“New technologies, online banking
and inefficient security measures have turbocharged cybercrime”

A new age of crime

Banks grapple with the growing problem of money laundering in Japan


FEBRUARY 2020 Feature / Text by David McNeill

Not everyone is enthused about Japan’s experiment with increasing immigration.

Last April, the government tweaked its visa rules to allow more workers from abroad. Thousands of foreign students are also expected to build lives here. It’s welcome news for a nation with a stagnant domestic market and a shrinking population, but a headache for financial regulators.

Foreigners leaving the country have been known to sell bank accounts to fraudsters, for example, who use them to launder money from crimes. There’s a going rate for these scams: ¥50,000 per account and a Twitter buzz-word: “KozaByeBye” (from the Japanese word, “koza”, meaning “bank account”).

Hiroshi Ozaki, a director at Japan’s Financial Services Agency (FSA) calls these “Anakin Skywalker accounts”, after the wheezing villain in the Star Wars series.

“He’s a good guy in the beginning but becomes a bad guy,” he explains. “It’s the same with bank accounts. That’s a severe problem for us.”

The FSA has leapt into action, pressing financial institutions to make clients aware that keeping so-called “mule” accounts is a crime. New customers must now show photo ID and other verification documents. They are also required to tell banks about their planned length of stay in Japan (as written on their Residence Cards), which banks have to keep a record of, and then notify their financial institution when that period is up. Ozaki calls this the KYC policy: “know your customer”.

Financial misdeeds keep regulators like Ozaki up at night across the planet.

“New technologies, online banking and inefficient security measures have turbocharged cybercrime,” says Alain Delfosse of the Society for Worldwide Interbank Financial Telecommunication (SWIFT), a Brussels-based organisation owned by 11,000 banks (including many in Japan) that manages the bulk of the world’s cross-border bank payments. He is quick to point out that the SWIFT network itself has never been compromised in a cyberattack.

Money laundering crimes grew about 40% on the year last year in Japan alone, according to the latest (2019) police white paper.

“International money laundering is rampant,” it warns.

The global cost of cybercrime is set to hit $6 trillion next year. That represents “the greatest transfer of economic wealth in history”, one expert noted with alarm in Cybercrime Magazine.

Several scandals have put the authorities on alert. In 2016, a criminal syndicate launched one of history’s largest cyber-heists by trying to scoop nearly $1 billion from an account belonging to Bangladesh Bank at the Federal Reserve Bank in New York. About $70 million of this, transferred to the Philippines, has yet to be recovered. Westpac, an Australian bank, is still reeling from charges last year that it had unwittingly been party to a money-laundering scam involving paedophiles.

European banks have taken note. Regulators are forcing bank boards and managers to tighten controls “where operational risks are not well managed, says John McCormick, former chairman of Asia Pacific for the Royal Bank of Scotland. Many have appointed specialists in money laundering risks, and bank employees are now trained to identify suspicious actions by customers.  Banks are also increasingly relying on AI technology to spot questionable payments.

“It is highly complex and very expensive for the banks to crack down on the issues involved,” notes McCormick.

Like anywhere else, Japan has its own issues to deal with. The prevalence of small and midsize companies with frequent overseas transactions makes it attractive to cyber-criminals who want to hide illicit profits, according to the police.

“It’s very easy in Japan to open a bank account that can be used to park illegal money,” agrees Delfosse.

He notes that in several of the more than 500 money laundering cases exposed in Japan in 2018, Japanese mule accounts were used.

European banks work closely with local regulators and have good relations with the FSA, but there are problems, suggests Delfosse. Japanese banks often have too few people and resources dedicated to monitoring cybercrime, he notes, as well as a tendency to outsource IT to vendors, which makes them more vulnerable to cyber-scams.




“Banks here are slow — and behind,” he says. “The European banks are far ahead in terms of financial crime and compliance management.”

However, Japanese banks are picking up the pace. For example, last April, MUFG Bank ended overseas remittance services through tellers at branches where the money being transferred did not originate in a bank account. And, in October, Japan Post Bank began capping overseas remittances at ¥5 million a day.

Ozaki at the FSA disputes some of the bleaker assessments — “I’ve never heard of cybercriminals breaking into a Japanese bank,” he says — but agrees that the current situation is concerning. He cites the increasing inventiveness of cybercriminals, from telephone scams to international fraud and phishing. In one incident, he notes, a fake bill was sent to an American company from a third country asking for money to be remitted to an account in Japan — a scam known as business e-mail compromise.

“The money was then resent to many Japanese accounts to launder it,” he says.

Also, organised groups send e-mails inviting bank account holders to visit fake bank pages and ask them to input passwords, which are then stolen.

The key to defeating these schemes, according to Ozaki, is cooperation. Every year, European, Asian and American regulators meet in the FSA building in Kasumigaseki to put their heads together.

“A growing part of our discussion is about money laundering and cyber risk,” he says.

There is expected to be even greater international cooperation, as the G20 agreed last year to request that the Financial Action Task Force, an intergovernmental organisation, create stronger measures to prevent cryptocurrencies from being used maliciously.

Regulators fret that the development of quantum computing — which will give computers the ability to do trillions of calculations per second — will render the encryption systems on which global banking depends obsolete. This encryption is what ensures your bank details cannot be stolen, for example. Chinese engineers are among those working hard to master quantum technology.

The battle against cybercrime has only started. 

“It is highly complex and very expensive for the banks to crack down on the issues involved”