This article was written by Urszula McCormack and Leonie Tear.
With multiple jurisdictions on lockdown, desperation for critical supplies such as personal protective equipment (PPE) and increased reliance on digital communications, criminals have spotted an opportunity to exploit compliance weaknesses to launder money and fund terrorists. The Financial Action Task Force (FATF) has published a new paper[1] outlining the challenges that present new money laundering and terrorist financing (ML/TF) risks and the practical and policy responses required of jurisdictions to combat those risks.
This alert provides:
- a summary of the FATF paper, including the causes and effects of COVID-19 implications on predicate crimes and the emerging ML/TF typologies;
- expectations on supporting customers;
- a snapshot of global regulatory responses, including Hong Kong SAR*, Australia, the United Kingdom and the United States; and
- key take-aways and tips for our clients.
Financial institutions are at the coal-face of fraud and ML/TF controls, and must calibrate their customer due diligence (CDD), screening and monitoring tools to account for these emerging threats.
Key crimes emanating from COVID-19
Fraud, cyber-attacks, theft / misappropriation, bribery, corruption, human exploitation and property crime feature heavily in COVID-19-related crimes. The following table provides further details.
Cause | Effect |
Lockdown, school closures and work from home initiatives |
|
Social assistance, tax relief, humanitarian aid initiatives and lack of medical supplies |
|
Closure of banks and their regulators |
|
Economic crisis and unemployment |
|
Diversion of government resources |
|
"Kindness and concern" |
|
The money laundering that flows from these crimes
At this early stage, the risks relate to generating the proceeds of crime from an increase in predicate offences but the FATF paper provides some insight into the emerging money laundering typologies (no terrorist financing typologies are yet identified):
Bypassing AML/CTF controls by exploiting challenges caused by COVID-19, this spans from transaction monitoring challenges at bank level to less supervision and policy reform at government level. |
Increased use of unregulated financial services by those in need of finance, ranging from hawala/xawala use to exploitation by organised crime gangs. |
Increased use of online financial services and virtual assets to ML, particularly from the fraudulent sales of medical goods. |
Misuse of insolvency mechanisms. For example, the misuse of corporate insolvency to free-up illicit cash mingled in front businesses, masking the true origins. |
There is a current increase in physical cash transactions. When markets recover, there will be a correspondent surge in investment with illicit investment potentially masked. |
Increased investment in cheap real-estate and other property with illicit proceeds. |
Responding to the threats
The FATF report suggests several actions to assist supervision and policy development. These focus on coordination between the public and private sector, adopting a risk-based approach to CDD, adaptation and digitisation. We summarise below key examples of efforts taken by jurisdictions that we believe are of most interest to financial institutions.
- Reporting and dialogue - Supervisors or financial intelligence units (FIUs) have provided financial institutions with a communication line that can be used to report serious challenges in meeting regulatory expectations. The FIs are required to keep relevant records and develop a remediation plan as the situation improves.
- Taskforces - A number of countries have introduced special taskforces or other operational coordination measures to deal with COVID-19-related crime, particularly in relation to fraud.
- Prioritisation - In some countries, authorities have issued advice to relevant agencies on the prioritisation of investigations and prosecutions.
- Keywords when reporting suspicions of ML/TR - Some FIUs have asked regulated entities to use a keyword in suspicious transaction reports to allow them to triage and prioritise as well as develop strategic analysis of bulk data.
- Redirection of resources - Some agencies are considering pooling available resources confiscated from criminals. For example, using confiscated properties as temporary medical centres.
- Risk indicators - One country has developed risk indicators in relation to aid package exploitation so this can be more easily identified.
Supporting customers
Despite the threats, the FATF also recognises that individuals and corporations are also under significant pressure themselves, and that it may be appropriate to take simplified CDD measures or provide reasonable risk-based relaxations.
Examples include the following:
- Simplified CDD - Applying simplified CDD where lower risks are identified such as accounts being opened to facilitate government relief payments.
- Document allowances - Allowing reporting entities to accept recently expired government-issued identification until further notice to verify identity (though still ensuring the authenticity of it).
