How are AML procedures in financial institutions being impacted by the Covid-19 pandemic?

With the chaos the coronavirus has put the world in, it’s easy for certain things to slip under the radar, the problem is these can be just as damaging to the business as the pandemic.

Financial institutions have been forced to have their workforces work from their homes, which leaves an opening for a lot of new issues. While they are facing challenges across the entire value-chain, one of the primary concerns is whether anti-money laundering (AML) and know your customer (KYC) processes are being kept up to scratch. Financial institutions regulatory compliance teams are also battling with other obligations, such as cross-border client categorisations as well as suitability and appropriateness of financial products and service. Both of which were overlooked pre-pandemic, and made even tougher with teams working in silos and from their homes.

Remonda Kirketerp-Møller, the founder and CEO of proprietary compliance engine Muinmos, stated that financial institutions not leveraging digital technology to synchronise their legal and compliance teams are going to struggle to efficiently meet their AML and KYC checks.  Kirketerp-Møller added, “It goes without saying that some of these financial institutions would have a severe impact on securing and demonstrating that they are fulfilling the AML and regulatory compliance requirements during the lockdown. These issues could further erode their ability to onboard new clients efficiently and lead to dwindling sales.”

The coronavirus was impossible to predict, let alone prepare for. Financial institutions were suddenly presented with the new working environment in a short time-frame, resulting in a lot of companies being unprepared. A report from Leesman claimed that 56% of those working in the financial services space have never worked from home before. This leaves a lot of room for errors to be made, with proper conduct unlikely to have been discussed prior to lockdown. And this is just the start.

A report from cybersecurity company Tessian stated that 52% of people working from home believe they can be more lenient with their cybersecurity. For instance, remote works are more likely to share confidential files through email instead of more trusted mechanisms. One of the reasons for the laxed cyber diligence is the fact they are away from the watchful eyes of their IT department.

Furthermore, an investigation from data discovery software platform Exonar found that 24% of remote workers rarely or never consider data protection policies or regulations when they share information with colleagues as part of their work.

These stats paint quite the worrying picture for financial institutions. It seems likely that AML and KYC processes could be among the areas where attention is being laxed. The problem is, while financial institutions might be more laid back, attackers aren’t.

Anthony Quinn, founder and CEO of audit, risk and compliance services provider Arctic Intelligence, said, “During these times we have seen quite a shift in the threat landscape with organised criminal networks increasing phishing attacks and scams, as well as, looking to other sectors to launder criminal proceeds with the closure of certain industries.  We have also seen an increase in digital payments, an increase in non face-to-face distribution channels, as well as scams, connected with government investment schemes and early release of pension schemes, which highlights the need to maintain current AML risk assessments and risk policies/procedures.”

There have been a number of new scams to arise during the pandemic. Regulators around the world have issued warnings of these types of attacks. A report from KYC360 stated that criminals were even exploiting social media to recruit mules for their money laundering activity. It suggested they are targeting those under 25 who are now without a job and are looking to make some quick and easy cash.

What can be done?

There are a lot of issues in the market which all need to be addressed to ensure there is not a massive collapse in the financial ecosystem. Packages, like the furloughed scheme in the UK or government-issued loans, have been placed to offer some support businesses have been craving. But financial aid is not the only help needed. Businesses also need to keep compliance processes efficient and to do so requires a little help from regulators, such as guidance or extra time on deadlines. However, in terms of maintaining compliance and ensuring the correct procedures are maintained during the pandemic, businesses need to take some steps on their own.

Arctic Intelligence’s Anthony Quinn stated that as to be expected, the amount of regulatory on-site inspections has dropped but regulators have helped firms adopt changes by extending regulatory guidelines and timeframes. For example, the European Commission’s new List of High Risk Jurisdictions will only apply from October as they acknowledge the pressure firms are already under due to COVID-19.

While there has been some leeway given by regulators it cannot be too much. Quinn added, “Regulators need to maintain a level of expectation on reporting entities, including enforcement activities where there is evidence of systemic non-compliance. During major environmental changes, the risk and threat landscape is changing for many regulated businesses and regulators should ensure that proper risk and compliance management remains front of mind to ensure robust risk and control frameworks are maintained at all times.”

This was echoed by Kirketerp-Møller. She stated that regulators should be providing some form of guidance to their market on how to tackle AML compliance during the pandemic. This is something which the UK’s FCA did in March with a letter to CEOs. However, Kirketerp-Møller believes this method still presents issues with money laundering compliance.

She said, “However, the risk with this type of communication is that it can lead compliance staff to believe that this is the standard approach in complying with AML regulations which can be misleading as it doesn’t take into account other equally fundamental onboarding client matters such as enhanced due diligence, risk-based approach, data protection etc.

“The UK Joint Money Laundering Steering Group Guidance is roughly 540 pages. In a time of chaos, whilst we must remain vigilant to steer the AML issues with familiar AML guidance we must also have the ability to adapt rapidly but adapt rapidly to new normal functionalities by leaning on technology to provide the digital ability to get things done.”

Companies need to be taking the initiative and doing their own part to ensure they can combat money laundering during these uncertain times. One of the best ways to ensure companies can achieve this is by creating an online platform which leverages AI-powered algorithms capable of identifying suspicious activity and indicates the likelihood this is a malicious attempt from fraudsters, Kirketerp-Møller said. This can ensure companies with remote working staff can reduce false positives and improve their fight against crime.

Furthermore, technology can be used to map where money has moved to, helping to give insights and intelligence on fraud. She went on to explain that without implementing these types of strategies, banks could be imperiled. It is best for financial institutions to search the market for technology companies offering digital AML, KYC and CTF solutions.

“Even without the pandemic we are seeing a great struggle by incoming clients to onboard efficiently. Efficiency in 2020 is measured in days, if not hours or even minutes. Yet, we see that institutions take on average 24 days to complete onboarding. Processes cannot be expected to be relaxed or given a carte blanche because of the pandemic. This is obviously going to be challenged as clients withdraw their patience and find faster venues.”

Enjoyed the story? 

Subscribe to our weekly RegTech newsletter and get the latest industry news & research

Copyright © 2018 RegTech Analyst

Investors

The following investor(s) were tagged in this article.