organizedcrimeenablers

Organized Crime Enablers

Global Agenda Council on Organized Crime

July 2012

World Economic Forum

2012 - All rights reserved.

No part of this publication may be reproduced or transmitted in any form or by any means,including photocopying and recording, or by any information storage and retrieval system.

The opinions expressed here are those of the individual members of the Council and not of the World Economic Forum or any insititutions to which they are affiliated REF 200712

3Global Agenda Council on Organized Crime

3 Acknowledgements

4 Executive Summary

6 Global Agenda Council on Organized Crime 2011/2012 Report: Organized Crime Enablers

6 Enablers Exploiting Illicit/Licit Opportunities

7 What Are the Enablers?

8 1. Enablers of cybercrime

9 1.1. Main features

9 1.2. Achievements

10 1.3. Vulnerabilities

12 1.4. Cases

12 1.5. Good practices

13 1.6. Recommendations

14 2. Enablers of money laundering: Beneficial owners and professionals


15 2.2. Achievements


18 2.4. Cases



20 3. Enablers that exploit international commercial transactions: Free Trade Zones


21 3.2. Achievements


24 3.4. Cases



26 Members of the Global Agenda Council on Organized Crime 2011-2012

Table of Contents Acknowledgements

This report is the result of the continuous work of the Members of the Global Agenda Council on Organized Crime. From September 2011 to March 2012 we worked together and discussed the choice of topics as well as the structure of this report. Many Members commented on the different sections and directly contributed to drafting the report. Interactions with other World Economic Forum Global Agenda Councils have been of particular benefit. We wish to acknowledge the strong support received from the Global Agenda Councils on Internet Security, Anti-Corruption, Illicit Trade and Information & Communication Technologies. Our interactions in Abu Dhabi in 2011 at the Summit on the Global Agenda and in Davos-Klosters at the World Economic Forum Annual Meeting 2012 helped us understand the multiple consequences of the phenomena we are studying and the existing obstacles in implementing effective policies. The issues contained in this report have also been discussed with specialists within international organizations, national governments, private industries and academia. Many of them are dealing with the same issues in their working agendas, and cooperation has been strengthened.

Milan, July 2012

Ernesto U. SavonaChair, Global Agenda Council on Organized Crime

4 Global Agenda Council on Organized Crime

Executive Summary

1 Symantec (2011), Cybercrime Report 2011, http://www.symantec.com/content/en/uk/home_ho-meoffice/html/cybercrimereport. For a more sceptical approach, see Measuring the Cost of Cyber-crime, http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf

Overview

The Global Agenda Council on Organized Crime focused on the enablers of organized crime during the 2011-2012 term. This broad concept includes individuals, mechanisms and situations that play an important role in facilitating organized crime activities whether intentionally or inadvertently increasing its benefits and scale while reducing its risks.

Organized crime exacts a multibillion cost on legitimate business, distorts markets and causes widespread ill-effects on society. Fuelled by the same forces of globalization that have expanded trade, communications and information worldwide, criminal syndicates now have unprecedented reach not only into the lives of ordinary people but into the affairs of multinational companies and governments worldwide. Although law enforcement has long focused on criminal gangs and illicit markets, only recently has it paid greater attention to those factors that enable such activities.

This report focuses on the impact of enablers on three critical areas: cybercrime, money laundering and Free Trade Zones.

In developing this report, the Council on Organized Crime took into account two main criteria:

continuity with its work in 2010-2011 on cybercrime and on money laundering in real estate

input received by Council on Organized Crime Members during virtual meetings and at the Summit on the Global Agenda in Abu Dhabi in October 2011

The Enablers of Cybercrime

Though this figure is disputed, cybercrime cost US$ 388 billion this past year, according to the 2011 Norton Cybercrime Report.1 This includes US$ 114 billion in direct costs (amounts stolen or expended to defend against it) and an estimated US$ 274 billion worth of lost time. In addition to substantial corporate losses and the unquantified emotional as well as economic damage suffered by the victims of Internet scams, new hybrid threats have emerged that target critical infrastructure. The scale of such activities represents a considerable challenge to both the authorities and service providers.

Cybercrime consists of crimes committed using the Internet, affecting not only content on public websites but also information exchanged directly over the Internet, such as peer-to-peer (P2P) content. Examples of cybercrime include the use of a stolen credit card to make purchases on the Internet, using the Internet to sell counterfeit goods and the online distribution of child pornography.

Two general classes of cybercrime exist: high-value, low-volume transactions in which cybercriminals can stage an effective single attack, and high-volume, low-value transactions through which cybercriminals pass almost unnoticed by attacking thousands of accounts for small sums of money.

One assumption is that augmenting cybersecurity should result in a commensurate reduction in cybercrime.2 However, the impact of cybersecurity mechanisms is difficult to measure. More analysis is needed to explain if and how certain types of cybercrime change

in response to cybersecurity measures. This examination would help refine the measures and better understand the enablers of cybercrime.

When identifying cybercrime enablers, Internet features or uses that may themselves constitute crimes (illegal enablers) must be distinguished from the general, inherent features of global information and communications technology use that may lead to certain vulnerabilities and facilitate crime (legal enablers). Illegal enablers include the development and deployment of malicious software or tools capable of creating a botnet or breaking password protection, and the use of false identities to open accounts or to obtain credit or funds in false or invented identities. Legal enablers include e-mail, Internet banking, online medical records and mobile Internet technology. Accordingly, these two types of enablers require different methods of prevention: the former, technological and legal approaches; the latter, raised awareness and enhanced security balanced against an individuals right to privacy and freedom of expression.

The continued evolution of the Internet and related digital technologies demands a coordinated and collaborative response that harnesses the expertise of a wide range of security stakeholders aimed at preventing and countering cybercrime. The following are the main recommendations developed by the Council:

establishing coordinating structures raising awareness and developing instruction and prevention

programmes enhancing cooperation and sharing information strengthening public-private partnership

The Enablers of Money Laundering

Experts on combating money laundering distinguish two main issues as priorities:

identifying the beneficial owners of corporate entities clarifying the role of professionals and intermediaries in money

laundering and terrorist financing schemes

Both beneficial owners and professionals may play the role of enablers of organized crime and corruption. They are today the key doors for facilitating criminal financial transactions and keeping a veil of opacity on criminal assets, making their detection and confiscation more difficult.

Beneficial OwnersCriminals and criminal organizations may make use of complex cross-border schemes of corporate vehicles with a Chinese box structure to conceal their identities and hide illegal proceeds. Law enforcement agencies have been handling an increasing number of cases in which legitimate businesses co-mingle with illegal businesses, and legitimate funds with illicit funds. Reconstructing these schemes and identifying who lies behind them that is, their beneficial owners (BO) is considered to be essential to reveal the full infrastructure of a criminal enterprise and to prevent future criminal activities.

ProfessionalsProfessional service providers have been increasingly identified as being involved (either knowingly or unwittingly) in money laundering schemes. Given their trusted gatekeeper status, professionals can misuse the absence of direct supervision to launder funds or act as intermediaries in helping others to launder. This can occur in a variety of contexts, such as in the securities or real estate markets.

2 Some forms of cybercrime committed by means of a computer (rather than against a computer or data) cannot necessarily be prevented by increased cybersecurity.


Active criminal infiltration of professional roles or subornation of professionals are key routes to criminal success. For example, brokerages or firms of accountants and lawyers can be beneficially owned by criminals, leveraging their professional status. The extent to which this happens in practice is unknown, but it represents a risk that requires management.

Both issues beneficial owners and professional service providers have been subjected to recent increases in regulations. These regulations, however, are not always accompanied by an adequate level of implementation.

A global level playing field may be impossible to achieve, but greater attention at the national and transnational levels must be paid to enhance the harmonization and availability of data on BO and to ensure that professionals and other service providers behave responsibly.

