This publication is licensed under the terms of the Creative Commons Attribution License 4.0 which permits unrestricted use, provided the original author and source are credited.

In October 2024, the UK partnered with the US and Australia to sanction 16 members of Evil Corp, a Russia-based group behind a series of malware and ransomware attacks on critical national infrastructure and public institutions. Outlining the measures, the National Crime Agency (NCA) explained that Evil Corp’s links with Moscow went “far beyond the typical state-criminal relationship of protection, pay-offs and racketeering” to include activities tasked by the Russian intelligence services. The move formed part of a broader response to Russia’s persistent campaign to damage the social fabric of Western countries – a campaign that has become ever more frenzied in the years since its full-scale invasion of Ukraine. The UK authorities intend to use “the full range of government tools to target the threat from cybercrime and disrupt malicious cyber actors emanating from the Russian state.”

Russia’s intelligence agencies are far from unique in their use of criminal groups for strategic and tactical ends, but the relationship between them appears to be especially intense, fluid and politically charged. For instance, one founding member of Evil Corp reportedly strengthened its links to the Russian state with help from his father-in-law, a high-ranking officer in the Federal Security Service (FSB). In 2022, another founding member came third in a hackathon organised by the Wagner Group.

The events leading to the August 2023 death of Wagner Group leader Yevgeny Prigozhin – known for his ties to both criminal networks and the Russian president – seem to have done little to discourage the Kremlin from working with such organisations. Matt Jukes, head of UK Counter Terrorism Policing, observes that threats from hostile states now account for 20% of his officers’ work, compared to 5% in 2019. MI5 Director General Ken McCallum describes an “eye-catching shift” in which Russian state actors turn to “proxies for their dirty work, including private intelligence operatives and criminals from both the UK and third countries.”

It is debatable whether this is a new shift or the acceleration of an established trend; some of Prigozhin’s most prominent work came in his sponsorship of the Internet Research Agency, which allegedly meddled in the 2016 US presidential election. However one defines it, the change in threat may be partly explained by the UK’s mass expulsion of Russian spies following the invasion, a measure that likely heightened the Kremlin’s need to operate at arm’s length.

Transfers of technology and technical expertise

In this environment, it is vital that the UK authorities understand the activities of Russian-linked criminal groups and identify their weaknesses. The Kremlin may have once been reluctant to transfer advanced technology and technical expertise to its criminal partners – given the risk that these assets would eventually be turned against the leadership itself – but its increasingly egregious actions against the UK and other Western states suggest that it has abandoned many of its inhibitions. When the objective is focused and specific, intelligence services might provide the kind of precision the Kremlin requires; when the aim is to create disorder of any kind, there may be greater value in using criminal groups that thrive amid chaos.

Russian leaders need only look towards their partners in Iran to see how transfers of technology and expertise to proxies can amplify state power and cause havoc. Hezbollah – whose activities flow across the boundaries of politics, war-fighting and organised crime – enhanced its influence in Lebanon and further afield by receiving transfers of Iranian military technology and expertise. Such capabilities were, in turn, allegedly transferred to other partners, such as Latin American drug cartels – which reportedly benefited from Hezbollah’s know-how in areas such as tunnel construction.

This may be one of the most troubling aspects of Russia’s evolving campaign against the UK. The campaign could help criminal groups gain greater access to the kinds of advanced capabilities and resources that were once the preserve of the Russian intelligence services. Some indications of this are already emerging: in September 2024, the National Cyber Security Centre (NCSC) publicly uncovered a cybercrime, espionage and sabotage group that centres on Unit 29155 of the GRU, the Russian military’s main intelligence directorate. According to the NCSC, the unit includes junior active-duty GRU officers but also “relies on non-GRU actors, including known cyber criminals and enablers to conduct their operations. The group differs to more established GRU-related cyber groups Unit 26165 (Fancy Bear) and Unit 74455 (Sandworm).”

In January 2024, UK Counter Terrorism Policing established a new unit focused on state threats. This unit may be well placed to identify transfers of technology and expertise to criminal groups, working alongside other specialised law enforcement bodies, the security services and their international partners. However, policymakers can do a great deal more to strengthen the UK’s defences against criminal organisations involved in such activity, particularly in identifying and exploiting their weaknesses.

Turmoil in non-traditional finance

Perhaps their most obvious weakness is money. State-backed or otherwise, criminal groups are motivated by a desire for financial gain. As such, Western states can disrupt these organisations by targeting the routes through which they fund their activities and launder the proceeds of crime. Just as 9/11 led to a revolution in policy to counter terrorist financing, Russia’s growing campaign of hacking, sabotage and assassination could lead to a major shift in policy on criminal financing.

