Interlinked criminals are driving law enforcement
Posted on Nov 18, 2016

Diversifying threats, interlinked criminal actors drive law enforcement convergence in financial crime detection and prevention

Earlier this month, law enforcement agents from 52 countries launched a coordinated assault on organized crime operations across the European Union, in a week-long series of raids, arrests and seizures coordinated by Europol.

Labeled “Operation Ciconia Alba”, the actions disrupted cybercrime and fraud rings, led to the identification of over 500 human trafficking victims, and interdicted several tons of narcotics. In one regard, the operation was an exemplar of the growing international and cross-agency coordination between law enforcement.

Viewed from another perspective, however, the case vividly illustrates the challenge currently facing law enforcement worldwide. Organized crime rings and serious criminal actors have already adopted a converged approach to their illicit operations, easily moving across borders and transitioning seamlessly between human trafficking, cybercrime, fraud and other activities as opportunity arises.

In one example of the diversified operations of transnational organized crime, police investigating a cyber fraud case involving stolen payment card data as part of Operation Ciconia Alba followed a transactional trail to a Greek travel agency. After further digging, the agency was revealed to be acting as a front for a human trafficking ring, leading to the arrests of several individuals.

The relentlessly entrepreneurial nature of threat actors has led to a faster pace of evolution on the criminal side than the law enforcement response. This suggests a need for law enforcement to adopt the tactics of the adversary and take a convergent approach, treating serious criminal actors and types of criminal activity not in isolation, but as interconnected pieces of a broader threat landscape.

It also suggests a need for a law enforcement focus on the common element that ties diverse criminal groups and typologies together: money.

Cyber threats drive convergence in private, public sectors

Whether it is the proceeds of cybercrime being used to fund a human trafficking operation, tax evasion stemming from a Ponzi scheme, or many other potential examples, funding streams blur boundaries and connect the dots between criminal activity.

In the private sector, this fact has been recognized by some of the more forward-thinking companies since at least the early 2000s, when some financial institutions began efforts to merge financial crime detection and prevention functions like fraud and anti-money laundering (AML), or create fusion centers capable of collating intelligence and suspicious activity alerts from various compliance units.

That trend towards convergence in financial crime risk management has accelerated with the astronomical rise of cybercrime threats in recent years. New and increasingly prevalent attack vectors like account takeover schemes, ransomware and business email compromise have required organizations to not only enhance their cybersecurity and cyber incident response capabilities, but examine how these functions collaborate with existing investigative and compliance units.

In the financial services sector, this has taken the form of deepening collaboration between the AML, fraud, and cybersecurity departments to share information on alerts and aberrant activity, capture technical data on cybercrime incidents that may be useful for reporting to law enforcement, and get reports into the hands of authorities much more promptly than in the past. While certainly not in place at every financial institution, this level of cooperation was explicitly called for in a recent advisory issued by the Financial Crimes Enforcement Network (FinCEN), the US national financial intelligence unit and a key US regulatory agency.

On the law enforcement side, many agencies are also examining connections between cybercrime and more “traditional” illicit activities like money laundering, and finding that money laundering and asset seizure laws can be effective in pursuing cybercriminals - even those that operate across borders.

One recent example of this came from James Barnacle, the head of the US Federal Bureau of Investigation’s (FBI) Money Laundering Unit. In a recent notice issued by the bureau on how it is revamping its investigations into money laundering, Barnacle highlighted the FBI’s online service for individuals and companies to report cybercrime incidents, calling it an increasingly valuable resource for money laundering tips and investigative support.

“One of the tools we use to combat money laundering is the Internet Crime Complaint Center website, or,” said Barnacle. “We encourage victims of fraud to submit a report on the site as soon as possible. It’s a tremendous asset for our team.”

Financial crime increasingly viewed as national security matter

Along with the rise and rise of cyber threats, another factor driving a converged approach to financial crime prevention in both public and private sectors is an increased perception of transnational organized crime and the illicit proceeds it generates as a national security issue.

Government agencies, some regulators and even some military bodies have adopted this viewpoint – the US Army’s “threat finance” operations consider corruption to be a national security risk, under the same umbrella as terrorist financing and trafficking in arms, persons and narcotics. Nor is this perspective limited to the US and other developed countries. Last year, Kenya’s president labeled corruption “a standing threat to our national security” and directly connected bribery to terrorist financing in a speech announcing a host of new anti-graft measures.

