Introduction
I remember several years ago, my then workplace was hit with a terrible flu virus. Each week, rows of analysts became ill and disappeared home for over a week. The business was almost paralysed after most of the IT team became ill. It took a few months after before we were able to return to business as usual (BAU).
Here we are in 2020 – but this time the health risk is global and even more serious. As more workplaces across Europe and beyond are imposing work attendance restrictions on their workforce, and as more people become ill, Financial Institutions (FIs) are feeling the pressure both commercially and operationally.
So, what are some of the risks that FIs need to be alive to over the coming weeks when it comes to their AML compliance programmes?
Coronavirus Fraud Scams
Yes, these have already started from fraudsters claiming to sell medical masks to calls and emails telling consumers they are due a special “payment” from the recent UK budget announcement, it’s happening. Action Fraud estimates that in one month, consumers have been defrauded £800k. With many countries encouraging older consumers to self-isolate, they are also at risk of being scammed. It’s vital that FIs continue to ensure their fraud teams follow-up on these cases, report them externally.
Check out the FCA’s notice on support that can be provided to consumers at: https://www.fca.org.uk/coronavirus-support and great advice to consumers from Action Fraud at: https://www.actionfraud.police.uk/
Delayed KYC and AML Compliance Reviews
It’s been my experience that one of the first things to go when there’s an adverse business event, are compliance reviews. Whether they’re scheduled KYC or tax reviews, 2nd line assurance checks or scheduled audits, the absence of key personnel, and the limited availability of supervisors (who are fighting fires elsewhere), means that these activities are often postponed.
Unfortunately, this means they need to be done once the crisis has abated. And, with only 9 months this year, these will need to be squeezed in along with existing business activities. In the absence of additional resources to do them, reviews can end up being rushed, delayed, compromised – or worse – not done at all. As a former regulator, I have seen more than once where business interruption led to vital AML reviews being delayed to the point of being forgotten altogether.
Regulators are likely to be sympathetic about the surrounding circumstances today. They’ll understand that scheduled AML reviews may take longer to complete. But they will also expect FIs to have thought through how the
Transaction Monitoring and SARs Investigations
While the rest of us are working to our business continuity plans, for criminals, it’s BAU. Continuing to use and develop new tactics to conceal both illicit proceeds and the parties involved is critical. Amazing work has been undertaken by enforcement agencies in their investigation of financial crime. The monitoring and screening undertaken by FIs, has been a key ingredient to the success of several multi-jurisdictional investigations.
From an operational perspective, however, the current situation can lead to the risk of delayed investigation of unusual transactions and customer activity. Fatigue, overwork or illness can also compromise staff’s ability to effectively analyse and assess questionable transactions.
The current crisis is also distracting for many staff who are concerned for their own and their family’s well-being. A small number of them may also be less inclined to submit SARs while working remotely, especially when they can’t access their line manager or AML compliance representative for further guidance.
Again, there is the risk of the “time accordion” I described above. Where time lags happen, there will need to be a period of catch-up, which will need to happen in the next 9 months or so, along with BAU work.
The quality of work undertaken during this period – be it KYC onboarding or transaction reviews – may also need to be subject to additional testing and validation. Staff working under pressure and in these unusual circumstances are likely to be distracted and can miss vital elements of AML related information, for some of the reasons I mentioned above. We are all human – but recognising this also means that we need to take a risk-based approach to ensure that the information we rely on is accurate and complete.
External Enquiries and Requests for Information
Similar to our amazing health care professionals, law enforcement agencies are still working. That includes the investigation of financial crime. FIs will need to ensure that they are resourced to respond to enquiries in relation to financial crime-related matters and other requests for information.
What Should You Do?
I am sure that most FIs have started the process of assessing their resourcing needs and how they will operate over the coming weeks. Here are a few risk-based questions to also consider:
Fraud mitigation – What means can be used to educate your consumers about emerging coronavirus scams and protect their accounts?
AML Impact Assessment – Have you conducted an impact assessment to properly understand when your staff and resources hit “empty” on the AML resourcing gage? What is the “limit” for resources relating to KYC onboarding, transaction and screening reviews and other essential activities to be stretched before they start to be compromised?
Ongoing Communication and Governance – How will you ensure that the staff who perform AML-related activities are able to fulfil their roles effectively and not become overstretched?
Post Event Capacity – Can your institution effectively complete “catch-up” on KYC or transaction reviews while also undertaking BAU? If not, what’s your contingency plan to ensure that you do not end up with an unsustainable remediation project in latter part of 2020?
I’m sure there are many other areas of concern that FIs are doing their best to manage currently. In the meantime, take care of yourselves, your families and your neighbours. We’re all in this together.
Comments