|
|
|
WORKING DOCUMENT e
+ Finance + Crime
|
 | new electronic (market)place offers new opportunities and possibilities, |
| opportunities to do business, evade the law, commit crime, and so on, |
| the importance of and dependency on the networked information technology sector has been growing continuously, |
| the Internet has made international co-operation possible and unavoidable, |
| this includes international cooperation in business, legislation, criminal activities, criminal investigation, law enforcement, and so on. |
The Cyber-World and Society
| new technology has been modifying social values, behaviours, life styles, |
| cyber-space is a type of existing community, |
| it has created a new community, |
| many elements of a traditional society can be found in the cyber-space, |
| representation of social groups are different, |
| there are both over-represented and under-represented social groups in cyber-space, similarly to other exclusive places, such as education or politics. |
The Cyber-World and Law
| moral and legal structures, paradigms break down in cyber-space, |
| legislation and regulation inevitably fail to keep pace with the imagination of criminals. |
The Cyber-World and Crime
| computer crime poses a serious threat to society, |
| it may target basic utilities, energy, transportation, communications services, military and political institutions, |
| cyber-crime is becoming increasingly sophisticated, perpetrators more knowledgeable, and increasingly difficult to detect. |
The Cyber-World and Money Laundering
| the new electronic marketplace offers new opportunities and possibilities for money laundering as well, |
| international cooperation in anti-money laundering was/is inevitable before/after the Internet age, |
| cyber-payment systems might offer the same flexibility as cash, |
| these systems might offer new tools for money laundering, eliminating the problem of “time and space". |
More generally, the meaning of time and space must be revisited. Living in the Internet time and cyber-space, practical implications of time and space require reconsideration.
***
This paper has been prepared primarily for Canadian initiative and usage on the topic of cyber-crime and money laundering. Consequently, the selection of information is guided by these facts. While both geographic and thematic scope could be extremely broad, the paper does not contain all possible information, which might be selected and/or be of interest to others. Unfortunately, this type of limitation of “time and space" has not been eliminated by the new technology.
The collection of data terminated as of 15 January 2001. Based on the above-mentioned selection criteria, many important publications could not be analyzed. One of the latest is the Prosecuting Intellectual Property Crimes Manual published by the U.S. Department of Justice, released on 5 January 2001. (http://www.cybercrime.gov/ipmanual.htm)
This paper contains an inseparable enclosure, a bibliographic database file on cyber-crime and money laundering. It includes publications similar to the above-mentioned among other 500+ hyperlinks. The database contains a complete resource kit for both; research on general information in e-business or on-line library catalogues; and search for specific bibliography titles on cyber-crime and money laundering. Web sites were last visited on 1 January 2001 or shortly thereafter.
This report collects available information on the questions and answers on the potential and real risks of e-business, caused by cyber-crime and money laundering. Trust is one of the fundamentals in doing business. If trust and confidence would be lost in cyber-space, then the real and potential benefits of new computing and Internet technology could not be exploited. It would be a huge loss for the e-business sector as well as society at large.
The report accepts common concepts of anti-money laundering literature. Money laundering is not just one type of crime. It is the lifeblood of crime, it helps the conversion of illicit funds into the legitimate sphere: investing into the mainstream of business, creating new power to commit new crimes; or living off the laundered fruit of illicit funds.
More than ever before, money laundering is a worldwide phenomenon. Moreover, money laundering has or may be accompanied by an other international challenge, cyber-crime.
In the Questions section, an overview is provided of,
| what truly and originally new in cyber-space, |
| how morals have been changed by new technology, |
| how new technology brought new interpretations to the principles of criminal law, |
| what new risks and difficulties have arisen for e-business and law enforcement, |
| what potential new tools have been created for cyber-crime and money laundering. |
In the Answers section, the latest Canadian, American and
international legal materials and instruments are reviewed.
How United Nations,
the European Union,
G-7 (G-8) countries (FATF),
and the Council
of Europe try to find appropriate answers for the questions of cyber-crime
and money laundering.
The very first question that arises in connection with cyber-crime and money laundering is,
| whether there is any truly and originally new problem, |
| or it is the new appearance of old problems that must be faced. |
In other words, are we doling with
| traditional
crimes committed or facilitated by the Internet (old problems, new techniques), or |
| new techniques give rise to entirely new problems. |
Is the so-called cyber-crime just a new quantity of problems because of speed and international context, or it is the beginning of a qualitatively new age in crime.
At first sight, it seems that networked computers provide not only a quantitative change in the way people manage their public and private lives and conduct legitimate and illegal business; but computing and the Internet also represent a qualitative change. If it is true, then legal paradigms and systems also must keep pace with new technology.