This report puts forth the following recommendations:

Beneficial OwnersRegarding the registration of corporate entities3, it is recommended that:

information registered with official agencies include both legal owners (directors and shareholders) and beneficial owners

the registered information be verified by the registry authority the registered information be updated in a timely manner by

the corporate entity when there are changes the register be accessible to the public against payment online;

payment should be minimal to encourage access

Regarding beneficial owner identification, it is recommended that:

financial institutions and professional service providers be required by law or regulation to identify and verify the identity of a corporate customers beneficial owners when establishing a business relationship with it

financial institutions and professional service providers be required by law or regulation to take reasonable measures to determine who the people are who ultimately own or control the corporate customer

Regarding the international sharing of beneficial owner information, it is recommended that:

law enforcement agencies have direct access to official registries of corporate entities

states allow (by law or regulation) law enforcement entities to share beneficial owner information with their overseas counterparts instantly without need for bilateral or mutual legal agreement

ProfessionalsRegarding professionals, it is recommended that:

the wide disparity in the ways in which professionals of all kinds accountants, lawyers and brokers are licensed, scrutinized and disciplined be reduced

data be systematically collected on the mechanisms by which professionals assist criminals, both in the perpetration of offences and in the laundering of the proceeds from criminal activity

Free Trade Zones as Enablers of Organized Crime: Exploiting International Commercial Transactions

Under Organized Crime Enablers, this report considers the issue of Free Trade Zones (FTZs), as the crime risks associated with them have been neglected until recently.

With respect to banking and financial regulations, Free Trade Zones are comparable to offshore countries. Their structure and regulations make these areas very efficient for legitimate purposes,4 but they are at the same time weaker, less transparent and more vulnerable to organized crime.

More generally, as noted in a report by the Financial Action Task Force (FATF)5 , FTZs are designated areas created within jurisdictions in which incentives are offered to promote trade, support new business formation and encourage foreign direct investment. These incentives involve exemptions from duty and taxes, the simplification of administrative procedures and the duty-free importation of raw materials, machinery or equipment. Created to boost economic opportunities, these incentives often result in reduced financial and trade controls.

There is broad agreement that FTZs stimulate economic growth and play a large role in the globalization of the world economy. Not surprisingly, Free Trade Zones have proliferated significantly in recent years, with an estimated 3,000 FTZs in 135 countries. In what is sometimes termed as a race to the bottom, FTZs generate reduced trade in competitor jurisdictions, which encourages them, in turn, to create FTZs, reducing the overall level of transparency and bureaucracy, while facilitating crime and tax avoidance in those jurisdictions. One result: organized crime groups and counterfeiters use FTZs to move illegal products around the world without detection.

The crucial challenge FTZs pose to todays law enforcement agencies and policy-makers is how to balance security issues while facilitating trade. A number of vulnerabilities have been identified:

relaxed oversight: weak procedures to inspect goods and register legal entities, including inadequate record-keeping and information technology systems

lack of transparency: inadequate money laundering and terrorism finance safeguards

inadequate coordination and cooperation between Zone and Customs authorities

differences among regulations in various regions of the world

All these weaknesses make Free Trade Zones ideal for laundering, counterfeiting and other criminal acts. The following are recommendations to addresses this issue:

building and developing international, regional and national platforms for cooperation

building IT and intelligence capabilities in Free Trade Zones raising public awareness and educating officials about the harm

that FTZ crime causes for trade and business developing and enacting balanced legislation for Free Trade

Zones developing better mechanisms to trace the origin and

destination of goods developing Customs primary cooperation

3 This in addition to the revised Financial Action Task Force (FATF) Recommendations, Financial Action Task Force (FATF) (2012), International Standards on Combatting Money Laundering and the Financing of Terrorism & Proliferation: The FATF Recommendations, http://www.fatf-gafi.org/media/fatf/documents/recommendations/pdfs/FATF%20Recommendations%20approved%20February%202012%20reprint%20March%202012.pdf?.

4 Thomas Farole and Gokhan Akinci (eds) Special Economic Zones: Progress, Emerging Challenges, and Future Directions, The World Bank, Washington DC, 2011. 5 FATF (2010), Money Laundering Vulnerabilities of Free Trade Zones, p. 4, http://www.fatf-gafi.org/dataoecd/45/47/44888058.pdf.


Global Agenda Council on Organized Crime 2011-2012 Report: Organized Crime Enablers

The Global Agenda Council on Organized Crime focused onOrganized Crime Enablers during the 2011-2012 term.

In developing this report, the Council took into account two main criteria:

continuity with its work in 2010-2011 on cybercrime and on money laundering in real estate

input received by Council on Organized Crime Members during virtual meetings and at the Summit on the Global Agenda in Abu Dhabi in October 2011

Enablers Exploiting Illicit/Licit Opportunities

The 2010 United Nations Office on Drugs and Crime (UNODC) assessment of transnational organized crime noted that organized crime today is less the work of a group of individuals involved in a range of illicit activities than it is a group of illicit activities in which some individuals and groups are currently involved. As such, the search to find solutions to problems related to transnational organized crime may initially require an understanding of the scale and nature of illicit flows be they of persons, firearms, drugs, money, counterfeit products, computer data or environmental resources.

Accordingly, a broader conception of the problem of organized crime describes it as a more fluid networked crime that includes such enabling elements of successful crime as the financing of criminal activity, precursor chemicals for drugs (and terrorism), information and communications technology (ICT) and the creation of legal frameworks, legal entities and accounts by professionals (e.g. lawyers and accountants) that facilitate crime and money laundering. These broader frameworks are given the term organized crime enablers.

In particular, illicit markets and flows come and go rapidly as organized crime groups exploit emerging opportunities or suffer setbacks as risks are increased due to focused policing or prevention and security measures. Identifying and even predicting such market shifts, including through concerted cooperation at the international level, can be key in disrupting and combating organized crime as a whole. For this reason, this report focuses on the enablers of organized crime. This broad concept thus includes the individuals, mechanisms and facilities used for primarily legal purposes that are adapted for criminal objectives. They play an important role in facilitating organized crime activities, whether intentionally or inadvertently, increasing its benefits and scale, and predominantly reducing its risks. The shape that organized crime takes varies by market and region worldwide.


What Are the Enablers?Among the enablers, this report focuses onthree specific types:

the enablers of cybercrime

the enablers of money laundering, mechanisms that produce opacity such as the concealed beneficial ownership of assets held in the name of others, and the role of professionals in helping money laundering processes

the enablers that exploit international commercial regulations and instruments: the case of Free Trade Zones


1. Enablers of cybercrime


Cybercrime can be defined as any crime committed using a computer. However, for the purposes of this report, cybercrime is limited to crimes committed using the Internet that include information exchanged directly over the Internet protocol (IP), such as peer-to-peer (P2P) content, as well as content available on public Internet sites. Examples of this type of cybercrime include the use of a stolen credit card number to make purchases on the Internet, using the Internet to sell counterfeit goods and the distribution of child pornography on the Internet. For some of these functions (and for the sale of large quantities of borrowed or stolen identities), those seeking access to illicit markets may have to prove themselves to be of good (criminal) faith.

Non-state sponsored cyberattacks are a type of cybercrime. Cyberattacks often involve the unauthorized access to a computer for purposes of taking or changing information in the attacked computer. Another form of cyberattack is the denial of service attack, which intentionally overloads the attacked computer for the purpose of preventing legitimate users from accessing the attacked computer.

Two general classes of cybercrime exist: high-value, low-volume transactions in which cybercriminals can stage an effective single attack, and high-volume, low-value transactions through which cybercriminals pass almost unnoticed by attacking thousands of accounts for small sums of money.

Although increasing cybersecurity should reduce cybercrime,6 the impact of cybersecurity mechanisms on cybercrime is not known because its measurement is difficult. Greater analysis of cybercrime trends would explain if and how some types of cybercrime change in response to cybersecurity measures. This examination would help refine these measures and better understand the enablers of cybercrime.

Estimates of cybercrime are difficult to validate. According to the 2011 Norton Cybercrime Report,7 cybercrime cost US$ 388 billion globally last year. This includes US$ 114 billion in direct costs (amounts stolen or expended to defend against it) and an estimated US$ 274 billion in lost time. In addition to substantial corporate losses and the unquantified emotional as well as economic damage suffered by the victims of Internet scams, new hybrid threats have emerged that target critical infrastructure. The scale of such activities represents a considerable challenge to both the authorities and service providers.

An increasingly digitalized and hyperconnected world and the constant evolution of the Internet and other communication technologies create vulnerabilities in the market that could be used by criminal groups to commit illicit activities.

The purpose of this report is to identify the features of the Internet and of Internet users that allow cybercrime to occur (the enablers of cybercrime) and to make recommendations for reducing such crime. Its aims are in line with promoting approaches to collective enforcement, further exploiting public-private synergies and seeking to engage all stakeholders, from Internet service providers to end users, to better understand, prevent and counter cybercrime.

