COVID-19 demise of cash: Turning a threat into a technological opportunity
Many Financial Crime articles and webinars are inadvertently conveyed an ancient proverb; “With every crisis there is opportunity”. Coronavirus crisis lands opportunity for both nefarious actors and compliance teams. Including those who rely on resources to build RegTech to collate, analyse, detect, investigate, and report, in an ever-trusting co-dependency of man and machine.
COVID-19 Financial Crime trends
- Opportunity for nefarious actors: predominantly the cybercriminal, whose art of innovation is relentless trailblazing, who primarily initiate social engineering via miss information and fear. Unfortunately, the virus has gifted the initiation phase, as fraudsters have adapted their pre-existing sinful operations under branding guise of COVID-19. Exploiting the panic pandemic demand of services and products masks and sanitizers.
A surge of vulnerable unemployed regrettably acting as money mules to feed families, to those supporting good causes by being scammed donating to fake charities.
- Opportunity for compliance officers: Identifying the placement stage. The demise of cash has unintentionally changed the Financial Crime detection landscape. Perfect timing for banks to detect and report- irrespective of cash values deposited. Cash intensive business’s footfall is very much to an economic standstill. Further, a considerable rise in contactless and increased threshold in the UK to £45 to prevent disease spread via physical cash. Conversely, Australia has witnessed high cash withdrawals from certain types of Financial Institutions (FI’s), as some consumers are lacking the confidence and trust of some FI’s solvency, echoing concerns consistent with the 2008 financial crisis.
Inherent Financial Crime risk is currently not cash entry via front companies, that has decreased. Criminals are not foolish; they are pivoting on how to abuse the regulated financial system to facilitate their wrongdoing. Change behaviour in which the illicit flows of the proceeds of crime will come from the predicated offences of Fraud and credential theft. During Transaction Monitoring (TM), suspicious cash deposits need to be detected, then questioned. Does this make commercial sense and is it consistent during the rise of the pandemic and eCommerce transactions?
Actions regulators are taking to mitigate these risks
The pan European regulator the EBA has issued a statement on how member states competent authorities should act, providing guidance to the those they regulated. The message was clear “for firms to make full use of the flexibility embedded in the EU’s AML/CFT framework and to plan supervisory activities in an effective as well as pragmatic and risk-sensitive way. This may entail, for example, a temporary postponement of non-essential onsite inspections on a case-by-case basis”.
With the UK’s FCA going further by stating that effective business continuity for firms should be resilient and to protect their customers from harm. A response that relies on RegTechs radical pragmatism and a nimble workforce to deploy engineers remotely. The FCA and the Bank of England will be evaluating firms’ contingency plans, many of which will have been executed as a result of the current crisis.
Response and roadmap
The FCA recently issued its ‘Business Plan 2020/21’ in line with the COVID – 19 outbreak. Innovation and technology are still at the forefront, continuity of investment in new technologies and skills, making better use of data to regulate efficiently and effectively. As part of the continuity plan on how to enable safe, appropriate, and ethical use of new technologies. There is continued engagement with industry, with the use of advance technology like Artificial Intelligence and Machine Learning and how to reduce the burden of regulatory reporting on firms.
“Replace our Gabriel system with a new platform for collecting firms’ data….. This will provide an improved user experience and will include a single identity log on with our connect system. Following our Viability Assessment, we, along with the Bank, will take forward our work on Digital Regulatory Reporting (DRR)”.
The FCA is currently examining if and how to expand the sandbox services “to foster and encourage the wider adoption of appropriate technologies, particularly for RegTech…. international collaboration through the Global Financial Innovation Network, seeking to facilitate international sandbox experiments and deepening international knowledge-sharing of innovation approaches and new market trends”
- With the rapid growth of the payments sector as more payment firms and products emerge. Payment Service Providers will be under the scrutinizing lens of FCA, evaluating how sufficient systems and controls are, at reducing the risk of Financial Crime. Further, ensuring payments are safe and accessible that includes data and fraud protection.
The Australian AML/CTF regulator, AUSTRAC has been pragmatic in advising and guiding both the public and reporting entities of specific COVID risks: Source https://www.austrac.gov.au/smrs-during-covid-19
- Targeting of government assistance programs through fraudulent applications and phishing scams.
- Movement of large amounts of cash following the purchase or sale of illegal or stockpiled goods.
- Out of character purchases of precious metals and gold bullion
- Exploitation of workers or trafficking of vulnerable persons in the community.
- An increase in the risk of online child exploitation following restrictions on travel.
- A rise in extremist views either against members of the community or the government.
Reporting entities are at the front line in combating financial crime. Therefore, AUSTRAC is actively encouraging firms to monitor for new and emerging threats then submit high-quality, accurate and timely suspicious matter reports (SMRs), giving the supervisor the best chance to detect, deter and disrupt criminal activity.
