US Treasury highlights illicit finance threats and risks

US National Risk Assessment for 2024 covers money laundering, terrorist financing and proliferation financing, along with key vulnerabilities.

The US Department of the Treasury has published its 2024 National Risk Assessment reports on money laundering, terrorist financing and proliferation financing.

The money-laundering risk assessment in particular will be very helpful to compliance staff and senior decision makers involved in the management of risk at financial services firms and we summarise some salient points here.

This report, drafted in highly accessible language, is highly recommended reading, especially because it highlights some particularly relevant recent enforcement actions to illustrate the changing threat landscape.

The report draws attention to threat actors continuing to adapt to “maximize profit from their criminal activities”. Criminals are moving to exploit online gaming platforms, decentralized finance and virtual asset investment more generally.

In response to the growth of professional money laundering as a threat to the US financial system, the Treasury is planning rules that would extend AML/CFT requirements, including suspicious activity reporting obligations, to financial intermediaries, including investment advisers.

Investment fraud

Investment fraud surged in 2022, growing 127% year on year and representing the highest aggregate reported dollar loss to victims. The increase can be partially attributed to the “growth in the number of retail traders and price appreciation for securities and virtual assets from 2020 to 2022” and coincides with the growth of investment fraud involving virtual assets, which has “rapidly increased in both the number of victims and losses, risking 183% between 2021 and 2022.” The amount of money lost per victim on average has also been steadily increasing since 2018.

Fraud schemes are becoming more elaborate and sophisticated and increasingly involve social media. Social media influencers with their large audiences are being exploited by fraudsters. The report highlights the SEC case against Justin Sun and eight celebrities as an example because it involved: “the unregistered offer and sale of crypto asset securities, the fraudulent manipulation of the secondary market, and the orchestration of a scheme to pay celebrities to tout crypt asset securities without disclosing their compensation.”

Ponzi schemes and virtual asset investment schemes are the most commonly seen generating significant losses to victims. A younger than usual demographic (median age between 30 and 49) is being targeted by the latter with pig butchering schemes in particular proving effective. Pig butchering scams are both widespread and effective, often being run by sophisticated criminal networks who launder funds by chain hopping utilising unhosted wallet addresses. Smaller financial institutions that offer services through accounts at larger virtual asset providers are being utilised as laundering pipelines for the shifting of funds out of the United States.

Growth of cheque fraud is being facilitated by the rapid increase in the theft of mail in the US – up 139% in the last four years.

Despite the fact that the use of checks has been declining, check fraud is also on the increase, with suspicious activity reports relating to it increasing  by 94% between 2021 and 2022. Growth of this type of fraud is being facilitated, in part, by the rapid increase in the theft of mail in the United States (139% increase in the last four years). The report indicates that checks of PII stolen from mail can be sold on “darknet marketplaces or on encrypted social media platforms such as Telegram”. Check fraud actors will pay mules for access to their accounts preferring “established bank accounts with demonstrated banking activity” because these have fewer checking restrictions placed on them.

Ransomware has rebounded in 2023 after decreasing in 2022 with attackers increasing the “potency of their attacks” and exerting “greater pressure on victims to pay.” This increase in attacks is consistent with the global patterns being observed. Attackers are sharing resources and partnering with other cybercriminals with “ransomware-as-a-service” being employed by some groups.

Proceeds from the attacks are once again laundered utilizing virtual currencies with the origin of proceeds disguised by using mixers and by chain hopping. Criminal groups using malware “often launder funds using similar methods as ransomware actors.” The attacks often stem from Russia, North Korea and Iran, with Russian groups being particularly active – 75% of ransomware-related incidents between July and December 2021 were linked to Russia.  

The amount of money being made by criminals is such that a professional money laundering class has emerged. The report focuses on professional money mule networks that involve both “herders” who manage fully complicit as well as unwitting “mules” with international students “particularly vulnerable to being recruited” and targeted “using social media, including messaging apps such as WeChat.”

China a key actor

Chinese money laundering organizations and networks are “now one of the key actors laundering money professionally in the United States and around the globe” and are the most significant laundering threat facing the US financial system. This is not only because of the scale of their operations, but also because a significant proportion of the laundered funds remain in the US.

Money laundering linked to Russia remains pervasive and can involve professional facilitators such as lawyers, investment advisers, trust and company service providers and other financial proxies and intermediaries. One of the primary objectives of Russian money laundering is the evasion of sanctions in place against both individuals and entities.

The report includes a special focus section on tax crime, which is being “included primarily due to the increase in State and federal payroll tax evasion workers’ compensation insurance fraud” in the construction industry. The same money-laundering methods are being utilized by criminals involved in tax evasion.

Specific money-laundering vulnerabilities identified in the report in addition the usual role played by cash include:

  • money orders;
  • prepaid cards;
  • peer-to-peer payments (P2P).

Some distinctive features of these, but particularly the possibility of facilitating payments that are difficult to trace or connect with specific individuals, make them ideal vehicles for the laundering of funds. The rapid expansion of P2P payments and the ubiquity and large number of the apps utilised to facilitate them has resulted in a dramatic growth in both fraud and money laundering connected with it.

Virtual assets

The most commonly seen issues connected with virtual assets and virtual asset providers are itemized in the report and include:

  • inconsistent compliance (including the lack of a license or lack of an appropriate license to operate);
  • international AML/CFT rule arbitrage;
  • obfuscation tools and methods;
  • mixing;
  • disintermediation;
  • DeFi (DeFi services providers failing to comply with their AML/CFT obligations).

The report itemises the AML/CFT compliance deficiencies noted at banks, money services business, broker-dealers, mutual funds and other professionals. In connection with broker-dealers the report noted that the SEC has emphasized its continuing focus on AML/CFT obligations compliance, but that recent enforcement actions indicate that the “lack of SAR filings, independent testing, or establishment and implementation of an AML program” remain persistent problems.

Online sports gambling has seen explosive growth and presents particular compliance challenges because of the number of active platforms as well as the volume of betting.

Luxury and high-value goods as well as casinos and gaming as a source of risk are covered in the report with online gaming joining the list of usual activities as a potential area of risk. Online sports gambling has seen explosive growth and presents particular compliance challenges because of the number of active platforms as well as the volume of betting taking place.

Some industry reporting suggests that “Americans wager an estimated $64 billion annually on illegal or offshore gaming platforms”, which accounts for approximately 40% of the US sport betting market. If reliable, those are eye-watering figures and explain the Treasury’s concern, but also highlight the difficulties being faced in policing this sector effectively.

Finally, a section of the report covers entities that are not fully subject to AML/CFT requirements, including investment advisers, third-party payment processors, attorneys and accountants. In connection with investment advisers the Treasury points out that oversight is focused on investor protections and that the sector is “not typically examined for AML/CFT compliance.” It highlights the vulnerability of investment advisers to illicit finance threats, particularly for investment advisers who are not dually registered.

The report concludes by saying that while many of the “most significant money-laundering risks have remained consistent in recent years, a range of new factors have emerged that are reshaping the risk landscape in the United States”. In particular the report draws attention to the fact that threat actors are both better equipped and better organised – whether this is money laundering groups in China or South-East Asia or gangs and drug cartels in Mexico.

These sophisticated organizations continue to diversify their operations and activities, taking advantage of newly emerging technlogies such as P2P payment systems or online gaming to launder illicit funds. Although not the focus of this summary, the report’s conclusion cites the wide availability of illicit fentanyl as substantive proof of the “reach and scale of the transnational illicit chains” that support the manufacture, transport and distribution of this deadly drug.