Most computer crimes have parallels in traditional crimes, such as trespass, and destruction of property. On the other hand, there are characteristics, which make computer crimes unique among criminal offences. These
| may be committed remotely and across geographic boundaries, |
| may be committed in many jurisdictions at the same time, |
| may have effects years or decades after they are launched or planned, |
| may or may not violate "traditional" criminal laws, |
| may be difficult or impossible to investigate, and even more difficult to prosecute (note: the burden of proof is on the prosecution). |
(Find additional details in: Mark D. Rasch: The
Internet and Business: A Lawyer's Guide to the Emerging Legal Issues, Computer
Law Association, 1996)
Here those new issues are taken into consideration, which influence criminal law and the electronic business, as a whole. Of course, additional items could be mentioned, like speed, anonymity, or risks of cyber-payments. These questions will be analyzed in detail, as the problems of law enforcement.
Our transitional age is a typical period for anomie (anomy, normlessness). It is a condition of instability resulting from a breakdown of standards and values or from a lack of purpose or ideals (in societies or individuals). The French sociologist Émile Durkheim in his study of suicide introduced the term. Robert K. Merton, in the United States, studied the causes of anomie, or normlessness, finding it severest in persons who do not have acceptable means of achieving their cultural goals. In psychological usage, anomie means the state of mind of a person, who has no standards or sense of continuity or obligation, and who has rejected all social bonds.
An age of transition is a period of instability too. It is a result of the breakdown (or change) of old standards and values. For example, the anonymity provided for users of computer networks may cause them to attempt offences, which they would never commit except in cyber-space. In the world outside cyber-space, an ethical structure of acceptable and unacceptable behaviour has been established. There has also been years of experience and law. Cyber-space has no common ethical and legal experience.
Being a member of mass society, living in a vacuum, lacking a coherent ethical structure in cyber-space, social or individual behaviour may not be predictable. It is obvious, that a rented car must be paid for. It is no so obvious, that listening and/or downloading music from Napster must also be paid for.
In February 1995, when Kevin Mitnick was arrested, it was an incident, far from the madding crowd. Mitnick broke into the home computer of Tsutomu Shimomura (a well-respected computer security expert), stole computer security tools, and distributed these over the Internet. However, Mitnick's case and plea-bargain agreement is an interesting story of cyber-crime history, now it is just an example of feeling of vulnerability. At the time, basically, the public handled it as an heroic act or a funny story.
In February 2000, when denial-of-service attacks on prominent commercial Internet sites and dissemination of the "I Love You" virus happened, it was a real threat for the masses. By that time, the Internet had become a very important part of everyday life. By then, the public had understood that cyber-crime is a serious international problem.
Objective and subjective vulnerability should be distinguished. Vulnerability can be objectively dangerous, however it is not felt. On the other hand, feeling of vulnerability can be higher than it really is or should be. Everybody has experienced the feeling of lack of control, in case of a car repair or in a medical situation. When the process is not transparent or not controllable, feelings of uncertainty are quite normal.
In case of cyber-crime, both the terms of objective and subjective vulnerability are appropriate. However, knowledge of vulnerability is not enough. Knowledge of objective vulnerability should be in accordance with the feeling of subjective vulnerability. It would be helpful for making appropriate (not panic- led) civil actions and political steps. Or, at least, to prevent dispersion of computer viruses, caused by lack of knowledge and/or negligent behaviour. However there are no licence and liability insurance requirements for computer users, yet networked computers are dangerous vehicles.
As any action taken over the Internet is global, it might require global reaction. The requirement of global reaction is obvious in case of both cyber-crime and money laundering. Although, how to do, it is less obvious.
Having a look at the legal systems of only the English-speaking world, a wide diversity can be found. English criminal law still consists of a collection of statutes of varying age (the oldest still in force being the Treason Act, 1351), and a set of general principles that are chiefly expressed in the decisions of the courts (case law). In Canada, the national parliament enacted the criminal code for the country as a whole. In the United States, criminal law is primarily a matter for the individual states. Even if the American Law Institute published the Model Penal Code in 1962, attempting to establish a consistent framework for defining offences and general principles, the code itself was never enacted completely.
Against these difficulties, there are well-crafted and well-working multilateral agreements. A very common solution is described in the following paragraph. The example is taken from the Financial Action Task Force on Money Laundering (FATF, an international body, established by the G7 countries.)
“It was recognised from the outset of the FATF that countries have diverse legal and financial systems and so all cannot take identical measures. The Recommendations are therefore the principles for action in this field, for countries to implement according to their particular circumstances and constitutional frameworks allowing countries a measure of flexibility rather than prescribing every detail. The measures are not particularly complex or difficult, provided there is the political will to act. Nor do they compromise the freedom to engage in legitimate transactions or threaten economic development.”
Obviously, what ever is done on the Internet, is done in every jurisdiction simultaneously. In extreme cases, a publisher or reader of the Internet might be subject to an extradition request from one or more foreign government.
A new occurrence related to this topic, which might have served as a precedent, is the Yahoo case. In May 2000, a French court ordered U.S. Internet giant Yahoo to bar French users from sites selling Nazi memorabilia, books, daggers, SS badges, and uniforms. Actually, Yahoo's French-language portal, Yahoo.fr, did not host such auctions, but French surfers could easily switch over to Yahoo.com services in English with a click of the mouse. Yahoo got three months to implement the ruling.
