26 May 2020

Tips for financial institutions to support customers and thwart criminals benefitting from COVID-19: FATF reports

This article was written by Urszula McCormack and Leonie Tear.

With multiple jurisdictions on lockdown, desperation for critical supplies such as personal protective equipment (PPE) and increased reliance on digital communications, criminals have spotted an opportunity to exploit compliance weaknesses to launder money and fund terrorists. The Financial Action Task Force (FATF) has published a new paper[1] outlining the challenges that present new money laundering and terrorist financing (ML/TF) risks and the practical and policy responses required of jurisdictions to combat those risks.  

This alert provides:

  • a summary of the FATF paper, including the causes and effects of COVID-19 implications on predicate crimes and the emerging ML/TF typologies;
  • expectations on supporting customers;
  • a snapshot of global regulatory responses, including Hong Kong SAR*, Australia, the United Kingdom and the United States; and
  • key take-aways and tips for our clients.

Financial institutions are at the coal-face of fraud and ML/TF controls, and must calibrate their customer due diligence (CDD), screening and monitoring tools to account for these emerging threats.  

Key crimes emanating from COVID-19

Fraud, cyber-attacks, theft / misappropriation, bribery, corruption, human exploitation and property crime feature heavily in COVID-19-related crimes.  The following table provides further details.

Cause Effect
Lockdown, school closures and work from home initiatives
  • Hacking of business email accounts to commit invoice fraud
  • Ransomware attacks including on hospitals that can’t afford, in human life terms, to lose access to systems for any length of time
  • Phishing attacks to gain access to networks, personal accounts and passwords
  • Increase in online child exploitation with vulnerable children at home, online and an unexplained increase in demand
  • Organised property crime driven by empty corporate buildings
Social assistance, tax relief, humanitarian aid initiatives and lack of medical supplies
  • Impersonation of officials to exploit people for payment information under the false promise they will receive social benefits
  • Counterfeit or fraudulent sale of medical supplies
  • Fraudulent claims on government stimulus measures through shell companies
  • Misappropriation of aid by corrupt officials
  • Redirection of humanitarian aid responses to terrorist groups in high risk jurisdictions
Closure of banks and their regulators
  • Vulnerable groups less familiar with, or with less access to, online banking become more open to fraud
Economic crisis and unemployment
  • Fraudulent investment scams such as claiming publicly listed companies are developing cures
  • Increase in insider trading seeking to profit from large value swings
  • Increase in burglary, theft and wildlife poaching
Diversion of government resources
  • Exploitation of workers whilst workplace inspections are reduced
  • Increased risk of terrorist attacks
"Kindness and concern"
  • Impersonation of hospital officials to exploit payment for medical treatment that is fake
  • Fraudulent charities to exploit people into making donations that never reach the promised recipient but land in the hands of a criminal

The money laundering that flows from these crimes

At this early stage, the risks relate to generating the proceeds of crime from an increase in predicate offences but the FATF paper provides some insight into the emerging money laundering typologies (no terrorist financing typologies are yet identified):

kwm-corpinsolv   kwm-illicitinvestment kwm-re

Bypassing AML/CTF controls by exploiting challenges caused by COVID-19, this spans from transaction monitoring challenges at bank level to less supervision and policy reform at government level.

Increased use of unregulated financial services by those in need of finance, ranging from hawala/xawala use to exploitation by organised crime gangs.

Increased use of online financial services and virtual assets to ML, particularly from the fraudulent sales of medical goods.

Misuse of insolvency mechanisms. For example, the misuse of corporate insolvency to free-up illicit cash mingled in front businesses, masking the true origins.

There is a current increase in physical cash transactions. When markets recover, there will be a correspondent surge in investment with illicit investment potentially masked.

Increased investment in cheap real-estate and other property with illicit proceeds.

Responding to the threats

The FATF report suggests several actions to assist supervision and policy development.  These focus on coordination between the public and private sector, adopting a risk-based approach to CDD, adaptation and digitisation.  We summarise below key examples of efforts taken by jurisdictions that we believe are of most interest to financial institutions. 

