COVID-19 Pandemic: The financial crime threat for private and public organizations

Financial Crime Risk Management (FCRM) in private and public organizations has undergone big changes due to paradigm shifts in business dynamics, emerging threats, regulatory climate and technological advancements. However, in the last few months, the world has been experiencing something unprecedented that has made all other changes somewhat secondary: The Coronavirus (COVID-19). This once-in-a-lifetime phenomenon will change the face of Financial Crime Risk Management (FCRM), compliance and sanctions forever. In this article, I will examine the far-reaching impacts of COVID-19 on financial crime and how private and public organizations can address them.

Increased cyber (financial) fraud

Money transfers through online wallets and online payments, including e-commerce transactions, were used moderately in the past. However, these have now become one of the only ways to conduct transactions due to social distancing measures. Seizing this opportunity, fraud perpetrators equipped with the latest technology are perpetrating more sophisticated online transaction frauds. Because a large part of the global population is not tech-savvy enough to ward off the (financial crime) risks associated with online transactions, they are becoming victims of social engineering and cyber (financial) frauds.

Proliferation of money mule-induced laundering

COVID-19 is going to trigger many small-value fund transfers from various governmental bodies, non-governmental organizations and other agencies to fund relief work. Therefore, transaction patterns may stray from the norm. Any Transaction Monitoring (TM) system will need some time to get tuned to these patterns, and this time will ironically present a golden opportunity for launderers to route funds through money mules and escape detection. Fear of being laid off and the lure of earning income from home will entice people into becoming money mules. Most of the leading regulators, including the Dutch National Police, have warned private and public organizations to be vigilant about any such situation.

Imposter scams

A pandemic of this magnitude brings panic and anxiety among the masses, which in turn presents an opportunity for imposters to design scams impersonating government agencies, international relief organizations or healthcare service providers. One such scam that is already occurring involves banking institutions’ moratorium on equated monthly installments. Borrowers are being contacted by fraud perpetrators over the phone or by email and being asked to reschedule a loan as a relief measure. This allows fraud perpetrators to extract account details and siphon off funds in no time.

Money laundering camouflaged as COVID-19 relief

While the world adapts to fight The COVID-19 Pandemic, launderers are using this time to transfer illicit funds under minimal or no suspicion. Regulators such as the European Banking Authority (EBA) have already warned banking institutions about emerging criminal activity linked to COVID-19.

As stated by the European Banking Authority (EBA), “As most economies are facing a downturn, financial flows are likely to diminish. However, experience from past (financial) crises suggests that in many cases, illicit finance will continue to flow.” Other major regulators have also released similar COVID-19 guidelines. It is incumbent for cash-starved banking institutions to maintain high levels of rigor while monitoring cash transactions.

COVID-19-related insider trading

The current COVID-19-crisis has impaired the business dynamics that drive economic activities in a normal scenario. Only essential companies are open under strict regulatory control. As a result, governmental policies and decisions carry huge implications on trading prices of stocks and if used scrupulously, can lead to market abuse.

Cybercrime and associated crypto-threats

There are reports of cyber-criminals taking advantage of COVID-19 to scam the vulnerable public. Some examples include the following:

  • Healthcare providers being attacked by ransom-ware such as Bitcoin ransom-ware, which is wreaking havoc on the already stressed hospital information technology (IT) infrastructure and cashing in on the COVID-19 Pandemic.
  • Cyber-attacks on the depleted security systems of organizations due to limited staff presence and unpatched vulnerabilities.
  • Launching fake mobile apps, which claim to be providing information on COVID-19, aimed at stealing personal data or even rendering phones unbootable.

All the above developments have two things in common: fear and chaos caused by The COVID-19 Pandemic. This has provided the perfect platform for launderers and fraud perpetrators to thrive until private and public organizations develop a defense mechanism and adaptations become institutionalized. Private and public organizations must quickly improvise to this changed scenario to avoid further damage.

Managing the impact of COVID-19: A job made for private and public organizations

Having understood the gravity of the problem, private and public organizations must now address (financial) crimes triggered by COVID-19. One silver lining in this grim situation is seeing several innovations develop that were unimaginable just a few weeks ago, such as the production of ventilators by car manufacturers and the conversion of trains, ships and even airplanes into hospitals. Private and public organizations are likely to create their own innovative solutions to stay afloat during these testing times as well. The following are realignments that might be used to mitigate COVID-19-related financial (crime) risks.

