Financial Crime Risk Management (FCRM) in private and public organizations has undergone big changes due to paradigm shifts in business dynamics, emerging threats, regulatory climate and technological advancements. However, in the last few months, the world has been experiencing something unprecedented that has made all other changes somewhat secondary: The Coronavirus (COVID-19). This once-in-a-lifetime phenomenon will change the face of Financial Crime Risk Management (FCRM), compliance and sanctions forever. In this article, I will examine the far-reaching impacts of COVID-19 on financial crime and how private and public organizations can address them.
Increased cyber (financial) fraud
Money transfers through online wallets and online payments, including e-commerce transactions, were used moderately in the past. However, these have now become one of the only ways to conduct transactions due to social distancing measures. Seizing this opportunity, fraud perpetrators equipped with the latest technology are perpetrating more sophisticated online transaction frauds. Because a large part of the global population is not tech-savvy enough to ward off the (financial crime) risks associated with online transactions, they are becoming victims of social engineering and cyber (financial) frauds.
Proliferation of money mule-induced laundering
COVID-19 is going to trigger many small-value fund transfers from various governmental bodies, non-governmental organizations and other agencies to fund relief work. Therefore, transaction patterns may stray from the norm. Any Transaction Monitoring (TM) system will need some time to get tuned to these patterns, and this time will ironically present a golden opportunity for launderers to route funds through money mules and escape detection. Fear of being laid off and the lure of earning income from home will entice people into becoming money mules. Most of the leading regulators, including the Dutch National Police, have warned private and public organizations to be vigilant about any such situation.
A pandemic of this magnitude brings panic and anxiety among the masses, which in turn presents an opportunity for imposters to design scams impersonating government agencies, international relief organizations or healthcare service providers. One such scam that is already occurring involves banking institutions’ moratorium on equated monthly installments. Borrowers are being contacted by fraud perpetrators over the phone or by email and being asked to reschedule a loan as a relief measure. This allows fraud perpetrators to extract account details and siphon off funds in no time.
Money laundering camouflaged as COVID-19 relief
While the world adapts to fight The COVID-19 Pandemic, launderers are using this time to transfer illicit funds under minimal or no suspicion. Regulators such as the European Banking Authority (EBA) have already warned banking institutions about emerging criminal activity linked to COVID-19.
As stated by the European Banking Authority (EBA), “As most economies are facing a downturn, financial flows are likely to diminish. However, experience from past (financial) crises suggests that in many cases, illicit finance will continue to flow.” Other major regulators have also released similar COVID-19 guidelines. It is incumbent for cash-starved banking institutions to maintain high levels of rigor while monitoring cash transactions.
COVID-19-related insider trading
The current COVID-19-crisis has impaired the business dynamics that drive economic activities in a normal scenario. Only essential companies are open under strict regulatory control. As a result, governmental policies and decisions carry huge implications on trading prices of stocks and if used scrupulously, can lead to market abuse.
Cybercrime and associated crypto-threats
There are reports of cyber-criminals taking advantage of COVID-19 to scam the vulnerable public. Some examples include the following:
- Healthcare providers being attacked by ransom-ware such as Bitcoin ransom-ware, which is wreaking havoc on the already stressed hospital information technology (IT) infrastructure and cashing in on the COVID-19 Pandemic.
- Cyber-attacks on the depleted security systems of organizations due to limited staff presence and unpatched vulnerabilities.
- Launching fake mobile apps, which claim to be providing information on COVID-19, aimed at stealing personal data or even rendering phones unbootable.
All the above developments have two things in common: fear and chaos caused by The COVID-19 Pandemic. This has provided the perfect platform for launderers and fraud perpetrators to thrive until private and public organizations develop a defense mechanism and adaptations become institutionalized. Private and public organizations must quickly improvise to this changed scenario to avoid further damage.
Managing the impact of COVID-19: A job made for private and public organizations
Having understood the gravity of the problem, private and public organizations must now address (financial) crimes triggered by COVID-19. One silver lining in this grim situation is seeing several innovations develop that were unimaginable just a few weeks ago, such as the production of ventilators by car manufacturers and the conversion of trains, ships and even airplanes into hospitals. Private and public organizations are likely to create their own innovative solutions to stay afloat during these testing times as well. The following are realignments that might be used to mitigate COVID-19-related financial (crime) risks.
