Europol recently published a report into economic crime in Europe, detailing how organised criminal gangs (OCGs) are abusing the financial services ecosystem and its recent innovations. Agreeing with the recent Moneyval report, this Europol report also highlights that asset seizures are too low, at under 2% of proceeds of crime.

What are the key points from the Europol Report? 

That there is evidence of significant abuse of emerging fintech and crypto technology and payments innovation. Virtual IBANs, buy now pay later (BNPL) and Defi (decentralized Finance) being singled out. In the case of BNPL it calls out weak application fraud and KYC checks allowing fraudsters to abuse this newer form of credit, to help fund their enterprises. As a result, welcome bonus’s or other offers to entice new customers are in many instances going straight into the hands of criminals. 

In many cases the implementation of controls is lagging behind the product innovation; fail fast and break things is not so good in regulated financial services. 

With Fintech and DeFi, as we see elsewhere in more mainstream financial services, it is mules that are key. Whether using banks accounts, e-money, virtual accounts or crypto, mules are a big problem, helping facilitate fraud and money laundering. 

The demand for mules is so high that many more people of all ages are drawn in, becoming mules more and more. Part of this is having accounts that are connected to instant payments.  

Whilst the EU does have instant payments, they are not yet ubiquitous, yet with the new regulations forcing PSPs to offer instant SEPA, this will massively increase the availability. Switzerland will join with its real time payments service in 2024. As we’ve seen across the globe faster payments, means faster fraud. 

What needs to be done to counter this trend? 

To counter the level of abuse needs activity access a number of fronts and we are seeing lots of additional legal and regulatory changes that should help. 

The EU’s new PSR and PSD3 will bring much alignment between traditional bank accounts and e-money as the licencing is brought under PSD3. Defi is seeing increasing regulations to bring the AML element into line with Fiat with laws such as MicA.  

The UKs Economic Crime and Transparency Bill going through Parliament, and we have to ask if the EU’s proposed Fraud data sharing within its PSR bill goes far enough. While the UK is providing regulated entities, including VASPs, legal cover when sharing details of financial crime, the EU is allowing confirmed fraudulent IBANs only. 

But it’s not just on the governmental side, all players need to do more: 

• Greater controls need to be added, by Fintechs and Crypto firms, and traditional financial services, to prevent onboarding mules and other fraudulent accounts. 
• Increased detection on inbound payments, to stop onward transmission of proceeds of crime 
• LEAs and regulators need to share their data with regulated entities as well as utilise what they receive to disrupt OCGs. 

How can Fintechs and VASPs help achieve this? 

All of this can be facilitated by increased data sharing, throughout the customer lifecycle to reduce the impact of mules. 

• Save firms acquisition, onboarding and maintenance costs 

• Reduce potential liability 
• Help prevent and detect customers from being victims of fraud 
• For corporates, add services as a value add over the competition 

Increased data sharing across the ecosystem helps everyone as: 

• Increases prevention and detection 
• Increases the ability to track networks 
• Improved intelligence  

All of this can help lead to increase asset seizures form the sub 2% level today, taking funds out of the criminals hands. 

 About CYBERA    

At CYBERA we’re on a mission to stop money laundering and help protect customers from scams and other financial cybercrime. We close gaps that allow cyber criminals to thrive by sharing crime data in real-time with financial institutions, fintech, and crypto exchanges, and coordinating a global response to support customers who have become victims of financial cybercrime.    

CYBERA WATCHLIST™ helps support firms to reduce fraud and money laundering and meet regulatory requirements as part of a holistic fraud and financial crime strategy.    

Financial Institutions (FIs) can check against the CYBERA WATCHLIST™ for confirmed mule accounts when processing payments. For outbound & inbound payments, where there is a match on either IBAN (Account Number & Sort code) or on Name the transaction can be flagged as high risk.    

At account opening and ongoing CDD, email, phone and name can be used to match to CYBERCRIME WATCHLIST™ to reduce opening new mule accounts.    

CYBERA VSR™ further supports by providing users with alerts of any of their accounts reported as mules directly in their dashboard.    

Unlike other data sources, CYBERA is a global solution, so is well placed to support the increasing levels of cross-border real-time payments.