Money Laundering in Cyberspace
Author: George Farrugiaα
“The scope and nature of a money laundering operation is limited only by the
1
creativity of those involved.” (RAND Report)
1.0
General Overview
While going through a long list of jurisdictions or countries analysing their level of antimoney laundering law enactment, enforcement and compliance it is very common for
someone to come across the term “cyberspace.” One would appreciate that there is no
such place and there are no laws enacted by a cyberspace government. So where is and
what is cyberspace?
Cyberspace is defined as the indefinite place between two telephones where a
conversation appears to takes place. The word “cyberspace” was coined by the science
fiction author William Gibson2 when he sought a name to describe his vision of a global
computer network, linking all people, machines and sources of information in the world,
and through which one could move or “navigate” as through a virtual space.
Therefore, since cyberspace is everywhere and nowhere, this situation has led to a lack of
regulated activity and operations. It has been expected that by the end of 2002 electronic
commerce would grow to exceed $400 billion worldwide whilst during 2000 Internet
share trading has doubled in volume every two weeks.3 However, the Internet does not
include all types of cyberspace financial dealings, or what are described as
α
Mr. George Farrugia is an Analyst with the Financial Intelligence Analysis Unit, Malta. He holds a Masters
degree in Business Administration and has over 20 years of financial services experience.
The views expressed in this paper do not necessarily reflect those of the Malta FIAU or the Maltese legislation.
1
cyberpayments. Actually, cyberpayments are payments and transfers of monetary value
conducted either over the Internet and/or through the use of so-called “smart-cards.”4
As one would immediately appreciate, cyberpayments seem to provide speed, anonymity
and relatively secure means of transfer of funds: the ideal tools for the money-launderer.
These three highly sought qualities by money launderers make cyberspace a very
attractive “jurisdiction” where to launder their illicitly gained money – be it from drug
trafficking, arms dealing or tax evasion.5 No wonder why organized crime is flocking to
use this new technology.
There is no doubt that the traditional “bricks and mortar” bank will always be available
notwithstanding the initial hype of internet banking that it would eventually take over the
bulk of banking activities. When comparing “internet-only” banks with new branch
banks DeYoung6 showed that the internet-only banks have been substantially less
profitable. However, as the availability of computers and Internet access continues to
increase worldwide and technology easily available to more and more people, the money
launderer will continue to benefit from the ingenuity of this fabulous technology to the
detriment of the victims of crime and genuine citizens of jurisdictions where economic
effects of money laundering hit negatively.
As the new technology has made competition even fiercer and to a certain extent more
evenly spread between smaller banks and large established names, the challenges of
compliance are tougher. Other than the additional banking wise challenges to bank
regulators and supervisors that the development of cyber finance has brought about,
banks which do not perform up to their expectations or which rely to a large extent on
their electronic products or services may be much easily tempted to move into riskier
business to maintain returns.7 Therefore, it follows that the higher the level of
competition the higher would be the level of risk-taking and more likely under
performers are to accept questionable business or notorious clients.
The reliance of the money launderers on electronic systems may be viewed from a second
perspective which is beneficial, this time, to the authorities. When using financial
George Farrugia
2
intermediaries the electronic movements of funds create an audit trial all the way.
Although at times this might prove quite a challenge to obtain and follow, providing
analysts and investigators with the much requested information is essential to build up a
whole case without gaps in the audit trail. However, obtaining and exchanging
information between jurisdictions at times may not be as easy as one would like to.
Whilst the funds might go round the globe and go through a number of jurisdictions in a
few seconds the audit trail analyst may take months to trace one such transaction. As the
adage has it a payment that took two seconds to go around the globe through several
jurisdictions took two years to trace its full trail. Then there is the question of cooperation between the jurisdictions involved. By the time all information is gathered the
money launderer would have packed up and changed the jurisdiction from where to
conduct the operations.
