India, a StAR FinCrimefighter: Country’s growing capacity in asset recovery & tackling cybercrime threats – ET CISO
https://etimg.etb2bimg.com/thumb/msid-113928727,imgsize-178550,width-1200,height=765,overlay-etciso/ot-security/india-a-star-fincrimefighter-countrys-growing-capacity-in-asset-recovery-tackling-cybercrime-threats.jpg
Public institutions’ capacity to design, implement and enforce policies is key to a country’s development. The Paris-headquartered Financial Action Task Force’s (FATF) Mutual Evaluation Report (MER) on India released last month highlights the strength of India’s institutions in shaping its development. Examining asset recovery within this context reveals a mature governance framework capable of propelling India toward growth.
Stolen Asset Recovery (StAR) Initiative refers to recovery of stolen assets by police. NCRB data shows that the recovery rate in theft, burglary and robbery cases is 40%. However, StAR also includes recovery of proceeds from crimes such as fraud, drug trafficking and corruption. This becomes particularly challenging when assets and funds are dissipated across borders.
FATF’s MER on India rates the country as ‘substantially effective’ in depriving criminals of their proceeds and pursuing these assets internationally. However, asset-stealing techniques are rapidly evolving. With 46% of the world’s digital transactions occurring in India and the rise of fast payment systems (FPS), threat of cyber-enabled fraud (CEF) has grown. Rapid adoption of virtual digital assets (VDAs) has also introduced new challenges in tracing hidden assets. India leads globally in VDA adoption, according to blockchain analytics firm Chainalysis. Strength of our institutions depends on their responsiveness to these emerging risks: Cybercrime: NCRB data shows that CEF cases have been rapidly increasing, with a 31% rise in reported cybercrime cases between 2020 and 2022. These crimes can be domestic (with both perpetrators and victims in India), or cross-border (involving overseas perpetrators and Indian victims, or Indian perpetrators scamming victims overseas). In response, GoI established the Indian Cyber Crime Coordination Centre (I4C) in 2018 to improve collective capacity to fight cybercrime.
After analysing modus operandi of scams such as illegal gaming, KYC frauds, investment frauds, illegal loan apps, matrimonial scams, banking vectors (mule accounts, payment aggregators, virtual accounts, VDAs, ATMs), and tech vectors (digital ads, mobile apps, social media, phone calls), I4C developed a unique asset recovery system in 2021: Citizen Financial Cyber Frauds Reporting and Management System (CFCFRMS). This semi-automated system helps recover the assets of cybercrime victims within hours of the fraud, with participation from major financial institutions and ecommerce companies.
India’s MER acknowledges that since 2021, more than ₹6 bn has been recovered by I4C ‘through the CFCFRMS portal and returned to victims of cyber-enabled fraud’. While this highlights the system’s effectiveness, it is insufficient to mitigate risks posed by CEF. As a result, there’s a continuous effort to assess the CEF threat and devise strategies to mitigate these risks.
Virtual digital assets: VDAs present a new vulnerability due to their pseudonymous ownership by design, making it easy to transfer value across wallets and borders. Between 2021 and 2023, industry estimates suggest that at least $20 bn in illicit funds, including those from hacks, darknet markets and ransomware operators, were transferred through virtual asset networks. However, most VDA trades occur via dedicated exchanges and brokers.
In late 2022, India conducted a money-laundering/terrorist-financing (ML/TF) risk assessment for the VDA sector and classified it as high risk. To mitigate this, exchanges and brokers are now required to register with Financial Intelligence Unit India (FIU-IND) and report suspicious transactions. To date, 47 VDA service providers have registered with FIU-IND.
Parallelly, efforts have been made to develop institutional capacity to trace stolen assets dissipated through VDAs on blockchains. This requires both training and acquisition of tools. Efforts are also underway to build institutional capacity for tracing stolen assets dissipated through VDAs on blockchains. This requires both training and the acquisition of tools.
India’s MER acknowledges substantial effectiveness in understanding ML/TF risks, and effectively coordinating measures among law enforcement agencies to mitigate these risks. It also rates India’s efforts in recovering assets for victims of fraud and money laundering as substantially effective.