Firstly, Yahoo had fought the case on the grounds that its Yahoo.com services are U.S.-governed and that auctions of Nazi material cannot be barred by a French court, because of U.S. constitutional rights to freedom of speech. It was also argued that there is no failsafe way to identify French users and block access. Finally, in January 2001 Yahoo announced, it will stop carrying online auctions of Nazi artefacts and other hate materials.
As mentioned at the beginning of this section, this case might have served as a precedent later. Yahoo’s self-restriction could satisfy the court ruling from France (and others too), but the real legal solution for jurisdiction in such cases has not yet been found.
According to the Encyclopædia Britannica, crime is “the intentional commission of an act, usually deemed socially harmful or dangerous, and specifically defined, prohibited and punishable under the criminal law”.
As it is well known, all the words of the definition involve practical problems, for example, whether an act is
| intentional
or not, |
| socially harmful or dangerous, or not, |
| specifically defined, prohibited, and punishable under the criminal law or not. |
| conceptions of crime vary widely from culture to culture, |
| term of crime changes with time, |
| difficult to name any specific act universally regarded as criminal, |
| criminal laws are designed to protect property rights too, |
| there is an expansion of criminal law to economic and certain other areas, |
| definitions of particular crimes contained in a code must be interpreted in the light of many principles, some of which are not expressed in the code itself, |
| the trend generally is to increase the scope of the criminal law rather than to reduce it, |
| new technologies give rise to new opportunities for their abuse, which in turn give rise to legal restrictions (e.g. the invention of the motor vehicle led to the development of a whole body of criminal laws designed to regulate its use), |
| need to legislate against a variety of new abuses and frauds - or old frauds committed in new ways. |
There is also a traditional corporate liability principle, when a corporation may face criminal, civil or administrative liability
| if a person with significant authority within a corporation intentionally undertakes or |
| through a lack of supervision, permits the undertaking of criminal activity for the corporation's benefit. |
Criminal law, generally, does not punish accidental or negligent behaviour. Some offences known as "strict liability offences" are punished as crimes even though they may be unintentional. In some countries, in appropriate circumstances, actions that constitute negligent or reckless conduct may result in criminal prosecutions.
In connection with money laundering, there is wide room for negligent behaviour, letting dirty money entering and circulating in the legitimate economy. In connection with the Internet, a very common type of negligence is the lack of virus protection. Unintentionally, it may cause extremely serious damages.
Labelling an act socially harmful or dangerous, also is a controversial topic. However, there may be consensus on labelling cyber-crime and money laundering socially harmful and dangerous.
Cyber-crime may cause serious financial damage, and computer related offences frequently involve more than economic loss. Damage can be a waste of time, or loss of privacy and security. The most significant harm and danger caused by cyber-crime is the threat of lost reliability and lost trust in cyber-space. Finally, cyber-crime may cause a lower social effectiveness and living standard.
Another possible aspect of harmful and dangerous activity is the content, broadcast over the Internet. There is no consensus yet, neither on what kind of content should be prohibited, nor how it can be handled. The Council of Europe Convention on cyber-crime, the latest document on this topic, mentions only child pornography as a content related offence. (Substantive Criminal Law, Content-Related Offences, Article 9 – Offences Related To Child Pornography, http://conventions.coe.int/treaty/EN/cadreprojets.htm)
An act may be a crime legally, if specifically defined, prohibited, and punishable under criminal law. This is an application of rule against retroactivity. Despite differences of form and detail, it is a generally accepted principle of criminal laws.
The rule against retroactivity states that an individual may not be punished for an action that was not designated a crime at the time it was carried out. It restricts the authority of judges and courts to declare new offences.
This principle caused many problems in the history of cyber-crime. In the rapidly changing world of the Internet, it is extremely difficult to declare anything, especially with the intent of prevention. Legal regulations frequently become inappropriate when they are passed, because of changes in both technology and behaviour. There are commonly used techniques to bridge this problem, by expanding the scope of old legal regulations, and by new interpretation.
Generally, there are three general types of criminal
responsibility:
who actually performs the criminal act,
who
"aids and abets" the perpetrator,
by encouraging or in any way knowingly helping the perpetrator,
who
assists before the crime takes place,
by providing tools and/or
information.
Using the above-mentioned categories in a narrow sense, could favour criminals. On the other hand, a broad interpretation would affect factually innocent computer and Internet users too.
In connection with cyber-crime and money laundering, not only criminal but also civil and administrative liability may be invoked, and should be taken into account.
The rule of lenity imposed the burden of proof on the prosecution. In order to impose a criminal sanction, the law must clearly and unambiguously define which activities are permitted and which are proscribed. Any doubts concerning the application of the law are to be resolved in favour of the accused. The difficulty of this is obvious. To prove a crime committed in cyber-space presents far greater difficulties.
One of the unique features of cyber-space is the fact, that it provides perfect or almost absolute anonymity. The Internet citizen can truly be any person s/he wishes to be. This anonymity has significant consequences in criminal law, and makes the task of computer crime detection even more difficult.
