Responding to Financial Crime Risks During COVID-19
Over the past few months, numerous organizations and agencies—including the intergovernmental Financial Action Task Force, UK Financial Conduct Authority, Dubai Financial Services Authority, and U.S. Financial Crimes Enforcement Network—have stressed the need to preserve the integrity and security of the global payments system during and after the pandemic.
Sufficient flexibility exists in a risk-based approach to financial crime compliance to allow for business continuity while observing precautionary social distancing. However, it is essential that financial institutions and non-financial businesses continue to apply appropriate levels of risk-based due diligence when digitally onboarding clients and processing contactless payments. Many view the Coronavirus as a perfect storm for fraudsters, money launderers, terror financiers. Hence it remains critically important to be vigilant to new and emerging illicit finance risks and to detect and report suspicious activity.
FATF Statement on Combatting Illicit Financing during COVID-19
On April 1, 2020, Xiangmin Liu, President of the Financial Action Task Force (FATF), the global standard‑setter for combating money laundering and terror financing and proliferation, issued a statement on thwarting illicit financing during COVID-19.
Mr. Liu encouraged the use of Fintech, Regtech, and Suptech to the fullest extent possible in order to deliver digital financial services to customer bases responsibly while preventing the transmission of Coronavirus. To that end, FATF recently published guidance designed to assist governments, financial institutions, virtual asset service providers, and other regulated entities, to determine the appropriateness of digital identification for customer due diligence purposes. Mr. Liu also reminded financial service providers to explore the suitability of simplified measures to facilitate the delivery of government benefits in response to the pandemic. However, Mr. Liu cautioned that terrorists will exploit any opportunity to raise funds and cited the heightened vulnerabilities as fundraising for fake charities, trafficking in counterfeit medicines or supplies, offering fraudulent investment opportunities, and engaging in phishing schemes that prey on virus-related fears and exploit the goodwill of the public.
UAE Authorities Joint Guidance on COVID-19
On May 5, 2020, the UAE financial services regulators, namely the Central Bank of the UAE, the Dubai Financial Services Authority (DFSA) of the Dubai International Financial Centre, the Financial Services Regulatory Authority of the Abu Dhabi Global Market, the Securities and Commodities Authority, the Insurance Authority, and the Ministries of Justice and Economy, jointly issued important guidance on anti-money laundering obligations in the context of COVID-19.
During the preventive restrictions currently in place, financial institutions and non-financial businesses that cannot certify identity copies against sight or physical custody of original documents are free to develop and deploy unconventional methods of satisfactorily knowing and vetting customers, but must document their processes. Further, the financial distress of customers may necessitate atypical transactional behavior such as partial bill settlements. To that end, parties must carefully analyze payments to distinguish uncharacteristic but legitimate behavior from truly suspicious conduct. Finally, parties must continue to employ a risk-sensitive approach to discharging money laundering and terror financing obligations. This means continuing to evaluate customers’ risk profiles, products and services, customer bases, and geographies of operation, while being more vigilant towards the increased risk of financial fraud, cybercrime, and similar illicit activity.
DFSA Pens “Dear SEO” Letter
The DFSA was quick to circulate guidance to regulated (“authorized”) parties, penning a letter to all relevant Senior Executive Officers on May 6, 2020.
FCA Guidance on Financial Crime Systems and Controls during COVID-19
Also on May 6, the UK’s Financial Conduct Authority (FCA) published guidance emphasizing the importance of firms continuing to employ effective systems and controls to maintain the integrity of the financial market. As a result, financial institutions and non-financial businesses must be alert to evolving types of criminality and must be ready to amend their control environments to respond to new threats.
The FCA cautioned parties not to address operational issues by changing their risk appetites. In practice, this means parties should not alter transaction monitoring thresholds and sanctions screening triggers simply to reduce related alerts. A reasonable delay in determining and clearing alerts is preferable, so long as parties prioritize reviews for higher risk customers. Where parties do amend their controls in response to current circumstances, decisions should be risk assessed, pass through appropriate governance, and be well documented. As usual, parties should notify the FCA of any material issues impacting the effectiveness of financial crime controls. Finally, the FCA cites to Joint Money Laundering Steering Group (JMLSG) guidance on non-traditional methods of verifying customer identities and related checks and balances. JMLSG is a private sector body comprised of the leading UK Trade Associations in the financial services industry and its non-binding guidance—approved by Her Majesty’s Treasury—is designed to assist the financial sector to comply with the UK’s anti-money laundering and counter-terror financing legislation.
FinCEN Director Speaks on COVID-19 Cybercrime
On May 13, 2020, Kenneth A. Blanco, Director of the Financial Crimes Enforcement Network (FinCEN), a Bureau within the U.S. Department of the Treasury, commented on emerging typologies of criminal misuse related to COVID-19.
According to Mr. Blanco, among the more recent suspicious activity reports (SARs) FinCEN has received are reports of cybercriminals leveraging the Coronavirus to lure vulnerable individuals seeking healthcare products or companies contributing to relief efforts. Prevalent Coronavirus-related scams include ransomware attacks, the sale of fraudulent medical products, and sham initial coin offerings. Malicious actors specifically design these schemes to exploit altered business operations, remote working, and decreased mobility, and to prey on the increased anxiety of those seeking critical healthcare information, including the elderly and infirm. Mr. Blanco confirmed that FinCEN intends to publish a series of advisories highlighting common typologies used in the pervasive fraud, theft, and money laundering activities related to the Coronavirus. These advisories should assist the financial sector to detect and report illegal activity.
Key lessons are universal and clear. Regardless of the number or severity of present challenges, financial institutions and non-financial businesses still must strictly comply with their money laundering and terror financing obligations without exception. Where necessary, parties should revisit their risk assessment and control frameworks and revise their internal policies, procedures, and/or controls, to deter abuse of the distanced business practices implemented to check the spread of COVID-19.
Amira Shaat and Sam Song contributed to this post.