Editor's Note: This article originally appeared on the Access Asia Consulting blog on November 28, 2016.

Trade-based money laundering (TBML) in Southeast Asia has been on the rise in recent years, driven by a confluence of factors including robust economic growth, a relatively weak regulatory environment (with the key exception of Singapore,) corruption issues, and the presence of sophisticated transnational criminal networks. These factors, as well as political, socio-economic and cultural dynamics, put the region at heightened risk for TBML in which financial institutions, corporations and governments should play a greater pro-active role in combating.

According to the Organization for Economic Co-operation and Development (OECD), the economies of the Association of Southeast Asian Nations (ASEAN) are expected to grow at a rate of 5.2 percent from 2016 to 2020, which will be led by Vietnam and the Philippines.  The major contributors for growth include strong fixed investment, foreign direct investment and an increasing demand of goods from both domestic and foreign customers. But as domestic and international trade increases in the region, which is coupled with enduring signs of bribery and corruption issues, so does the risk for TBML.

The United States Department of Homeland Security has defined TBML as “disguising criminal proceeds through trade to legitimize their illicit origins.” The characteristics of this misconduct include misrepresenting the price, quantity and the quality of either imports or exports. Some of the red flags are over-invoicing and under-invoicing exports and imports, multiple invoicing of goods, manipulating the quantity and even phantom shipments.  In addition, payments to a vendor by an unrelated third party and unusual shipping routes are also suspicious indicators.

So, why does TBML matter to financial institutions, corporations and governments? The first reason is its potential adverse consequences to the domestic economy such as governments receiving lower tax revenues when companies under-invoice the value of its shipments.  Misrepresenting the value or the quantity of imports and exports may allow criminals and corrupt government officials to transfer capital more easily in order to legitimize the source of funds.  Regulatory scrutiny continues to increase across the globe around TBML and financial institutions should take the necessary steps to ensure they do not facilitate nefarious trade deals.

According to research by the Washington-based group Global Financial Integrity (GFI,) three of the top 10 countries for illicit financial flows (IFFs) are in ASEAN: Malaysia, Thailand and Indonesia (ranked as 5, 8 and 9 respectively.) However, when the top 10 countries for IFFs are compared to their gross domestic product (GDP,) the magnitude of the issue is put into perspective.  Malaysia can be categorized as the country with the potentially highest risk of TBML because 14.1 percent of its GDP has been identified as potential IFFs.

Another susceptible country is Cambodia. GFI estimated that over $15 billion was lost to illicit financial outflows between 2004 and 2013 – including US$ 4 billion in 2013 – most of it secretly shifted offshore using a technique known as trade misinvoicing. Access Asia also puts Myanmar and Vietnam at heightened risk for TMBL in Southeast Asia, where misinvoicing (including overpricing on imports sold by a member company incorporated in the import country) is a common way of reducing recorded profits to evade taxes. Thus, it is important for financial institutions in such countries to conduct thorough know-your-client due diligence.

Illicit financial flows can have a detrimental effect on a country’s economy by removing revenue from governments which can potentially be used for various development initiatives. In Cambodia, one opposition lawmaker was quoted in local media of saying that the US$ 4 billion reportedly lost to illicit financial outflows in 2013 was more than the entire national budget.

TBML is difficult to detect because of the complexity within the trade finance process itself and the number of entities involved.  The unstructured format of the required documentation such as word documents, PDF files and scanned images create additional automation and screening challenges.

So, what more can financial institutions do in the fight against TBML? Access Asia recently engaged with Keith Furst, the founder and financial crimes technology consultant at Data Derivatives, who provided us his views on the issue.

According to Furst, utilizing advanced algorithms should be considered as an effective resource to augment a financial institution’s existing anti-money laundering program specifically to address the unique challenges presented by trade finance.

Furst explained:

Many of the unstructured data in the form of PDF files and scanned images can be converted to machine readable text by leveraging optical character recognition (OCR) software.  Once these documents are converted into machine readable text then other algorithms can be applied to them such as natural language processing (NLP) where key data elements are extracted for analysis such as geographies, entities, individuals, ports, name of products, quantities and unit prices.  There are other opportunities to leverage advanced algorithms such as unit price and unit weight analysis.

The unit price analysis would focus on product pricing falling outside what would be considered normal for that industry and product type in the transaction.  This is an incredibly complex task given name similarity among dissimilar products, range of quality, volume discounts, etc.  However, certain products and industries would be easier to accumulate pricing profiles and determine discrepancy red flags.  Similarly, unit weight analysis would also focus on discrepancy identification, but for volume as opposed to price.  Nefarious actors may try to understate or overstate the quantity of goods shipped when compared to the actual payments made.  If the payment amount was abnormally low when compared to the product and container it was shipped in then this could be a red flag for an undervalued shipment.

TBML is a very effective tool for transnational organized crime groups to move value across international borders, and the prevalence of such groups operating throughout Southeast Asia – many with links to domestic and international terrorism, is another factor that puts the region at heightened risk for TBML.

Financial institutions tend to be reactive as opposed to proactive when it comes to complying with regulatory requirements, yet taking a strategic approach to compliance can actually be a competitive advantage.  Access Asia believes that financial institutions which forecast upcoming trends in the compliance and regulatory space and prepare accordingly will be better equipped to deal with the increased regulatory expectations when compared to their competitors.

Ultimately it will be up to the banks serving Southeast Asia to spearhead the campaign against TBML in their local jurisdictions; a failure to do so could eventually lead to a de-risking process by the large global banks which could affect the availability and cost of trade finance products in the region. Currently, the Monetary Authority of Singapore (MAS) is taking the lead to combat TBML in Southeast Asia, yet Access Asia believes it is only a matter of time before other countries follow suit. If they fail to do so, such countries will fall behind in terms of perception in the eyes of the global financial community and this will negatively effect investment and trade opportunities.

