This article was written by Kate Jackson-Maynes, Urszula McCormack and Sophie Jaggard.
The Financial Action Task Force (FATF) has recently published a paper outlining the new money laundering and terrorist financing (ML/TF) risks that have emerged as a result of the COVID-19 pandemic and the practical and policy responses required of jurisdictions to combat those risks.
In this alert we provide:
- a summary of the FATF paper, including the causes and effects of COVID-19 implications on predicate crimes and the emerging ML/TF typologies;
- expectations on supporting customers;
- a summary of Australia’s regulatory response plus a snapshot of approaches taken by regulators in Hong Kong, the United Kingdom and the United States; and
- key take-aways and tips for our clients.
Financial institutions are at the forefront of mitigating fraud and ML/TF risk, and must calibrate their customer due diligence (CDD), screening and monitoring tools to account for these emerging threats.
Key crimes emanating from COVID-19
Fraud, cyber-attacks, theft / misappropriation, bribery, corruption, human exploitation and property crime feature heavily in COVID-19-related crimes. The following table provides further details.
|Lockdown, school closures and work from home initiatives
- Hacking of business email accounts to commit invoice fraud
- Ransomware attacks including on hospitals that can’t afford, in human life terms, to lose access to systems for any length of time
- Phishing attacks to gain access to networks, personal accounts and passwords
- Increase in online child exploitation with vulnerable children at home, online and an unexplained increase in demand
- Organised property crime driven by empty corporate buildings
|Social assistance, tax relief, humanitarian aid initiatives and lack of medical supplies
- Impersonation of officials to exploit people for payment information under the false promise they will receive social benefits
- Counterfeit or fraudulent sale of medical supplies
- Fraudulent claims on government stimulus measures through shell companies
- Misappropriation of aid by corrupt officials
- Redirection of humanitarian aid responses to terrorist groups in high risk jurisdictions
|Closure of banks and their regulators
- Vulnerable groups less familiar with, or with less access to, online banking become more open to fraud
|Economic crisis and unemployment
- Fraudulent investment scams such as claiming publicly listed companies are developing cures
- Increase in insider trading seeking to profit from large value swings
- Increase in burglary, theft and wildlife poaching
|Diversion of government resources
- Exploitation of workers whilst workplace inspections are reduced
- Increased risk of terrorist attacks
|"Kindness and concern"
- Impersonation of hospital officials to exploit payment for medical treatment that is fake
- Fraudulent charities to exploit people into making donations that never reach the promised recipient but land in the hands of a criminal
The money laundering that flows from these crimes
At this early stage, the risks relate to generating the proceeds of crime from an increase in predicate offences but the FATF paper provides some insight into the emerging money laundering typologies (no terrorist financing typologies are yet identified):
Bypassing AML/CTF controls by exploiting challenges caused by COVID-19, this spans from transaction monitoring challenges at bank level to less supervision and policy reform at government level.
Increased use of unregulated financial services by those in need of finance, ranging from hawala/xawala use to exploitation by organised crime gangs.
Increased use of online financial services and virtual assets to ML, particularly from the fraudulent sales of medical goods.
Misuse of insolvency mechanisms. For example, the misuse of corporate insolvency to free-up illicit cash mingled in front businesses, masking the true origins.
There is a current increase in physical cash transactions. When markets recover, there will be a correspondent surge in investment with illicit investment potentially masked.
Increased investment in cheap real-estate and other property with illicit proceeds.
Responding to the threats
The FATF report suggests several actions to assist supervision and policy development. These focus on coordination between the public and private sector, adopting a risk-based approach to CDD, adaptation and digitisation. We summarise below key examples of efforts taken by jurisdictions that we believe are of most interest to financial institutions.
- Reporting and dialogue - Supervisors or financial intelligence units (FIUs) have provided financial institutions with a communication line that can be used to report serious challenges in meeting regulatory expectations. The FIs are required to keep relevant records and develop a remediation plan as the situation improves.
- Taskforces - A number of countries have introduced special taskforces or other operational coordination measures to deal with COVID-19-related crime, particularly in relation to fraud.
- Prioritisation - In some countries, authorities have issued advice to relevant agencies on the prioritisation of investigations and prosecutions.
- Keywords when reporting suspicions of ML/TR - Some FIUs have asked regulated entities to use a keyword in suspicious transaction reports to allow them to triage and prioritise as well as develop strategic analysis of bulk data.
- Redirection of resources - Some agencies are considering pooling available resources confiscated from criminals. For example, using confiscated properties as temporary medical centres.
- Risk indicators - One country has developed risk indicators in relation to aid package exploitation so this can be more easily identified.
Despite the threats, the FATF also recognises that individuals and corporations are also under significant pressure themselves, and that it may be appropriate to take simplified CDD measures or provide reasonable risk-based relaxations.
Examples include the following:
- Simplified CDD - Applying simplified CDD where lower risks are identified such as accounts being opened to facilitate government relief payments.
- Document allowances - Allowing reporting entities to accept recently expired government-issued identification until further notice to verify identity (though still ensuring the authenticity of it).
- Reduced or delayed verification - Allowing reduced / delayed verification measures such as reliance on digital copies of documents as an interim measure with appropriate controls in place, ie tiered accounts with less functionality and enhanced controls.
- Remote onboarding - Encouraging the use of digital identity and non-face-to-face onboarding where the technology is appropriately trustworthy.
- Going “digital” - Supporting electronic and digital payment options by increasing limits for contactless payments, point-of-sale purchases and e-wallets and reducing charges for domestic money transfers.