Effective trust networks are essential to this response. Working with the World Economic Forum Risk Response Networks initiative on Risk and Responsibility in a Hyperconnected World, the Council on Organized Crime will advance the establishment of a multidisciplinary online platform for knowledge and information exchange on developing threats and innovative disruption and mitigation measures.

1.1. Main features

The Internet is now used in the commission of a range of serious crimes, including drug trafficking, trafficking in human beings for sexual exploitation, illegal immigration, mass marketing fraud, tax fraud, currency counterfeiting and trade in prohibited firearms. The widespread expansion of Internet capacity has also prompted unprecedented growth in the market for intellectual property theft, especially for copyrighted audio-visual material, copyrighted software and child abuse material.

In addition to the use of the Internet for the commission of crimes, increasingly evident in recent years is the emergence of a digital underground economy in which large amounts of stolen data are traded and converted into criminal proceeds. Credit card details and compromised accounts, as well as information such as addresses, phone numbers, full names and dates of birth, are new illicit commodities that may be used, for example, to gain access to bank accounts or credit cards. As such they have a monetary value that is being exploited by criminal groups.

When identifying cybercrime enablers, Internet features or uses that may themselves constitute crimes (illegal enablers) must be distinguished from the general, inherent features of global information and communications technology use that may lead to certain vulnerabilities and facilitate crime (legal enablers).

Illegal enablers include the development and deployment of malicious software or tools capable of creating a botnet or breaking password protection, and the use of false identities to open accounts or to obtain credit or funds in false or invented identities. Legal enablers include e-mail, Internet banking, online medical records and mobile Internet technology. Accordingly, these two types of enablers require different prevention approaches: the former, technological and legal approaches; the latter, raised awareness and enhanced security balanced against an individuals right to privacy and freedom of expression.

The continued evolution of the Internet and related digital technologies demands a coordinated and collaborative response that harnesses the expertise of a wide range of security stakeholders aimed at preventing and countering cybercrime.

1.2. Achievements

It has been widely recognized at the international and regional levels that the Internet is used by organized cybercriminals. Europol, in its recent threat assessment entitled, Internet Facilitated Organized Crime, indicates that:

Internet technology increasingly facilitates a wide range of serious and organized crime activity as a communication, research, logistics, marketing, recruitment, distribution and monetarization tool.

() The dynamism of online illicit markets requires an equally dynamic response which is constantly updated. Active partnership with the private sector especially Internet Service Providers, Internet security organizations and financial services is essential to the success of this, not only for the sharing of intelligence and evidence, but also in the development of technical tools for law enforcement and design-based measures to prevent online criminality. 8

6 Some forms of cybercrime committed by means of a computer (rather than against a computer or data) cannot necessarily be prevented by increased cybersecurity. 7 Symantec (2011), Cybercrime Report 2011. Though see Measuring the Cost of Cybercrime, Anderson, R., Barton, C, Bohme, R. Clayton, R., van Eeten, M., Levi, M., Moore, T. and Savage, S (2012), http://weis2012.econinfosec.org/papers/Anderson_WEIS2012.pdf; and The Economist (30 June 2012), for a more skeptical approach to the costs.

8 EUROPOL (2011), Threat Assessment (Abridged) Internet Facilitated Organized Crime, iOCTA, https://www.europol.europa.eu/sites/default/files/publications/iocta.pdf.


Such remarks are in line with many international instruments and with the Council of Europe Convention on Cybercrime.9 This is the first international treaty that seeks to address the threats posed by computer crime and Internet crimes. As set out in the preamble, its main objective is to pursue, as a matter or priority, a common criminal policy aimed at the protection of society against cybercrime, inter alia, by adopting appropriate legislation and fostering international co-operation.

More specifically this Convention aims to:

harmonize the domestic criminal law provisions in the area of cybercrime

provide and enable the use of effective powers and means of investigation into such offences

set up and improve a swift and efficient system of international cooperation

As such, the Council of Europe Convention on Cybercrime provides a working example for an aspirational solution to the legal problems associated with the international jurisdictional challenges raised by cybercrime.

1.3. Vulnerabilities

As suggested by EUROPOL,10 key enablers of cybercrime include botnets, social engineering, payment card data online and frequent anonymity and opportunities for disguise.

Botnets11 are the tools most crucial to cybercrimes industrialization and profitability. Their dismantling has a clear impact on the capability of cybercriminals to act on a large scale.12

Social engineering plays a central role in current criminal

business models. Raising awareness of the risks and engendering individual and corporate user caution are key to combating cybercrime.13

Social networking has flattened our social structure below elites

and above the digitally excluded, making it more networked. Rather than being hierarchical, the new social model has no centralized control groups. It is simply peer to peer, delivering information and services at a speed, scale and level of visibility never experienced. While this has enhanced the ability to deliver beneficial services, such as education and medical services, to a broader population, it also provides unprecedented access for organized criminals to acquire skills, opportunity and people to assist them in conducting their criminal businesses.

Social networking has also improved opportunities for people to

become engaged in organized crime. In the past, participation in a crime group required introductions and acceptance by the group. This is no longer the case with organized crime groups (OCG) operating in a virtual world. Also, with no organized crime hierarchy in the structures, former roles, such as growers (e.g. opium), distributers, wholesalers, importers/exporters and supply chains, can be reduced to direct Internet contact

between the buyers and the suppliers, thereby reducing costs to organized crime and decreasing interdiction opportunities for law enforcement.

Online forums and social networking sites are essential

introduction and recruitment services for the digital underground economy: they are where crimeware components are advertised, and budding cybercriminals learn their trade by means of tutorials.14

Internet service providers (ISP) and domain name registrars

(DNR) provide legitimate services that also enable cybercrime. Increased cooperation between ISP and DNR and law enforcement officials could identify and reduce the illegitimate uses of these services.

Payment card data is the ideal illicit Internet commodity

because of the ease with which it is internationally transferred. Organized crime groups benefit from globalization, moving to different countries and even different continents to withdraw cash from skimmed cards, and using foreign payment data to purchase services such as transport and accommodation online, thereby obscuring the money trail attached to this type of criminality.15

The perceived anonymity afforded by communication

technologies such as e-mail, instant messaging and Internet telephony (VoIP) has led to them being used increasingly by organized crime groups as a countermeasure to law enforcement detection and surveillance.16 This anonymity also makes it difficult to gather accurate information on cybercriminals and their activity. Countervailing concerns to reducing anonymity are the desire to protect personal privacy and the need for anonymity in countries where there is great social unrest; anonymity is needed to prevent the tracking of dissidents, journalists and bloggers.

Some cybercrime is the consequence of a lack of security in

infrastructure on a national level. Increasing computer literacy enables more people to use the

Internet for legitimate purposes or cybercrime. Encrypted and anonymous e-mail, peer-to-peer (P2P) instant

messaging (IM) and voice services (Voice over Internet Protocol or VoIP) are just some of the recent communication technologies that pose data access challenges to law enforcement. In particular, e-mail delivers considerable cybercrime activities such as spoofing,17 at the same time allowing their illegal content to be passed through a number of different countries during the transfer from the sender to the recipient.

Internet connectivity continues to spread. Contrary to what

is commonly believed, cybercrime is not a problem that only affects developed countries.18 Further expansion of Internet connectivity in developing countries, where IT security measures may not be as robust, is likely to prompt further geographical shifts in malicious activity both in terms of attack origin and the number of compromised computers. As a consequence, the development of technical measures to promote cybersecurity and proper cybercrime legislation is

9 COUNCIL OF EUROPE (2001), Convention on Cybercrime - http://www.unicri.it/emerging_crimes/human_trafficking/legal_framework/docs/convention_on_cyber_crime.pdf.10 EUROPOL (2011), Threat Assessment (Abridged) Internet Facilitated Organized Crime, iOCTA.11Botnets, or Bot Networks, are made up of vast numbers of compromised computers that have been infected with malicious code, and can be remotely-controlled through commands sent via the Internet. WILSON (2008), Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress, http://www.fas.org/sgp/crs/terror/RL32114.pdf, p. 8.12 EUROPOL (2011), Threat Assessment (Abridged) Internet Facilitated Organized Crime, iOCTA, p. 3.13 Ibid.