Strengthening Suspicious Activity Report (SAR) investigation, factoring in emerging risks and enhancing automation

As most client interactions for banking are now happening through online channels, anti-money laundering (AML) procedures will change. The financial (crime) risk perception of banking institutions should also change accordingly as bad actors will introduce newer forms of suspicious activities into the system. The Dutch Authority for the Financial Markets (AFM) has already advised private and public organizations to remain alert to malicious/fraudulent transactions from exploiting The COVID-19 Pandemic.

Given the above changes and with minimal staff strength at their disposal, banking institutions that have introduced automations in the past will gain from these implementations. Others will need to work hard to introduce cognitive Robotic Process Automation (RPA) based on Suspicious Activity Report (SAR) investigation and reporting solutions to meet this challenge.

Fine-tuning adverse media screening

As part of anti-money laundering (AML) investigations, adverse media screening is performed to ascertain whether the investigated entity is involved in anything negative such as criminal proceedings, penalties and fines, involvement in laundering of funds, and so on. Important aspects of adverse media screening include news categorization, context-sensitive interpretation and automation of screening process. With COVID-19 introducing new sets of (financial) crime typologies, private and public organizations will face increased false positive alerts as well as true positive misses. Therefore, private and public organizations need to review their media screening and introduce necessary changes to stay effective. In short, private and public organizations must redefine screening typologies for drawing insights.

New scenario building for Transaction Monitoring (TM)

Like adverse media screening, Transaction Monitoring (TM) scenarios will also need to be adjusted so newer forms of money laundering are kept in check. Therefore, banking institutions need to review Transaction Monitoring (TM) scenarios and introduce Artificial Intelligence (AI)-based detection wherever possible to take care of any new anomalies or pattern changes automatically.

Stricter insider-trading detection through Artificial Intelligence (AI)-based models

Insider-trading as a result of regulatory policy information being leaked must be addressed. Additional scenarios to consider include timing of policy information dissemination and timing of trading. This will be a tough job as it needs to be accomplished in the interest of market integrity. A more rigorous trader and employee communication surveillance will also help a great deal.

Finding newer acceptable ways to perform Know your Customer (KYC) updates

Know your customer (KYC) updates will have serious challenges as social distancing measures continue. Private and public organizations need to develop a robust mechanism using unconventional channels wherever possible, such as online data collection for collecting customer data.

Enriching fraud scenarios with the latest event information

As newer forms of frauds are gaining prominence, Private and public organizations need to enrich their fraud event repository so COVID-19-induced frauds are not missed. Here again, Artificial Intelligence (AI)-based detection models will be quite handy for making unsupervised adjustments in flawed indicators.

Keeping cyber threats at bay by deploying adequate staff

Cyber-security and data breach prevention are nonnegotiable under all circumstances. These are now even more critical due to the following factors:

  • Stress of digital transaction volumes on IT-infrastructure
  • Current onslaught of cyber-criminals
  • Data access by employees working from remote locations

Any frugality in terms of staffing this function will only attract hefty financial and reputational losses and cause severe business continuity issues. Therefore, IT-support should receive top staffing priority.

Including the above-mentioned set of measures, the broad readiness agenda for C-level risk and compliance heads of private and public organizations is depicted below.

Conclusion

The COVID-19 Pandemic will likely be present for the foreseeable future, so appropriate changes in how companies manage (financial crime) risks must be made. After getting over the initial hiccups of grappling with immediate business continuity challenges, (financial crime) risk and IT teams of private and public organizations are now gearing up for the next challenges: how to plan, introduce and institutionalize the above-mentioned adaptations that will help them currently and in the long term. As there is less time to react, operational resiliency and managing speed of change is of utmost importance. One thing that will help private and public organizations a great deal is introducing Artificial Intelligence (AI)-based capabilities, which have very high levels of adaptability to changes in data and information by learning from newer patterns, anomalies and outliers. Private and public organizations that already have these capabilities stand to gain a lot and will be better equipped to handle this COVID-19-crisis now and in the future.

However, it is not possible to develop these capabilities overnight if not existing in their current ecosystem. Therefore, it will be prudent to develop a two-pronged strategy comprising of strategic and tactical measures. The following are key elements of this strategy:

  • All types of detections might be improved through strategic measures, i.e., either by deploying new Artificial Intelligence (AI)-based models within a reasonable time or fine-tuning existing models. For example, money laundering or fraud detection models might be retrained with additional data in order to maintain their detection effectiveness.
  • Changes in manually performed activities might be handled through remediation in the short term so that compliance objectives are quickly achieved. However, in the long run, they would require measures like Robotic Process Automation (RPA) to save effort and time as well as meet new compliance requirements.

