Financial crime

An AI deepfake of the Chief Financial Officer of a large multinational firm convinces an employee to wire $25 million to nefarious accounts.

A cyber breach on the world’s largest bank renders its U.S. arm temporarily unable to clear trades, leading to one of the worst Treasury bond auctions in a decade.

A ransomware attack on the largest medical billing and claims platform in the U.S. halts the flow of payments to hospitals, insurers, and pharmacies, creating an unprecedented liquidity crisis.

In Myanmar and Cambodia, an estimated 200,000 people may be held against their will and forced to carry out online scams, according to the UN Human Rights Office.

This is financial crime in the Era of Exponential Risk, where the same groundbreaking technologies that enable growth and innovation can also create shocks to increasingly interconnected systems and economies. Monetary theft, fraudulent activity, and cybercrime are not new concepts, but the stakes of the age-old cat-and-mouse game are higher than ever. Financial criminals are getting smarter, and targeted attacks are growing in frequency and severity as newer, more sophisticated schemes outmatch traditional methods organizations have used to manage their risk.

For 2023 alone, the FBI reported that potential monetary losses to cybercrime in the US exceeded $12.5 billion, a 23% increase from the previous year. Data from Moody’s GRID database for screening and risk monitoring emphasizes the trend, now regularly generating over 30,000 alerts annually related to cybercrime – up from less than 2,000 in 2016. And in September 2023, Moody’s Ratings published a cyber heatmap identifying $22 trillion of rated debt in sectors with “high” or “very high” levels of exposure.

Partially fueling the growth are massive financial flows that move in the blink of an eye combined with digital currencies, generative AI, and other emerging technologies that enable bad actors to perpetrate crimes and cover their tracks. As organizations rapidly digitize products, services, transactions, and processes, scammers are ready to exploit new vulnerabilities.

The Era of Exponential Risk has changed the game at every phase of the financial crime playbook.

First – finding the target.

Aided by increasingly sophisticated technology, cyberattacks have become more targeted yet more diverse than ever. Fraudsters recruit victims via social media or chat apps using convincing AI-generated images, video, text, and voice calls. Large-scale phishing attacks apply specific information to target corporate employees. Fake companies scam legitimate companies with bogus invoices.

Next – extracting the money.

Methods of extortion have also become more diverse and sophisticated as criminals shift toward more direct and aggressive monetization strategies. Whereas previously a hacker may have focused on stealing data and selling it later on the dark web, ransomware now allows them to encrypt that data and demand payment for its release. And with dire financial implications of prolonged outages for critical infrastructure, victims are highly incentivized to pay.

Last – laundering the money.

The final and arguably most difficult step for cybercriminals is to launder the money to make it usable without attracting attention. Shell companies, along with cryptocurrencies, blockchain technology, mixing services, decentralized finance platforms, and other emergent technologies have equipped cybercriminals with greater efficiency and added complexities for law enforcement agencies.
Read Risk^N in action. Exponential risk and financial grooming

Alongside emerging technology, other trends are increasing financial crime risk – some of which have little to do with the movement of money, such as remote, distributed workforces and a growing reliance on digital communications. Military conflicts and political instability have also opened up areas of largely ungoverned territory for criminals to base their operations with little concern over law enforcement.

Not surprisingly, the threat of financial crime has become a board-level concern for companies and industries not previously seen as targets of high-level fraud. Tighter reporting requirements driven by expanding economic sanctions and geopolitical turmoil also place greater pressure on organizations to gauge their counterparty risk and monitor politically exposed persons.

Clearly, it is no longer possible for companies to adopt a “set and forget” approach to financial crime, compliance, and third-party risk management. New technologies enable new ways of perpetrating financial crime, and today’s interconnected world magnifies the risk and the impact. Companies now need real-time monitoring, automated workflows, and extensive data to keep up with 24/7 organized crime threats. In other words, they need perpetual security and third-party risk assessment to manage and get ahead of evolving threats.

As a global risk assessment firm committed to helping its customers navigate the Era of Exponential Risk, Moody’s offers solutions that help customers detect, prevent, and remediate financial crime with a range of controls for various points in their operations.

Moody’s solutions allow customers to build their own unique risk management ecosystems using flexible workflow platforms, insightful research and analytics, and extensive data on hundreds of millions of individuals and entities. Taken together, users are empowered to make evidence-based decisions about doing business with a person or entity based on historical data, ongoing monitoring, and forward-looking risk insights.

When presented with the opportunity to do business with an individual or organization, Moody’s customers can tap into rich historical data to uncover concerning information on ultimate beneficial ownership or potential signs of a shell company used to hide illicit activity. Moody’s onboarding platform can also flag previous cyber breaches, indicating where an enhanced review process may be necessary.

Once a Moody’s customer has fully onboarded a customer or supplier and has vetted them against sanctions lists and databases of politically exposed persons, the user can continue to monitor for potential signs of financial crime. Moody’s uses artificial intelligence and natural language processing to identify, interpret, and flag content from news publications, press releases, and other media around the globe, enabling users to find and track adverse media associated with their counterparty in real-time.

Moody’s also incorporates real-time cyber risk indicators from its affiliate BitSight, a cybersecurity firm that helps organizations manage exposure for themselves and their third parties.

And looking ahead, Moody’s seasoned team of analysts and thought leaders are constantly publishing research, engaging with industry experts, and monitoring developments in technology – placing customers at the forefront of financial crime mitigation.

The Era of Exponential Risk has drastically raised the stakes for organizations in the ongoing battle against financial crime. But with the right holistic and adaptive risk management approach, leaders can thrive by reducing risk, increasing resilience, and enabling growth.