The current crisis created a golden opportunity for fraudsters. A heady cocktail of disruption to business processes, financial pressures and multiple online transactions mean the stage is set perfectly for cyber criminals and money launderers. Regulators, therefore, have been issuing guidance to companies about how they can reduce their exposure.
The Institute for Chartered Surveyors acknowledges where some of the biggest risks will come from. Their guidance document on anti money laundering states:
“In particular, firms should consider whether the current economic climate may make them or their customers more susceptible to financial difficulties or other pressures, thus creating risk and potential weaknesses for criminals to exploit.”
In France, guidance from the Commission de Surveillance du Secteur Financier (CSSR) has identified a number of activities terrorists and criminals can exploit, including:
- Online payment services
- Clients in financial distress
- Mortgages and other forms of collateralised lending
- Credit backed by government guarantees
- Distressed investment products; and
- Delivery of aid through non-profit organisations.
The FCA’s revised business plan for 2020/21 places a firm focus on mitigating problems caused by COVID-19 including the heightened vulnerability to cybercrime and money laundering. It expressly confirms that it will continue to take enforcement in this area. It is also consulting on extending its Financial Crime Data Return to strengthen risk-based supervision in this area.
All the guidance from various authorities hammers home similar messages. The risks are higher and firms must have effective systems and controls to detect and mitigate the risk of money laundering. To avoid enforcement action, firms will have to be able to point to documentary evidence which shows they have taken necessary steps.
Here are the key lessons that firms can take away from this:
- Identifying weak points: As institutions shift to work from home models, their risks multiply. They will be moving much more data across the cloud as their workforce shifts to a predominantly work from home model. They must maintain system security by establishing clear protocols and endpoint security.
- Maintain oversight: Disruption to business processes must not be permitted to compromise monitoring and oversight of transactions. This may become more difficult due to the expected increase of online payment transactions as well as interruption to their regular working patterns.
- Managing delays: The FCA acknowledges that disruption may force firms to prioritise or delay some operations such as customer due diligence. However, where this happens, they must show they have taken a risk-based approach. For example, delays to due diligence to high risk customers should be avoided.
- Verifying client identity: Travel restrictions can make it more difficult to verify the identity of clients. However, firms should be able to ensure numerous verification procedures are carried out remotely. For example, by accepting scanned documents by email or asking clients to submit digital photos to compare with other forms of ID.
COVID-19 is a gift for a fraudster. It hinders the ability of financial firms and regulators to maintain oversight and to safeguard against the possibilities of fraud. By understanding the challenges and what alternative options are available to them, firms can minimise the interruption to their processes and strengthen their defences against criminals as much as possible.