Yet, while Western countries have long struggled to deal with money laundering, sanctions busting and other forms of financial crime in the traditional banking sector, the outlook is even bleaker in finance based on emerging technology (non-traditional finance). For example, Unit 29155’s malign cyber activities reportedly involved demands for payment in Bitcoin. And the Wagner Group’s disinformation operations allegedly involved Bitcoin payments to freelancers in Europe, designed to circumvent Western sanctions. According to the NCA, Evil Corp developed expertise in money laundering, pouring significant resources into its systems for cryptocurrency trading.

Similarly, North Korea has long used criminal groups to try to bypass the extensive Western sanctions on its economy, but the development of non-traditional finance appears to have supercharged such activity. The United Nations estimates that, between 2017 and 2023, Pyongyang used $3 billion in stolen cryptocurrency to fund its nuclear programme.

The National Assessment Centre estimates that the value of illicit crypto transactions linked to the UK likely reached “£1.2 billion in 2021, if not significantly higher.” While this is only a fraction of the estimated £100 billion laundered through the UK each year, such statements likely reflect a lack of information about a sector evolving in the dark.

For criminal groups, the main appeal of non-traditional finance seems to be that the underlying technology has developed far quicker than the legal and enforcement framework to regulate its use. Nonetheless, the UK authorities are gradually finding a foothold in the area. In April this year, the NCA and the UK police gained the power to seize, freeze and destroy crypto assets. In September, the UK Government introduced a bill to clarify the legal status of cryptocurrencies as personal property. Meanwhile, the Financial Conduct Authority – which regulates the traditional banking sector – has incrementally taken on greater oversight of the industry in recent years.

Despite such steps, UK fintech regulation is still inadequate. The sector appears to be highly vulnerable to criminal groups. This is shown in the work of the National Fraud and Cyber Crime Reporting Centre, which received in 2023 almost 10,000 fraud reports naming London-based fintech firm Revolut, compared to around 8,000 naming Barclays. These figures are particularly unsettling given that Revolut has approximately 10 million customers in the UK while Barclays has roughly 48 million – and that the fintech firm reportedly secured a UK banking licence in July 2024, following a three-year wait. Moreover, according to a 2022 Europol study, “money laundering operations now reportedly constitute the highest proportion of illegal acts committed using cryptocurrencies, ahead of other types of offences such as fraud.”

Before an avowedly pro-crypto candidate won the 2024 US presidential election, there were signs that international oversight of non-traditional finance could become firmer than that of the traditional banking sector. The US, the de facto global leader in financial law enforcement, has been willing to pursue financial crime cases against senior fintech executives. Such cases have led to jail time for Changpeng Zhao and Sam Bankman-Fried – who, as the founders of Binance and FTX respectively, were two of the most prominent figures in the industry. This is in sharp contrast to the apparent impunity of bank executives in the wake of the 2008 financial crisis, as well as the US Justice Department’s recent case against TD Bank, which resulted in a record fine for money laundering but left the firm’s senior leaders relatively unscathed.

Bad business

The fintech industry has potential as an enabler of growth and innovation, in light of the UK economy’s strong position in international finance and its need to address persistently weak productivity. Yet there is a marked risk that the sector will disproportionately empower the dark side of the economy, which reaches through criminal groups to hostile intelligence services, corrupt oligarchs and authoritarian states. These threats are so deeply embedded in the UK’s traditional banking industry that London has for decades been, as the Financial Times argues, “the dirty money capital of the world.”

For a relatively new sector, fintech already has its share of cautionary tales. The crime-fuelled collapse of FTX may have had relatively little impact on equity, energy or currency markets, but the implosion of a fintech firm closer to home had far more disconcerting effects.

In 2019, Wirecard began to lose its reputation as one of Europe’s rare success stories in the fintech industry. The company’s market capitalisation peaked the previous year at around €25 billion. Yet, by June 2020, Wirecard was filing for administration following revelations about its entanglement in transnational fraud, money laundering, sanctions violations and alleged Russian intelligence operations.

Jan Marsalek, Wirecard’s chief operating officer, reportedly fled Germany to a gated community in Moscow under the watch of the FSB. According to European law enforcement officials, Marsalek made around 60 trips to Russia on nine different passports over the course of a decade, maintained connections to far-right Austrian politicians known for their own links to Russia and claimed to have visited Syria in the company of Russian military contractors.