The seasoned money launderer or better still, the hired expert to launder money for the
criminal, can thus easily establish his or her own bank for a few thousand dollars in one
of the many jurisdictions available in some exotic island without the need to ever set foot
on that island thanks to technology and the globalisation it brought about. Once the bank
is established a number of international business companies (IBCs) can be set up in that
same jurisdiction or even better in other remote jurisdictions where not much questions
are asked and companies are bought “off the shelf.” These are all available on the
Internet and payments for which can also be effected through cyberspace. Once the
network is set up the funds may start to flow originating from some form of illegal
activity in one country, being siphoned through a network of trust companies, IBCs and a
multitude of transactions that when summed up together do not make any business or
economic sense. However, the end result is to the satisfaction of the beneficial owner,
that is, the money launderer. The origin of funds is lost; identification remains unknown,
and the benefits of crime can reach their final destination to be enjoyed. All this is
available through the Internet, assisted by technology through cyberspace and
cyberpayments and, last but not least, if not the prime culprit, greed of lousy jurisdictions.
George Farrugia
3
2.
Cyberpayment Models
Electronic cash can often be unconditionally untraceable. The “blinding” effect carried
out by the transmitter’s own device makes it impossible for anyone to link payment to
payer.8 On the other hand, users can prove that they did or did not make a particular
payment, without revealing anything more.9
The RAND Report10 classified four typical models of cyberpayment systems which are
still evolving. These are:
1. When the issuer and the seller of goods are one and the same (merchant user).
2. When the issuer and the merchant are different and transactions are cleared
through the financial system (the bank is the issuer).
3. When issuers sell electronic cash to users for use at participating merchants.
Issuer reduces the electronic cash from merchants (non-bank issuer).
4. Electronic cash is transferable between users (e.g. Mondex).
As their name indicates, cyberpayments have the ability to remove one of the money
launderer’s headaches – the physical movement of cash, whilst globalisation makes it
easier to overpass rules and conceal the movement of funds – a combination of
technology and market deregulation. Whilst launderers across the world seem to have
already adapted to cope with globalisation by co-operating and assisting each other across
national boarders one cannot say that the same level of co-operation exists between
national regulators, law enforcement agencies and financial intelligence units (FIUs).
The money launderers know about this position and they are at loose as long as this
situation persists.
However, internationally, cyberpayment systems received quite some attention especially
from the Financial Action Task Force (FATF) and the G-10’s Working Party on
Electronic Money. Recommendation number 13 of FATF’s 40 Recommendations11
added in June 1996 recommends that: “Countries should pay special attention to money
laundering threats inherent in new or developing technologies that may favour
George Farrugia
4
anonymity, and take measures, if needed, to prevent their use in money laundering
schemes.”
As cyberpayments are a product of the latest technology and deregulation, new features
have developed which were previously unimaginable. Yet, law enforcement has to come
to terms with the new situation and consider them thoroughly.
Disintermediation
An emerging characteristic of cyberpayments is called disintermediation. Whist debit,
credit and charge cards involve an intermediary financial institution or card issuer;
cyberpayments do not involve the regulated third party. Whilst lowering transaction
costs these payments create new challenges for law enforcement and regulators. The
globalisation of these systems and the transfer speed and anonymity that impedes
governmental security brought cyberpayments immediately to the attention of
international institutions overseeing the danger of money laundering, like the FATF. Yet,
regulators are still undecided whether to control the transfer amounts and, or, when and
what to legislate.
Bank and non-bank issuer
Bank and non-bank organizations are subject to different regulations with regards to
cyberpayment operations. Although this could have been easily dealt initially when such
operations started new systems are continuously being introduced making it impractical
to use a single set of rules for all issuers. This issue is dealt in more detail when the
regulators’ role is discussed.
Peer-to-peer transfers of value
Some cyberpayment systems allow users to transfer value between themselves, thus
being disintermediated. This type of transfer is undetectable and could not be revealed
unless through either intelligence or a physical transaction that has triggered an
investigation.
George Farrugia
5
Transaction Anonymity
Payer anonymity in certain proposed cyberpayment products is key. This would
undoubtedly mean an insurmountable obstacle for law enforcement and an impossible-torefuse offer to the money launderer. Individual privacy here comes into play and the law
enforcement has to balance between what information should be made available and
personal privacy.