14 Ibid., p. 6.15 Ibid., pp. 5-6.16 Ibid., p. 5.17 In e-mail spoofing, the header of an e-mail appears to have originated from someone or somewhere other than the actual source. Spam distributors and criminals often use spoofing in an attempt to obtain personal data and information (e.g. account numbers and online banking passwords).18 See for example the OECD Report (2005) Spam Issues in Developing Countries, www.oecd.org/dataoecd/5/47/34935342.pdf.


vital for both developed countries and developing countries. Compared with the costs of grafting safeguards and protection measures onto computer networks at a later date, it is likely that initial measures taken right from the outset will be less expensive. Developing countries need to bring their anti-cybercrime strategies into line with international standards from the outset.19

Mobile devices are becoming the main tools used to access

the Internet and are being increasingly marketed in large numbers to areas of the world that have previously enjoyed limited Internet connectivity.20 The always on culture fostered by mobile devices ensures that potential victims are online and data is exposed for a longer period of time, thereby giving criminals more opportunities to access data. One recent study shows a 42% increase in mobile operating system vulnerabilities in 2010.21

Open wireless networks can enable perpetrators to gain remote

access to the Internet without identifying themselves. Public Wi-Fi networks typically collect basic information, such as the type of device, operating system and browser.

Commercial trends invite increased storage of personal data

on the Internet: Retailers and other businesses are continually asking customers to enrol into their clubs or loyalty programmes. This creates significant retention of data on the Internet about individuals, their account details, their interests and their connections to other like activities that can be exploited by cybercriminals if there is insufficient cybersecurity.

Todays Internet is characterized by very many computers at

very many locations, with each computer/location combination holding a small fraction of the total data on the Internet. Cloud computing refers to the consolidation of Internet data on fewer computers at fewer locations. This consolidation reduces the overall IT cost by reducing the amount of hardware, software and administrative support needed for the fewer computers at fewer sites. When credit card information or other data useful for crime is consolidated, cybercriminals gain more data for their criminal enterprises by penetrating a single cloud computer than by penetrating a single computer in todays Internet.

Another aspect of cloud computing is the outsourcing of

computer services to a third party who owns and runs the cloud computers. Instead of being at a companys premises, the computers and the companys data are in another location or locations that could be in a different country from the company. This geographic difference could mean that the data protection and criminal laws applicable to the company may differ from those laws applicable to the companys data. If, for example, cybercriminals from a third location steal the companys data from the cloud computer, the investigation and prosecution of that crime could involve the laws and law enforcement personnel of three jurisdictions: where the company is located, where the cloud computers are located and where the cybercriminals are located. This increased legal and law enforcement complexity benefits cybercriminals.

Above all, a significant vulnerability is the lack of an organized

international law enforcement process to counter cybercrime. The bureaucratic structures of law enforcement agencies

and their partners around the world were designated before cyberthreat was known. No single entity is in charge, no single entity knows the full extent of the problem. This situation is being exploited by OCGs. The ubiquitous nature of cyber does not fit with our current response frameworks.

The development of a cybercrime-related legal framework is

needed. The fact that provisions exist in the criminal code that are applicable to similar acts committed outside the network [such as fraud, copyright violations or child pornography] does not mean that they can be applied to acts committed over the Internet as well.22 It is necessary to create substantive criminal law provisions that would effectively criminalize acts of cybercrime and provide the necessary procedural powers for law enforcement agencies to carry out the type of specialized investigative measures required to identify cybercriminals (such as the interception of Internet traffic or the use of remote forensic software).

Insufficient collaboration between the public and private

sectors also prevents collection of the intelligence necessary to understand the scope of the cybercrime problem and to implement collaborative law enforcement against cybercrime.

As cybercrime has a transnational nature, international

cooperation is a key element in combating it. However, in this field very few treaties and agreements on mutual legal assistance among states exist.23 Current agreements are based on formal and complex procedures that often refer to the principle of dual criminality.24 According to this principle, only those crimes that are criminalized in all participating countries are globally investigated. For this reason, regional differences in legislation and practices among states play an important role and can make international cooperation very difficult. One example is the illegal content of certain materials. Some countries or regions criminalize the dissemination of materials which are lawfully distributed in other countries.25

Finally, it must be pointed out that a majority of cybercrime

is not reported to the competent authorities, either because individuals do not realize that the offence is taking place or because (especially for banks, business and industries) they do not want to expose themselves to the reputational damage it causes.26 The high degree of under-reporting is an obstacle to combating cybercrime and the use of the Internet by criminal groups. If these crimes are not reported, they will not be investigated.

19 International Telecommunication Union (2009), Understanding Cybercrime: A Guide for Developing Countries, http://www.itu.int/ITU-D/cyb/cybersecurity/docs/itu-understanding-cybercrime-guide.pdf, p. 16.20 The recent report by Symantec points out that about 44% of mobile phone owners globally use their mobile phone to access the Internet. This percentage rises to more than half of adults in emerging countries. Symantec (2011), Cybercrime Report 2011.21 Symantec (2011), Internet Security Threat Report: Trends for 2010, https://www4.symantec.com/mktginfo/downloads/21182883_GA_REPORT_ISTR_Main-Report_04-11_HI-RES.pdf.

22 International Telecommunication Union (2009), Understanding Cybercrime: A Guide for Developing Countries, p. 13.23 UNODC (2011), Working Paper Draft collection of topics for consideration within a comprehensive study on impact and response to cybercrime, http://www.unodc.org/documents/treaties/organized_crime/EGM_cybercrime_2011/Working_Papers/UNODC_CCPCJ_EG4_2011_2_rev1_-_amended_-_final.pdf.24 International Telecommunication Union (2009), Understanding Cybercrime: A Guide for Developing Countries.25 Ibid; UNODC (2011), Working Paper Draft collection of topics for consideration within a comprehensive study on impact and response to cybercrime.26 See for more details: McAfee, (2011), Underground Economies, http://161.69.13.40/us/resources/reports/rp-underground-economies.pdf; Symantec (2011), Cybercrime Report 2011.


1.4. Cases

Case 1: Mariposa Botnet27

Spanish authorities used a multidisciplinary task force (military, international law enforcement, academia, private sector) to dismantle the Mariposa botnet in 2010. The botnet infected more than 12.7 million personal computers in more than 190 countries and more than 3,000 smartphones before they were shipped from the factory.

Case 2: Rustock Botnet28 Each infected machine communicated with control nodes via posts that appeared to be legitimate posts to a bulletin board or Web forum. The command and control servers were all located in the US and most were managed by small hosting firms that were unaware of the botnets presence. This case illustrates how cybercriminal enterprises rely on a criminal infrastructure (the digital underground economy) and the value of the tools developed by the criminals.

Case 3: Operation Aurora29

Advanced persistent threats (APT) are attacks that use deceptive techniques (such as sending an e-mail from a trusted source) to gain access to systems. After obtaining control of the target system, specific data and intellectual property was stolen. Intellectual property theft and cyber espionage are growing problems in a world where data is a leading commodity.

Case 4: Operation Night Dragon/Shady RAT30

Attackers from several locations in China used command and control servers from purchased hosted services in the United States and from compromised servers in the Netherlands to attack global oil, gas and petrochemical companies, individuals and executives in Kazakhstan, Taiwan, Greece and the United States to acquire proprietary and highly confidential information. The attackers ran regular business hours for as long as four years, illustrating professionalism of attack (cybercrime as a business).

Case 5: Anonymous31

The development of a new distributed model of malfeasance over the last two years has spilled over into the offline Occupy protests. Anonymous is now a global brand in free speech and freedom fighting, espoused for a variety of anti-capitalist and anarchic causes, and even by lawmakers. Of particular interest here is the variety of cells operating under the Anonymous brand and the range of issues targeted in its name. These include attacks on the EU parliament related to the Anti-Counterfeiting Trade Agreement (ACTA), law enforcement conference calls, the use of tear gas in Bahrain, threats to Mexican drug cartels, and the exposure of e-mails belonging to a law firm representing US marines accused of murdering Iraqi civilians revealing links between nationalist politicians and extremist groups. These are ideologically motivated electronic attacks with no consistent theme.

1.5. Good practices

Good practices minimize the value of cybercrime enablers to cybercriminals by making the enablers more difficult to use (increased cybersecurity) or by making cybercrime easier to detect and prosecute through international cooperation by governments and private industry.

In the United States, CERT,32 Symantec,33 and McAfee34 provide information on how individuals and businesses can increase their cybersecurity to make cybercrime more difficult. One objective is to prevent cybercriminals from accessing the information they need to commit cybercrimes.