- Reduced or delayed verification - Allowing reduced / delayed verification measures such as reliance on digital copies of documents as an interim measure with appropriate controls in place, ie tiered accounts with less functionality and enhanced controls.
- Remote onboarding - Encouraging the use of digital identity and non-face-to-face onboarding where the technology is appropriately trustworthy.
- Going "digital" - Supporting electronic and digital payment options by increasing limits for contactless payments, point-of-sale purchases and e-wallets and reducing charges for domestic money transfers.
Hong Kong guidance to banks
The Hong Kong Monetary Authority (HKMA) issued separate circulars to authorised institutions (AIs) and stored value facility (SVFs) providers on 7 April 2020.
In summary, the circulars focused on three key themes:
More specifically, the guidance to AIs encouraged more of them to work closely with the HKMA to provide greater convenience to customers for remote account opening and to provide continued access, physically and digitally, to essential banking services.
The HKMA also encouraged AIs to apply SDD where appropriate, and to apply the least extent of CDD where residents were opening accounts solely for the purpose of receiving the HKD 10,000 government handout. The SVF circular noted the ability for SDD to be conducted by many SVF providers due to the lower risks of a number of SVF products.
The HKMA highlighted the need in both circulars for vigilance in relation to emerging risks, including face-masks scams and the need to continue filing timely Suspicious Transaction Reports.
The HKMA noted that not all AML/CTF systems may be achievable by AIs or SVF providers and highlighted the flexible approach it was taking to supervision. It also directed that where a particular obligation could not be met, the AI should make a record of the circumstances and risk assessment conducted, as well as any mitigating measures put in place.
Finally, the HKMA stated its commitment to public-private sector information sharing to understand the increased risks of fraud arising from the pandemic.
Global regulatory guidance
Globally, regulators have been issuing targeted guidance in relation to COVID-19 risks and expectations for financial institutions. We consider below examples from Australia, the United States and the United Kingdom.
FinCEN[2] has:
|
The FCA[3] has issued some granular guidance, such as:
|
AUSTRAC[4] has implemented the following regulatory initiatives:
|
Key take-aways
These are extraordinary times, where customers and financial institutions are vulnerable. On the customer side, it's important to engage and leverage the flexibility and risk-based approach that is available in existing law and regulatory guidelines. At the same time, a change in criminal and ML/TF typologies always requires an update to policies, procedures and controls to ensure they remain up-to-date and relevant.
- Be aware - Consider what the FATF has advised, and look at what the regulators in your jurisdiction are doing (such as the HKMA).
- Engage - Engage industry bodies to drive change or develop solutions where required. Effective (and lawful) information-sharing is a particularly critical piece.
- Speak to your regulator - Timely and transparent communication with the regulator is paramount. If COVID-19 causes a backlog in your transaction monitoring alerts, your compliance teams are furloughed, working-from-home or sick leaving them under-resourced or your systems are overwhelmed with the volume of on-line transactions, speak to the regulator, agree a plan of action.
- Embrace change (and take Compliance on the journey) - A seismic shift is occurring, away from face-to-face banking toward digital, contactless and virtual banking. This is something that technology-focused jurisdictions such as Hong Kong is already well geared for as the Smart Banking era develops. Financial institutions should embrace the opportunity to truly drive forward their digital transformation agendas. Those that take their Compliance teams on the journey will especially benefit – not only ensuring legal and regulatory requirements are met, but also identifying opportunities from pain points within the organisation that are ripe for innovation.
As always, contact us if we can help. We are already assisting clients on multiple digitalisation projects, as well as working with industry on standards and information-sharing possibilities to combat financial crime.
[1] FATF "COVID-19-related Money Laundering and Terrorist Financing: Risks and Policy Responses", May 2020.
[2] The US Financial Crimes Enforcement Network
[3] The UK Financial Conduct Authority
[4] The Australian Transactions Reporting and Analysis Centre
*Any reference to "Hong Kong" or "Hong Kong SAR" shall be construed as a reference to "Hong Kong Special Administrative Region of the People's Republic of China".