Jersey’s Financial Intelligence Unit and cybersecurity

by Jonathan Groom, Director of the Financial Intelligence Unit (FIU)

The regulated sector has stringent compliance responsibilities aligned to Anti Money Laundering (AML) and Counter-Terrorist Financing (CTF). These risks are realised through the actions of criminals, organised crime, state threat actors and terrorists. Each of these groups exploit weaknesses and gaps in products, services, and businesses to launder their illicit gains. They also deliver their illicit activity through the exploitation of cyber-related risks and vulnerabilities.

Criminals have traditionally focused on specialist areas that they seek to exploit. However, more recently, we’ve seen a surge in polycriminality. This confidence to exploit numerous avenues to obtain and launder money means that cyber crime, ransomware, business email compromise and other such threats are equally relevant to the FIU as money laundering, kleptocracy, tax evasion or similar.

If cyber security is about preventing a range of IT threats, many of those will be monetarily-related. As more financial activity occurs digitally, the lines between cyber attacks, fraud, and money laundering become blurred. In addition, attack vectors across one threat are likely further exploited for other purposes across the cyber, fraud, and money laundering trio. Currently, cyber-enabled attacks are increasing in sophistication at the same time that financial institutions are changing.

Our lives are becoming increasingly cyber-enabled, and finance is at the forefront of this. This makes us all vulnerable, hence the growing use of two-step verification methods and password security messages. For the FIU, employing a holistic risk picture is more necessary than ever, and identifying and collaborating with other relevant stakeholders is critical.