In cyber-space, almost all actions happen in real time, as in real life. In many cases, effects and consequences of actions are quicker than in the real world. One of these is the ease and rapidity of destroying evidence, which can be irreversible and non-traceable. It frequently is.
The destruction of evidence or the attempt at destruction, is one of the old games between investigators and criminals. In cyber-space, there is a new problem for law enforcement. It is the integrity of data. Digitalized data is vulnerable to alteration. Because of it, not only the destruction of evidence is an issue, but also the creation of evidence. At the same time, the bulk of the evidence can be manufactured and dispersed worldwide.
Cryptology is a key issue in cyber-space.
It has many consequences in cyber-crime and money laundering.
As the Criminal Intelligence Service
Canada (CISC) highlights:
| “Governments and the private sector must work together to establish industry standards, security processes and legislation aimed specifically at technological crime. |
| Electronic devices, such as desktop computers, wireless phones and hand-held computers will rapidly take the place of paper address books and accounting records. Forensic analysis of technology will become a component of most major criminal investigations. |
| Canadian information and communication systems will be subject to increasingly sophisticated hacker attacks. |
| As encryption techniques become more prevalent and easier to use, police and law enforcement will have to develop technologies and partnerships that facilitate decryption and lawful access.” |
(CISC Annual Report on Organized Crime in Canada 2000, Technology and Crime, Outlook, http://www.cisc.gc.ca/AnnualReport2000/Cisc2000/technology2000.htm)
Privacy is a specifically important part of quality of life. In cyber-space, it can basically be violated in the following ways:
| by governments: collecting, using or disclosing electronic information, |
| by employers: controlling employees, |
| by anybody: unauthorized intercepting of stored and/or transmitted electronic data. |
The question of privacy is more serious, than it seems. It is something about the way data are handled, collected, stored, processed, and used. At first sight, data can be a payroll, health record, or bank statement. These are quite serious issues; the problem is even more serious. Because of electronic data storage, process equipment, and network, a complete lifestyle analysis can be performed, and the collected information made available. Anything from house left, subway used, money withdrawn, computer used: when, where, how often, for what, by whom. Almost the whole of life, activities and habits are on record. It can be collected, mapped up, and used for any purpose.
Obviously, privacy is an important value in modern societies. On the other hand, secrecy can be a barrier to investigation crime, especially cyber-crime and money laundering. Consequently, privacy is among the most delicate questions of the future: whether societies are willing or not to pay the price of less privacy, in order to help criminal investigation. If the answer is yes, to what extent, and by what guarantees?
While some general notes on new threats to cyber-payments
can be found, there are not publications summarizing on the topic of cyber-crime
and money laundering. Two papers
must be mentioned here:
| Cyberpayments
and Money Laundering: Problems
and Promise |
Roger C. Molander, David Mussington, Peter Wilson; RAND 1998
(http://www.rand.org/publications/MR/MR965/MR965.pdf/)
| ELECTRONIC
MONEY LAUNDERING: An
Environmental Scan |
Department of Justice Canada,
Solicitor General Canada 1998
(http://www.sgc.gc.ca/publications/crim_jus/money_laundering_e.asp)
Reports for the American and Canadian governments examined
money laundering concerns raised by the deployment of cyber-payment systems.
Both papers tried to find potential exploitation of cyber-payment systems
for money laundering. Both papers
found almost the same potential problems. As
the RAND Report summarizes, there are five concerns:
Disintermediation
Disintermediation
involves the transfer of financial value between entities without the
intermediate involvement of an identifiable third party subject to governmental
oversight (e.g., record-keeping banks).
Bank and Non-Bank Issuance
Bank and non-bank
entities may be subject to different rules regarding their operation of
cyber-payment systems. This
difference is already the case in several nations where non-bank cyber-payment
issuers are currently subject to a different set of rules from banks.
Peer-To-Peer Transfers of Value
Some cyber-payment
systems allow consumers to transfer value peer-to-peer (and thus,
disintermediated) using an electronic “wallet,” over a telephone or via the
Internet. In the absence of
intelligence information or evidence from non-cyber-payment system sources
(e.g., physical surveillance) triggering an investigation into specific suspect
stored value instrument activity, peer-to-peer transfers of value are unlikely
to be detected.
Transaction Anonymity
Payer anonymity
(the identity of the party initiating a cyber-payment value transfer) is a
central characteristic of some proposed systems.
For cyber-payment value transfers (e.g., via the Internet or the basic
telephone system), transaction anonymity could be an almost insuperable barrier
to law enforcement detection.
Denomination Limits and Expiration Dates
Cyber-payment
product issuers are likely to limit the maximum amounts that can be stored on
smart cards or other devices to reduce the risk of fraud or other losses.
Cyber-payment value could also be programmed to expire after a certain
number of transfers. As early
technology adopters, money launderers could be expected to exploit whatever
limits are established, just as they do now by structuring transactions under
currency reporting limits, obtaining multiple cards (credit or debit), using
multiple names, or employing multiple issuers.
