Bunting: Financial fraud reports ‘tip of the iceberg’
Published:Friday | May 27, 2022 | 1:27 AMEdmond Campbell/Senior Parliamentary Reporter
Members of a joint select committee reviewing the Cybercrimes Act, 2015, placed the microscope Thursday on the various forms of online fraud, like those perpetrated against National Commercial Bank (NCB) customers in the last two weeks, to ensure that these incidents are captured by the revised law.
Government Senator Natalie Campbell-Rodriques urged her colleagues on the joint select committee to ensure that the law had provisions to tackle the range of cybercrimes that had been unleashed on the bank’s customers.
At the same time, Senator Peter Bunting, who has had extensive experience in the financial sector as an investment banker, suggested that financial institutions be obliged to report incidents of cybercrimes to allow the authorities to have an appreciation of the scale of the problem.
Bunting told his fellow lawmakers that reports of sums fleeced by cybercriminals from financial institutions that come to public attention often represent “just the tip of the iceberg”.
“Most financial (institutions), from a reputational perspective, prefer to deal with these fraud cases privately or quietly, and the truth of the matter is, it doesn’t allow a proper assessment of the scale of what is actually taking place,” he said.
“I think we should consider whether there should be some obligation for reporting, even in anonymous ways to the Bank of Jamaica (BoJ), for example, so that we could see the aggregate figures, not just the ones that go to court and persons are charged, but we could understand the scale of the problem,” Bunting argued.
He said that the committee reviewing the Cybercrimes Act, 2015, could recommend that the BoJ and the Financial Services Commission (FSC) collect data on funds stolen from financial institutions through cybercriminal activities, so that an aggregate sum that had been stolen could be determined.
Government Senator Kavan Gayle also believes that financial institutions should make these reports on cybercrimes so that lawmakers can make effective decisions regarding these offences.
Committee Chairman Daryl Vaz also endorsed Bunting’s suggestion that financial institutions report cybercrimes to regulatory bodies such as the BoJ and the FSC.
He indicated that, in the absence of such reporting, the authorities would not have a full grasp of the magnitude and frequency of fraud.
NCB reported on Thursday a smishing and vishing fraud attack amounting to $18 million, with 12 customers being impacted.
Lieutenant Colonel Godphey Sterling, head of the Jamaica Cyber Incident Response Team (Ja-CIRT) in the Ministry of Science, Energy and Technology, told the committee that the success of cybercrimes investigations was not generally publicised because financial institutions tend to deal with these issues in-house and directly with law enforcement.
However, he said that the Major Organised Crime and Anti-Corruption Agency and the Jamaica Constabulary Force have had some success in the courts against the perpetrators of cybercrimes who defraud individuals and financial institutions.
He said that, within the banks, there has been some level of successful remediation “because the audit trail that is left is one that can be followed and it’s just a matter of how the institution treats with it and the level to which the affected clients actually pursue the matter”.