Risky Convergences

Cyber-enabled fraud, illicit casinos, and underground banking combine to threaten the financial system

📅 October 28, 2024

Latest UN report flags risks

Cyber-enabled fraud generated as much as $37 billion in losses in 2023 for victims in East and Southeast Asia. A major portion of these losses resulted from scams committed by transnational criminal organizations (TCOs) in Southeast Asia, according to a recent report by the UN Office on Drugs and Crime (UNODC). Using existing underground banking infrastructure, including underregulated or unregulated casinos, junkets, and illegal online gambling platforms that allow gaming using digital assets, as well as high-risk virtual asset service providers (VASPs), illicit actors are exploiting new technologies to facilitate the expansion of criminal industries in the region.

Asian crime syndicates have integrated new service-based business models and technologies including malware, generative AI, and deepfakes, into their operations while opening new underground markets and cryptocurrency solutions for their money laundering needs, according to UNODC.

These syndicates also use technologies, such as messaging apps and social media platforms, to recruit money mules to move illicitly gained funds through accounts they create at financial institutions.

Convergence of Cyber Enabled Fraud, Underground Banking, Transnational Organized Crime

The most significant development in the threat landscape of Southeast Asia, according to UNODC, is the way in which transnational organized crime groups and cybercriminals have developed services and products that are sold to other criminal actors. These developments, including novel digital solutions in money laundering and underground banking, have helped criminal enterprises across Southeast Asia expand and more efficiently integrate billions in criminal proceeds into the formal financial system. The new technologies and methods of moving illicit funds have attracted new criminal networks—ones that don’t necessarily need technological expertise to deploy these new methodologies.

Click below to read about new cyber-enabled methodologies that allow criminal actors to target victims and move illicit proceeds.

Digital Assets

Analysts with the blockchain firm Elliptic in 2024 exposed online marketplace HuiOne Guarantee, which facilitates pig butchering and other types of scams in Southeast Asia. HuiOne Guarantee is part of HuiOne Group, a Cambodian conglomerate with links to the country’s ruling Hun family that comprises a network of thousands of instant messaging app channels, each run by a different merchant, many of whom explicitly offer money-laundering services. Most merchants specify the types of fraud proceeds that they are willing to launder, based on the perceived risk of detection by financial institutions and law enforcement. Elliptic assesses that cryptocurrency wallets used by HuiOne Guarantee and its merchants have received more than $11 billion since 2021.

Illicit Casinos

Cybersecurity researchers have discovered that a Chinese organized crime syndicate with links to money laundering and human trafficking across Southeast Asia has been using an advanced “technology suite” to lead its operations. The enterprise secures European football club sponsorships using front companies or white label brands and uses them to advertise illegal gambling sites in the region. The suite, marketed in China as “baowang,” encompasses several components such as Domain Name System (DNS) configurations, website hosting, payment mechanisms, advertising, and mobile apps. It also hosts thousands of domain names and numerous brands in an infrastructure that’s tied to Hong Kong and China.

Underground Banking

Homeland Security Assistant Director for Countering Transnational Organized Crime, Ricardo Mayoral, in an April 2024 statement to the U.S. Senate noted that criminal organizations move significant sums of illicit funds using underground banking—informal value transfer systems (IVTS) common within Chinese diaspora communities—that pay the amount required to be remitted overseas to a bank account controlled by a Chinese money laundering organization, which then arranges for a reciprocal payment, or “mirror transfer,” to be made into a bank account of the remitter’s choice without the actual physical movement of funds, making laundering dirty money for criminal organizations faster and cheaper, according to Mayoral.

Cyber-enabled fraud is growing, especially with technological advances and increasing digitalization across the globe. Read about technologies used in fraud and other crimes in our Expert Insight Report in which we distill key points from the FATF’s report, including:

FATF’s Findings.
Non-Traditional Sectors.
Techniques and Typologies.
Detection and Deterrence.
Mitigation Strategies.

View Report

Expanding Criminal Ecosystem

Large underground online marketplaces explicitly servicing transnational criminal groups in Southeast Asia have helped accelerate ongoing convergence between cyber-enabled fraud, underground banking, and technological innovation. Underground marketplaces are migrating to the social media and instant messaging service, Telegram, enabling illicit actors to collaborate and conduct business online, fueling the growth of the regional illicit economy.