Privacy advocates and consumer protection groups believe that cyberpayments should be
as anonymous as cash transactions. On the other hand law enforcers contend that cash is
not as anonymous as many of these cyberpayments systems are. Cash is bulky and
requires to some extent a face-to-face transaction. One million US dollars in $20 bills
would weigh around 50 kilogrammes but it virtually weighs nothing in electronic format.
Although locally the privacy advocates do not seem to have the political clout they have
in certain countries around the world, and the enforcement lobby is stronger, it is
important for the latter to keep vigilant and to educate and emphasize the fact that privacy
and anonymity are not the same. Privacy protects consumers while anonymity protects
the money launderers.
This undoubtedly leads to the question of what should be done. Other than understanding
the systems already in use or being proposed, the law enforcement and regulatory bodies
need to work closely with financial institutions and unregulated financial services
providers, in identifying, addressing, and possibly resolving issues of mutual concern. At
the same time international co-operation between law enforcers, regulatory bodies and
industry operators has to be enhanced to tackle the phenomenon of transnationality to
assist in the development of mutually acceptable systems to keep the money launderers at
bay.
Denomination limits and Expiry dates
Cyberpayment product issuers are likely to limit the maximum stored value on cards and
transaction limits on their cards while value could be programmed to expire after a
George Farrugia
6
number of transfers. In this case money launderers are expected to exploit the limits, use
more than one card through different issuers and use multiple names.
Whilst more methods of adding or transferring value are expected to continue to evolve it
is also expected that the more electronic payments emulate currency the greater the
likelihood would be that transaction records would be limited unless they are requested
by law.
3.
Cyberpayments scenarios and methods of payments
There are mainly three cyberspace payment scenarios:
i. Business-to-business: Most payments still effected though traditional banking
systems or by debiting or crediting respective accounts they have with each other.
ii. Business-to-consumer: Purchased items may be either tangible, which have to be
physically delivered to a consumer, or digital goods, in most cases deliverable
online either through downloading or by allowing access to an exclusive database.
iii. Customer-to-customer: In this case payments would take place through smart cards
without funds going through financial institutions (digital cash).
The methods of payments used vary from the regulated traditional “bricks and mortar”
banks to the non-traditional financial service providers and “internet-only” banks. The
various methods used are listed below.
Wire Transfers
In 1860Western Union started using the telegraph to make transfers of money and in
1918 the Federal Reserve started using wire transfers. Then along the years the banks
became more and more dependent on this type of transfers until nowadays where one
finds a mix of the so-called wire transfers and other electronic transmission of funds. All
wire transfers, be they by telex, SWIFT or any other electronic method, have tracking
George Farrugia
7
methods which make them somewhat unfriendly to the money launderer. However,
when international transfers pass through or emanate from complacent jurisdictions the
money launderer is still at large and he or she can loose trace in that jurisdiction (if they
had ever set foot there). In this latter case law enforcement agencies cannot follow the
money.
However, recommendation VII, of the eight Special Recommendations on Terrorist
Financing issued by the FATF after the September 11 attacks, has brought this problem
in the limelight. This recommendation was developed with “the objective of preventing
terrorists and other criminals from having unfretted access to wire transfers for moving
their funds and for detecting such misuse when it occurs.12 Should this recommendation
be adopted by all jurisdictions as proposed by the FATF wire transfers anonymity would
come to an end providing all the possibility of traceabilty and audit trail of all transfers
wherever they originate from.
Credit Cards
Laws concerning credit cards are well established and are embedded in banking and
credit institutions regulations. Every transaction is fully traceable.
Smart Cards
These are credit card sized plastic cards with an embedded computer chip wherein
information in the form of currency value is stored and retrieved. One of the main
advantages of smart cards is that value can be transferred from one card to another
without the use of a financial intermediary – disintermediation. No audit trail can be
followed.
Stored value systems
These systems operate on the basis of prepaid electronic tokens obtained from a financial
institution or bank to spend on any merchant’s website.
