One key to fighting money laundering is understanding its process and the vulnerabilities in each stage of it. In the first stage, the Placement stage, money launderers deposit their criminal revenues in financial institutions.
In that stage, detection teams proficient in Know Your Customer (KYC)/Customer Due Diligence (CDD) practices for combatting money laundering do extensive investigations to detect efforts to place illicit funds in their financial institution. Unfortunately, many placements still succeed.
That moves the battle that KYC/CDD teams fight to the second money laundering stage, Layering. Layering involves building a complex web of money transfers to obscure the funds’ criminal source.
As they do in the Placement stage, KYC/CDD teams target the vulnerabilities in the Layering stage in the hope of frustrating money laundering efforts. So, we look at Layering to see the variety of techniques money launderers use to try to “legitimize” their illicit funds, the vulnerabilities in those techniques and how KYC/CDD teams seek to exploit them.
The goal of layering
At this stage, money launderers’ funds sit in accounts in various financial institutions, successfully placed. As long as those funds remain where they were deposited, though, they are at risk. Although they were placed successfully, money launderers have far more money to place on an ongoing basis.
If funds sit in an account and that account is later detected, those funds can be seized. So, money launderers want to keep funds moving until they have passed through so many hands that investigators will be unable to connect them to the criminal acts that generated them. In doing so, money launderers attempt not only to confuse any investigators who try to follow the paper trail, but actually to create a paper trail that makes those funds appear legitimate.
Money launderers: moving the funds
Money launderers’ first step in layering is to confuse the trail. To do this, they again divide the funds in their accounts. This sends various fragments of original deposits to multiple accounts in other banks and prevents investigators from tracking illicit funds by following a certain dollar amount.
Money launderers may transfer parts of the original deposit to banks in offshore accounts, in countries where banking laws offer account holders anonymity. Moving funds there makes it hard for investigators to follow the trail, because those financial institutions refuse to provide investigators with the information they need.
The money launderers may transfer other parts to banks in countries that are lax in following detection practices, or whose officers are actively complicit in money laundering. This, too, makes it hard for investigators to follow the trail. Other parts may be transferred from bank to bank in varying amounts to give an impression of legitimate money movement.
KYC/CDD: monitoring and risk assessment
KYC/CDD teams don’t sit idly by as this happens, and their investigations on account applications don’t end when an applicant is approved. As part of the process of investigating applicants, KYC/CDD teams develop a profile of each customer, based on known income sources and activity.
Each profile suggests the type of banking activities the institution can expect this customer to transact, based on the activities of other customers of a similar profile. This provides a basis for monitoring customer activity. Activity that falls outside expectations (e.g., larger than usual deposits, transactions with institutions not normally patronized by individuals of that profile type) trigger an investigation and possible reporting to authorities.
In addition, KYC/CDD teams don’t treat every customer the same. They assign each customer a risk rating. This determines the level of scrutiny teams apply to monitoring various customers. The higher a customer’s risk rating, the closer scrutiny teams will pay as they monitor for anomalies that may point to money laundering involvement.
This risk level may change over time. The more anomalous activities an account owner performs, the higher his or her risk level will rise. For example, frequent transfers to offshore accounts or foreign banks by someone whose application information doesn’t suggest such transaction will face greater scrutiny.
The institutions with which customers interact also affects KYC/CDD risk assessment. Detection teams assess those institutions to determine their reputation for compliance to Anti Money Laundering (AML) practices. Transacting business with banks that are lax will earn that customer greater scrutiny and possible reporting.
Money launderers: moving outside the financial system
The layering process goes on and on, creating an ever more complex paper trail to obscure the illicit source of the original funds. Although KYC/CDD teams’ monitoring and risk assessment continues to flag questionable transactions, the deeper the layering and the farther from the original crime, the more natural transactions appear, making detection harder.
This is especially true when funds move outside traditional financial networks, into alternate exchange systems, such as the Middle Eastern hawala, Indian hundi, Chinese fei chi’en or South American Black Market Peso Exchange. These systems rely on brokers who arrange transfers from one person or location to another without any cash physically changing hands or any records being generated.
Another way that money launderers move cash is by physically smuggling it across borders to break the paper trail that financial networks generate. They may also buy and sell luxury goods, such as diamonds or artwork, to further confuse the trail. At any rate, money launderers employ a dizzying array of techniques to accomplish their goals.
Money launderers: legitimizing the funds
Ultimately, the goal of the layering stage is to give money launderers’ funds the appearance of having been obtained legitimately. This, too, is done largely outside the financial system and outside the scope of KYC/CDD teams. It passes into the hands of law enforcement authorities tasked with fighting racketeering.
Money launderers may leverage businesses to serve as conduits for legitimizing illicit funds. For such companies, legitimate work becomes secondary to their ability to receive illicit funds and create invoices that describe those funds as payments for goods or services.
Or money launderers may mix their money with that of cash-intensive businesses they control. Casinos, bars, restaurants and check-cashing operations are ideal for this, as they receive large flows of cash. Money launderers can easily add illicit cash to the mix and hide it in these business’ accounts, hoping investigators will not compare account totals to financial statements. Or they can doctor financial statements, disguising illicit funds as part of legitimate revenues.
The whole stage of layering, when complete, enables perpetrators of crimes to receive their money back in the final stage of money laundering: Integration, in which the funds are available to use freely, with a paper trail that makes them appear to have been obtained legitimately.
The cat-and-mouse game between money launderers on one side and KYC/CDD teams and law enforcement agencies on the other is a continuous process throughout the layering stage. Each side tries new approaches to get a step up on the other, with wins and losses achieved on each side.
The wins that KYC/CDD teams earn, however, come only through clear understanding of the money laundering process and the vulnerabilities inherent in its stages. By ongoing vigilance and steady growth in solid AML practices, financial institutions can slow the flow of money laundering through their doors and enjoy greater stability.
For over 30 years, Marin Ivezic has been protecting people, critical infrastructure, enterprises, and the environment against cyber-caused physical damage. He brings together cybersecurity, cyber-physical systems security, operational resilience, and safety approaches to comprehensively address such cyber-kinetic risk.
Marin leads Industrial and IoT Security and 5G Security at PwC. Previously he held multiple interim CISO and technology leadership roles in Global 2000 companies. He advised over a dozen countries on national-level cybersecurity strategies.