Editor's Note: This article originally appeared on the Corporate Compliance Insights on June 23, 2016.

A series of cyber fraud attacks targeting financial institutions through the SWIFT global messaging system has prompted an industry wide review of IT security measures and has highlighted the rising risk of cyber fraud against financial institutions in Southeast Asia and beyond. SWIFT has responded with a five-part customer security program to reinforce the security of the global banking platform, yet its CEO has warned “there will be more attacks.”

Cyber fraud risk is heightened in developing countries that often lack the technological resources to detect and thwart such attacks, while geopolitical dynamics also play into the risk equation. In light of these factors, Access Asia views Southeast Asia as a region of heightened risk for cyber fraud targeting financial institutions due to socioeconomic conditions, proximity to suspected centers of cyber fraud operations in North Korea and China and the existence of strong transnational criminal networks.

Indeed, one of the most recent cases to come to light involves an attempted attack on Vietnam’s Tien Phong Bank (TP Bank), while the money trail of an $81 million cyber heist from the State Bank of Bangladesh’s account at the New York Federal Reserve in February has been traced to the Philippines. Hong Kong (which lies on the periphery of Southeast Asia) is the reported end of the money trail for a US$2 million cyber theft on an Ecuadorian bank in early 2015, while the Philippines was also the target of an earlier attack in October 2015.

Access Asia views Cambodia, Myanmar, Indonesia and the Philippines as the countries most at risk in Southeast Asia for future cyber fraud attacks targeting financial institutions due to a perception of lax IT security measures, weak governance and law enforcement, high levels of corruption that could facilitate inside collusion and the existence of well-established transnational criminal networks.

North Korean involvement?

Many cybersecurity experts believe these SWIFT attacks have been conducted by the same group of hackers due to the similarities of the malware used and link the same group with the 2014 hacking attack on Sony Pictures Entertainment. The FBI concluded the 2014 attack was perpetrated by North Korea, which makes the rogue nation a key suspect in these SWIFT attacks. However, many security experts outside the IT realm refute direct North Korean involvement in these SWIFT attacks, questioning why a nation-state would engage in cyber theft, particularly given the relatively small amount of money involved in them (with the exception of the attack on Bangladesh Bank.) Moreover, these attacks would have required a number of agents operating in numerous countries to coordinate both the attacks and retrieval of the money, likely with the cooperation of other international criminal networks – a modus operandi not fitting with North Korea in Southeast Asia. The North Koreans tend to be tightly nationalistic and unwilling to trust other ethnic groups – especially criminals – and are most unlikely to be dealing with international crime groups in Southeast Asia.

“DPRK is usually vilified given their ‘last rogue nation standing’ status; however, there are some underlying changes at work that most outside do not realize due to the media’s lack of positive coverage,” noted one of Access Asia’s China-based security partners who recently co-authored a report on the internal political dynamics of North Korea.  “I’m hearing that it’s more likely Russian or Chinese hackers,” the source added.

A recent investigative report in the Epoch Times, which cited an insider with reportedly direct knowledge of the recent attacks, puts the blame on former Chinese state hackers who identified the initial vulnerability and then sold the information to cyber crime groups.

No matter who is responsible for these recent attacks, greater emphasis should be placed on enhancing security defenses to protect against future attacks. In Vietnam, the country’s leading network security firm BKAV believes 30 percent of Vietnamese commercial banks’ websites have vulnerabilities, two-thirds of which are at medium or high risk for cyber attacks. This figure is likely much higher in lesser developed Southeast Asian countries, such as Cambodia and Myanmar.

New fraud detection models needed

“The recent SWIFT attacks definitely point to the need for tighter cybersecurity protocols, but even such tighter measures may not be enough,” explained Keith Furst, founder and a financial crimes technology consultant at Data Derivatives. “There are other ways to initiate payments through social engineering or even by holding a key employee’s family hostage in an extreme example – so when the security measures fail, what else can be done?”

Furst suggests developing a model in which banks could detect fraudulent activity to the SWIFT payment traffic before the messages leave the bank’s network. Using the example of detecting credit card fraud through historical profiling and blocking transactions that are deemed to be a deviation from that profile, Furst believes similar fraud detection models could potentially be applied to SWIFT traffic before the messages leave the bank’s network.  Furst explained:

“Think of it kind of like an expected range of values where the currency, amount, banks and countries involved in the payment activity all contribute to the historical profile. So, in the case of Bangladesh Bank, if they had these type of models running for all SWIFT messages, then they may have detected that something was off when $951 million worth of instructions were requested.  The final beneficiaries of the transfers could also be a strong indication of fraud, because why would the Bangladesh Bank send such high-value transfers to beneficiaries they don’t normally deal with on a regular basis?  In essence, it is taking what financial institutions have learned from anomaly detection and fraud models and applying it to SWIFT traffic before the transfers leave the bank’s network.”

As heightened security measures are being debated and developed, financial institutions should remain vigilant and aware that the group or groups responsible for these recent bank attacks will likely strike again. Security software company Symantec warns that these attacks are part of a “wide campaign against financial targets in the region” and that recent publicity of the attacks “may prompt other attack groups to launch similar attacks.”

“The recent SWIFT attacks may be only the beginning of a larger scale campaign where cyber criminal organizations systemically target weak banks and exploit known vulnerabilities,” said Data Derivative’s Furst. “Recent events may accelerate discussions surrounding groundbreaking technological innovations, such as using a blockchain ecosystem as an alternative for high-value, cross-border money transfer,” he added.

Meanwhile, SWIFT officials are warning all banks to review their security controls and to take special care with PDFs.