SWIFT and BAE Systems Applied Intelligence have published a new report called 'Follow the Money'. This report describes the complex web of money mules, front companies and cryptocurrencies that criminals use to siphon funds from the financial system after a cyber-attack.The report highlights the ingenuity of money laundering tactics to obtain liquid financial assets and avoid any subsequent tracing of the funds. For instance, cyber criminals often recruit unsuspecting job seekers to serve as money mules that extract funds by placing legitimate sounding job advertisements, complete with references to the organisation’s diversity and inclusion commitments. They use insiders at financial institutions to evade or undermine the scrutiny of compliance teams carrying out know-your-customer (KYC) and due diligence checks on new account openings. And they convert stolen funds into assets such as property and jewellery which are likely to hold their value and less likely to attract the attention of law enforcement.SWIFT commissioned BAE Systems to investigate this element of the money laundering process as part of its Customer Security Programme (CSP). The CSP continually helps the financial community to strengthen its cyber defences through a range of measures including mandatory controls, intelligence sharing and thought leadership. Although there has been much research into the methods that cyber criminals use to conduct attacks, there has been less investigation into what happens to funds once they have been stolen. The aim of this report is to illuminate the techniques used by cyber criminals to ‘cash out’ so that SWIFT’s global community of over 11,000 financial institutions, market infrastructures and corporates can better protect themselves.