Spotlight on Financial Crime
Explore the trends shaping today's financial landscape and their implications for the year ahead.
Download nowThe Federal Bureau of Investigation (FBI) has released its Internet Crime Report for 2022, revealing the top cybercrime types faced by US networks and the bureau’s efforts to combat rising threats.
Based on information submitted to the Internet Crime Complaint Center (IC3) – a national security organization with law enforcement responsibilities – the report notes that potential losses due to cyberattacks totaled $10.3 billion in 2022, marking a 49 percent increase from 2021. This is despite the IC3 seeing a five percent decrease in scam complaints compared to 2021.
The report analyzes the last five years’ worth of data (2018-2022) and lists the top five cybercrime types that resulted in the highest amount of reported losses. In ascending order, the top crime types include:
Within these crime types, the FBI highlighted four major threats: business email compromise (BEC) scams, ransomware, call center fraud, and investment scams. The total losses relating to each of these threats were:
Of the total amount lost to investment scams, $2.57 billion was generated through cryptocurrency investment fraud. According to the FBI, this represents a 183 percent increase from 2021. Our 2023 global compliance survey echoes this growing trend, with “investment scams” topping the list of fraud types firms are most concerned about, alongside tax fraud.
The report also highlights five common crypto investment scam variations that were heavily reported in 2022, including:
The report also comments on the IC3 Recovery Asset Team (RAT), noting its 73 percent success rate in freezing funds that have been stolen as the result of an online scam. In one of the two case studies presented, the report contextualizes the Financial Fraud Kill Chain (FFKC) process that IC3 RAT uses to freeze accounts.
In September 2022, a victim from Seattle, Washington notified IC3 they had unwittingly sent $650,000 to a hacker that had posed as an investor. Following the immediate initiation of FFKC and further collaboration with the victim’s financial institution, a return of approximately $645,000 was issued.
The FBI’s report was published at the same time the US government released its FY 2024 Budget. Among the budget’s goals and priorities listed on pages 63 and 64, the proposed budget seeks to “advance US cybersecurity,” specifically committing to “making cyberspace more resilient and defensible.”
The US government intends to do this by providing $98 million to implement the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) – which was signed into law in March 2022 – and $425 million to improve the Cybersecurity and Infrastructure Security Agency’s (CISA’s) internal cybersecurity and analytical capabilities. Overall, the proposed funding for CISA has increased by $149 million from last year, bringing the agency’s total funding to $3.1 billion.
Compliance staff should ensure they are familiar with the Financial Crimes Enforcement Network’s (FinCEN’s) guidance on how to fulfill Bank Secrecy Act (BSA) reporting requirements related to cyber events. When filing a suspicious activity report (SAR), FinCEN also reminds firms to select SAR field 42 (Cyber event) as the associated suspicious activity type.
Additionally, compliance teams should note the joint cybersecurity advisories and alerts issued by the FBI, the Central Intelligence Agency (CIA), and the Department of the Treasury. As well as highlighting observed tactics, techniques, and procedures (TTPs), the advisories recommend implementing the following cybersecurity measures:
Explore the trends shaping today's financial landscape and their implications for the year ahead.
Download nowOriginally published 16 March 2023, updated 18 April 2024
Disclaimer: This is for general information only. The information presented does not constitute legal advice. ComplyAdvantage accepts no responsibility for any information contained herein and disclaims and excludes any liability in respect of the contents or for action taken based on this information.
Copyright © 2024 IVXS UK Limited (trading as ComplyAdvantage).