  • Reporting and dialogue - Supervisors or financial intelligence units (FIUs) have provided financial institutions with a communication line that can be used to report serious challenges in meeting regulatory expectations. The FIs are required to keep relevant records and develop a remediation plan as the situation improves.
  • Taskforces - A number of countries have introduced special taskforces or other operational coordination measures to deal with COVID-19-related crime, particularly in relation to fraud.
  • Prioritisation - In some countries, authorities have issued advice to relevant agencies on the prioritisation of investigations and prosecutions.
  • Keywords when reporting suspicions of ML/TR - Some FIUs have asked regulated entities to use a keyword in suspicious transaction reports to allow them to triage and prioritise as well as develop strategic analysis of bulk data.
  • Redirection of resources - Some agencies are considering pooling available resources confiscated from criminals. For example, using confiscated properties as temporary medical centres.
  • Risk indicators - One country has developed risk indicators in relation to aid package exploitation so this can be more easily identified.

Supporting customers

Despite the threats, the FATF also recognises that individuals and corporations are also under significant pressure themselves, and that it may be appropriate to take simplified CDD measures or provide reasonable risk-based relaxations. 

Examples include the following:

  • Simplified CDD - Applying simplified CDD where lower risks are identified such as accounts being opened to facilitate government relief payments.
  • Document allowances - Allowing reporting entities to accept recently expired government-issued identification until further notice to verify identity (though still ensuring the authenticity of it).
  • Reduced or delayed verification - Allowing reduced / delayed verification measures such as reliance on digital copies of documents as an interim measure with appropriate controls in place, ie tiered accounts with less functionality and enhanced controls.
  • Remote onboarding - Encouraging the use of digital identity and non-face-to-face onboarding where the technology is appropriately trustworthy.
  • Going “digital” - Supporting electronic and digital payment options by increasing limits for contactless payments, point-of-sale purchases and e-wallets and reducing charges for domestic money transfers.

Hong Kong guidance to banks

The Hong Kong Monetary Authority (HKMA) issued separate circulars to authorised institutions (AIs) and stored value facility (SVFs) providers on 7 April 2020. 

In summary, the circulars focused on three key themes:

More specifically, the guidance to AIs encouraged more of them to work closely with the HKMA to provide greater convenience to customers for remote account opening and to provide continued access, physically and digitally, to essential banking services. 

The HKMA also encouraged AIs to apply SDD where appropriate, and to apply the least extent of CDD where residents were opening accounts solely for the purpose of receiving the HKD 10,000 government handout.  The SVF circular noted the ability for SDD to be conducted by many SVF providers due to the lower risks of a number of SVF products.

The HKMA highlighted the need in both circulars for vigilance in relation to emerging risks, including face-masks scams and the need to continue filing timely Suspicious Transaction Reports.

The HKMA noted that not all AML/CTF systems may be achievable by AIs or SVF providers and highlighted the flexible approach it was taking to supervision.  It also directed that where a particular obligation could not be met, the AI should make a record of the circumstances and risk assessment conducted, as well as any mitigating measures put in place.

Finally, the HKMA stated its commitment to public-private sector information sharing to understand the increased risks of fraud arising from the pandemic.

Global regulatory guidance

Globally, regulators have been issuing targeted guidance in relation to COVID-19 risks and expectations for financial institutions.  We consider below examples from Australia, the United States and the United Kingdom.

kwm-us  kwm-uk kwm-au 

FinCEN[2] has:

  • issued guidance highlighting COVID-19 related emerging crime trends, similar to those identified by FATF, including: imposter, investment and product scams; insider dealing and fraud.
  • commenced a series of thematic advisories, starting with “medical scams”. The advisory contains known scams, case studies and red flags for identifying suspicious activity.
  • put in place a “Rapid Response Program”, which supports law enforcement and financial institutions in the recovery of funds stolen via fraud, theft, and other financial crimes related to COVID-19.

