimate shopping sites, using payment pages to process credit card payments for illicit goods or services. Thus, online drug dealers could set up a site as a third-party seller on a marketplace site, pose as an antique bookseller and take orders from customers—processing the payment through the marketplace's credit card system, with the invoice listing the sale as a book. With e-commerce set to break all records in 2019, it is almost a given that electronic money laundering will grow as well.

Cybercriminals had great success in 2018, and armed with new and advanced capabilities and innovative ideas and scams, 2019 is likely to go down as a very profitable year for them unless action is taken to intercept. More innovative approaches are needed to root out money laundering and financial crimes. In an end of year plea to financial institutions, a group of AML-focused U.S. government agencies asked financial institutions to find “new ways of using existing tools and adopting new technologies” to “help identify suspicious activity and combat money laundering and terrorist financing,” using “private sector innovation."²³

To help, the Office of the Comptroller of the Currency has established “an office of innovation that supports the implementation of responsible innovation and new technology in the financial system.”²⁴ With regulators set on pursuing AML more seriously and encouraging all parties to take responsible action, institutions should consider adopting technologies and methods that will make them stronger and efficient in fighting financial fraud in 2019 and beyond.

Ron Teicher, CEO, EverCompliant, New York, NY, USA, ront@evercompliant.com

1. Amber Hicks and John Carlton, “Watch as pickpockets in London nabbed by plain,” CoventryLive, November 29, 2018, https://www.coventrytelegraph.net/news/tv/oxford-street-pickpocket-london-robber-15485700
2. “Money Muling” Europol, https://www.europol.europa.eu/activities-services/public-awareness-and-prevention-guides/money-muling
3. “Over 1 500 money mules identified in worldwide money laundering sting” Eurojust, December 4, 2018, http://eurojust.europa.eu/press/PressReleases/Pages/2018/2018-12-04.aspx
4. “30 facts about fraud: past, present and future,” Cifas, https://www.cifas.org.uk/insight/30-facts-about-fraud-past-present-future
5. Patrick Collinson, “Fraud: here’s how scammers get away with it,” The Guardian, July 7, 2018, https://www.theguardian.com/money/2018/jul/07/heres-how-scammers-get-away-with-it
6. Europol, Twitter page, https://twitter.com/EC3Europol
7. Reuters, “Danske Bank Faces US investigation into money laundering,” The Guardian, October 4, 2018, https://www.theguardian.com/world/2018/oct/04/danske-bank-faces-us-investigation-into-money-laundering
8. Wochit Business, “Analysts Say Danske Bank Could Be Fined $8 Billion After Money Laundering Scandal,” Youtube video, 3:27, September 20, 2018, https://www.youtube.com/watch?v=zXMUAbS7Z4c
9. Juliette Garside, “Is money-laundering scandal at Danske Bank the largest in history?” The Guardian, September 21, 2018, https://www.theguardian.com/business/2018/sep/21/is-money-laundering-scandal-at-danske-bank-the-largest-in-history
10. Matthew Doran and Michael Janda, “Commonwealth Bank to pay $700m fine for anti-money laundering, terror financing law breaches,” Australian Broadcasting Corporation, June 4, 2018, https://www.abc.net.au/news/2018-06-04/commonwealth-bank-pay-$700-million-fine-money-laundering-breach/9831064
11. Kirstin Ridley, “India’s Canara bank fined in UK for anti-money laundering breaches,” Reuters, June 6, 2018, https://www.reuters.com/article/us-britain-canara-moneylaundering/indias-canara-bank-fined-in-uk-for-anti-money-launderingbreaches-idUSKCN1J21EI
12. Reuters, “Singapore fines Standard Chartered $4 million over money laundering breaches,” CNBC, March 19, 2018, https://www.cnbc.com/2018/03/19/singapore-fines-standard-chartered-over-money-laundering-breaches.html
13. “Deutsche Bank headquarters raided over money laundering,” BBC, November 29, 2018, https://www.bbc.com/news/business-46382722
14. Emily Flitter, “U.S. Prosecutors Are Said to Be Investigating Japan’s Largest Bank,” The New York Times, November 21, 2018, https://www.nytimes.com/2018/11/21/business/mitsubishi-ufj-north-korea.html
15. Thomas Frank, “Goldman Sachs downgraded by Morgan Stanley until Malaysian 1MDB scandal is ‘resolved,’” CNBC, November 21, 2018, https://www.cnbc.com/2018/11/21/goldman-sachs-downgraded-by-morgan-s
16. “Strengthened EU rules to tackle money laundering, tax avoidance and terrorism financing enter into force,” European Commission, June 26, 2017, http://europa.eu/rapid/press-release_IP-17-1732_en.htm
17. Sara White, “EU plans to tighten anti-money laundering rules,” Accountancy Daily, October 1, 2018, https://www.accountancydaily.co/eu-plans-tighten-anti-money-laundering-rules
18. Joe Mont, “AML programs continue to vex banks in cost, complexity,” Compliance Week, November 20, 2018, https://www.complianceweek.com/news/news-article/aml-programs-continue-to-vex-banks-in-cost-complexity
19. “Description: Customer Due Diligence and Beneficial Ownership Requirements for Legal Entity Customers – Overviews and Examination Procedures,” Office of the Comptroller of the Currency, May 11, 2018, https://www.occ.treas.gov/news-issuances/bulletins/2018/bulletin-2018-12.html
20. The Associated Press, “British Airways travellers’ credit card details hacked,” Canadian Security, September 7, 2018, https://www.canadiansecuritymag.com/news/data-security/british-airways-travellers-credit-card-details-hacked
21. Roland Moore-Colyer, “Hackers crack Newegg’s shell and poach customer credit card data,” The Inquirer, September 20, 2018, https://www.theinquirer.net/inquirer/news/3063097/hackers-crack-neweggs-shell-and-pilfer-customer-credit-card-data
22. Gary Audin, “Credential Stuffing: Understanding Another Cyber Threat,” No Jitter, November 23, 2018, https://www.nojitter.com/security/credential-stuffing-understanding-another-cyber-threat
23. “Agencies Issue a Joint Statement on Innovative Industry Approaches,” Office of the Comptroller of the Currency, December 3, 2018, https://occ.gov/news-issuances/news-releases/2018/nr-occ-2018-130.html
24. Ibid.