Meet the common enemy of accountancy bodies: Cybercrime

The CCAB (Consultative Committee of Accountancy Bodies) has released its economic crime manifesto which includes a major component aimed at tackling cybercrime in the UK.

TechRadar Pro sat down with Anthony Harbinson, CCAB Chairman and Director of Safer Communities, Northern Ireland Department of Justice to explore what that means to the wider accounting community and why it was introduced in the first place.

Can you tell us more about the CCAB and why the need of that document now?

Firstly, who or what is the CCAB? The Consultative Committee of Accountancy Bodies (CCAB) was founded in 1974 as an umbrella group of British and Irish professional accountancy bodies with Royal Charters. It has five member bodies: 

- Association of Chartered Certified Accountants (ACCA)
- Chartered Institute of Public Finance and Accountancy (CIPFA)
- Institute of Chartered Accountants in England and Wales (ICAEW)
- Chartered Accountants Ireland (CAI, formerly ICAI)
- Institute of Chartered Accountants of Scotland (ICAS)

And has a combined membership of around 245,000 professional accountants in the UK and the Republic of Ireland and approximately 354,000 worldwide.  

The primary objective of the CCAB is to provide a forum for the member bodies to work together collectively in the public interest on matters affecting the profession and the wider economy. 

The CCAB therefore enables the member bodies to discuss issues of common concern, and where possible, to provide a common voice for the accountancy profession when dealing with the United Kingdom government and to provide a forum for the.

CCAB’s credibility stems from its insight into all areas of finance and accounting, from finance director and audit partner to management accountants, professional advisers, public sector finance leaders and entrepreneurs. CCAB’s members work through the financial value chain in all sectors as key decision makers and business leaders within the UK and around the world.

Money laundering, and the associated financing of terrorism, are undoubtedly threats to the proper functioning of the economy and wider society and that is why the CCAB has decided to release its economic crime manifesto which includes a major component aimed at tackling cybercrime in the UK.

To put it in simple terms, money laundering is the process that allows crime to pay and, in the case of financing of terrorism, has even more significant consequences.  Where the proceeds of crime are able to be siphoned successfully through the legitimate financial system, the result is the undermining of trust in the integrity of that system, potentially to its long-term detriment and the people who depend on it.  

We believe that this manifesto is needed now because of the sheer level of Government activity in this space at present.  We’ve had the AML Action Plan, this week the criminal finances bill, the EU’s 4th Anti Money Laundering Directive is due for transposition and the Suspicious Activity Reports (SAR) regime also under review. 

Our manifesto contains proposals that we believe will further strengthen the UK response to economic crime. Such crime (including cybercrime) is of course a global phenomenon.

Our profession is unique in that we are the only regulated sector with a consistent global standard of ethical behaviour which includes guidance on reporting non-compliance with laws and regulations even where there is no legal requirement to do so.    

How can accountants become a barrier to cybercrime?

High levels of vigilance on the part of the regulated sector needs to be maintained when it comes to money laundering and we need to always be one step ahead of the organised criminal who is constantly looking for weaknesses and loopholes in the system. 

The current spread of mobile payment technologies and their potential for fraud is an example of the dynamic environment we are dealing with. However, we would all accept that not all aspects of the current regulatory framework are as effective or efficient as they could be and whilst there is support for their deterrence value and for their contribution to the maintenance of the UK’s reputation as a respectable business environment we recognise that more needs to be done.  

Accountants provide great value to society in many ways. We help individuals to form and grow the businesses that create wealth and employ people. We prepare the information that serves to encourage investment and provide assurance to stakeholders of various kinds that businesses are being run as they should.

In my own area of public services we manage huge amounts of funds and help to ensure that those funds are spent efficiently and in the public interest and in the business world accountants are increasingly being seen as gatekeepers of financial probity. 

Nowhere is this more apparent than in the area of anti-money laundering and the combatting of cybercrime. Many of our members of are specialists in IT and ICT and as such have the technical expertise where it is needed to tackle these issues. 

We have deeply developed forensic and assurance sectors arming us with the tools for detection and the CCAB qualifications build in financial analysis, a key tool in spotting red flags and unusual activity. Furthermore, in our experience many cyber-attacks are preceded by an element of social engineering. 

