Matthew Probershteyn, Global Head of Correspondent Banking Financial Crime Compliance (FCC), and Head of Corporate & Institutional Banking FCC in the Americas & Europe at Standard Chartered Published in June 2020
The COVID-19 pandemic has created the greatest opportunity for systems penetration since the birth of the internet with financial institutions (FIs) in many countries forced into new ways of working, colleagues dispersed remotely, and normal chains of communication disrupted.
FIs are responsible for keeping their clients’ money and data safe, but with the increasing digitisation of financial services, cybercrime has grown exponentially. Even before COVID-19, cybercrime was costing large organisations an average of USD13 million dollars a year.1 Bank losses in 2018 were higher than those of any other industry.2
The World Economic Forum includes cyber-attacks within its top five threats to institutions because the losses extend far beyond the initial theft.3
FIs encounter reputational damage, disruption to operations, loss of customer data and the associated regulatory fines, all of which contribute to total losses. The issue also complicates the approach to “de-risking” (i.e. withdrawing financial services to higher-risk clients, often at the expense of financial inclusion), as FIs remain cautious in serving institutions or countries subject to increasing cybercrime risks.
COVID-19 has multiplied risks and forced cybercriminals and FIs to adapt. The rapid shift to remote working has disrupted workflows, reduced staffing levels, confused lines of communication, overburdened IT helpdesks and has made rapid adoption of new platforms compulsary. Furthermore, with business survival becoming an overarching priority, many FIs may have pushed down evaluating cybercrime risk on the list of priorities, making themselves more vulnerable.
COVID-19 has also enhanced the motivation of cyber-criminals. Many rely on the cash generated from their crimes to fund their day-to-day existence. As with other commercial enterprises, the pandemic has disrupted their usual markets and supply chains, increasing their motivation to identify new victims and greater spoils.
Although cybercriminals are exploiting COVID-related themes, they continue to use broadly similar tactics with greater speed and volume.
SWIFT Attacks on banks’ payments systems are not necessarily the highest in value but generally are the easiest to execute.Small payment type attacks, which cybercriminals know are not likely to be investigated, typically exploit vulnerabilities in banks’ funds transfer operations before payment messages are sent over the SWIFT network. Assailants may also tamper with the statements and confirmations that banks often use as secondary controls, delaying victims' ability to recognise that a fraud occurred.
A common related trend relates to sudden activity in accounts that were previously dormant, with the final act leading to an immediate cash withdrawal or outward wire transfer. By the time such activity is detected it is often already too late, but it is important to learn from it to prevent new attacks. Lower transaction amounts for large corporates can often go unnoticed.
Ransomware Attacks may also be particularly effective given the additional reliance on digital platforms created by the pandemic. While systems and processes are vulnerable, people are the most attractive targets for cyber criminals, who are focused on identify theft or deceptive cyber practices which give them access to IT infrastructure. Ransomware attacks towards corporations are also growing.
While physical money mule activity may have tapered during the pandemic, as the threat of global recession looms, the recruitment of money mules appears to be increasing though digital access to FI products.
Finally, while cybercriminals’ ultimate objective is to steal money, obtaining data is increasingly a means to this end. Personal data may be even more valuable as governments roll out more pandemic support funds. This has deep implications for FIs like banks that maintain very detailed client databases.
Regulators expect FIs to respond to cybercrime in a way that is commensurate with the markets in which they operate, and to stay ahead of evolving risks – COVID-19 included. We advise a multi-pronged approach to create effective and sustainable cybersecurity and financial crime compliance programmes.
First, reinforce your organisation’s information security approach and capabilities – especially important as normal risk processes are in danger of being overlooked as people work in social isolation.
Do the basics: ensure that operating systems are kept up to date, confidential information is encrypted, and that back-ups are well-designed and secured from the rest of your network.
Employee awareness, driven by senior leadership at the board-level, cannot be overemphasised: staff should be trained and tested to be wary of phishing attacks, which are still the most common source of cybercrime -penetration. On the systems side, consider how the latest technologies like Artificial Intelligence can help predict risk, rather than just dealing with incidents as they occur. And ensure that dashboards include metrics that can identify cybercrime attempts and correlate this data with money laundering and sanctions risk events.
Second, consider the impact that a cybercrime event would have on your organisation and on your clients, and ensure your “playbook” has clear procedures if one should occur. How would you manage a cyber-break to ensure functions such as financial crime compliance, legal and business lines remain aligned and able to tackle it concert? Stress-test yourself. Then do it again and do it regularly.
Third, threat communication is key. FIs should have a detailed communication plan internally and externally. As well as internal awareness campaigns, consider how to communicate with clients, regulators and media in the event of a breach, including identifying specific channels that will be used. Establishing the nature of the threats and challenges your institution faces, and work with partners and stakeholders to make them aware of the risks –as well as setting out communications protocols in the event of a breach.
Finally, work together. The financial services sector has a strong incentive to detect and prevent cybercrime. Agreeing best practices, passing on information about threats, sharing case studies of where things went wrong and what succeeded are key components to disrupting criminal networks. Include your law enforcement and regulatory partners. Cybercrime is here to stay, but by sharing our experiences we can ensure the threat remains manageable and that confidence in vital financial services remains high in the digital era.
This article contains insights from Standard Chartered’s Correspondent Banking Academy’s Fighting Financial Crime webinar series.