George Farrugia
8
A noteworthy attempt to develop this kind of system was made by the now defunct Dutch
company DigiCash together with Deutsche Bank in Germany and the Mark Twain Bank
in USA. A system was developed which permits the creation of electronic tokens that
can circulate as anonymous money substitutes in an electronic environment.
Other major vendors of digital cash are: Checkfree, Paypal, and Netscape whose main
customers are common consumers; Cybercash who provide bank and merchant
transactions mainly to banks; and, Open Market Inc., whose distinguishing service is
secure storefront to businesses13.
Wallet and credit card systems
These are systems in which the information on a credit card or more than one is stored
and can be easily released by the buyer. The advantage of these systems is their time
saving effect in filling long order forms when purchasing on the web.
Direct billing
Direct billing are systems, which allow Internet users to purchase on the net, and then are
later billed through the Internet service provider (ISP) or phone bill. Locally this is a
very recent addition in the market which is being introduced.
4.
The Regulators Role
Governments’ financial system regulations function is unlikely to change in scope.
However, the technological progress is testing new grounds in the governments’ role, that
is, consumer protection, promotion of competition, and protection of the financial system
stability. The information revolution has brought about additional challenges to the
financial regulators, namely: security and data privacy, transnationality in the provision
of cyberpayments and the entrance of non-regulated new intermediaries. Whilst privacy,
George Farrugia
9
or the excess of it, that is, anonymity, and transnationality are two important ingredients
which the money launderer looks for, the participation of non-banks in the financial
services markets has become a convenient medium to start the wash cycle of money
laundering. With regards to the transnationality character of cyberpayments the G10
countries’ regulators are discussing guidelines for co-ordinating the supervision and
regulation of internationally active “internet-only” electronic banks. As for the new
entrants in the provision of financial services, unregulated non-traditional financial
service providers, or non-bank payment systems, the regulators are faced with consumer
protection challenges. Whilst regulators are there to promote competition and protect
consumers they also have to protect the financial system and the macro-economy from
the dangers of the systems being used by money launderers. Moreover, regulators have
to find the balance of promoting competition while at the same time roping in the nontraditional financial service providers to a structured way to do business providing a
safety net for themselves to prevent the collapse of an electronic cash issuer, and for the
protection of their clients providing a guarantee of payment of the stored value. This
more flexible approach to regulation seems to demand a supervisory role based on
objectives (stability, transparency and competition) as opposed to the traditional
institutional arrangement based on the type of financial intermediary.
5.
Conclusions
While credit cards seem to be the most wide spread means of payment, many
governments all over the world are, or have already, legislated to cover the operations in
cyberpayments. Notwithstanding this, the competent authorities need to be continuously
aware of the developments of any cyberpayments systems to regulate efficiently to
protect the economic interests of their jurisdiction and its image and credibility in the
combat against money laundering.
George Farrugia
10
Additionally the regulator’s perspective has to change as well. If unregulated nontraditional financial service providers are performing functions similar to a bank then it is
only fair to expect that they should be subject to similar regulations. In this respect law
enforcement is facing a difficult dilemma;14 whereas on the one hand systems are still
developing and can be influenced by regulatory decisions on the other hand these same
decisions require information about the projected systems themselves which are not yet
available. Apart from all this, an overall sense of fair competition has to prevail.
The payment schemes mentioned in the previous section and, or, any others being
developed are attractive to money launderers for a number of reasons. Electronic
transactions can be easily rendered untraceable, are very mobile, instantaneous and
unrestricted transfers, and can become anonymous. Given these issues, and the fact that
these systems go far beyond national borders, it is clearly indicative of the need for
legislative and regulatory vigilance, the development of investigative and enforcement
techniques, and enhanced co-operation through FIUs to detect and prevent money
laundering.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
Roger C. Molander, David A. Mussington, and Peter A.Wilson, “Cyberpayments and Money Laundering – Problems and
Promise,” RAND Report, Critical Technologies Institute, Washington, 1998.
William Gibson, Newuromancer, Ace Books, Ace Edition, New York, 1984.