Accountants are trained to act with professional scepticism and our Code of Ethics requires us not to share confidential information. This is a built in risk mitigator. As professional accountants our responsibilities under the AML/CTF regime are challenging, and full compliance with both the letter and the spirit of the regime is an objective that we continually to strive to achieve.

Therefore, I believe that the accountancy profession is a champion of ethical business conduct and that our role in the area of anti-money laundering in a positive one which truly allows accountants to be a real barrier to cybercrime.

"Accountants are trained to act with professional scepticism and our Code of Ethics requires us not to share confidential information"

How is that threat evolving with UK’s Brexit vote result?

The threat of Cybercrime and money laundering are global in nature and we will have to battle these scrounges head-on not matter whether we are in or outside the EU.  The UK Government has always been committed to fighting economic crime and will continue so and key stakeholders in that fight we are committed to assisting them in doing so.

The UK is also a direct member of the Financial Action Task Force so the requirements around AML are unlikely to be affected as a result of the Brexit vote or the new structures that will be established in light of that vote.

That said, a global response requires global networks, and it is uncertain how certain tools currently available to law enforcement (such as the European arrest warrant) will operate following Brexit.

Whilst the impact of "Brexit’" on UK AML legislation and policy remains uncertain at this time, what is certain is that it remains imperative that the UK continues to be involved in ongoing European discussions about the Anti-Money Laundering Directive. 

The need for this approach was perhaps most clearly identified when in July this year the European Commission said, "the recent terrorist attacks and the Panama Papers revelations highlighted the need for the EU to take further measures and step-up its fight against money laundering and terrorism financing".

Given the levels of uncertainty that Brexit has brought to many areas the CCAB will be maintaining a close watching brief over this important issue and as such we will continue to urge the government to take the lead in carrying these recommendations forward. We look forward to working with them as they do. We want to help make the UK’s AML defences as effective as possible and we firmly believe that the changes outlined in this manifesto will help bring that about.

Given the outcome of the Brexit referendum, we in the UK now also need to make sure that our government does not isolate itself from EU policy-making and the process by which the Anti Money Laundering Directive is developed, improved and updated.

As we have highlighted in the manifesto it will be by enabling a more integrated partnership between the various aspects of the regulated sector and its many stakeholders that we can, together, create a more effective and more cost-effective AML system for the UK.

And by making sure that accountancy services are properly regulated and supervised right across the profession we can be confident that the gatekeepers of the legitimate economy are always up to the job.

Where does technology fit in CCAB’s narrative when it comes to fighting crime?

Whilst technology is undoubtedly at the heart of cybercrime and we also believe that technology is a vital tool in combating such crimes. One of our four key proposals in the creation of an intelligence portal to share information on suspicious individuals or entities between regulators and law enforcement authorities, supported by better mechanisms for sharing skills and experience, would together help cement a true private-public crime-fighting partnership.

We believe that regulated businesses are better able to carry out economic crime risk assessments when law enforcement authorities share their intelligence but the truth is that the information available to the professionals performing these checks is in many cases too limited or too generic.

They struggle to gain access to the more useful, detailed information and intelligence which might not be in the public domain. Since it is difficult to fight crime blindfold this intelligence gap can lead businesses to take a ‘de-risking’ approach. This is in no-one’s best interest, least of all the economy at large. That is why we have advocated a much wider sharing of more detailed information. 

Greater investment in mechanisms for sharing between regulators and law enforcement would represent a valuable step towards creating a true, private-public crime-fighting partnership in which innovations in big data analysis could be harnessed to identify and follow-up suspicious conduct that has previously been undetectable in an ocean of information.

We believe that Customer Due Diligence or CDD solutions lie in technology and can be more properly enabled by it. We feel that a solution to the extensive duplication of CDD that takes place under the current regime, which ultimately clients and consumers pay for, would be immensely valuable in tackling some of the challenges we currently face.

Another approach that has been discussed the development of public registers, but transparency is only useful when combined with reliability of information.

Technology will have a part to play in achieving this. And finally, the government have also recognised the need to improve the National Crime Agency Suspicious Activity Reporting IT system. We support them 100 per cent in this and have some proposals to further improve the regime.

Desire Athow
Managing Editor, TechRadar Pro

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website builders and web hosting when DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.