The above-mentioned potential issues make it predictable, that electronic money can work just like paper money, without the risk, inconvenience, and cost associated with traditional currency. Traditionally, the two most important constraints on trade were time and distance. E-money systems effectively erase both. As “ELECTRONIC MONEY LAUNDERING: An Environmental Scan” points out.
These issues lead beyond the topic of cyber-crime and money laundering. It might open a new chapter in tax avoidance too.
After the basic questions have been posed, the available legal answers will be described. While there is no special, consolidated regulation for cyber-crime or money laundering yet, the related legal frameworks must be taken into account separately, in connection with cyber-crime and money laundering. Firstly, relevant Canadian laws, secondly, the most important international initiatives will be reviewed.
Royal Assent: 29 June 2000: Statutes of Canada 2000, C.17)
While text of the law is not available yet at the web site of http://canada.justice.gc.ca/en/laws/index.html,
| the text of the first reading |
(http://www.parl.gc.ca/36/2/parlbus/chambus/house/bills/government/C-22/C-22_1/C-22TOCE.html),
| or
the Legislative History of Proceeds
of Crime (Money Laundering) Act |
(http://www.parl.gc.ca/36/2/parlbus/chambus/house/bills/summaries/c22-e.htm)
can be studied over the Internet.
In the terms of the anti-money-laundering fight, this is the most important legal regulation in Canada. It replaces the 1991 PCML Act. The Proceeds of Crime (Money Laundering) Act is to facilitate combating and prevention of money laundering, and to establish the Financial Transactions and Reports Analysis Centre of Canada.
The basic purpose of the bill is to remedy shortcomings in Canada’s anti-money laundering legislation, as identified by the G-7’s Financial Action Task Force (FATF) on Money Laundering in its 1997-1998 report.
The three major aims of the bill were:
| mandatory reporting |
FATF recommended that reporting requirements in Canada be made mandatory (rather than voluntary, as has been the case before).
| financial intelligence unit |
FATF also recommended, that a "financial intelligence unit" should be established to deal with the collection, management, analysis and dissemination of suspicious transaction reports and other relevant intelligence data. The Canadian Financial Intelligence Unit is the Financial Transactions Reporting and Analysis Centre of Canada.
| cross-border transactions |
Finally, an important aim of the bill was to establish, in association with Canada Customs and Revenue, a system of reporting large cross-border transactions.
(http://canada.justice.gc.ca/en/laws/P-8.6/index.html)
The
purpose of this Act is “to support and promote electronic commerce by
protecting personal information that is collected, used or disclosed in certain
circumstances, by providing for the use of electronic means to communicate or
record information or transactions and by amending the Canada Evidence Act, the
Statutory Instruments Act and the Statute Revision Act”.
(1985,
C. A-1)
(http://canada.justice.gc.ca/en/laws/A-1/index.html)
The
purpose of this Act is “to extend the present laws of Canada to provide a
right of access to information in records under the control of a government
institution in accordance with the principles that government information should
be available to the public, that necessary exceptions to the right of access
should be limited and specific and that decisions on the disclosure of
government information should be reviewed independently of government”.
(http://canada.justice.gc.ca/en/laws/P-21/index.html)
The purpose of this Act is “to extend the present laws of Canada that protect the privacy of individuals with respect to personal information about themselves held by a government institution and that provide individuals with a right of access to that information”.
Both, the Access to
Information Act and the Privacy Act must be mentioned in connection with
cyber-crime and money laundering, because these laws draw the line between
privacy and publicly collectable information.
On the one hand, these laws are very important to protect privacy.
On the other hand, privacy and secrecy laws can make anti-money
laundering efforts more difficult. However,
it is a very delicate cost-benefit analysis: what price (in limitation of
privacy) is worthwhile for combating money laundering.
While privacy is one of the main issues of both cyber-space and money laundering, the Financial Action Task Force on Money Laundering plans to prepare a guide on international information exchange.
“Following the issuance of a reference guide on procedures and points of
contact for exchanging information by the G7 in May 1998, the FATF decided to
develop a similar guide for FATF jurisdictions.
The proposed guide would set out the key features of each country’s
privacy and secrecy laws, its ability to share information and the conditions
under which such information might be exchanged, and the position of each
country on mutual legal assistance. The
guide would also provide a list of contacts for financial regulators, law
enforcement agencies, and relevant ministries, departments or administrative
authorities.”
(See: Financial Action Task Force on Money Laundering Annual Report 2000, Article 110, Page 25. http://www.oecd.org/fatf/pdf/AR2000_en.pdf)
While the U.N. is not a world government, the organization of the United Nations tries to influence serious issues on a global scale. Even though the United Nations is not a legislative body in the traditional sense of parliament, it has powerful influence through instruments of conventions and other international legal materials. In the context of cyber-crime and money laundering, two of these must be mentioned.