The FCA[3] has issued some granular guidance, such as:

  • individuals in required functions (eg the MLRO) should not be furloughed except as a last resort.
  • financial institutions must not meet operational challenges by adjusting their risk appetite – that is, transaction and sanctions screening must continue.
  • financial institutions may re-prioritise certain controls, for example by delaying reviews of transaction monitoring alerts or CDD on an RBA and with a clear plan to return to business as usual.

AUSTRAC[4] has implemented the following regulatory initiatives:

  • CDD relief for superannuation funds - a new AML/CTF rule allows superannuation funds to bypass customer identification procedures before paying members under the Government’s early release of superannuation initiative.
  • Alternative ID proof - amendment to Part 4.15 of the AML/CTF rules to enable reporting entities to rely upon alternative proof of identity processes.
  • Timing extension for Compliance Reports - Extension of the due date for the submission of 2019 Compliance Reports from 31 March 2020 to 30 June 2020 and no compliance action for SMEs affected by the government’s social distancing measures for failing to submit a 2019 Compliance Report.

Key take-aways

These are extraordinary times, where customers and financial institutions are vulnerable.  On the customer side, it’s important to engage and leverage the flexibility and risk-based approach that is available in existing law and regulatory guidelines.  At the same time, a change in criminal and ML/TF typologies always requires an update to policies, procedures and controls to ensure they remain up-to-date and relevant.  

  • Be aware - Consider what the FATF has advised, and look at what the regulators in your jurisdiction are doing (such as the HKMA).
  • Engage - Engage industry bodies to drive change or develop solutions where required. Effective (and lawful) information-sharing is a particularly critical piece.
  • Speak to your regulator - Timely and transparent communication with the regulator is paramount. If COVID-19 causes a backlog in your transaction monitoring alerts, your compliance teams are furloughed, working-from-home or sick leaving them under-resourced or your systems are overwhelmed with the volume of on-line transactions, speak to the regulator, agree a plan of action.
  • Embrace change (and take Compliance on the journey) - A seismic shift is occurring, away from face-to-face banking toward digital, contactless and virtual banking.  This is something that technology-focused jurisdictions such as Hong Kong is already well geared for as the Smart Banking era develops.  Financial institutions should embrace the opportunity to truly drive forward their digital transformation agendas.  Those that take their Compliance teams on the journey will especially benefit – not only ensuring legal and regulatory requirements are met, but also identifying opportunities from pain points within the organisation that are ripe for innovation.

As always, contact us if we can help. We are already assisting clients on multiple digitalisation projects, as well as working with industry on standards and information-sharing possibilities to combat financial crime.

[1] FATF “COVID-19-related Money Laundering and Terrorist Financing: Risks and Policy Responses”, May 2020.

[2] The US Financial Crimes Enforcement Network

[3] The UK Financial Conduct Authority

[4] The Australian Transactions Reporting and Analysis Centre

*Any reference to “Hong Kong” or “Hong Kong SAR” shall be construed as a reference to “Hong Kong Special Administrative Region of the People’s Republic of China”.

Key contacts

A Guide to Doing Business in China

We explore the key issues being considered by clients looking to unlock investment opportunities in the People’s Republic of China.

Doing Business in China
Share on LinkedIn Share on Facebook Share on Twitter
    You might also be interested in

    This alert sets out the key features of Southbound Bond Connect.

    28 September 2021

    This article summaries important information about Wealth Management Connect.

    20 September 2021

    Very shortly, the U.S.-based Alternative Reference Rates Committee (ARRC) will make its much-anticipated formal recommendation of forward-looking term Secured Overnight Financing Rates (Term SOFR)...

    27 July 2021

    It’s official. On 5 March 2021 the UK Financial Conduct Authority (FCA) announced that all LIBOR settings will either cease to be published by any administrator or no longer be representative, with...

    09 March 2021

    You may also be interested in...

    Legal services for your business

    This site uses cookies to enhance your experience and to help us improve the site. Please see our Privacy Policy for further information. If you continue without changing your settings, we will assume that you are happy to receive these cookies. You can change your cookie settings at any time.

    For more information on which cookies we use then please refer to our Cookie Policy.