The Financial Action Task Force (FATF) has recently published a paper outlining the new money laundering and terrorist financing (ML/TF) risks that have emerged as a result of the COVID-19 pandemic and the practical and policy responses required of jurisdictions to combat those risks.
In this alert we provide:
- a summary of the FATF paper, including the causes and effects of COVID-19 implications on predicate crimes and the emerging ML/TF typologies;
- expectations on supporting customers;
- a summary of Australia's regulatory response plus a snapshot of approaches taken by regulators in Hong Kong, the United Kingdom and the United States; and
- key take-aways and tips for our clients.
Financial institutions are at the forefront of mitigating fraud and ML/TF risk, and must calibrate their customer due diligence (CDD), screening and monitoring tools to account for these emerging threats.
Key crimes emanating from COVID-19
Fraud, cyber-attacks, theft / misappropriation, bribery, corruption, human exploitation and property crime feature heavily in COVID-19-related crimes. The following table provides further details.
|Lockdown, school closures and work from home initiatives||
|Social assistance, tax relief, humanitarian aid initiatives and lack of medical supplies||
|Closure of banks and their regulators||
|Economic crisis and unemployment||
|Diversion of government resources||
|"Kindness and concern"||
The money laundering that flows from these crimes
At this early stage, the risks relate to generating the proceeds of crime from an increase in predicate offences but the FATF paper provides some insight into the emerging money laundering typologies (no terrorist financing typologies are yet identified):
Bypassing AML/CTF controls by exploiting challenges caused by COVID-19, this spans from transaction monitoring challenges at bank level to less supervision and policy reform at government level.
Increased use of unregulated financial services by those in need of finance, ranging from hawala/xawala use to exploitation by organised crime gangs.
Increased use of online financial services and virtual assets to ML, particularly from the fraudulent sales of medical goods.
Misuse of insolvency mechanisms. For example, the misuse of corporate insolvency to free-up illicit cash mingled in front businesses, masking the true origins.
There is a current increase in physical cash transactions. When markets recover, there will be a correspondent surge in investment with illicit investment potentially masked.
Increased investment in cheap real-estate and other property with illicit proceeds.
Responding to the threats
The FATF report suggests several actions to assist supervision and policy development. These focus on coordination between the public and private sector, adopting a risk-based approach to CDD, adaptation and digitisation. We summarise below key examples of efforts taken by jurisdictions that we believe are of most interest to financial institutions.
- Reporting and dialogue - Supervisors or financial intelligence units (FIUs) have provided financial institutions with a communication line that can be used to report serious challenges in meeting regulatory expectations. The FIs are required to keep relevant records and develop a remediation plan as the situation improves.
- Taskforces - A number of countries have introduced special taskforces or other operational coordination measures to deal with COVID-19-related crime, particularly in relation to fraud.
- Prioritisation - In some countries, authorities have issued advice to relevant agencies on the prioritisation of investigations and prosecutions.
- Keywords when reporting suspicions of ML/TR - Some FIUs have asked regulated entities to use a keyword in suspicious transaction reports to allow them to triage and prioritise as well as develop strategic analysis of bulk data.
- Redirection of resources - Some agencies are considering pooling available resources confiscated from criminals. For example, using confiscated properties as temporary medical centres.
- Risk indicators - One country has developed risk indicators in relation to aid package exploitation so this can be more easily identified.
Despite the threats, the FATF also recognises that individuals and corporations are also under significant pressure themselves, and that it may be appropriate to take simplified CDD measures or provide reasonable risk-based relaxations.
Examples include the following:
- Simplified CDD - Applying simplified CDD where lower risks are identified such as accounts being opened to facilitate government relief payments.
- Document allowances - Allowing reporting entities to accept recently expired government-issued identification until further notice to verify identity (though still ensuring the authenticity of it).
- Reduced or delayed verification - Allowing reduced / delayed verification measures such as reliance on digital copies of documents as an interim measure with appropriate controls in place, ie tiered accounts with less functionality and enhanced controls.
- Remote onboarding - Encouraging the use of digital identity and non-face-to-face onboarding where the technology is appropriately trustworthy.
- Going "digital" - Supporting electronic and digital payment options by increasing limits for contactless payments, point-of-sale purchases and e-wallets and reducing charges for domestic money transfers.