United Nations Convention Against Illicit
Traffic In Narcotic Drugs and Psychotropic Substances;
Adopted by the Conference at its 6th plenary meeting, on 19 December 1988
(http://www.incb.org/e/conv/1988/index.htm)
The Vienna convention is a milestone not only in the terms
of international movement of illicit traffic in narcotics and psychotropic substances, but
in anti-money laundering efforts as well. This
Convention contains the most recognized definition of money laundering (Article
3, Paragraph 1 (b), Offences and Sanctions):
| the
conversion or transfer of property, knowing that such property is derived
from any offence or offences established in accordance with subparagraph (a)
of this paragraph, or from an act of participation in such offence or
offences, for the purpose of concealing or disguising the illicit origin of
the property or of assisting any person who is involved in the commission of
such an offence or offences to evade the legal consequences of his actions; |
| the
concealment or disguise of the true nature, source, location, disposition,
movement, rights with respect to, or ownership of property, knowing that
such property is derived from an offence or offences established in
accordance with subparagraph (a) of this paragraph or from an act of
participation in such an offence or offences. |
The other fundamental document of anti-money laundering efforts is The Forty Recommendations of the Financial Action Task Force on Money Laundering (FATF). It puts the Vienna Convention as its first recommendation:
United Nations Convention against Transnational Organized Crime, Opened for signature in Palermo, Italy, in December 2000
http://www.odccp.org/palermo/convmain.html)
States party to the Convention would be required to establish in their domestic laws four criminal offences:
| participation in an organized criminal group, |
| money laundering, |
| corruption, and |
| obstruction of justice. |
As it was projected, the new instrument spells out how countries can improve cooperation on such matters as extradition, mutual legal assistance, transfer of proceedings and joint investigations. It contains provisions for victim and witness protection and shielding legal markets from infiltration by organized criminal groups. Parties to the treaty would also provide technical assistance to developing countries to help them take the necessary measures and upgrade their capacities for dealing with organized crime.
Proposal for a EUROPEAN PARLIAMENT AND COUNCIL DIRECTIVE amending Council Directive 91/308/EEC of 10 June 1991 on prevention of the use of the financial system for the purpose of money laundering (presented by the Commission)
As it is written in the foreword of the Commission’s proposal, financial market liberalisation is one of the basic principles of the European Union. Going ahead on the way of liberalisation, financial stability and a reliable regulatory and supervisory framework is needed to make sure that such liberalisation and freedom of capital movements is not used for undesirable purposes such as money laundering.
The 1991 anti-money laundering Directive was a landmark in the fight against criminal money and its potentially highly damaging effect on the financial system. The Directive is based on a wide coverage of the financial sector. It requires financial firms to know their customers, to keep appropriate records and establish anti-money laundering programmes. Most importantly, it requires banking secrecy rules to be suspended whenever necessary, and any suspicions of money laundering to be reported to the authorities.
Similarly to the Canadian Proceeds of Crime (Money
Laundering) Act, this Directive is also based on the Forty Recommendations of
the Financial Action Task Force (FATF).
The Financial Action Task Force on Money Laundering (FATF) is an inter-governmental body, established by the G-7 Summit in Paris, in July 1989. It is one of the most important international bodies in anti-money laundering efforts. Its purpose is the development and promotion of policies to combat money laundering - the processing of criminal proceeds in order to disguise their illegal origin.
Up to June 2000, when the last Annual Report was published, membership of the FATF comprised twenty-six governments and two regional organisations (the European Commission and Gulf Co-operation Council). They represent the major financial centres of North America (e.g. Canada and the United States), Europe, and Asia. The delegations of the Task Force’s members are drawn from a wide range of disciplines, including experts from the Ministries of Finance, Justice, Interior and External Affairs, financial regulatory authorities and law enforcement agencies.
As
a part of the major objectives of FATF, the organization works to set-up the
international anti-money-laundering network.
These regional institutes are called FATF-style regional bodies.
The
following regional bodies have been established so far:
| CFATF
- Caribbean Financial Action Task Force |
| APG
- Asia/Pacific Group on Money Laundering |
(http://www.oecd.org/fatf/Ctry-orgpages/org-apg_en.htm)
| PC-R-EV
- Committee of Experts on the Evaluation of Anti-Money Laundering Measures
(Council of Europe) |
(http://www.oecd.org/fatf/Ctry-orgpages/org-pcrev_en.htm)
| ESAAMLG
- Eastern and Southern Africa Anti-Money Laundering Group |
(http://www.oecd.org/fatf/Ctry-orgpages/org-esaamlg_en.htm)
| ITFMLA
- Intergovernmental Task Force against Money Laundering in Africa |
| GAFISUD
- Financial Action Task Force on Money Laundering in South America |
Financial Action Task Force on Money Laundering:
The Forty Recommendations (http://www.oecd.org/fatf/pdf/40Rec_en.pdf)
The Forty Recommendations of the Financial Action Task Force is one of the most cited texts on the subject of money laundering. However, Recommendations were prepared in 1990, during the period 1990 to 1999, the FATF also elaborated various Interpretative Notes which are designed to clarify the application of specific Recommendations. The last of these Interpretative Notes were adopted relating to Recommendation 15 on 2 July 1999.