Strengthening Suspicious Activity Report (SAR) investigation, factoring in emerging risks and enhancing automation
As most client interactions for banking are now happening through online channels, anti-money laundering (AML) procedures will change. The financial (crime) risk perception of banking institutions should also change accordingly as bad actors will introduce newer forms of suspicious activities into the system. The Dutch Authority for the Financial Markets (AFM) has already advised private and public organizations to remain alert to malicious/fraudulent transactions from exploiting The COVID-19 Pandemic.
Given the above changes and with minimal staff strength at their disposal, banking institutions that have introduced automations in the past will gain from these implementations. Others will need to work hard to introduce cognitive Robotic Process Automation (RPA) based on Suspicious Activity Report (SAR) investigation and reporting solutions to meet this challenge.
Fine-tuning adverse media screening
As part of anti-money laundering (AML) investigations, adverse media screening is performed to ascertain whether the investigated entity is involved in anything negative such as criminal proceedings, penalties and fines, involvement in laundering of funds, and so on. Important aspects of adverse media screening include news categorization, context-sensitive interpretation and automation of screening process. With COVID-19 introducing new sets of (financial) crime typologies, private and public organizations will face increased false positive alerts as well as true positive misses. Therefore, private and public organizations need to review their media screening and introduce necessary changes to stay effective. In short, private and public organizations must redefine screening typologies for drawing insights.
New scenario building for Transaction Monitoring (TM)
Like adverse media screening, Transaction Monitoring (TM) scenarios will also need to be adjusted so newer forms of money laundering are kept in check. Therefore, banking institutions need to review Transaction Monitoring (TM) scenarios and introduce Artificial Intelligence (AI)-based detection wherever possible to take care of any new anomalies or pattern changes automatically.
Stricter insider-trading detection through Artificial Intelligence (AI)-based models
Insider-trading as a result of regulatory policy information being leaked must be addressed. Additional scenarios to consider include timing of policy information dissemination and timing of trading. This will be a tough job as it needs to be accomplished in the interest of market integrity. A more rigorous trader and employee communication surveillance will also help a great deal.
Finding newer acceptable ways to perform Know your Customer (KYC) updates
Know your customer (KYC) updates will have serious challenges as social distancing measures continue. Private and public organizations need to develop a robust mechanism using unconventional channels wherever possible, such as online data collection for collecting customer data.
Enriching fraud scenarios with the latest event information
As newer forms of frauds are gaining prominence, Private and public organizations need to enrich their fraud event repository so COVID-19-induced frauds are not missed. Here again, Artificial Intelligence (AI)-based detection models will be quite handy for making unsupervised adjustments in flawed indicators.
Keeping cyber threats at bay by deploying adequate staff
Cyber-security and data breach prevention are nonnegotiable under all circumstances. These are now even more critical due to the following factors:
- Stress of digital transaction volumes on IT-infrastructure
- Current onslaught of cyber-criminals
- Data access by employees working from remote locations
Any frugality in terms of staffing this function will only attract hefty financial and reputational losses and cause severe business continuity issues. Therefore, IT-support should receive top staffing priority.
Including the above-mentioned set of measures, the broad readiness agenda for C-level risk and compliance heads of private and public organizations is depicted below.
The COVID-19 Pandemic will likely be present for the foreseeable future, so appropriate changes in how companies manage (financial crime) risks must be made. After getting over the initial hiccups of grappling with immediate business continuity challenges, (financial crime) risk and IT teams of private and public organizations are now gearing up for the next challenges: how to plan, introduce and institutionalize the above-mentioned adaptations that will help them currently and in the long term. As there is less time to react, operational resiliency and managing speed of change is of utmost importance. One thing that will help private and public organizations a great deal is introducing Artificial Intelligence (AI)-based capabilities, which have very high levels of adaptability to changes in data and information by learning from newer patterns, anomalies and outliers. Private and public organizations that already have these capabilities stand to gain a lot and will be better equipped to handle this COVID-19-crisis now and in the future.
However, it is not possible to develop these capabilities overnight if not existing in their current ecosystem. Therefore, it will be prudent to develop a two-pronged strategy comprising of strategic and tactical measures. The following are key elements of this strategy:
- All types of detections might be improved through strategic measures, i.e., either by deploying new Artificial Intelligence (AI)-based models within a reasonable time or fine-tuning existing models. For example, money laundering or fraud detection models might be retrained with additional data in order to maintain their detection effectiveness.
- Changes in manually performed activities might be handled through remediation in the short term so that compliance objectives are quickly achieved. However, in the long run, they would require measures like Robotic Process Automation (RPA) to save effort and time as well as meet new compliance requirements.
Regardless of the strategy, it is important to stay compliant at all times as regulators are not going to provide any major leeway during this hour of COVID-19 Pandemic.