Cybercrimes continue to be a topic of concern for financial institutions as technology grows more sophisticated and progresses rapidly. Broadly, money laundering in cyberspace is defined as an illegal activity carried out by means of a computer or the internet. Compliance professionals have come to know it as cybersecurity threats in the form of social engineering, network attacks, phishing and malware, business email compromise (BEC), ransomware, and the exploitation of software vulnerabilities.

Over a decade ago, the commonality of these terms scarcely existed in our everyday language. The proliferation of cyber threats due to their speed, reach, magnitude, and accessibility of the U.S. financial system has enabled illegal activity, such as fraud, money laundering, and identity theft. In an effort to magnify the weight of these growing threats, in June 2021, the Financial Crime Enforcement Network (FinCEN) released a list of anti-money laundering and countering terrorism financing priorities of national concerns, citing cybercrime as one of the most significant threats.

Recognizing the signs of cyber-enabled money laundering

Here are a few red flags credit union staff should be on the lookout for to detect cyber-enabled money laundering:

  • Unsolicited communications from purported trusted sources to victims to send fraudulent payment instructions to financial institutions or other business associates to misappropriate funds or cause data to be transmitted fraudulently.
  • A member conducting transactions with convertible, virtual currency addresses that have been linked to a darknet marketplace or other illicit activity.
  • Deposited funds that are quickly diverted via wire transfer to foreign accounts located within countries with known-deficient AML controls.
  • Discrepancies between IP addresses associated with the member’s profile and the IP address from which transactions are being initiated.
  • Use of money mule accounts or a money mule (a person or account used on the behalf of or direction of another) for the passthrough of illegal funds by wire transmission or depositing or cashing out ill-gotten gains.
  • A member’s personal bank account receiving transactions that are not typical for the transactional history and member profile, including overseas wire transactions, purchasing large sums of convertible virtual currency, transactions in large fiat amounts, or the account has a low balance until involvement in a money mule scheme.

There’s still time to register!

Corporate One’s annual BSA/AML and OFAC training with ProBank’s Mark Dever

Mark is back again this year with his usual flair to efficiently and cost-effectively help BSA/AML officers and compliance professionals meet the FFIEC’s expected training guidelines. This “BSA basics” webinar will cover the following topics: currency transaction reporting, Office of Foreign Asset Control, audit, suspicious activity reporting, member due diligence, risk assessment, “beneficial ownership,” and more.

Date: May 4

Time: 1:00 – 4:00 p.m. ET

Register Now

Taking action

Below are some actionable steps credit union can perform in response to cyber-enabled money laundering:

  1. Report cyber-enabled crime and cyber-events through Suspicious Activity Reports (SARs) with FinCEN. Credit unions are reminded of their mandatory SAR reporting obligations of cyber-events that intend, in whole or in part, to conduct, facilitate, or effect an unauthorized transaction or series of transactions, aggregating $5,00 or more. Credit unions are also encouraged to report egregious or damaging cyber-events and cybercrime where otherwise a SAR is not required.
  2. Collaborate between AML/BSA departments and in-house cybersecurity units to identify and report suspicious activity. Information from cybersecurity units can reveal additional patterns of suspicious behavior and aid in more comprehensive risk assessment and risk management.
  3. Share cyber-related information between financial intuitions. Under Section 314(b) of the USA PATRIOT Act, financial institutions may share information, including cyber-related information, for the purpose of identifying and reporting money laundering and terrorist activities, and thus, may receive 314(b) safe harbor protections.

For a more comprehensive list of reg flag indicators and reporting of suspicious activity, BSA staff is encouraged to review FinCEN’s cyber guidance. Below is a list of helpful resources:

  • FIN-2016-A005, Advisory to Financial Institutions on Cyber-Events and Cyber-Enabled Crime
  • FIN-2019-A003, Advisory on Illicit Activity Involving Convertible Virtual Currency
  • FIN-2020-A005, Advisory on Cybercrime and Cyber-Enabled Crime Exploiting the Coronavirus Disease 2019 (COVID-19) Pandemic



Kinya Knight, AVP
BSA/AML Compliance Manager