These forty Recommendations set out the basic framework of anti-money laundering efforts and they are designed to be of universal application. They cover the criminal justice system and law enforcement, the financial system and its regulation, and international co-operation.
Financial Action Task Force on Money Laundering:
Annual Report 1999-2000 (http://www.oecd.org/fatf/pdf/AR2000_en.pdf)
While it is broadly recognised, that the Internet is a potential tool to perform more sophisticated methods of money laundering, the FATF Annual Report 2000 only briefly and infrequently mentions the subject of cyber-crime and money laundering, similarly to other documents.
“With the
increasing offering of financial services over the Internet, it is the potential
for conducting financial transactions on-line that presents one of the most
significant vulnerabilities to money laundering at present.
A growing number of existing “mainstream” financial institutions, as
well as a few pure Internet banks; already provide a range of transactional
services. The potential
(Strengthening The Review of Money Laundering Methods and Counter-Measures, Article 104, Page 24.)
Another FATF efforts is the establishment of Financial Intelligence Units (FIUs) in various countries around the world to protect the banking community, to detect criminal abuse of its financial system and to ensure adherence to its laws against financial crime. The FIUs have independent and specific relationships with banks, central banks, and law enforcement. These relationships allow FIUs to promote the partnerships that are essential to fighting money laundering and financial crime.
The evolution of FIUs throughout the world has led to the creation of an organization of nations that have implemented FIUs, known collectively as the Egmont Group. The Group held its initial meeting in Brussels at the Palais d'Egmont in June 1995. A consensus was reached at that time that improved interaction and communication among FIUs would serve a broad range of common goals in the areas of sharing information, coordinating training and addressing legal issues unique to the FIU phenomenon, as one of the first FIU, FinCEN of the U.S., summarizes the history of FIUs.
Financial Crimes Enforcement Network (http://www.ustreas.gov/fincen/infinc.html)
FinCEN is the American model of Financial Intelligence Units (FIUs), established by the Treasury, State and Justice Department of the United States.
The mission of the Financial Crimes Enforcement Network is “to support law enforcement investigative efforts and foster interagency and global cooperation against domestic and international financial crimes; and to provide U.S. policy makers with strategic analyses of domestic and worldwide money-laundering developments, trends and patterns. FinCEN works towards those ends through information collection, analysis, and sharing, technological assistance, and innovative and cost-effective implementation of Treasury authorities.”
The Financial Transactions and Reports Analysis Centre of Canada is the Canadian model of Financial Intelligence Units (FIUs). It was established by Bill C-22, Proceeds of Crime (Money Laundering) Act (Royal Assent: 29 June 2000: Statutes of Canada 2000, C.17, Clauses 40-72).
The Act made it mandatory for financial agencies to report information relating to certain types of transaction. The information will be sent to a central data-gathering and analysis body, the Financial Transactions Reporting and Analysis Centre of Canada.
Criminal Intelligence Service Canada: Annual Report on Organized Crime in Canada 2000 (http://www.cisc.gc.ca/Cisc2000/annualreport2000.html)
Criminal Intelligence Service Canada (CISC) is an organization that provides the facilities to unite the criminal intelligence units of Canadian law enforcement agencies in the fight against the spread of organized crime in Canada. In the Annual Report on Organized Crime in Canada, CISC states National Priorities for the year of 2000. One of the eight priorities is “Technology and Crime”. On the subject of cyber-crime and money laundering, information can be found here.
(http://www.cisc.gc.ca/AnnualReport2000/Cisc2000/technology2000.htm)
| Organized Crime and Technology |
Organized crime groups are
reaching out to individuals with specific technological skills and exploring the
possibilities of new technology.
| Hackers |
Hackers are increasingly well organized and highly skilled.
There are indications that
organized crime groups are reaching out to individuals with specific
technological skills.
| Malicious Software Programs |
They allow individuals to
control another person’s computer remotely via the Internet, ... access
information such as Internet account passwords, ... hide their electronic trail,
and making it difficult for investigators or computer security personnel to
trace them.
| Jurisdiction |
The evidentiary trail often
crosses international boundaries,
... in Canada, the ISP industry is largely unregulated, and no standards exist
to ensure that the fundamental police requirements can be met.
| Payment Card Fraud |
Many organized crime groups are now involved in forged payment card activity because it is a profitable enterprise, forging techniques are simpler and forged credit cards provide anonymity to users.
The National Money Laundering Strategy for 2000 (signed by the Secretary of the Treasury, and the Attorney General).
(http://www.ustreas.gov/press/releases/docs/ml2000.pdf)
The U.S. National Money Laundering Strategy for 2000 focuses on the problem of new technologies in Goal 2: Enhancing Regulatory and Cooperative Public-Private Efforts to Prevent Money Laundering (Goal 2, page 33). Its sixth objective is: Ensure that Regulatory Efforts to Prevent Money Laundering Are Responsive to the Continuing Development of New Technologies (Goal 2, Objective 6, page 46).