Australian Regulatory Guidance
The Australian Transactions Reporting and Analysis Centre (AUSTRAC) has said that it will work constructively with reporting entities during this disruptive period and will consider a reporting entity’s circumstances when applying the AML/CTF laws.
AUSTRAC has published a number of updates on its website which contain information on AUSTRAC’s key initiatives in response to the COVID-19 pandemic and guidance to reporting entities on compliance with AML/CTF laws during the COVID-19 pandemic.
In particular, AUSTRAC has identified the following areas of potential criminal exploitation during the COVID-19 pandemic:
✖ Targeting of government assistance programs through fraudulent applications and phishing scams.
✖ Movement of large amounts of cash following the purchase or sale of illegal or stockpiled goods.
✖ Out of character purchases of precious metals and gold bullion.
✖ Exploitation of workers or trafficking of vulnerable persons in the community.
✖ An increase in the risk of online child exploitation following restrictions on travel.
✖ A rise in extremist views either against members of the community or the government.
AUSTRAC has encouraged reporting entities to remain alert to the above activity and submit high-quality, accurate and timely Suspicious Matter Reports to assist AUSTRAC.
In relation to carrying out KYC processes and procedures during the COVID-19 pandemic, AUSTRAC has encouraged reporting entities to:
✔ consider additional verification through:
- using a video call to compare the physical identity of a customer with scanned or photographed copies of identification documents;
- requiring a customer to provide a clear, front view ‘selfie’ that can be compared with the identification document; and
- telephoning the customer to ask questions about their identification.
✔ keep records of any changes in policies and procedures made during the COVID-19 pandemic where it has not been feasible to document those changes in the AML/CTF Program.
AUSTRAC has also implemented the following regulatory initiatives to assist reporting entities during the COVID-19 pandemic:
- CDD relief for superannuation funds - Introduction of a new AML/CTF rule which provides that superannuation funds will not have to carry out their customer identification procedure before making payments to their members under the Government’s early release of superannuation initiative.
- Alternative ID proof - Amendment to Part 4.15 of the Rules to enable reporting entities to rely upon alternative proof of identity processes.
- Timing extension for Compliance Reports - Extension of the due date for the submission of 2019 Compliance Reports from 31 March 2020 to 30 June 2020 and no compliance action for a small to medium sized business affected by the government’s COVID-19 social distancing measures if it does not submit a 2019 Compliance Report.
AUSTRAC continues to provide updates to reporting entities via its website. It has encouraged reporting entities to contact AUSTRAC via its online form should they have questions about complying with AML/CTF obligations during the COVID-19 pandemic. Reporting entities should also contact AUSTRAC if they notice new or emerging threats or significant shifts when carrying out financial crime and fraud monitoring.
Global regulatory guidance
Globally, regulators have been issuing targeted guidance in relation to COVID-19 risks and expectations for financial institutions. We consider below examples from the United States, the United Kingdom and Hong Kong.
- issued guidance highlighting COVID-19 related emerging crime trends, similar to those identified by FATF, including: imposter, investment and product scams; insider dealing and fraud.
- commenced a series of thematic advisories, starting with “medical scams”. The advisory contains known scams, case studies and red flags for identifying suspicious activity.
- put in place a “Rapid Response Program”, which supports law enforcement and financial institutions in the recovery of funds stolen via fraud, theft, and other financial crimes related to COVID-19.
The FCA has issued some granular guidance, such as:
- individuals in required functions (eg the MLRO) should not be furloughed except as a last resort.
- financial institutions must not meet operational challenges by adjusting their risk appetite – that is, transaction and sanctions screening must continue.
- financial institutions may re-prioritise certain controls, for example by delaying reviews of transaction monitoring alerts or CDD on an RBA and with a clear plan to return to business as usual.
The HKMA has issued circulars focusing on:
- customers – banks should facilitate remote onboarding and digital access, minimise CDD for government handouts and apply SDD where appropriate
- risk mitigation – banks should remain vigilant to emerging risks, file timely Suspicious Transaction Reports and consider other public-private information sharing
- compliance approach – banks should be flexible were possible, document any key decisions regarding changes to systems and controls and document risk mitigants
These are extraordinary times, where customers and financial institutions are vulnerable. On the customer side, it’s important to engage and leverage the flexibility and risk-based approach that is available in existing law and regulatory guidelines. At the same time, a change in criminal and ML/TF typologies always requires an update to policies, procedures and controls to ensure they remain up-to-date and relevant.
✔ Be aware - Consider what the FATF has advised, and look at what the regulators in your jurisdiction are doing (such as the HKMA).
✔ Engage - Engage industry bodies to drive change or develop solutions where required. Effective (and lawful) information-sharing is a particularly critical piece.
✔ Speak to your regulator - Timely and transparent communication with the regulator is paramount. If COVID-19 causes a backlog in your transaction monitoring alerts, your compliance teams are furloughed, working-from-home or sick leaving them under-resourced or your systems are overwhelmed with the volume of on-line transactions, speak to the regulator, agree a plan of action
✔ Update - update your AML/CTF policies and procedures where necessary to reflect changes in ML/TF risk typologies arising from the COVID-19 pandemic and regulatory guidance.
Please do not hesitate to contact us should you require further guidance or assistance with implementing any of the above measures.
 FATF “COVID-19-related Money Laundering and Terrorist Financing: Risks and Policy Responses”, May 2020.
 The US Financial Crimes Enforcement Network
 The UK Financial Conduct Authority