Cybercrime & fraud

What is the difference between fraud and money laundering?

Money laundering is the process by which the ownership and control of the proceeds of criminal activities are disguised (or laundered) so that these appear to have come from a legitimate source.  It is most often addressed as a compliance issue within an organisation. Financial institutions and other designated persons engage in anti–money laundering activities in order to comply with law.

Criminal activity related to fraud generates money that needs to be laundered, so where there is fraud there is money laundering. Fraud is a crime and a predicate offence to money laundering, meaning that money laundering is a derivative crime. A crime such as a fraud must take place before the proceeds of the fraud are then laundered.

Cybercrime - introduction

The growth of information and communication technologies (ICTs), increasingly sophisticated innovations and more internet users has led to a corresponding explosion in the incidence of cybercrime worldwide. The onset of the pandemic has only served to exacerbate the problem. An ever-evolving threat landscape exists which requires constant revision of responses at national and international level.

In  PwC’s Irish Economic Crime Survey 2020 “Fraud and Economic Crime - an evolving challenge” 41% of Irish based respondents said their firm had experienced customer fraud, (higher than global peers at 35%). 18% said that the cost of the fraud was immeasurable, or they did not know its cost, while 11% said that they spent over €800,000 on remediation after an incident.

Click here to read the UK National Cyber Security Centre Annual Review 2021. It referred to the pandemic pivot and the proliferation of scams as a result, the fight by industry and government against cybercrime and the increase this year in the National Cyber Security Programme budget. You can also read the UK Government's National Cyber Strategy 2022  which it updated in February 2022 and the Cyber Security Sectoral Analysis 2022 Research report  published by the Department for Digital, Culture, Media and Sport in the  UK in February 2022. The Cyber Security Sectoral Analysis project has helped to track the growth and performance of the UK’s cyber security sector since 2018. The report builds on previous reports and contains information about the UK cyber security sector, including the number of businesses operating in the sector, the sector’s contribution to the UK economy, the number of people employed and the products and services offered by these firms. 

What is cybercrime?

The term is largely used to encompass a range of criminal activities that use information and communications technology (ICTs) and examples include data breaches, network attacks or attacks against critical infrastructure. One such attack was seen in May 2021 when the Irish Health Service Executive sustained a major strike on its systems with a demand for a ransom. This onslaught cost millions and took months to rectify.

The term also encompasses content related offences (such as online distribution of hate speech material or incitement to commit acts of terrorism) and traditional offences (e.g. fraud, forgery and identity theft).

The Irish Department of Justice has a Cybercrime Division responsible for developing policy in relation to the criminal use made of the internet and information technology. The website describes what cybercrime is and can be accessed here. Also, follow the link to access its October 2020 report Cybercrime: Current Threats and Responses.

The National Cyber Security Centre (NCSC) which comes under the Department of  Environment, Climate and Communications is responsible for advising and informing the Irish Government IT and Critical National Infrastructure providers of current threats and vulnerabilities associated with network information security. Click here to access its website and the following link to access its booklet 12 Steps to cyber security for Irish business.

What should you do to protect yourself and your practice from cybercrime?

Information on legislation or the legal position of practices on cybercrime is beyond the scope of these pages .Practical responses may be useful to consider in addition to any legal remedies which might be available to a business or firm. Please click the links to access the following:

• some tips in a helpsheet produced by the Institute in 2017;  
• the UK government’s  updated small business guide on cyber security .This was updated in May 2021.The guide gives some quick and easy steps to help protect your money and data online and is a worthwhile read to remind everyone how to keep safe online; 
• See the webpages of the UK Financial Services compensation scheme. They wrote about the worrying rise in online financial scams, describing how one in four investment scam victims in that past year were aged over 55, losing nearly £26,000 on average and more than £78 million to brand cloning scams in 2020. They describe what the UK government is doing to fight scams and provide useful links on signs to look out for and to the booklet  A little booklet of Investment scams which provides useful advice on how to protect yourself from investment scams.

• In October 2021, as part of European Cybersecurity Month ISME hosted a webinar on cybercrime with Department of Justice and  An Garda Síochána on protecting your business from cybercriminals.  You can access a recording of the webinar  by clicking the link above.

Fraud

Some reference material is available on fraud. See as follows:

Ireland

During Fraud Awareness Week 2022 which ran from 28 March -1 April 2022, An Garda Siochana Financial Intelligence Unit issued a series of press releases which can be viewed here. The press releases deal with what is and how to avoid business e mail compromise fraud, bribery and corruption, investment fraud, accommodation fraud and account takeover fraud. 

The Irish Central Bank encourages  the public to be alert to  scams which are on the rise; it is important to be able to recognise a potential scam and know how to protect yourself. They have issued a video and explainer on how to spot a scam using the SAFE test: Stop, Assess, Fact check, Expose and Report. You can read more and access the video here.

United Kingdom

In October 2021, the UK Government published a fraud sector charter containing an assessment of fraud threats in the accountancy sector. It is a voluntary charter between law enforcement, professional supervisory bodies and government to better understand and tackle fraud. It sets out actions to tackle fraud in the accountancy sector including improving information regarding fraud and enhancing Companies House data.

In  February 2022 the Treasury Committee of UK Parliament  published a report on fraud, scams and economic crime. It has called for additional Government action to combat fraud and scammers. The report urges legislation against online fraudulent adverts and for the government to seriously consider whether online giants should reimburse those who fall victim to scams on their platforms. It makes recommendations such as appropriate resourcing and whether a single law enforcement agency would be more effective. Readers can access the report, a summary and conclusions and recommendations by following the links on this page.

Click here for the UK Serious Fraud Office business plan 2022/2023. It outlines the key activities that the SFO will undertake in 2022-23 to deliver on its mission and strategic objectives.

EU/other

In December 2021 the European Payments Council  issued its 2021 Payment Threats and Fraud Trends Report which provides an overview of the most important threats on the payments landscape , including social engineering  phishing and  malware. The report tries to increase awareness and suggests some measures for control and mitigation of threats.

These pages are provided as resources and information only and nothing in these pages purports to provide professional advice or definitive legal interpretation(s) or opinion(s) on the applicable legislation or legal or other matters referred to in the pages. If the reader is in doubt on any matter in this complex area further legal or other advice must be obtained. While every reasonable care has been taken by the Institute in the preparation of these pages, we do not guarantee the accuracy or veracity of any resource, guidance, information or opinion, or the appropriateness, suitability or applicability of any practice or procedure contained therein. The Institute is not responsible for any errors or omissions or for the results obtained from the use of the resources or information contained in these pages.