Australian Regulatory Guidance
The Australian Transactions Reporting and Analysis Centre (AUSTRAC) has said that it will work constructively with reporting entities during this disruptive period and will consider a reporting entity's circumstances when applying the AML/CTF laws.
AUSTRAC has published a number of updates on its website which contain information on AUSTRAC's key initiatives in response to the COVID-19 pandemic and guidance to reporting entities on compliance with AML/CTF laws during the COVID-19 pandemic.
In particular, AUSTRAC has identified the following areas of potential criminal exploitation during the COVID-19 pandemic:
✖ Targeting of government assistance programs through fraudulent applications and phishing scams.
✖ Movement of large amounts of cash following the purchase or sale of illegal or stockpiled goods.
✖ Out of character purchases of precious metals and gold bullion.
✖ Exploitation of workers or trafficking of vulnerable persons in the community.
✖ An increase in the risk of online child exploitation following restrictions on travel.
✖ A rise in extremist views either against members of the community or the government.
AUSTRAC has encouraged reporting entities to remain alert to the above activity and submit high-quality, accurate and timely Suspicious Matter Reports to assist AUSTRAC.
In relation to carrying out KYC processes and procedures during the COVID-19 pandemic, AUSTRAC has encouraged reporting entities to:
✔ consider additional verification through:
- using a video call to compare the physical identity of a customer with scanned or photographed copies of identification documents;
- requiring a customer to provide a clear, front view 'selfie' that can be compared with the identification document; and
- telephoning the customer to ask questions about their identification.
✔ keep records of any changes in policies and procedures made during the COVID-19 pandemic where it has not been feasible to document those changes in the AML/CTF Program.
AUSTRAC has also implemented the following regulatory initiatives to assist reporting entities during the COVID-19 pandemic:
- CDD relief for superannuation funds - Introduction of a new AML/CTF rule which provides that superannuation funds will not have to carry out their customer identification procedure before making payments to their members under the Government's early release of superannuation initiative.
- Alternative ID proof - Amendment to Part 4.15 of the Rules to enable reporting entities to rely upon alternative proof of identity processes.
- Timing extension for Compliance Reports - Extension of the due date for the submission of 2019 Compliance Reports from 31 March 2020 to 30 June 2020 and no compliance action for a small to medium sized business affected by the government's COVID-19 social distancing measures if it does not submit a 2019 Compliance Report.
AUSTRAC continues to provide updates to reporting entities via its website. It has encouraged reporting entities to contact AUSTRAC via its online form should they have questions about complying with AML/CTF obligations during the COVID-19 pandemic. Reporting entities should also contact AUSTRAC if they notice new or emerging threats or significant shifts when carrying out financial crime and fraud monitoring.
Global regulatory guidance
Globally, regulators have been issuing targeted guidance in relation to COVID-19 risks and expectations for financial institutions. We consider below examples from the United States, the United Kingdom and Hong Kong.
The FCA has issued some granular guidance, such as:
The HKMA has issued circulars focusing on:
These are extraordinary times, where customers and financial institutions are vulnerable. On the customer side, it's important to engage and leverage the flexibility and risk-based approach that is available in existing law and regulatory guidelines. At the same time, a change in criminal and ML/TF typologies always requires an update to policies, procedures and controls to ensure they remain up-to-date and relevant.
✔ Be aware - Consider what the FATF has advised, and look at what the regulators in your jurisdiction are doing (such as the HKMA).
✔ Engage - Engage industry bodies to drive change or develop solutions where required. Effective (and lawful) information-sharing is a particularly critical piece.
✔ Speak to your regulator - Timely and transparent communication with the regulator is paramount. If COVID-19 causes a backlog in your transaction monitoring alerts, your compliance teams are furloughed, working-from-home or sick leaving them under-resourced or your systems are overwhelmed with the volume of on-line transactions, speak to the regulator, agree a plan of action
✔ Update - update your AML/CTF policies and procedures where necessary to reflect changes in ML/TF risk typologies arising from the COVID-19 pandemic and regulatory guidance.
Please do not hesitate to contact us should you require further guidance or assistance with implementing any of the above measures.
 FATF "COVID-19-related Money Laundering and Terrorist Financing: Risks and Policy Responses", May 2020.
 The US Financial Crimes Enforcement Network
 The UK Financial Conduct Authority