Peter Lilley, Dirty Dealing, The Untold Truth About Global Money Laundering, Kogan Page, London, 2001, pp.105-120.
Glen Wahlert, “Implications of the Move to a Cashless Society: Law Enforcement,” in Adam Graycar, and Peter Grabosky,
eds., Money Laundering in the 21st Century: Risks and Countermeasures, Seminar, February 1996, Australian Institute of
Criminology, Canberra.
The views expressed in this paper do not necessarily reflect those of the Malta FIAU or the Maltese legislation.
Robert DeYoung, “The Financial Progress of Pure-Play Internet Banks,” Bank for International Settlements, BIS Papers No.7,
1996
Ibid.
Mark R. Bortner, “Cyberlaundering: Anonymous Digital Cash and Money Laundering,” Seminar paper for Law and the
Internet, University of Miami School of Law, Miami, 1996.
A user always has the option to reveal himself when using electronic cash. See also: Daniel C. Lynch, and Leslie Lundquist,
Digital Money: the new area of Internet Commerce, 1996, pp.114.
op. cit., pp.11-12.
FATF 40 Recommendations, at URL: http://www1.oecd.org/fatf/FATDocs_en.htm
FATF Interpretative note to Special Recommendation VII: Wire Transfers.
Checkfree at URL: http://www.checkfree.com/ ; Pay Pal at URL: http://www.paypal.com/ ; Netscape at URL:
http://www.mosaic.mcom.com/ ;Cybercash at URL: http://www.cybercash.com/ ; Open Market Inc., at URL:
http://www.openmarket.com/
Wahlert, Glen, op. cit.
George Farrugia
11
References:
Bortner, Mark R., “Cyberlaunderig: Anonymous Digital Cash and Money Laundering,”
Seminar paper for Law and the Internet, University of Miami School of Law, Miami,
1996.
DeYoung, Robert, “The Financial Progress of Pure-Play Internet Banks,” BIS Papers,
Bank for International Settlements, No.7, 1996.
Economist, “Next, Cyberlaundering,” July 24, 1997.
Financial Action Task Force on Money Laundering (FATF), Forty Recommendations, at
URL: http://www1.oecd.org/fatf/FATDocs_en.htm
Lilley, Peter, Dirty Dealing, The Untold Truth About Global Money Laundering, Kogan
Page, London, 2001.
Lynch, Daniel C., and Lundquist, Leslie, Digital Money: the new area of Internet
Commerce, 1996
McDonell Rick, “Money Laundering Methodologies and International and Regional
Counter-Measures,” paper presented at the conference on Gambling, Technology and
Society: Regulatory Challenges for 21st Century, convened by the Australian Institute of
Criminology in conjunction with the Australian Institute for Gaming Research, Sydney,
May 1998.
Lin, Lihui, Xianjun Geng and Andrew Whinston, “A new perspective to finance and
competition and challenges for financial institutions in the internet era,” BIS Papers,
Bank for International Settlements, No.7, 2001.
Molander, Roger C., David A. Mussington, and Peter A.Wilson, “Cyberpayments and
Money Laundering – Problems and Promise,” RAND Report, Critical Technologies
Institute, Washington, 1998.
Nieto, Maria J., “Reflections on the regulatory approach to e-finance,” BIS Papers, Bank
for International Settlements, No.7, 2001.
Sato, Setsuya and John Hawkins, “Electronic finance: an overview of the issues” BIS
Papers, Bank for International Settlements, No.7, 2001.
Spencer, Peter, “Regulation of the payments market and the prospect for digital money,”
BIS Papers, Bank for International Settlements, No.7, 2001.
Wahlert, Glen, “Implications of the Move to a Cashless Society: Law Enforcement,” in
Graycar, Adam, and Peter Grabosky eds., Money Laundering in the 21st Century: Risks
George Farrugia
12
and Countermeasures, Seminar, Australian Institute of Criminology, Canberra, February
1996.
Tanaka Tatsuo, “Possible Economic Consequences of Digital Cash,” First Monday, 1996
George Farrugia
13