The Council of Europe has reported on best practices for international cooperation against cybercrime35 and last year the Council on Organized Crime reported cooperative law enforcement through the Virtual Global Taskforce.36

A convention or protocol at the United Nations level has been proposed to improve on the regional cooperation framework established by the Council of Europe Convention on Cybercrime.37

The Twelfth United Nations Congress on Crime Prevention and Criminal Justice, held in April 2010, resulted in UN Resolution 65/230,38 which calls for the creation of an open-ended intergovernmental expert group ... to conduct a comprehensive study of the problem of cybercrime and responses to it by Member States, the international community and the private sector, including the exchange of information on national legislation, best practices, technical assistance and international cooperation.

In fact, an increasing number of cybercrimes have an international dimension, particularly due to the fact that offenders, operating through the transnational Internet, often do not need to be present at the location of the victim. This separation in the location between the victim and the offender and the mobility of offenders make it necessary for law enforcement and judicial authorities to cooperate internationally and assist the state that has assumed jurisdiction. Effective international cooperation poses one of the major challenges in combating increasingly globalized crime, both in its traditional forms and as cybercrime. ... Effective international cooperation requires a degree of common understanding and the adoption of common approaches of legislation.39

27 http://www.theregister.co.uk/2010/03/19/voda_spain_mariposa_latest/ and http://www.theregister.co.uk/2010/03/02/mariposa_botnet_takedown/.28 http://www.theregister.co.uk/2011/03/23/rustock_takedown_analysis/.29 http://www.mcafee.com/us/resources/white-papers/wp-protecting-critical-assets.pdf.30 http://www.mcafee.com/ca/resources/white-papers/wp-global-energy-cyberattacks-night-dragon.pdf, http://www.networkworld.com/news/2011/021011-night-dragon-attacks-from-china.html, http://graphics8.nytimes.com/packages/pdf/technology/mcafee_shadyrat_report.pdf, http://www.chinaeconomicreview.com/node/5679631 http://www.guardian.co.uk/technology/2012/feb/22/acta-stalled-european-commission, http://www.guardian.co.uk/technology/2012/feb/06/anonymous-haditha-killings, and http://www.guardian.co.uk/world/2012/feb/01/bnp-emails-far-right-anonymous.

32 http://www.us-cert.gov/reading_room/.33 http://www.symantec.com/about/news/release/article.jsp?prid=20110831_01 and http://www.symantec.com/theme.jsp?themeid=ncsa&depthpath=0&header=0.34 http://www.mcafee.com/us/campaigns/fight_cybercrime/cru/information/best_practices.html.35 http://www.mcafee.com/us/campaigns/fight_cybercrime/cru/information/best_practices.html.36 http://www3.weforum.org/docs/WEF_GAC_OrganizedCrime_Report_2010-11.pdf, p. 19.37 http://www.cybercrimelaw.net/documents/A_Global_Protocol_on_Cybersecurity_and_Cybercrime.pdf, p. i.38 UNODC RES/65/230, Resolution adopted by the General Assembly Twelfth United Nations Congress on Crime Prevention and Criminal Justice, http://daccess-dds-ny.un.org/doc/UNDOC/GEN/N10/526/34/PDF/N1052634.pdf?OpenElement and http://www.unodc.org/documents/justice-and-prison-reform/AGMs/General_Assembly_resolution_65-230_E.pdf, p. 3.39 UNODC (2011), Working Paper Draft collection of topics for consideration within a comprehensive study on impact and response to cybercrime, p. 11 and 9.


1.6. Recommendations

General Recommendations

Establishing coordinating structures: A structure analogous to that of the UNODC is needed to

evaluate and quantify the global cybercrime problem. UNODC should encourage the creation of appropriate legislation and INTERPOL should enhance law enforcement capacity by coordinating the regional efforts of EUROPOL, the Federal Bureau of Investigation (FBI), Australian Federal Police (AFP) and others. This coordinated regional and international response should include a consistent approach to law enforcement cooperation with the private sector (effectively reducing the number of law enforcement counterparts that global corporation must deal with by offering them regional points of contact such as EUROPOL, and the future INTERPOL centre in Singapore). Until such capability is available, the full extent of that component of the cybercrime problem for which law enforcement action is appropriate will not be known.

Raising awareness and developing instruction and prevention

programmes: The knowledge of how cybercrime schemes work must be

increased and widely disseminated. Social engineering techniques are commonly used in e-mail

scams. Victims unknowingly give their money to criminals because the victims mistakenly think the communicating parties are their friends or business partners. As a result, inadvertent victims around the world continuously lose huge amounts of money in these e-mail scams. Intensified publicity and crime prevention programmes would play an instrumental role in reminding the public to recognize and avoid these scams.

Botnets have posed a significant threat to the cybersecurity

of major information systems. Typical of this threat is the distributed denial of service (DDoS) attack which utilizes botnets to launch premeditated, coordinated and simultaneous denial of service attacks from many points of origin against a single or multiple targets. Cybercriminals usually make use of botnet-inflected machines to launch the attack. Hence, it is vital to raise public awareness about the need to keep computers and servers free from botnet infection by constantly updating the anti-virus software.

Specific Recommendations

Enhancing cooperation and sharing information: Establish an efficient means for private industry and government to share information about cybercrime

The US government has begun exchanging cyberthreat information with government contractors; legislation is pending to make it easier to share this information.40 The World Economic Forums initiative on Risk and Responsibility in a Hyperconnected World provides a platform for decision-makers to undertake coordinated action to set in place the risk evaluation, detection and response mechanisms necessary to protect networked communications and future growth in the online networked economy.41

Strengthening public-private partnership: Dismantling the command and control servers of botnets would

mitigate the threat. Law enforcement agencies (LEA) should collaborate with academia, IT industry stakeholders and local Computer Emergency Response Teams (CERT) to exchange intelligence on the locations of botnet servers to remove or disable them.

Botnets are crucial tools to commit e-banking fraud. LEAs

should engage the banking industry to impose additional security measures. One simple step that could drastically mitigate the risk is to limit all third-party money transfers to pre-registered accounts only.

40 http://www.reuters.com/article/2011/12/01/us-usa-cyber-intelligence-idUSTRE7B001H2011120141 http://www.weforum.org/content/pages/risk-and-responsibility-hyperconnected-world.


2. Enablers of money laundering: Beneficial owners and professionals


In the anti-money laundering movement, two main issues have raised significant consideration:

identifying the beneficial owners of corporate entities clarifying the role of professionals and intermediaries in money

laundering and terrorist financing schemes

Both beneficial owners and professionals may, in fact, play the role of enablers of organized crime and corruption.

2.1. Main features

Beneficial OwnersCriminals and criminal organizations may make use of complex cross-border schemes of corporate vehicles with a Chinese boxes structure to conceal their identities and to hide illegal proceeds. Law enforcement agencies have been handling an increasing number of cases in which legitimate businesses co-mingle with illegal businesses, and legitimate funds with illicit funds. Reconstructing these complex corporate schemes and identifying who lies behind them, i.e. identifying their beneficial owners (BO), is considered to be essential to reveal the full extent of the criminal infrastructure and to prevent future criminal activities.

ProfessionalsIn addition to the increasing emphasis on the need to improve the transparency of corporate beneficial ownership, special attention must be paid to the role of professionals as gatekeepers, or conversely, as enablers of organised crime and corruption.

Professional service providers have been increasingly identified as being involved (either knowingly or unwittingly) in money laundering (ML) and financing of terrorism (FT) schemes. Given their trusted gatekeeper status, professionals can misuse the absence of direct supervision to launder funds themselves and/or act as good faith intermediaries in helping others to launder. This can occur in a variety of contexts, such as the securities and derivatives markets, the real estate market, etc., only some of which are discussed here. Active criminal infiltration of professional roles or subornation of existing professionals are key routes to criminal success. For example, brokerages or even multidisciplinary firms of accountants and lawyers can be beneficially owned by criminals, leveraging their professional status. The extent to which this happens in practice is unknown, but it represents a risk that requires management.

The increased misuse of professionals for criminal purposes is the natural consequence of the evolution in ML/FT patterns: in fact, the severe restraints and strict controls on the activities of credit and financial institutions (on which money launderers originally relied to conceal the proceeds from crime) produced a displacing effect, forcing criminals to find another entry point to the financial system and to exploit new channels and intermediaries to conduct their business. Criminals had thus to find alternative methods for laundering dirty money, moving from now better regulated financial institutions to non-regulated businesses and professions, that is to those areas with a less stringent regulatory regime.42

2.2. Achievements

Both issues beneficial owners and service providers have seen an increase in regulations recently. These regulations, however, are not always accompanied by an adequate level of implementation.