One notable example of this trend came in a recent sanctions enforcement action by the US Office of Foreign Assets Control, the agency responsible for implementing and enforcing the US sanctions regime. Last month, OFAC designated PacNet, a large payments processor headquartered in Canada and with affiliates and operations in 15 countries, as a “transnational organized crime (TOC)” group. The designation requires financial institutions operating in the US to freeze assets and block transactions tied to PacNet, effectively severing its access to the financial system.

What is distinctive about the case is the nature of PacNet’s criminal activity. There have only been six previous designations of transnational organized crime operations by OFAC, and all have targeted what might be considered the usual suspects, groups like the Yakuza or the Zetas cartel.

In contrast, PacNet stands accused of being at the center of a global fraud ring. It is alleged to have long been the payment processor of choice for a wide range of direct-mail fraud schemes that targeted elderly individuals all over the world.

“PacNet has a nearly 20-year history of knowingly processing payments relating to these fraudulent solicitation schemes, which result in the loss of millions of dollars to U.S. consumers,” OFAC stated, adding that “PacNet’s processing operations help to obscure the nature and prevent the detection of such fraudulent schemes” by bank AML compliance teams.

Technical capabilities, soft skills needed to enhance law enforcement response

This confluence of trends – the convergence of criminal activity, the merging of cybercrime and “traditional” financial crime, and the increased stakes that come with treating financial crime as a national security risk – necessitate an enhanced response to financial crime investigations by law enforcement.

Many agencies have already taken steps in this direction – by hiring more staff in analyst and forensic accounting roles, building out capabilities to mine data from national financial intelligence units and other sources, or taking measures to improve cooperation between domestic and international counterparts.

Along with technical capacity, law enforcement agencies should also look to the human aspect, and seek tools and resources to improve the situational awareness and competency of their staff. This includes increasing the quality and quantity of training that agents receive on diverse financial crime topics, and seeking venues that allow staff to interact with, and learn from, financial crime professionals in private sector roles.

During my 34 year career in law enforcement which enabled me to spend many years in the proceeds of crime/financial crime arena I realized as early as 1991 that law enforcement training alone was insufficient to enable an individual to fully understand all the requirements and nuances that exist in investigating financial crime.  It was for this reason that I became a certified member of the Association of Certified Fraud Examiners (ACFE), followed by becoming certified member of the Association of Certified Anti-Money Laundering Specialists (ACAMS) and most recently a certified member of the Association of Certified Financial Crime Specialists (ACFCS).

In 2016 I was fortunate to be asked to become the Executive Vice President and Executive Director of the ACFCS, a US company under Barbri; a company that focuses on preparing students for the bar exams throughout the US.  To my knowledge this is the first time a US financed Association has gone to a Canadian to lead their organization which speaks to how Canadian police leaders are perceived.

This was an opportunity for me to be able to chart a course for an organization that could serve a number of professional communities and ensure that training and the certification would be seen as being of tremendous value.  Our goal is to be the leading provider of practical tools and knowledge to help professionals achieve improved results in financial crime detection and prevention.  Through membership, certification, and live and online training we are passionate about delivering resources that enable better performance in financial crime compliance, investigations, regulation and enforcement.

We have embarked on a University/College partnership program recognizing that we need to establish a new generation of financial crime practitioners.  Additionally we are reaching out to the law enforcement community ensuring that our conferences and seminars are seen as meeting current investigative needs.  We are collaborating with the financial, regulatory and government communities with a goal of ensuring we maintain a collaborative approach whilst ensuring multi-disciplinary networking opportunities.

The nature of criminal actors makes it unlikely that law enforcement will ever be able to get out ahead of financial crime threats but I strongly hold the view based on years of financial crime experience that by taking a converged approach, the likelihood increases that law enforcement can close that gap to within striking distance. This does not mean the creation of generalists which is often argued.  It means fraud experts garner experience and a foundational knowledge in other areas of financial crime, AML experts learn about foreign corrupt practices and cybercrime, along with fraud and tax evasion.  We need to focus very much like the major organized crime groups that law enforcement is tasked to investigate.



Garry W.G. Clement, CFE, CAMS, CFCS
Former Chief of Police and RCMP Superintendent
EVP Executive Director ACFCS

Brian Kindle
Director Program Development, ACFCS

Brian Monroe
Director Editorial, ACFCS

Association of Certified Financial Crime Specialists