Instances of ransomware attacks – and resulting payments via cryptocurrency – continue to increase at an accelerating rate. As the intermediary between victim and criminal, banks hold a great deal of promise in identifying this activity. But considering to the nature of cryptocurrency, that is one tall order.
A recent FinCEN report suggests that financial institutions are in for a rude awakening when it comes to financial crime. The first half of 2021 saw a frightening rise in the total value of suspicious activity reported in ransomware-related SARs ($590 million). This exceeds the value reported for the whole of last year by a staggering $416 million. Several money laundering typologies common among ransomware variants were identified – including the increased use of Anonymity-Enhanced Crypto Currencies (AECs) and mixing services to obscure the actor behind the ransomware attack. Financial institutions unwittingly facilitate these payments, and it is incumbent on them that they take measures to identify and report them.
#Ransomware Risks are Growing!
Per FinCEN, reports of ransomware attacks for the first HALF of 2021 were up 30% over ALL of 2020, while the value of reported attacks surged 42%. https://t.co/DnqNhAs3DP
— SEC Fort Worth (@FortWorth_SEC) November 11, 2021
The combination of know-your-customer (KYC) and anti-money laundering (AML) measures represents the best strategy developed to date. But at the end of the day, we don’t know well this works. We don’t even know for sure how many ransomware attacks are paid.
A Spike in Suspicious Cryptocurrency Payments
When one considers the millions of SARs filed over the course of the year in the U.S., the recent FinCEN report only details 635 that relate to ransomware. This shows that rule makers and financial institutions are just scratching the surface when it comes to detecting and reporting these attacks. A significant challenge for financial institutions is to determine what constitutes a ransomware threat in the first place. Herein lies the problem. If banks are unable to fully understand the nature of the attacks, then how are they able to report on them with any confidence?
That is where FinCEN comes in; it continues to identify new patterns. For example, Bitcoin is by far the most commonly used currency. Analyzing payments of 177 different coins, FinCEN identified $5.2 billion that was potentially associated with ransomware. FinCEN’s newest advisory from November 8 (PDF download) on ransomware confirms that the issue continues to grow. The use of cryptocurrencies, along with anonymity-enhanced currencies (AECs) like Monero and decentralized mixers will continue to hound financial institutions. This is proof, if any was needed, that the industry continues to face new challenges in the anti-money laundering space that go beyond the more traditional forms of financial crime.
It is clear, also, that both crime enforcement and financial institutions need combs with finer teeth. Both the FinCEN analysis cited above and the SAR reporting system suggest the practice of ransomware payments via cryptocurrencies. But they do not prove them. The onus has been placed on banks to determine what constitutes suspicious activity.
Traditional Monitoring Is Growing Obsolete
While many banks are conservative by nature, and instinctively do not want to directly dip their toes into the cryptocurrency spaces, the sheer size of this growing market means they are inevitably going to be banking some form of digital asset directly or indirectly, whether they like it or not. It is already a challenge for banks to comply with existing customer onboarding and transaction monitoring challenges, let alone anonymity-based activity of a virtual nature. So, as if it were hard enough trying to stamp out the more traditional forms of money laundering, now banks are faced with not one, but two additional threats at the same time.
Traditional approaches to KYC and transaction monitoring simply will not work when virtual currencies come into play. The growing concept of “Perpetual KYC,” whereby the financial institution takes a more dynamic role in observing their customers and potential changes to their profile, rather than following a more common, prescriptive refresh schedule, is one solution for not only addressing clients exposed to ransomware but also those who engage in the use of virtual assets.
Similarly, traditional transaction monitoring methods, already a challenge in finding the more well-established methods of money laundering, may not necessarily detect illicit uses of crypto assets. New algorithms and new methods of detection will be needed to appropriate monitor activity flowing through the blockchain.
Hitting a Moving Target
The answer requires a certain specialization that is still being worked out from both a transaction monitoring and a customer onboarding perspective. If traditional financial institutions are going to end up doing business in crypto assets and are even slightly behind in terms of technology, then they have a basic problem: they simply will not be able to keep up with the constant innovation being used by bad actors.
Embracing the use of technology solutions will further enable institutions to tackle these problems head-on. This is where the interplay between transaction monitoring, KYC, and event behavioral analysis comes in. When onboarding a client, banks will need as much accurate information as possible. Later down the road, the client may need to be reviewed in more detail. As a case in point, what happens if the client does start dealing in crypto? Or, what if the client engages in a one-off virtual currency transaction? A bank may have to revise its onboarding and periodic refresh procedures, and potentially apply a different level of due diligence to address these issues and find out, for example, precisely why the client has built up such big positions in certain crypto currencies.
While the latest FinCEN reports show that governments are becoming more proactive when it comes to trying to detect increasingly more sophisticated forms of financial crime, including providing more updates on ransomware attacks and suspect crypto payments, there is still a long way to go. As more quantifiable laws come into effect, financial institutions can ill afford to stand still. In order to keep up, a much more sophisticated, technology-based approach to transaction monitoring and customer onboarding is required to avoid not only being spooked by the big fine, but to help in the ongoing fight against financial crime.
Ned Kulakowski is a senior financial crime consultant at 