Action Item 2.6.1:
The Departments of the Treasury and Justice and the federal
financial regulators will continue to reach out the private sector to ensure
that anti-money laundering safeguards respond to new technologies.
Goal for 2000: Monitor
new technologies, financial services, and commercial developments --
particularly regarding the Internet and smart-cards -- and work with the private
sector to encourage the implementation of anti-money laundering safeguards in
new technologies.
Action Item 2.6.2:
The Departments of the Treasury and Justice and the federal
financial regulators will examine existing legal authorities with respect to
stored value cards to determine whether current law is adequate in addressing
their potential use in money laundering.
Goal for 2000: Review how current statutory and regulatory counter-money laundering authorities apply to stored value cards, and develop recommendations as to whether current law needs to be amended to address their potential use in money laundering schemes.
Council of Europe: Draft Convention on Cyber-crime (Draft N° 25 REV.)
(http://conventions.coe.int/treaty/EN/cadreprojets.htm)
The Convention is the first multilateral agreement drafted specifically to address the problems posed by the international nature of computer crime. It seeks better methods of obtaining international assistance from other parties in computer-related crime cases. As it is the newest and most developed issue in the topic of cyber-crime and money laundering, the Convention will be interpreted in a more detailed way. (Additional background information about the Convention can be found at the Computer Crime and Intellectual Property Section (“CCIPS”) of the Criminal Division of the U.S. Department of Justice.)
The Council of Europe (“CoE”, http://www.coe.int/) consists of 41 member states, including all of the members of the European Union (“EU”, http://europa.eu.int/).
The draft Convention on Cyber-crime (Draft N° 25 REV.) is a landmark in the history of CoE’s efforts on computer-related crimes since the late 1980s.
| 1989, Recommendations Addressing The Need For New Substantive Laws Criminalizing Certain Conduct Committed Through Computer Networks (Recommendation No. R. (89) 9). |
| 1995 Concerning Problems of Criminal Procedure Law Connected with Information Technology (Recommendation No. R. (95) 13). |
| 1997 CoE Committee of Experts on Crime in Cyber-space (PC-CY) was set up to prepare the Convention. |
| 2000 the latest draft public version of Council of Europe Convention on Cyber-crime (Draft N° 25 REV.5) available, was declassified on 22 December 2000. |
The interpretation of the structure of the Convention is based on the version of Draft N° 25 REV.5, declassified on 22 December 2000. Its purpose is to highlight the logic of the Convention. Interpretation follows the structure of the Convention, but it is not a table of contents. Drafting is in process; titles and text may be changed.
(The latest draft public version available can be found here: http://conventions.coe.int/treaty/EN/cadreprojets.htm.)
Chapter II
- Measures To Be Taken at the National Level
Section
1 - Substantive Criminal Law,
Offences
(illegal access, illegal interception, data interference, system interference, misuse of devices)
(computer-related forgery and fraud)
(child pornography)
(attempt and aiding or abetting, corporate liability, sanctions and measures)
(scope of procedural provisions, conditions and safeguards)
Chapter
III – International Co-Operation
General principles relating to
 | procedures pertaining to mutual assistance requests in the absence of applicable international agreements, |
| expedited preservation of stored computer data, |
| expedited disclosure of preserved traffic data , |
| mutual assistance regarding investigative powers, |
| trans-border access to stored computer data with consent or where publicly available, |
| real-time collection of traffic data, |
| interception of content data. |
Surprisingly, in the version of Draft N° 25 REV. (22 December 2000), no definition on cyber-crime can be found. The word of cyber-crime appears eight times in the text (including the title). Six times in the Preamble, in the context of protection of society against cyber-crime, requirements of the fight against cyber-crime, and so on. Once in the Final Provisions, in the following sentence: “The Parties shall, as appropriate, consult periodically with a view to facilitating ... the exchange of information on significant legal, policy or technological developments pertaining to cyber-crime and the collection of evidence in electronic form.” (Article 46, 1, b)
This paper started, and must be concluded on a hopeful note: trust and confidence in the new computing and Internet technology, and consequently e-business, should and will be maintained. Trust is a foundation of society, a basis of commerce, especially e-business. If trust and confidence would be lost in cyber-space, then the real and potential benefits of new technology could not be exploited.
A real threat, or at least difficulty, to keeping this trust alive is cyber-crime and money laundering. These evils, money laundering and cyber-crime have been or may be accompanying with one another.
The possible association of cyber-crime and money laundering brings new and more serious challenges for
| societies, |
establishing new rules of ethics, as a basis of life and law,
| criminal law, |
giving, at least, a definition of cyber-crime activities in the rapidly changing world,
| e-business, |
being courageous in looking for new solutions, but cautious about potential support of crime,
| law enforcement, |
finding evidence in the speedy, anonymous and encrypted jungle of data,
| international co-operation, |
being well-balanced between independence and interdependence, finding new ways of co-operation for a braver new world in cyber-space.