A global level playing field may be impossible to achieve, but greater attention must be paid, at the national and transnational levels, to enhance the harmonization and availability of data on BO and to ensure that professionals and other service providers behave responsibly.

Beneficial OwnersWith reference to the beneficial owners, governments have recognized the importance of curbing the misuse of corporate vehicles to conceal beneficial ownership, and in response, they have adopted certain international standards.43 The two key international standards dealing with BO identification are the United Nations Convention against Corruption44, and the 40 Recommendations45 drawn up and revised by the Financial Action Task Force (FATF) in 2003, and significantly revised in 2012.46

More specifically, FATF Recommendations 24 and 25 aim at enhancing the transparency of legal entities and indicate identification of the beneficial owner as a key measure. In particular, they (R24) require that, Countries should ensure that there is adequate, accurate and timely information on the beneficial ownership and control of legal persons that can be obtained or accessed in a timely fashion by competent authorities.47

42 FATF (2011), The Review of the Standards - Preparation for the 4th Round of Mutual Evaluation. Second public consultation, June 2011, http://www.fatf-gafi.org/dataoecd/27/49/48264473.pdf.

Source: Margaret Beare & Stephen Schneider. 2007. Money Laundering in Canada: Chasing Dirty and Dangerous Dollars, University of Toronto Press, p. 135

Figure 1 Professionals who came into contact with the proceeds of crime

43 World Bank/UNODC, (2011), The Puppet Masters: How the Corrupt Use Legal Structures to Hide Stolen Assets and What to Do About It, http://www1.worldbank.org/finance/star_site/docu-ments/Puppet%20Masters%20Report.pdf, p. 4. 44 UNITED NATIONS RES/58/4 (2003), United Nations Convention against Corruption, http://www.un-documents.net/a58r4.htm.45 FATF (2003) 40 Recommendations, http://www.fatf-gafi.org/media/fatf/documents/40%20Recommendations.pdf.46 FATF (2012) The FATF Recommendations: International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, http://www.fatf-gafi.org/datao-ecd/49/29/49684543.pdf.47 Ibid., p. 22.


In recognizing the vulnerability to laundering from a lack of transparency regarding beneficial ownership issues, the FATF has revised and enhanced their earlier recommendations to now include far greater precision as to what countries should have in place in order to comply. Countries should have mechanisms that:

(a) identify and describe the different types, forms and basic features of legal persons in the country

(b) identify and describe the processes: (i) for the creation of those legal persons; and (ii) the obtaining and recording of basic and beneficial ownership information

(c) make the above information publicly available(d) assess the money laundering and terrorist financing risks

associated with different types of legal persons created in the country48

The FATF recommends that to determine who the beneficial owners of a company are, competent authorities will require certain basic information about the company, which, at a minimum, would include information about the legal ownership and control structure of the company. This would include information about the status and powers of the company, its shareholders and directors. Among a long list of requirements, all companies created in a country should be registered in a company registry.49

The crucial importance of BO identification in the fight against ML and TF has been fully recognized, for example, at the EU level. In particular, the Third EU Anti-Money Laundering Directive,50 cornerstone of the whole EU Anti-Money Laundering (AML) regulatory framework, was intended to expand existing counter-measures to a significant group of professionals and service providers. In this perspective, it requires intermediaries such as banks, auditors, accountants, lawyers and notaries to identify, in the framework of Customer Due Diligence procedures, the beneficial owner of their clients (Art. 8, par. 1 b).

ProfessionalsThe potential risk of professionals being abused for illicit purposes has become a significant issue in the anti-money laundering legislative framework: the recent trend in Anti-Money Laundering and Countering the Financing of Terrorism (CFT) legislation is to expand existing counter-measures applicable to credit and financial institutions to a significant group of professional service providers, both at the international and European levels. The increasing number of cases involving professionals has prompted competent authorities to place more categories of professionals under anti-money laundering obligations.51

This approach has been adopted, for example, by the EU AML regulatory framework, which has expanded AML obligations to a greater number of professionals and service providers, such as:

(a) credit institutions(b) financial institutions(c) auditors, external accountants and tax advisers(d) lawyers(e) notaries(f) trust and company service providers(g) real estate agencies(h) casinos

2.3. Vulnerabilities

Beneficial OwnersWith regard to the identification of beneficial owners, some problems must be taken into account, representing vulnerabilities that could be seen by criminal groups as actual opportunities for money laundering or financing terrorism.

An effective anti-money laundering regime to prevent corporate entities from being abused for money laundering should have at least three components:

(a) a central registry of corporate entities that provides beneficial owner information

(b) beneficial owner identification systems by financial institutions and professional service providers

(c) an international sharing system for beneficial owner information

Unfortunately many weak links in all three components exist worldwide.

A) Central registry of corporate entities: There is currently no international standard requiring states to

have a central registration system for corporate entities, such that not many states have a system that makes BO information available to those who need it for the purpose of anti-money laundering.

Some states have fragmented registration systems, e.g. for tax

or public listing purposes, etc., but these fragmented systems are not designed for the purposes of anti-money laundering and so are not conducive to them. Moreover, access to these systems for BO information can only be made in certain limited circumstances, e.g. for a criminal or tax investigation etc., and the associated information retrieval process is extremely inefficient and very often requires judicial scrutiny.

For those states having a central registry of corporate

entities, in the absence of international standards on what BO information a corporate entity must register with the authority and how often the information needs to be updated, the registers are very often found to be unreliable, i.e. not updated, and pertaining only to legal ownership/control as opposed to actual beneficial ownership.

B) Beneficial owner identification systems: As for BO identification systems, despite the Third EU

Directive and the FATF Recommendations, currently many states, including those well developed states in which the world financial centres are situated, have yet to put in place proper enforceable means to require financial institutions and professional service providers to identify and verify the beneficial ownership of corporate entities in their customer due diligence processes. Nor are they required to understand the ownership and control structure of corporate customers with complex ownership structures.

Law enforcement agencies from time to time come across

investigations involving shell companies being used for money laundering. Criminals or money launderers make use of the services of the professional service providers to set up shell companies to open bank accounts for illicit transactions with staff of the professional service provider acting as nominee directors of the corporate customers. Banks without proper customer due diligence practices do not know and do not bother to ask (if the state has no such requirement for them to do so) about the actual beneficial owners of such corporate customers and the bank accounts.

48 Ibid., p. 83.49 Ibid.50 EU DIRECTIVE 2005/60/EC of the European Parliament and of the Council of 26 October 2005 on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2005:309:0015:0036:en:PDF.51 The imposition of due diligence obligations on service providers is important for two main reasons. First, it obliges service providers to collect information and conduct due diligence on matters about which they might prefer to remain ignorant. This obligation is important because in the majority of cases in which a corporate vehicle is misused, the intermediary is negligent, wilfully blind, or actively complicit. If a service provider is obligated to gather full due diligence information, it becomes impossible for the intermediary to legitimately plead ignorance regarding the background of a client or the source of his or her funds. Second, having all such information duly gathered by the service provider means that investigators have an adequate source of information at their disposal. World Bank/UNODC, (2011), The Puppet Masters: How the Corrupt Use Legal Structures to Hide Stolen Assets and What to Do About It, p. 6.


C) International sharing of beneficial owner information: Given the fact that money laundering is frequently carried out in

an international context, the problem of corporate entities being abused for money laundering is aggravated by the ease with which corporate entities can be incorporated overseas. Law enforcement agencies, financial institutions and professional service providers increasingly come across or deal with companies incorporated offshore. Offshore corporate entities have hindered the respective customer due diligence and investigation processes, if not making them impossible.

While the availability of overseas BO information to financial

institutions and professional service providers still leaves much to be desired, the effectiveness and efficiency of international sharing of BO information among law enforcement agencies are also in question because (a) not every state allows its law enforcement agencies to have free access to the relevant register for international sharing without judicial scrutiny; and (b) not every law enforcement agency can share information with an overseas counterpart without a bilateral cooperation agreement or mutual legal assistance agreement.

For financial institutions, aside from the unavailability of

overseas BO information, another concern is the high cost incurred and the long time spent in obtaining information from overseas authorities. Therefore, very often, in case of complex company structures involving offshore corporate entities, financial institutions are reluctant to identify and verify the identity of the BO of all the structures layers. They simply check the first and last layers and rely on the declaration of the customers to tell them what the intermediate layers are.