India’s financial intelligence unit (FIU) as of September 2024 was investigating Telegram on suspicion that the platform is being used for money laundering via trading of digital assets, as well as illegal gambling, according to press reporting.
Three cybercriminals, who operated a one-time password two-factor authentication fraud agency online and in a Telegram group, in September 2024 pleaded guilty in a UK court to conspiracy to make and supply articles for use in fraud, as well as money laundering. The OTP Agency charged membership subscription fees of as much as $500 a week, netting the perpetrators as much as $10 million.
Media reports in 2023 indicated that scam syndicates regularly use Telegram to recruit money mules. A cybersecurity organization found 14 Telegram groups offering cash for Singpass credentials that can be used to open multiple bank accounts to move illicit funds structured to avoid reporting thresholds.

Underregulated casinos, junkets, and illegal online gambling platforms are a critical piece of infrastructure used by transnational organized crime groups to move illicit proceeds. These industries increasingly use digital assets, according to UNODC, and have transformed into unauthorized and high-risk virtual asset service providers (VASPs) based in vulnerable parts of Southeast Asia.

Casinos, junkets, and cryptocurrencies are exacerbating transnational organized criminal activity in East and Southeast Asia as part of the region’s underground banking and money laundering infrastructure. In this Expert Insight Report, we explore the following topics:

Casinos
Special Economic Zones
Underground Banking
Money Laundering through Junkets
Online Casino Vulnerabilities and Challenges
Key Takeaways

View Report

Illegal offshore gaming operators have become entrenched in Southeast Asia. Singapore’s 2024 Money Laundering National Risk Assessment noted that remote or online gambling is more lucrative and transnational in nature than in-person gaming, and is a bigger illicit-finance concern because it services a multitude of players in various countries, who can use a variety of methodologies to move money through online platforms, the industry’s often opaque ownership and control structures, and registration in jurisdictions with lax AML/CFT regulations.

AI Facilitating Entry

With the growing public accessibility of generative artificial intelligence (AI) tools, technology has become a powerful force multiplier for criminal activities such as identity theft, fraud, data privacy violations, and intellectual property breaches, as well as threats to national security, according to UNODC. The increased availability of open-source tools further amplifies the risk, enabling a wider range of illicit activities, including biometric identification fraud and the creation of AI-assisted fraudulent content.

Criminals are no longer required to handle their own money laundering, code malware, or steal sensitive personal information. Instead, these services can be purchased from providers in underground markets and forums, often at very accessible prices. These service providers are enabling the growth of a cyber-enabled criminal industry by helping illicit actors automate phishing attacks, craft convincing fake identities and online profiles, and generate personalized scripts to deceive victims. In addition, AI generated content, and particularly deepfakes, is increasingly being misused by criminal groups in Southeast Asia for impersonation fraud and other cyber-enabled fraud schemes through the alteration of authentic video footage and audio.

A finance employee at a multinational firm in early 2024 was tricked into paying $25 million to a fraudster using deepfake technology to pose as the company’s chief financial officer. The employee was tricked into attending a video meeting with what he thought were several other staff members, but who were, in fact, deepfake recreations of his coworkers.
In a 2024 assessment, INTERPOL noted that the increased use of technology is enabling organized crime groups to more effectively target victims. AI and cryptocurrencies coupled with phishing- and ransomware-as-a-service business models have resulted in more sophisticated fraud campaigns without the need for advanced technical skills, according to INTERPOL.

Telegram allows the proliferation of cyber-criminal activities via underground marketplaces on the platform and has become a prime platform for accessing cyber-criminal tools, according to Infosecurity Magazine. These developments have lowered the barriers to entry for criminal networks that previously lacked the technical skills to exploit more sophisticated and profitable methods, according to UNODC.

Public and Private Sector Recommendations

UNODC’s recommendations to help countries and financial institutions strengthen their awareness of the convergence between technology, fraud, and TCOs are informed by dialogues and consultations with regulators and others in the Southeast Asia region. The report recommends:

Strengthening knowledge and awareness
Sharing intelligence and threat monitoring focused on cyber-enabled fraud
Collaborative research

Regulators and law enforcement authorities must monitor the involvement and expansion of organized criminal groups in casinos, junkets, VASPs, and other related sectors.

Financial institutions should monitor guidance released by regulators that’s based on shared intelligence and consultations, as well as adverse media reports about possible involvement of TCOs in transactions that exhibit red flags for fraud and other cyber-enabled crimes.