The challenge many regulated entities are facing is the onboarding process and how new regulatory guidance could be misconceived. The FCA issued a “CEO Letter to firms providing services to retail investors coronavirus” outlining “client identify verification needs to continue, but firms have flexibility within our rules” that will allow firms to accept digital substitutes that include PDFs, selfies then analyse additional data verification such as geolocation, IP addresses to triangulate. However, the FT recently reported via industry experts, that triangulation would be challenging to implement and accepting selfies and emails documents amounted to a “fraudster charter”. In short, the article states this shift in being more flexible could arguably have a negative effect on independent verification, with the decrease of physical identity and verification (ID&V).
AUSTRAC has recently published: How to comply with KYC requirements during the COVID-19 pandemic, with some practical guidance scenarios specifically around new customer verification AML/CTF Rule to support early release of superannuation initiative
- Firms who are not currently using tried, tested and secure remote electronic ID RegTech and databases (in- line with the EU5th MLDs specifications), could not sufficiently carry out liveness facial recognition checks that deter the theft of someone else’s ID. Though the FCA later responded, “The letter is not intended to represent a relaxation of requirements or to suggest that taking one of the measures in isolation would be appropriate or sufficient verification”.
- It would be cognisant for firms to explore what RegTech solutions are adequate and relevant to their business model, that meets their client onboarding risk appetite.
Transaction Monitoring and Screening challenges
Recent RegTech webinars have highlighted how the criminal fraternity are collaborating to overwhelm many firms by testing control frameworks of transaction monitoring and anti-fraud systems—seeking out weaknesses within banking infrastructure, including a remote workforce. This is placing some RegTechs under unprecedented pressure to act with fluidity and pace to resolve, supporting clients to tackle moving targets of both threat and regulatory obligation.
Transaction monitoring throughput teams have seen an unprecedented strain on their resources, not consumed by illegal activity, more so increased volumes. Capital (and secondary money laundering) markets (layering phase) has become more volatile as equities have seen an increase in activities. Behaviour changes that have triggered the noise of False Positives, for both market abuse (internal Financial Crime) and external Financial Crime transaction monitoring systems.
- A pragmatic step within watchlist filtering systems is effective list management. Firms should be picking up keywords that are consistent with COVID- 19 fraud such as pharmaceutical, PPE, sanitisers etc. In the UK over 50 related “COVID” named companies have been registered in 2020.
- Carrying out EDD on both transactions and clients with specific keywords would not be hypervigilant. If the outcome is to protect customers from being scammed (before the horse has bolted) or the proceeds of frauds are being detected and reported to law enforcement.
Financial Crime ecosystem
Many Financial Crime ecosystems rely on and interoperate a whole range of RegTechs; mainly AML and transaction suites that are so interdependent they are tested with rigour. Ensuring they meet their desired business benefit outcome as per their response to proposal. Therefore, a radical configuration change in one system would certainly warrant timely regression testing to maintain reliable business continuity of critical payment infrastructures. For seamless APIs within the ecosystem, could require prompt collaboration from RegTech competitors or partners that could see internal resources deviate from projected 2020 RegTech roadmap features.
Data scientists will be on the frontline in supporting their clients in harvesting information to generate predictive models that will help refine rapid tuning across all segments and lines of business. This will obviously impact internal compliance policymakers to sharpen their lens. In ensuring they satisfy both regulatory and consumer expectation while considering cost and resources implications. All system interactions will be either remote, via the cloud or if physical site-visitation within the social distancing constraints. Though there is a generous supply of desks, given redundant office space, mitigating these health concerns. Many leading RegTechs have rolled out cloud and WFH capability as soon as the lockdown was announced. Though a critical aspect for many compliance professionals is having the right sources of “presentable” information, to act swiftly and decisively. Therefore, a single laptop screen presents human error concerns.
Firms should already be reassessing their Financial Crime risk framework, redetermining their risk appetite in-line with these new threats and how resources can be retrained and remobilised.
- Supporting the working from home environment, some leading RegTechs have additional applications by providing senior management with tools of oversight supervision of activities where productivity is a concern.
- Given this new dynamic in risk appetite, the effectiveness of a consistent firm-wide approach to ensure qualitative conclusions is an imperative outcome.
- Some junior staff will need that remote handholding so that virtual supervision will enable proximity. Virtual teams can be created within MS Teams that can coincide with many web based RegTechs applications.
Dynamic RegTech obligations
Examining then establishing what is currently going astray with existing systems and transactional behaviours will be imperative for the evolution of how RegTech can adapt. This radical shift in the economic paradigm has led to the degeneration of systems and controls, leaving existing systems somewhat less effective with the additional noise of false positives. Though many are prioritising the high risk of alerts in-line with regulatory flexibility, this still presents real dangers of drowning out and creating the unthinkable a “false negative”, a prominent vernacular descending into the public conscience, (in-light of medical testing inefficiencies).
