Organized crime and criminality rely on expertise much like a legitimate investor. Large criminal organizations are aided by what we refer to as gatekeepers: accountants, lawyers, investment advisers, realtors and others who are either witting or unwitting participants.

Cases have shown that organized crime is very successful in co-opting individuals at all levels of financial, legal, governmental and regulatory organizations.  A "capo," or captain, from a New York crime family told me directly that without cooperating insiders, money laundering would be very difficult.

As a result, boards of advisers or boards of directors fail to fully understand the regulatory requirements around money laundering, terrorist financing, foreign corrupt practices and internal investigative matters that can have a big impact on the organization.

Far too often, when briefings do occur, it is left to a chief compliance officer who may not have direct experience with money laundering prevention. An outside expert with that experience can provide concrete examples based on real life. Lacking that, the compliance briefing may fail to state the realities the organization could be facing.

It is essential that organizations recognize that the threat of the "enemy within" is as real as that of criminals attempting to use their services from the outside.  Experience has shown me that given the right circumstances, anyone is capable of being co-opted.  Drug and gambling addictions are far too common, and organized criminals can capitalize on these human weaknesses.

The financial sector survives on commissions and bonuses and, therefore, success equates to the profitability of the individual employee's client portfolios. This can lead to greed usurping ethics. Annual security briefings for employees are essential to ensuring a healthy organization.

A risk assessment must includes products, services, delivery channels, geography (locally, nationally, and internationally) and client differentiation. Every organization has its own niche and therefore no two organization's risks are the same. 

In developing a viable risk assessment, organizations should utilize subject matter experts from each service area, and also an outside subject matter expert as a moderator, to develop an effective risk profile that is objective and can be defended. Each organization's risk assessment should be reviewed annually.

Many corporations are fully reliant on in-house IT departments.  Unfortunately, many of these departments are understaffed and the personnel spend the majority of time assisting employees with basic computer issues. 

The threat of cybercrime and cyber-attacks dictate that managing security is a 24/7 responsibility.  Personnel need to be able to maintain a level of expertise that for most organizations is not cost-effective.  Therefore, organizations need to have an outside evaluation to assess their ability to withstand a cyberattack.

Recent cases have shown that a loss of client data can subject the organization to reputational damage and large civil actions. 

Internal IT departments deal primarily with micro issues such as dealing with employee operations problems.  Executives find cumbersome security measures a nuisance and thus many do not have appropriate levels of security.

Cybercrime has evolved and will continue to.  Many organizations are ill-prepared and fail to take action until they are compromised.  It is essential to focus time and energy on the macro issues.

For example, disgruntled employees or employee collusion with organized crime.  Organizations need to accept that they continually face the risk of being compromised and implement measures to ensure that employees prone to nefarious activities are identified and weeded out quickly.