FRAUD
The fraud extended over several years, involving the abuse of forged documentation and oversight failures.
This case demonstrates several consistent“ insider” red flags:
▪ Unexplained lifestyle changes
▪ Pushback against audits
▪ Lack of vacation time or delegation( classic“ key person risk”)
This case underscores the need for behavioral analytics ― regular lifestyle checks, whistleblower empowerment and anomaly detection tools( e. g., for duplicate invoices or round-amount payments) are also indispensable.
4. In another disturbing example of collusion, four men ― including an insider ― were jailed for manipulating NHS Scotland procurement through bribery. 6 The insider received kickbacks in exchange for awarding contracts to specific firms, sometimes for inflated or unnecessary services. Procurement fraud, especially in publicly funded sectors, has knock-on money laundering effects, including the creation of shell suppliers, inflated invoicing and fund integration via legitimate payment rails.
Control recommendations include:
▪ Segregation of procurement authority
▪ Regular vendor audits
▪ Pattern analysis for contract irregularities
5. In May 2025, it was revealed that hackers bribed and recruited rogue call agents to gain access to Coinbase’ s internal systems. 7 The insiders, approached online, provided credentials or facilitated backdoor access in exchange for cash. This case merges aspects of cybersecurity and insider threat in a hybrid typology ― externally recruited insiders. It reflects warnings that external actors( e. g., cybercrime and organized crime groups) are increasingly targeting insiders at FIs and tech platforms.
Where digital asset firms are used as entry points to the financial system, the actions of a single employee can lead to systemic antimoney laundering( AML) and sanctions evasion failures, potentially including, but not limited to, the transfer of crypto tied to sanctioned regimes or weapons of mass destruction proliferation financing.
6. A U. S. Department of Justice civil forfeiture details how North Koreanlinked actors laundered over $ 7.74 million through a network of shell companies, compromised exchanges and fake identities. 8 Notably, some of the laundering relied on insiders in digital exchanges or facilitators within regional banks. Insiders are now crucial to geopolitical laundering efforts ― whether recruited voluntarily or under duress. The use of remote work, spoofed job roles or compromised vendor identities allows sanctioned actors to embed themselves within financial workflows.
A recent Wall Street Journal article 9 similarly exposed how thousands of North Korean IT workers are infiltrating Western firms via remote work ― often with fake identities or through collusion with recruiters. These workers earn foreign currency for the regime and gain access to sensitive systems. The risk extends beyond payment fraud to malign access ― where insiders can manipulate code, create backdoors or exfiltrate data. AML and internal fraud teams should consider recruitment due diligence and vendor management as part of their control frameworks.
40 acamstoday. org