Remodelling the new norm
These unchartered water activities are essential for RegTechs ability to reflect and respond with the rise of new typologies rapidly. The outcome will serve their Financial Institution clients who are the apparent navigators (by providing model data) to meet both their business continuity and Financial Crime obligations. This will not only appease the regulatory auditors; importantly, it will maintain the trust of their most vital asset- the customer. As the virus passes from the “fear” to “learning” phase, a vital opportunity has arisen for RegTechs to demonstrate their pragmatic approach. By taking the lead with the ‘virtual’ front foot within this technological battle as and when evolving themes and schemas emerge. For many RegTechs harvesting and monitoring the data, then to correctly classifying invents a new breed of high-risk indicators. Therefore, enabling many RegTechs to become customer-centric via consistent and constructive engagements. The challenge for RegTech is how they serve their customers, to ensure they can respond holistically; collecting and using GDPR compliant data points that will build adequate models. Remodelling be it machine learning of data points will undoubtedly set a precedent of what the current economic norm is.
Firms who carry out a retrospective review should be able to identify anomalous behaviour. This should be a control objective as part of the annual AML risk assessment to detect and report wrongdoing that will hopefully lead to bad actors being caught out stopped and hopefully prosecuted that is equally to the success of a man in Singapore arrested for COVID-19 related money laundering.
Technically led response
With existing TMs throwing up much noise this is struggling to deal with a lot of false positives, there is a desperate need for technology to address this current problem. With systems adopting and leveraging supervised or unsupervised machine learning, to deal with a vast backlog of alerts. Which must be dispositioned with a justifiable risk-based rationale. With the constant change of regulatory expectation in additional threats and obligations can cause fragmentation and convolution when carrying out an AML enterprise risk assessment in response to COVID.
A recent ‘LexisNexis’ webinar highlighted due to COVID, many AML programs will need to refreshed to reflect the impact of any changes in ML/TF risk profile and update policies and procedures outlining the controls which have been implemented to mitigate and manage these risks.
As firms will need to demonstrate that these risks have been considered as part of operational reliance in preventing fraud and financial crime effectively. Centralised RegTech platforms such as Arctic Intelligence’s AML Accelerate platform, provides an ML/TF risk assessment tailored to 30 financial and non-financial sectors, as well as, the AML laws of over 30 countries and provides their clients with a guided process for assessing risks and controls. Anthony Quinn, ‘Arctic Intelligence’s’ CEO stated.
“many organisations are still struggling to implement a robust, explainable and defendable approach to identifying and assessing money laundering and terrorism financing risks. They also may lay the capacity or capability to implement a robust control framework to mitigate and manage these risks in a way that is appropriate, proportionate and considered sound by Boards and Regulators”. Quinn added “enterprise risk assessment is at the heart of any AML program, so it is critical to get this right as this activity becomes pivotal to the foundations of establishing and maintaining an effective AML Program”.
An article from the ‘Nordic RegTech Association’ expressed that the future of RegTech during COVID has “Accelerated digitalization” In-short; the digitalization of industries have moved at such a rapid pace, that what has been achieved in eight weeks in some instances, should have been accomplished within a five year roadmap. As the consequences of social distancing is forcing many firms to become reactive into considering the procurement of digital risk and compliance solutions. However, there will be a further demand for efficient cyber security solutions, as remote working is transitioning confidential physical interactions on to the web, with some popular online meeting platforms already being compromised.
With the passage of this crisis, regulators will be examining how firms responded to their obligations, of this economic meteor strike. They will be addressing who was swift and pragmatic in providing a seamless service to customers, but more importantly, how did they protect those who trust them with their vital assets?
This reliance on human interaction could be perceived as a game-changer as this virus has had a dramatic impact on the overall Financial Crime ecosystem.
Proof of Value
The value and benefit of this technology once efficiently implemented will be undoubtedly clear. Computers will not suffer the physical implications humans do. They operate 24 /7, continually without fatigue and the associated risk of human error. Many have the ability to work unsupervised that are driving efficiencies throughout this process. The next generation of RegTechs will need to be nuanced and agile enough to be calibrated and managed by compliance professionals, rather than a solution development team. Having an end to end holistic AML risk management system should solve the problem to seamlessly manage the ever-changing regulatory compliance cycle.
COVID-19 has created a real-time testing ground that has catapulted many RegTechs. As Financial Crime framework resilience will be judged on the operational and technological readiness to adapt. All within a highly compressed timeframe, to consider (not panic), then evolve via collaborative and committed Financial Crime forums.
– Article written by James Emin
Sign up for our monthly newsletter for the latest financial crime news around the globe.
For a daily dose of current events and financial crime trends, follow our LinkedIn page.