Cybercrimes generate illicit proceeds that need to be obscured by money laundering. The EU’s 6^th Anti-Money Laundering Directive includes cybercrime in its list of 22 money laundering predicate offenses, that also include human trafficking, drug trafficking, fraud, and others. Illicit actors use social media, fraudulently obtained identity credentials, wire fraud, and online gaming platforms to launder funds.

FinCEN in 2020 released an advisory on cybercrime and cyber-enabled crime that exploited the COVID-19 pandemic. These red flags are also applicable to the illicit finance threats discussed in this article.

🚩 A mismatch between the spelling of names in account information and government-issued identity documents provided at onboarding

🚩 Pictures in identity documentation, especially areas around faces, are blurry or low resolution, or have aberrations or indicate image manipulation, such as incongruences in coloration near the edge of the face, or double edges or lines on delineated facial features

🚩 Images of identity documents exhibit similar irregularities, indicating manipulation—especially around information fields that were likely to have changed to conduct synthetic identity fraud

🚩 A customer refuses to provide supplemental identity documentation or delays producing these documents

🚩 Customer logins occur from a single device or IP address across multiple, seemingly unrelated accounts, often withing a short period of time

🚩 A customer instructs a financial institution to change account communication methods and authentication information, and then quickly attempts to conduct transactions to an account that previously never received payments from the customer

FATF last year released a report on cyber-enabled fraud that included indicators of possible cyber-enabled fraud that included red flags in transaction patterns, customer activity, suspicious customer identity activities, and other red flags that also apply to other money-laundering predicate offenses.

In addition, financial institutions should keep abreast of evolving indicators of cyber activity that may suggest criminal activity by monitoring adverse media reports and use risk-based AML/CFT programs to mitigate these threats. Customer due diligence, transaction monitoring, sanctions and politically exposed persons (PEP) screening can help detect and deter money laundering, whether in the cyber realm or in the physical world.

Recommended Blogs

Side Quest

November 19, 2024

“Side quests” are initiatives that align staff motivations, interests, and experience with discretionary projects. They provide solutions to enhance staff engagement, performance, and retention, and are particularly valuable where resource constraints may slow promotions or pay increases, or where compliance tasks involve repetitive work.

Calibrating the Crosshairs

November 13, 2024

This article outlines a practical six-step process financial institutions can follow to implement export control red flags within their compliance program. They are referenced as a key requirement in regulatory expectations of financial institutions, which continue to increase in response to recent geopolitical events.

Unverified and Unsure

November 7, 2024

The Commerce Department’s Bureau of Industry and Security maintains and administers several lists that involve goods, software, and technology, governed by the Export Administration Regulations. The Unverified List is just one of these. What is the Unverified List and what due diligence obligations do entities that transact with parties on the Unverified List have?

Big Fines, Bigger Lessons

October 30, 2024

TD Bank’s $3 billion fine highlights a growing trend: regulators are cracking down hard on weak AML programs. Discover why fines are skyrocketing and how strong AML training can help safeguard your institution.

A PEP Talk

October 24, 2024

Politically exposed persons are individuals who, due to their positions of power, influence, or proximity to government, are susceptible to becoming involved in corruption, bribery, or other financial crimes. And because moving and hiding misappropriated assets often involves money laundering, financial institutions across the globe are tasked with the challenge of identifying and managing these risks.

A $3 Billion Mistake

October 22, 2024

TD Bank was recently slammed with a record $3 billion fine for failing to comply with AML laws. With $18 trillion in unmonitored transactions, the bank became a hotbed for criminal activity. What went wrong, and what can other financial institutions learn from this?

Beneficial Ownership: Who Owns What?

October 17, 2024

U.S. efforts to curb illicit finance are in full swing, as the requirement to reveal the beneficial owners of certain entities registered or operating in the United States came into effect this year. In this article, we explore key requirements, benefits, and deadlines as well as address some of the concerns organizations may have about the new regulation.

New BIS Export Compliance Guidance for Financial Institutions

October 15, 2024

The U.S. Bureau of Industry and Security recently published guidance for financial institutions on complying with strategic trade controls and discussing best practices, red flags, screening, and reporting. The latest guidance provides greater detail on due diligence and risk management to help financial institutions detect and deter emerging and evolving export controls evasion.

From Cash to Clicks – AML Challenges & Typologies for Digital Payments

October 2, 2024

Dive into the dynamic world of digital payments, where convenience meets innovation. Learn the challenges Payment Service Providers are navigating with smarter, technology-driven Anti-Money Laundering practices to ensure secure and efficient transactions.