Prevention of Financial Crime in Digital
Space: Role of Financial Institutions
MD IKRAMUL HASAN
Joint Director
Bangladesh Financial Intelligence Unit
1. Theoretical concept
A. Financial crime refers to illegal acts committed by an individual or a group of individuals to obtain a
financial or professional advantage. The principal motive in such crimes is economic gain (Europol).
Financial crimes can be different types, such as:









Fraud
Forgery
Counterfeiting
Identity theft
Loan or Credit Fraud
Breach of Trust
Cheque Fraud
Credit card & ATM Fraud
Extortion/Kidnapping









Ransomware
Corruption and Bribery
Embezzlement of public fund
Embezzlement of Cooperative Fraud
Abuse of NGO/NPO fund
Money laundering
Transaction laundering
Trade based money laundering
Evasion of tax, customs duty or VAT
B. Cybercrime is perpetrated using of ICT to either target networks, systems, data, websites and/or
technology or facilitate a crime (Goodman & Brenner, 2002). Cybercrime can generally be divided into two
categories:


crimes that targets networks or devices, e.g. virus, malware, DoS attacks
crimes that uses networks or devices to commit other criminal activities, e.g. cyber-stalking,
phishing email, identity theft
The major categories of cyber crime include:












Denial-of-service attack: make an online service unavailable and take the network down
Botnets: networks of compromised computers that are controlled externally by remote hackers
Social Engineering: make direct contact usually as a customer service agent to gain your
confidence and
Identity Theft: gain access to a user’s persona/confidential info
Phishing: send malicious email attachments or URLs to gain access to accounts or computer
Cyber-stalking: harass or intimidate a user and instill fear
Prohibited/Illegal Content: share and distribute highly distressing and offensive content
Online Scams: ads or spam emails that promises of rewards or offers of unrealistic amounts of
money
Exploit Kits: inject bug in the code of a software to gain control of a user’s computer
Cyber-extortion: an attack or threat of an attack for money
Cyber-espionage: hacks into systems or networks to gain access to confidential information
Malicious software: viruses, worms, malware, ransomware, spyware
Prevention of Financial Crime in Digital Space | Md. Ikramul Hasan, JD, BFIU
1
From the victim point of view, cybercrimes can be four types: Individual, Government, Organization and
Property
C. Financial Cybercrime is a combination of financial crime, hacking, and social engineering committed
over cyberspace for the sole purpose of illegal economic gain (Nicholls et al., 2016). it affects a person or
an organization or a nation's financial health.
The recent typologies of financial cybercrime:



Cyber heist by abusing SWIFT system
Cyber Heist by abusing ATM, and
Cyber heist by abusing credit and debit cards
D. Cyber-laundering is the use of the internet to launder proceeds of crime or fund terrorist acts (APG).
According to the APG Typology Report 2018, six most prevalent methods of Cyber-laundering in the AsiaPacific region are:



Use of social media
Identity theft
Online gambling



Int’l Wire Transfer Fraud (Money Mules)
Business email compromise
Online Lottery Scam
2. Extent & Vulnerability of Cybercrime
The statistics published by different sources shows the alarming extent & risk of cybercrime in the financial
sector.






One cyber attack happens in every 14 seconds
It takes 3 months on average to identify a cyber attack
70% of all cybercrime is committed in the financial sector
62% of the countries have no cyber security strategy in place
$2 trillion potential damage from cyber attacks in the financial sector
The average annual cost of cybercrime is the highest in the banking industry – $18.3 million.
The financial institutions face two types of vulnerabilities of cybercrime:

Technology vulnerabilities: Technology, hardware and software have flaws – financial institutions
cannot always respond to fix these flaws as quickly as they should due to cost and resource
constraints. Good governance processes is needed to mitigate this risks.

Fleshware vulnerabilities: Attackers have found it is much easier to hack the humans (staff and
clients). They exploit emotions, lack of knowledge, greed etc. ( Social Engineering) and use
technology to trick humans (Phishing emails, malware, ATM card skimming, etc.). Improving
security awareness is the key to making the situation better.
Prevention of Financial Crime in Digital Space | Md. Ikramul Hasan, JD, BFIU
2
A study of BIBM published in June 2022 shows that banks in Bangladesh face 145-630 cyber attacks
daily and 49% of these attacks come from three sources – China, North Korea and Russia; Cybersecurity risk is high in 52% banks.
3. Legal Instruments to Combat Cybercrime
A. International Instruments
— Budapest Convention on Cybercrime, 2001 (EU)
— Int’l Convention on Countering the Use of ICT for Criminal Purposes (under formulation by
United Nations; it can be adopted by the UN in 2024 )
B. Domestic Acts & Rules
— Digital Security Act, 2018
— ICT Act 2006 (Amd. 2009 & 2013)
— Penal Code 1860
— MLPA 2012
— MLAA 2013
C. Domestic Policy/Guidelines
— National ICT Policy 2018
— Cyber Security Strategy
— BNDA Directives
— Guideline on ICT Security for Banks and NBFIs 2015
— Govt. Email Policy 2018
— Information Security Policy Guideline
— Govt. Information Security Manual (GoISM)
D. BFIU Circular 26/2020
Prevention of Financial Crime in Digital Space | Md. Ikramul Hasan, JD, BFIU
3
4. Preventive measures to combat Cybercrime
A. Individual Level:
— Be smart with password
— Keep software updated
— Keep some information private
— Keep up to date on major security breaches
— Strengthen home network and use VPN or security software
— Encrypt and back up most important data
— Enable multifactor authentication
— Be vigilant when browsing websites and entering credentials
— Be careful using public wi-fi
— Deal smartly with phishing mail
— Keep an eye on the kids
— Know what to do if you become a victim
B. Institutional Level:
— Follow industry best practices and guidelines
— Develop, implement and enforce security policies
— Ensure a up-to-date IT infrastructure
— Ensure robust security measures
— Regularly assess and test systems
— Educate employees and require compliance
— Expand views of cyber risk to include real-world implications
— Multi-factor and risk-based authentication
C. National Level:
— Legislate laws and policy
— Ensure coordination and collaboration between agencies
— Capacity building
— Promote international cooperation
5. Role of financial institutions to combat financial cybercrime & cyber-laundering
—
—
—
—
—
Risk Assessment
Customer due diligence
Know Your Employee
Transaction Monitoring
Monitoring new/dormant accounts
—
—
—
—
—
Prevention of Financial Crime in Digital Space | Md. Ikramul Hasan, JD, BFIU
Examine attempted/failed transaction
Sanctions screening
Adverse media screening
Use of Red Flags
Immediate Reporting
4