惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
V
V2EX
大猫的无限游戏
大猫的无限游戏
腾讯CDC
博客园 - Franky
WordPress大学
WordPress大学
Jina AI
Jina AI
GbyAI
GbyAI
云风的 BLOG
云风的 BLOG
B
Blog RSS Feed
Last Week in AI
Last Week in AI
The Cloudflare Blog
V
Visual Studio Blog
P
Proofpoint News Feed
博客园 - 叶小钗
L
LangChain Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Recorded Future
Recorded Future
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
T
The Blog of Author Tim Ferriss
人人都是产品经理
人人都是产品经理
Y
Y Combinator Blog
罗磊的独立博客
雷峰网
雷峰网
博客园 - 【当耐特】
Microsoft Security Blog
Microsoft Security Blog
L
LINUX DO - 热门话题
Cisco Talos Blog
Cisco Talos Blog
L
Lohrmann on Cybersecurity
Martin Fowler
Martin Fowler
Spread Privacy
Spread Privacy
MongoDB | Blog
MongoDB | Blog
Engineering at Meta
Engineering at Meta
C
Cybersecurity and Infrastructure Security Agency CISA
小众软件
小众软件
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Recent Announcements
Recent Announcements
T
Threat Research - Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
量子位
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
宝玉的分享
宝玉的分享
D
DataBreaches.Net
T
The Exploit Database - CXSecurity.com
Vercel News
Vercel News
IT之家
IT之家
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
T
Troy Hunt's Blog
aimingoo的专栏
aimingoo的专栏

Opinion

Op-Ed: Microsoft’s July Patch Tuesday reveals 622 vulnerabilities Op-Ed: Why CISOs are drowning in alerts but missing the real threat Op-Ed: The reality of data-centric security and attribute-based access control Op-Ed: Australia’s cyber law is stuck in the past – the Slay Review is our chance to fix it Australian federal budget 2026: The industry perspective Op-Ed: Redefining performance in the AI-powered SOC Op-Ed: AI won’t patch the holes in your SOC Op-Ed: Australia inspired the EU’s online age restrictions, now it’s time for us to learn from them Op-Ed: Microsoft April Patch Tuesday reveals 167 vulnerabilities The industry speaks: World Identity Management Day 2026 Op-Ed: Why zero trust for OT should start at the boundary, not the boiler room The industry speaks: World Cloud Security Day 2026 The industry speaks: World Backup Day 2026 Op-Ed: Information sharing of cyber threats vital to national security Op-Ed: Building secure foundations for AI in the cloud Op-Ed: AI isn’t the threat, poor design is Op-Ed: Why Australia’s schools are becoming strategic targets for organised crime Op-Ed: Australia’s National AI Plan looks good on paper, but where are the teeth? Op-Ed: Australian organisations need federated authority to stay secure at scale
Op-Ed: The transaction was legitimate; the crime was hidden in the system
Keith Bulfin · 2026-06-03 · via Opinion

One of the biggest misconceptions in financial crime is the belief that sophisticated criminal activity is hidden because transactions themselves appear suspicious.

In reality, the opposite is often true.

You’re out of free articles for this month

To continue reading the rest of this article, please log in.

The most sophisticated criminal systems frequently operate through transactions that appear entirely legitimate. A payment is made; an invoice is issued; funds move through recognised financial institutions; goods are shipped; customs documentation is completed; containers arrive at their destination.

Every individual component may appear legitimate when viewed in isolation. The problem is that organised crime does not operate in isolation.

It operates as a system. This is where what I describe as the “Operational Interpretation Gap” begins to emerge.

Across the world, financial institutions invest billions of dollars into:

• transaction monitoring
• AML systems
• AI-driven detection
• sanctions screening
• compliance programs
• governance frameworks.

Yet global illicit financial flows continue to exceed US$4.5 trillion annually. Why?

Because institutions often analyse transactions individually, while criminal organisations operate behaviourally across multiple jurisdictions simultaneously.

A payment may be sent to a company in Europe for goods that appear legitimate. A shipment may move through several countries. Funds may pass through multiple financial centres. Ownership structures may span several jurisdictions.

No single transaction triggers concern.

No individual participant sees the complete picture.

The criminal activity is not hidden inside one transaction. The criminal activity is hidden within the architecture connecting all of them – this distinction is critically important.

Compliance systems are generally designed to identify anomalies, and operational intelligence seeks to understand intent.

Compliance asks: “Does this transaction trigger a rule?”

Operational intelligence asks: “What larger system is this transaction part of?”

That question is becoming increasingly important as organised crime groups continue evolving into highly sophisticated multinational enterprises.

Many now employ:

• cyber specialists
• financial professionals
• logistics experts
• technology teams
• recruiters
• facilitators operating across multiple countries.

They understand jurisdictions. They understand regulatory differences. They understand how institutions share information. Most importantly, they understand that modern systems often analyse activity in fragments.

Their advantage comes from understanding the whole picture.

The future challenge for financial institutions, cyber professionals, regulators, intelligence agencies, and governance leaders is not simply collecting more data. It is in developing the capability to interpret behavioural systems operating behind that data.

Because ultimately, the transaction itself is rarely the story. The behavioural architecture behind the transaction is the story.

And until institutions become better at understanding that architecture, organised criminal systems will continue adapting faster than the systems designed to stop them.


Keith Bulfin is the founder of the Applied Financial Intelligence Programme and author of the bestselling book “Undercover”. His background includes work across global financial intelligence, organised crime investigations, illicit finance systems, and operational intelligence environments involving international agencies and investigations.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.