TYPOLOGIES OF MONEY LAUNDERING AND TERRORIST FINANCING LINKED TO CYBERCRIME IN WEST AFRICA
1. The digital attack surface has vastly expanded from a move to remote work, from more people coming online, and from more interconnectivity of computers and smart devices around the globe. With the development of digital technologies, the use of information and communications networks as a tool for facilitating illicit financial flows is rising as one of the key challenges in tackling the problem of the movement of illegal funds. New digital tools for money transfers, such as online and mobile banking, electronic payments, cryptocurrencies, e-commerce pro- viders, and online gambling services, especially if they are combined, provide a countless number of opportunities to distance money from illegal sources of profit or to illegally transfer money from legal sources. The COVID-19 pandemic also created new opportunities for criminals to abuse the financial systems through technologies in a more innovative and complex manner.
2. In view of the foregoing, it is very clear that digital technologies pose significant problems to combatting money laundering, organized crimes and terrorist financing as cyber-attacks continue to evolve and increase in frequency and sophistication. All GIABA’s recent reports glaringly reveal the prevalence of cybercrimes, both as a major source of proceeds of crime and as a vehicle of criminal funds in the region. It appears that all types of crimes associated with digital technologies in the region are systematically difficult to deal with not only because of the regulatory and law enforcement gaps but also due to the lack of adequate expertise and infrastructures. In most GIABA member countries, cybercrime is a serious threat to national economies that requires a coherent and col- laborative response at a regional level. Standards also need to be agreed upon and harmonised internationally to reduce the risk of gaps and regulatory arbitrage.
3. Cognizant of this complex challenge, GIABA conducted this typologies study on Money Laundering and Terrorist Financing linked to Cybercrime in West Africa. Despite the seriousness of this phenomenon, Cybersecurity is still considered to be a luxury, not a necessity in many African economies. Its importance has not yet been sufficiently appreciated or acknowledged. In view of the preceding, the conduct of such typologies exercise is imperative. This will fuel the basis of a structural and regulatory foundation of combatting computer-based crimes in West Africa.
4. The study aims to enhance understanding on the money laundering risks linked to cybercrime among GIABA member States; to provide enhanced policy, compliance and enforcement. The findings will reveal the implica- tions for interventions and relevant recommendations will be proffered in that respect. The report sets to throw light on the differences between cybersecurity and cybercrimes and the magnitude of both phenomena in West Af- rica and the prevalence of the crime. It will explore the ML/TF risks factors associated with cybercrimes in the re- gion and map out the most common techniques and methods adopted to launder the proceeds of cybercrime. It will point out the most critical vulnerabilities leading to heightened risks of laundering the proceeds of cybercrime and proffer policy measures and action-oriented programmes that can be adopted based on the findings of the study.
5. The methodology adopted was a multi-stakeholder approach including the GIABA Secretariat, expert groups and one expert from the member States. The main findings of the study include a dichotomy between cybersecurity and cybercrime, the prevalent nature of cyber cases and the methods, techniques and trends of the crime in West Africa. The study revealed that West Africa has witnessed a surge in internet connectivity above the Sub-Sahara Africa average. This connectivity is however, variable and dispersed. The connectivity rate in West Africa is as high as 70% (Cabo Verde) and low as 15% (Niger). The gains made in relation to the surge in internet connectivity is being eroded by the exponential rate at which cybercrime is being perpetrated and consequences are dire and damaging.
6. Based on interviews conducted by country researchers, there is a convergence view that law enforcements through- out the region seems overwhelmed as 2 out of every 3 offences reported is related to cybercrime. This was more evident during the peak of the COVID 19 period (2020 – 2021). A diagram in Chapter 2 gives a pictural evidence of the prevalence of cybercrime in West Africa and depict the extent (estimate) at which the various case types are being perpetrated. The most prevalent of the cases (40%) falls under the advance fee fraud type. Next is mobile money related (15%) cases type, followed by Ponzi scheme (13%) cases type. The next most prevalent case types are website or business platform hacking (7%), and DDOS and businesses email compromise (7%) cases com- bined. The least cases reported are credit/debit card fraud and TF related cases.
7. There were seven distinct typologies abstracted from the 52 identified cases that appear to describe the phenome- non. The typologies include electronic cards (credit/debit) fraud; email compromise scam/fraud; hacking and de- frauding business/organisation’s systems; advance fee fraud; Ponzi scheme fraud; mobile money related fraud; and cyber enabled terrorist financing cases. The indicators and red flags confirm that informalities, lack of awareness of cyber threats by the public, inadequate resources invested into cyber security by businesses and public institutions/ organizations, weak architecture, and regulatory systems and monitoring of the cyber landscape in the region, and weak enforcement systems has a spiral effect on cyber and cyber enabled crime, money laundering and terrorist financing in West Africa.
8. There are significant legislative gaps in countries, particularly around the powers of the central authority in charge of the fight against cybercrime and around the legal and enforcement frameworks of countries to effectively detect, prove and curb ML or TF associated with cybercrime. While the legal and enforcement framework make provi- sions for law enforcement action to investigate and prosecute cyber criminals, the regulatory framework in most of West Africa either have insufficient preventive measures or is weak overall. Although few countries have made some gains on obtaining electronic and digital evidence during investigation. This continue to be a challenge in some jurisdictions.
9. In line with global standard requirements particularly, under the FATF Recommendation 36 on International Co- operation which encouraged countries to ratify other relevant international instruments and conventions, such as the Budapest Convention and Malabo Conventions. the West Africa region has made considerable effort and prog- ress in the fight against cybercrime, alongside other predicate offences. But this effort and progress has not been free from challenges. It includes issues such as gaps in laws, institutions misunderstanding their mandate, limited technical capacity, inadequate human and material resources and a lack of collaboration and coordination. Also, international cooperation is still very weak.
10. Although there is a wide range of methods and techniques used by cybercriminals to launder the proceeds of their criminal activities, investigators and prosecutors have conducted few or no parallel financial investigations when cybercrime is detected. They are also confronted, in many cases, with the difficulty of establishing proof of the cybercrime offence due to a lack of the required technology and equipment, ineffective integrated national coordination between AML/CFT operational units and a lack of implementation of regional and international cooperation mechanisms.
11. For the fight against cybercrime to be more effective and deterrent, the study put forward recommendations for both the public and competent authorities fighting against cybercrime. There is need to initiate and inten- sify awareness-raising campaigns for the public; promote a culture of cybersecurity in the region and support countries in the establishment of a legal and institutional framework in accordance with international standards currently in force. Conduct proper risks assessment and set up Digital Forensic Laboratories to support forensic evidence for LEAs. Strengthen the operational capacities of investigators on digital investigation techniques and bridge the gap between the legal framework and the Special AML/CFT/CFP laws to facilitate and fast track the criminal prosecution of cybercrime offences.
12. Set up a Regional Forum of National Platforms to Combat Cybercrime in West Africa to allow competent author- ities to network, share information and intelligence. Monitor the signing, ratification and domestication of inter- national instruments and build capacity in detection, investigation, prosecution, and adjudication of cybercrime cases and how to follow the money, including undertaking parallel and financial investigations.