ProfessionalsWith reference to professionals risk of being involved in ML schemes, other vulnerabilities may be identified that allow criminals and terrorists to take advantage of them. Each of the vulnerable sectors has a role for professionals to play whether as willing conspirators or naive facilitators. One of the most effective ways to aid the laundering process is to engage the cooperation of corrupt professionals, or for a criminal enterprise to place operatives within financial institutions. By doing so, an offender can bypass scrutiny, falsify documents and avoid mandatory transaction reporting requirements. Internal conspiracies and corruption have been identified in the following cases:

A) Some criminals might try to take advantage of professional secrecy obligations that apply to the gatekeeper.52

In anti-money laundering discussion, the term gatekeepers

refers to a broad range of professionals (such as lawyers,

notaries, accountants, company formation agents and others) who, as a result of their status, have the ability to provide financial expertise and allow access to the financial system. Therefore, gatekeepers should be meant as protectors of the gates to the financial system.53 As such, they are those through whom the users of the system, including potential launderers, must pass to enter it. This is why AML regulation has increasingly directed its attention to these figures by establishing specific anti-money laundering obligations in the execution of their functions.

B) A most common technique used to help expedite the

laundering process is the use of nominees, involving some attempt by the offender to obscure a direct connection between himself and assets he owned, primarily by registering legal title to the asset in the name of another individual, usually a relative, a friend or a lawyer. In an analysis of Royal Canadian Mounted Police cases, it was found that the assets most often placed in the name of nominees were real estate, cars, companies and banks accounts.54

C) According to a report authored by the Financial Action Task

Force (FATF), ...inadequate codes of conduct and ethics with a low likelihood of disciplinary action (emphasis added) all help to shape businesses in ways that enable criminals to take advantage of the services they offer. Professionals and insiders who are sole traders and have no management or compliance oversight, along with vulnerable business models that cannot support sophisticated AML systems, are often seen as soft targets for criminals who wish to use their services for illegal gain.55

D) In the absence of corresponding ethics and internal controls,

the practice of making decisions to promote or continue employment based on performance criteria, and the use of sales-driven remuneration packages and performance assessments may unintentionally promote unlawful greed in individuals and increase their vulnerabilities. This can create an environment characterized by corruption that can be easily exploited by criminals.56 What gets measured, gets done, therefore it is important to consider the reward system within institutions. These rewards individual and group are partially responsible for irrational exuberance in banking decisions (i.e. unwise loans and credit lines, etc.). Peer pressure from group incentives is particularly powerful. Hence any policy that results in the loss of customers especially customers with large amounts of money is operating against the current reward structure. Financial institutions rhetoric may declare that all bank objectives are equal profit, risk management, customer satisfaction and societal pressures to reduce money laundering when in reality they often are not given the same attention.

E) Inter alia, special attention must focus on lawyers services and

real estate transactions.

52 FATF (2010) Global Money Laundering & Terrorist Financing Threat Assessment, http://www.coe.int/t/dghl/monitoring/moneyval/web_ressources/FATF_GTA2010.pdf, p. 46.

53 FATF 2010, Global Money Laundering & Terrorist Financing Threat Assessment. A view of how and why criminals and terrorists abuse finances, the effect of this abuse and the steps to mitigate these threats. http://www.coe.int/t/dghl/monitoring/moneyval/web_ressources/FATF_GTA2010.pdf, p. 44.54 Beare, M. and Schneider, S. (2007). Money Laundering in Canada: Chasing Dirty and Dangerous Dollars. In one case, a Calgary-based cocaine trafficker had signing authority for 25 bank accounts; most were registered in the names of relatives, favouring his mother and father-in-law.55 FATF (2010) Global Money Laundering & Terrorist Financing Threat Assessment, p. 46.56 Ibid.


LawyersThe services provided by lawyers are frequently part of a series of commercial and financial transactions conducted by the most sophisticated criminal entrepreneurs. In an unknown but presumably very large proportion of cases, the lawyer is not aware that the scheme s/he is facilitating is illicit. However, in certain criminal and regulatory cases, the services of lawyers were explicitly sought out and, in some instances, repeatedly used by criminal offenders to launder their criminal proceeds.57 More specifically:

Lawyers came into contact with the proceeds of crime through their role in facilitating a real property transaction by a drug trafficker or accomplice.

Lawyers are used to conceal the true source of funds provided to them by offenders through the use of legal trust accounts and the invocation of solicitor-client privilege, which can place stringent restrictions on the ability of law enforcement to gather information from law offices.

They have also helped to conceal criminal ownership of assets by registering titles in the names of nominees and, in some cases, their own names.

They allow their client and office accounts to be used to receive cash from offenders and supply them with financial instruments (cheques and transfers) that will appear clean to bankers.

They have been involved in transferring funds derived from criminal activities to secrecy haven countries, including establishing shell companies in these countries.

They have been used to create a seemingly legitimate source of revenue for criminal offenders. This service is largely accomplished by establishing shell and active companies, selling assets on behalf of offenders, and purchasing revenue-generating rental properties.

Real EstateThe real estate market allows criminals to use large quantities of cash and manipulate other services associated with real estate transactions, such as mortgages and the use of nominee accounts, and dealings that are possible through the construction industry. Launderers benefit in multiple ways because they can often acquire valuable and appreciating investments at the same time that they launder money into the legitimate economy.58 Some evidence also exists that offenders seek out a mortgage to limit their equity in a home, to minimize their personal financial loss if the property is forfeited to the Crown or, if the property is to be used for an illegal marijuana or other grow-operation, it may decrease their loss of capital in case of a building destroyed by the chemicals used. In some cases, a mortgage (as well as title to the property) appears in the name of a nominee. In other cases, a criminal entrepreneur can personally finance a mortgage for property that he controls, but that is registered in the name of a nominee. This laundering technique provides the bogus owner with a seemingly legitimate source of funds to purchase the home, while hiding the true criminal ownership of the property. Alternatively, mortgage financing can be provided by a nominee, such as a family member or a business associate, for property registered to a criminally accused person (in a past case, for example, the mortgage was fake and the funds were ultimately traced to the accused). Mortgages may also be financed by criminally-controlled companies, often off-shore. The absence of will among many real estate professionals in many parts of the

world to conduct due diligence on their clients and the absence of sanctions for complicity in money laundering in real estate have exacerbated the problem.59 Furthermore, sanctions have not been applied against other professionals allied with the real estate business, such as notaries and mortgage brokers, who have facilitated such laundering.

2.4. Cases

Case 1: Delaware Laws, Helpful to Arms Trafficker, to Be Scrutinized60 A Russian businessman who investigators say is the worlds largest arms trafficker used secret corporations formed in Delaware and other states to finance his activities. ... Delaware and the other states have business-friendly laws that encourage the creation of opaque shell companies, allowing their true owners to be disguised or obscured. The Senate is considering new legislation to stop the formation of two million such American corporations a year in various states.

Officials say the Russian businessman, Viktor Bout, used at least a dozen shell companies in Delaware the leading state that allows the formation of such companies as well as Texas and Florida. ...

Senator Carl Levin, Democrat of Michigan, who co-sponsored the legislation, contends that the state laws effectively allow arms trafficking, money laundering, drug smuggling and tax fraud to flourish. ...

The proposed legislation would require states to collect the names of beneficial owners of corporations and limited liability companies formed under their laws, and to provide that information to law officials when requested.

