We are told we are in this together, but it’s clear some are in it more than others—and some are in it for personal gain as well as devious and dangerous reasons.

On Tuesday, the governments of the United States and United Kingdom issued warnings about cyber-attacks on hospitals and medical institutions engaged in fighting the coronavirus pandemic. Interpol has reported ransomware attacks upon hospitals.

All cyber-attacks leave a trail, albeit they may be camouflaged and innocent third parties may have been unwittingly used within the attacks. Consequently, investigators are able to trace the source of attacks and the route any stolen assets or data take through the internet, including through the dark Web.

Of course, these trails can be complex, but the criminals cannot avoid them. Thus, they leave a supply chain of intelligence and data. By way of example, all Bitcoin transactions leave a public record that can be followed, leading to the potential identity of users, owners, and/or criminals. To obfuscate some of this, services are offered within the criminal supply chain, including bitcoin laundries. Imagine advertising something so blatant for fiat currencies. Now ask yourself, what kind of people need their bitcoins laundered?

The problem for the legitimate bitcoin owner (they do exist, I have met many of them) is their coins are often thrown into the washing machine alongside the dirty coins. After all, launderers seek to hide dirty money by mixing it with clean money. None of us actually know if our ordinary bank notes have at some time been laundered, but this is not the case with a bitcoin. Once laundered, the bitcoin retains this characteristic and as a consequence may become all the more difficult to use and convert to a fiat currency.

There are parallel supply chains operating here, alongside the actual currency transaction, and the same applies to all businesses. While the cyber-transactions leave a parallel chain of intelligence, our businesses supply legitimate goods, services, or even advice, alongside confidence, since we assert we are reliable. There are risks in all supply chains, including the risk that others will seek to infiltrate or abuse our services and products to facilitate crimes—including money laundering. (It has recently been reported that U.S. authorities are investigating banks that may have facilitated money laundering and sanctions breaches undertaken by the North Korean regime using crypto assets.)

It follows that who we do business with matters, as it impacts risk in particular—reputational risk—and this extends a long way down any supply chain. If your business applies screening services supplied by Bill and Ben the Data Men, people will ask: “Who is Ben, who is Bill, and what data are they suppling?” It is likely by using such a supplier you will not simultaneously be supplying confidence to others, including regulators.

The choices our business colleagues make have an impact on these parallel supply chains, and we are here to advise and support them. Our due diligence protects the firm and other parties in our supply chains, such that we need to ensure we always supply confidence in all we do. We are not removed from the front line of our business. We are constantly embedded with our colleagues, adjacent to them, supporting them, and travelling along supply chains with them, all the while identifying, reducing, and managing the risks that materialize.