One central European counter-intelligence official reflected on Wirecard’s collapse with the observation that “the Russian government and intelligence services expect financial favours by way of support for off-the-books intelligence operations by their favoured businessmen.” In Marsalek’s case, such operations may have included an abandoned GRU-linked scheme to recruit 15,000 militiamen in Libya. During a trip to London on Wirecard business in 2018, Marsalek reportedly carried files that included the formula for Novichok, a Soviet-designed chemical weapon of the kind used in the March 2018 attack on Russian defector Sergei Skripal in Salisbury.

One might argue that all this was a uniquely German problem irrelevant to the UK – a product of what sociologist Oliver Nachtwey calls the “omertà” between German politicians, business executives, financiers and union bosses. But that would be misleading: Prigozhin is one of countless powerful, Kremlin-linked figures to have operated freely in the UK’s traditional financial sector (suing a prominent investigative journalist through a London-based law firm and seeming to encounter little resistance in funding the case).

Policy responses

The downfall of Wirecard was unusually damaging. Yet it highlighted many challenges and threats linked to fintech that persist to this day. Globally, the regulation of non-traditional finance suffers from a lack of policy options – as suggested by the aftershock of the US Office of Foreign Assets Control’s 2022 sanctions on virtual currency mixer Tornado Cash, which led to legal challenges to the agency’s authority.

The UK Government should account for these challenges and threats when formulating its industrial strategy, given that one of its stated economic objectives is to ensure that national security concerns inform growth initiatives in key areas such as fintech. As a recent green paper on the strategy sets out, citing the Khalifa Review, the UK held in 2021 roughly 10% of the global fintech market, with revenues from the sector projected to increase by more than 300% between 2020 and 2030 if it maintained that share. Strikingly, the UK ranked second in the world for venture capital investment in fintech as a share of GDP, accounting for 48% of European deal value. The paper expresses the UK Government’s willingness to achieve growth by proactively shaping markets, in line with shifts in the global economy.

The UK Government can likely achieve its goal of avoiding “the mistakes of the past … hardwiring stability and long-termism into our plan from the start” with a mixture of investment, regulatory and security innovations. The broad aim should be to prevent the fintech sector from reproducing and deepening the flaws of traditional finance that criminal groups and hostile states so frequently exploit. Markets shaped by such activity not only pose a security threat but also make for a climate ill-suited to sustained, productive investment.

In this context, the UK’s response could include:

  • A parliamentary review of hostile states’ transfers of technology and technical expertise to criminal groups, drawing on input from the security services and law-enforcement bodies to gauge the threat they pose to the fintech sector.
  • Greater investment in the UK authorities’ capacity to track and dismantle networks of state-linked cybercrime groups, especially those that act as service providers – as Evil Corp reportedly did by renting its botnet to affiliates.
  • The creation of a strategy to make the UK a global leader in fintech safety and standards, paralleling its efforts in areas such as artificial intelligence and quantum computing.
  • An investigation into the high incidence of fraud – and apparently unknown incidence of money laundering – enabled by fintech companies, focusing on whether and how such activity strengthens state-backed criminal groups.
  • The adoption of an approach to financial regulation based on the idea that a pro-growth business environment centres on the rule of law. For instance, new anti-trust legislation could prevent the fintech sector from replicating one of the biggest flaws of the traditional banking industry: domination by multinationals that are allegedly ‘too big to jail’.

It would be easy to mischaracterise some of these efforts as creating excessive red tape or an obstacle to growth. However, as investigative journalist Geoff White argues, the attitudes of influential figures in the fintech industry range from techno-libertarianism to enthusiasm for strong, clear regulation – with most somewhere between the two. Part of the challenge would be in communicating how such measures were detrimental only to those who operate outside the rule of law.

The measures appear to align with UK foreign policy. In October 2024, Foreign Secretary David Lammy announced new sanctions on Russia’s illicit energy networks by stating that it was his “personal mission to use the full arsenal of tools at my disposal to constrain the Kremlin.” One of these tools should be a strengthened policy and enforcement initiative to disrupt groups such as Evil Corp.

The views expressed in this article are those of the author, and do not necessarily represent the views of The Alan Turing Institute or any other organisation.

Authors

Citation information

Chris Raggett, "Rocket from the Crypto: State-backed Criminal Groups and the Fintech Sector," CETaS Expert Analysis (November 2024).