These measures should be formalized, routinely scheduled and independently validated. Mapping them to recognized frameworks, such as ISO / IEC 27001 control A. 12.3.1( information backup) and National Institute of Standards and Technology Cybersecurity Framework 2.0 Category IR. TM( incident recovery testing and management) reinforces audit-readiness and supports compliance, insurance coverage and operational continuity. 12
Conclusion
Ransomware has evolved into a financially driven threat with significant implications for FIs, regulators and national resilience. Its overlap with AML frameworks highlights the need for a shift from siloed cybersecurity responses to integrated governance models. Regulatory guidance increasingly supports this convergence, encouraging the use of proven AML practices such as cross-functional coordination, targeted training and continuous control testing to strengthen organizational defenses. The core issue is no longer just technical preparedness, but enterprise-wide alignment. As with money laundering, ransomware exploits weak oversight, fragmented systems and unclear accountability. Addressing these gaps requires a unified response across cybersecurity, compliance and leadership, treating ransomware as a strategic business and regulatory threat.
Financial crime compliance professionals must work closely with cybersecurity leaders to evaluate ransomware threats not just as technical breaches, but as risk events that impact transaction integrity, customer protection and regulatory posture.
Shakera Johnson, MBA, CCISO, CISSP, CISM, CISA, CRISC, director, Information Security, Cable Bahamas Ltd., Nassau, Bahamas,
Derek W. Smith Jr., MBA, CAMS, CCE, money laundering reporting officer, assistant vice president, compliance, CG Atlantic’ s family of companies( member of Coralisle Group Ltd.), Nassau, Bahamas,
1
Enver Buçaj and Kenan Idrizaj,“ The need for cybercrime regulation on a global scale by the international law and cyber convention,” Multidisciplinary Reviews, Volume 8, Issue 1, 2025, https:// doi. org / 10.31893 / multirev. 2025024
2
Matthew Ryan,“ Ransomware Revolution: The Rise of a Prodigious Cyber Threat,” Springer, 2021, https:// link. springer. com / book / 10.1007 / 978-3-030-66583-8
3
“ Symantec Enterprise Cloud,” Broadcom, https:// www. broadcom. com / products / cybersecurity
4
“ WannaCry Ransomware Campaign Exploiting SMB Vulnerability,” CERT-EU, May 22, 2017, https:// cert. europa. eu / static / SecurityAdvisories / 2017 / CERT-EU-SA2017-012. pdf? utm _ source = chatgpt. comcert. europa. eu
5
“ Internet Organised Crime Threat Assessment( IOCTA) 2021,” Europol, https:// www. europol. europa. eu / publications-events / main-reports / internet-organised-crime-threat-assessment-iocta-2021 # downloads
6
“ 2025 Unit 42 Global Incident Response Report: Social Engineering Edition,” Unit 42, July 30, 2025, https:// unit42. paloaltonetworks. com / 2025-unit-42-global-incidentresponse-report-social-engineering-edition /
7
“ Q4 Travelers’ Cyber Threat Report: Ransomware Goes Full Scale,” Travelers, 2024, https:// info. corvusinsurance. com / hubfs / ransomware % 20reports / Q4 % 202024 % 20 Cyber % 20Threat % 20Report. pdf
8
Emma Woollacott,“ The Scattered Spider ransomware group is infiltrating Slack and Microsoft Teams to target vulnerable employees.” ITPro, July 30, 2025, https:// www. itpro. com / security / ransomware / the-scattered-spider-ransomware-group-is-infiltrating-slack-and-microsoft-teams-to-target-vulnerable-employees 9
“ Countering Ransomware Financing,” Financial Action Task Force, March 14, 2023, https:// www. fatf-gafi. org / en / publications / Methodsandtrends / countering-ransomware-financing. html
10
” Advisory on Potential Sanctions Risks for Facilitating Ransomware Payments,” U. S. Department of the Treasury, October 1, 2020, https:// ofac. treasury. gov / media / 48301 / download? inline
11
Joanna Huisman,“ KnowBe4’ s 2024 Phishing by Industry Benchmarking Report Reveals that 34.3 % of Untrained End Users Will Fail a Phishing Test,” KnowBe4, June 4, 2024, https:// blog. knowbe4. com / knowbe4-2024-phishing-by-industry-benchmarking-report
12
“ ISO / IEC 27001:2022: Information security, cybersecurity and privacy protection ― Information security management systems ― Requirements,” International Organization for Standardization, https:// www. iso. org / standard / 27001
ACAMS Today | September – November 2025 49