Case 2: The use of professional intermediaries to facilitate money laundering A law enforcement operation identified an accountant, J, who was believed to be part of the criminal organisation involved in money laundering and re-investment of illicit proceeds derived from drugs trafficking led by X. Js role was mainly that of a legal and financial consultant. His task was to analyse the technical and legal aspects of the investments planned by the organisation and identify the most appropriate financial techniques to make these investments appear legitimate from a fiscal stance. He was also to try, as much as possible, to make these investments profitable. J was an expert in banking procedures and most sophisticated international financial instruments. He was the actual financial mind of the network involved in the re-investment of proceeds available to X. J operated by sub-dividing the financial transactions among different geographical areas through triangle transactions among companies and foreign credit institutions, by electronic transfers and stand-by credit letters as a warrant for commercial contracts which were later invested in other commercial activities (Source: extracted from website of JE Financial Services Commission).61

2.5. Good practices

Beneficial OwnersBeneficial Owner Identification by Financial InstitutionsThe efforts of the FATF do give momentum to system improvement in member states or jurisdictions such as Hong Kong SAR. A major financial centre, Hong Kong is very concerned about the integrity of its financial systems. In response to the findings of the FATFs third round of mutual evaluation, Hong Kong passed new anti-money

57 Middleton, D. and Levi, M. (2005) The role of solicitors in facilitating Organized Crime: Situational crime opportunities and their regulation, Crime, Law & Social Change 42 (2-3): 123-161; Levi, M., Nelen, H. and Lankhorst, F., (2005) Lawyers as crime facilitators in Europe: An introduction and overview, Crime, Law & Social Change 42 (2-3): 117-121. For an empirical study of lawyers roles in US cases, see Cummings, L. and Stepnowsky, P. (2010) My Brothers Keeper: An Empirical Study of Attorney Facilitation of Money-Laundering through Commercial Transactions, http://digitalcommons.law.umaryland.edu/cgi/viewcontent.cgi?article=1970&context=fac_pubs. For an empirical study of Canadian cases, see Beare M.E. and Schneider S. Money Laundering in Canada: Chasing Dirty and Dangerous Dollars. U of Toronto Press 2007, chapter 3. See, more generally, Shaxson, N. (2011) Treasure Islands: Tax havens and the men who stole the world, London: Bodley Head.58 World Economic Forum (2011), Global Agenda Council on Organized Crime 2010-2011 Term report, http://www3.weforum.org/docs/WEF_GAC_OrganizedCrime_Report_2010-11.pdf, p. 9.

59 Ibid., p. 11.60 The New York Times, 4 November 2009, http://www.nytimes.com/2009/11/05/business/05tax.html?scp=11&sq=beneficial%20owners%20laundering&st=cse.61 FATF (2010), Money Laundering Using Trust and Company Service Providers, http://www.fatf-gafi.org/dataoecd/4/38/46706131.pdf, p. 41.


laundering legislation, which among other obligations requires financial institutions to identify the beneficial owners of customers, taking reasonable steps to verify their identity and know who they are, including, where the customer is a legal person, measures enabling the financial institutions to understand the ownership and control structure of the legal person.

Pursuant to the legislation, the respective regulators of financial institutions formulated legally enforceable guidelines setting out detailed requirements for how the identification and verification of beneficial owners should be conducted. In brief, if a customer is a legal entity, e.g. a corporation, an unincorporated body, a partnership, etc., the guidelines require identification and verification of all beneficial owners who own or control, directly or indirectly, more than 10% of the legal entitys shares or who exercise ultimate control over the management of the corporation.

Financial institutions must understand the ownership and control structure of a corporation, even if it has multiple layers, by, for example, obtaining a directors declaration that includes an ownership chart describing the intermediate layers. At a minimum, information included in the chart should include the names of the companies of the intermediate layers, the places of incorporation and the rationale behind the particular structure employed.

International Sharing of Information The Egmont Group is an international network of Financial Intelligence Units (FIU), which provides a forum for member units, comprised of central, national agencies that handle financial report information, to improve cooperation in the fight against money laundering and the financing of terrorism. The network enables member units to efficiently share intelligence, including information on corporate entities through a secure website, without the need for a bilateral agreement. However, a prerequisite for the sharing of information is that the member state has (a) a centralized registration system of legal persons and (b) its financial intelligence unit has direct access to the system database.

ProfessionalsWith reference to the involvement of professionals in money laundering cases, good practices have focused on the strengthening of codes of conduct and on including new categories under the AML/CFT regulation. For example, the Offshore Group of Banking Supervisors Trust and Company Service Providers Working Group62 has focused on the crucial position of trust and company service providers (TCSPs).

Given the role of TCSPs as intermediaries and introducers of businesses to institutions that manage funds or assets, their inclusion under the anti-money laundering framework is a key step for the effectiveness of AML and CFT measures.63 On the contrary, the Offshore Group of Banking Supervisors Trust and Company Service Providers Working Group has found that a number of jurisdictions still do not regulate or supervise the operations of TCSPs appropriately.64

Accordingly, the Group drew up a Statement of Best Practice65 for Trust and Company Service Providers, which was completed in 2002.66

2.6. Recommendations

On the basis of the vulnerabilities mentioned above, the Council suggests the following recommendations, which apply across the areas discussed in this section:

Beneficial OwnersA) Regarding the central registry of corporate entities,67 it is

recommended that: the information to be registered include both legal owners

(directors and shareholders) and beneficial owners the registered information be verified by the registry authority the registered information be updated in a timely manner by

the corporate entity when there are changes, e.g. within one or two months

the register be accessible to the public against payment online; payment should be minimal in order not to discourage access

B) Regarding beneficial owner identification, it is recommended

that: financial institutions and professional service providers be

required by law or by other legally enforceable means to identify and verify the identity of a corporate customers beneficial owners when establishing a business relationship with it

financial institutions and professional service providers be required by law or by other legally enforceable means to take reasonable measures to determine who the natural persons are who ultimately own or control the corporate customer

C) Regarding the international sharing of beneficial owner

information, it is recommended that: apart from via investigation powers, law enforcement agencies

have direct access to the register of corporate entities states allow (e.g. by law) law enforcement entities to share

beneficial owner information with their overseas counterparts instantly without need for any bilateral or mutual legal agreement

the access to the register of corporate entities be made available online against payment to facilitate overseas searches; payment should be minimal in order not to discourage access

ProfessionalsA) Regarding the regulatory framework, it is recommended: to reduce the wide disparity in the ways in which professionals

of all kinds accountants, lawyers and securities brokers are licensed, scrutinized and disciplined. It seems inevitable that these differences will continue in the foreseeable future. The mechanisms by which lawyers, for example, are regulated need to be scrutinized by international bodies, along the lines of the functional equivalence concept developed by the Organisation for Economic Co-operation and Development (OECD) Working Party on Bribery. In the first instance, the FATF and FATF-style regional bodies (FSRBs) should press member states to bring into effect agreements on AML compliance by professionals to which they are already signatories.

B) Regarding criminal and regulatory investigations, it is

recommended: to collect data systematically on the mechanisms by which

professionals assist criminals, both in the perpetration of offences and in the laundering of proceeds from criminal activity. In this way better evidence of interventions can be built, including both criminal justice sanctions and preventive measures, such as controls over licensing and professional disciplinary sanctions.

62 OGBS TRUST AND COMPANY SERVICE PROVIDERS WORKING GROUP (2004), Securing Effective Exchange of Information and Supervision, http://www.ogbs.net/attachments/036_ogbstrustandcos.pdf.63 FATF (2010), Money Laundering Using Trust and Company Service Providers, p. 11.64 Ibid. This fractured and unreliable pattern of supervision renders effective co-operation unlikely and ... represents a significant weakness in the global defences against money laundering and the financing of terrorism, as well as a genuine lack of customer protection in respect of the sectors clients. 65 OGBS TRUST AND COMPANY SERVICE PROVIDERS WORKING GROUP (2001), Statement of Best Practice, http://www.ogbs.net/attachments/037_Trust%20and%20Company%20Service%20Providers%20-%20Statement%20of%20Best%20Practice%20.pdf.66 Ibid., p. 1. This statement of best practice is intended for use by jurisdictions generally in reviewing the position of their trust and company service providers. It is also intended for use by international organizations such as the IMF when they are engaged in an assessment of individual jurisdictions in respect of their policy/procedures/practices from a financial regulatory/anti-money laundering standpoint. 67 This in addition to the revised FATF Recommendations.


3. Enablers that exploit international commercial transactions: Free Trade Zones


Under the umbrella of Organized Crime Enablers, this report considers international commercial regulations and in particular the issue of Free Trade Zones. The crime risks associated with these Zones have been neglected until recently, although one early study highlighted their exploitation for tax-related money laundering and value transfers in tobacco smuggling, for example.68

With respect to banking and financial regulations, Free Trade Zones are comparable to offshore countries. Their structure and regulations make these areas very efficient for legitimate purposes,69 but they are at the same time weaker, less transparent and more vulnerable to organized crime.

3.1. Main features

According to the International Convention on the Simplification and Harmonization of Customs Procedures (so-called the Revised Kyoto Convention), a Free Zone (or Free Trade Zone) is a part of the territory of a Contracting Party where any good

organizedcrimeenablers

Documents

enablers of organized

organized crime activities

organized crimejuly

cost of cybercrime

cybercrime report

enablers of cybercrime9

world economic forum2012

enablers of money laundering