Regardless of the strategy, it is important to stay compliant at all times as regulators are not going to provide any major leeway during this hour of COVID-19 Pandemic.

Nieuwe verruiming vrije advocaat keuze

Zo’n 2,5 miljoen Nederlanders hebben een rechtsbijstandsverzekering. Veel rechtsbijstandsverzekeraars hanteren als uitgangspunt dat een verzekerde wordt geholpen door één van de juristen of advocaten die bij hen in dienst zijn. Op het moment dat een gerechtelijke procedure gestart dient te worden of tegen een verzekerde wordt gestart,  heeft de verzekerde twee (2) keuzes: hij kan zich bij laten staan door één van de juristen/advocaten in dienst van de rechtsbijstandsverzekeraar of hij kan zelf een (externe) advocaat inschakelen op kosten van zijn verzekeraar. Dit laatste is de vrije advocaatkeuze.

Om de verzekerde te beschermen zijn Europese richtlijnen opgesteld waaruit blijkt wanneer de verzekerde recht heeft op vrije advocaat keuze en de rechtsbijstandsverzekering dient te voorzien in een geschillenregeling. Nederland heeft de regels uit deze Europese richtlijnen verankerd in artikel 4:67 en 4:68 van de Wet op het financieel toezicht (WFT).

Artikel 4:67 Wet op het financieel toezicht (WFT) bepaalt dat de rechtsbijstand-verzekeraar ervoor dient te zorgen dat in de verzekeringsovereenkomst uitdrukkelijk wordt bepaald dat het de verzekeringnemer vrij staat een advocaat of een andere rechtens bevoegde deskundige te kiezen: (1) om zijn belangen in een gerechtelijke of administratieve procedure te verdedigen, te vertegenwoordigen of te behartigen; of (2) indien zich een belangenconflict voordoet.

Alleen in de gevallen uit artikel 4:67 Wet op het financieel toezicht (WFT) geldt een vrije advocaat keuze. Nu artikel 4:67 Wet op het financieel toezicht (WFT) is opgesteld op basis van Europese richtlijnen, is het aan het Europese Hof van Justitie om hier duidelijkheid over te verschaffen. Eerder al werd duidelijk dat het erop neer komt dat met een gerechtelijke of administratieve procedure doorgaans een procedure wordt bedoeld waarvoor (op basis van de wet) verplichte procesvertegenwoordiging geldt. In 2013 voegde het Europese Hof hieraan toe dat dat de vrije advocaat keuze ook geldt wanneer er geen verplichte procesvertegenwoordiging geldt. En in 2016 voegde het Europese Hof hieraan toe dat de vrije advocaat keuze niet alleen geldt voor procedures bij een rechterlijke instantie in eigenlijke zin (zoals de rechtbank of het gerechtshof), maar ook bij administratieve procedures bij een bestuursorgaan, zoals bij het UWV.

Op 14 mei 2020 heeft het Europese Hof van Justitie de vrije advocaat keuze nog verder verruimd, nadat hierover een prejudiciële vraag is gesteld door het Belgische Grondwettelijk Hof. Het Europese Hof maakte duidelijk dat elke fase die kan leiden tot een procedure bij een rechterlijke instantie, zelfs een voorafgaande fase, onder het begrip ‘gerechtelijke procedure’ valt.

Met de uitspraak van het Europese Hof van 14 mei 2020 wordt het recht op vrije advocaatkeuze aanzienlijk verruimd. Het Europese Hof heeft in deze uitspraak overwogen dat een verzekerde het recht op vrije advocaatkeuze heeft voor het buitengerechtelijke traject, oftewel de fase voorafgaand aan een (eventuele) juridische procedure. Dit recht op vrije advocaatkeuze bestond al ingeval er een procedure gevoerd moest worden. Een verzekerde mag dus zelf zijn advocaat in de arm nemen in een procedure en de rechtsbijstandverzekering moet zijn kosten vergoeden.

Het Europese Hof overweegt: “Elke fase die kan leiden tot een procedure bij een rechterlijke instantie, zelfs een voorafgaande fase, moet worden geacht onder het begrip “gerechtelijke procedure” te vallen in de zin van art. 201 van richtlijn 2009/138 te vallen”.

Een rechtsbijstand verzekerde heeft zodoende in iedere fase die kan leiden tot een procedure bij een rechterlijke instantie het recht op vrije advocaatkeuze op kosten van zijn rechtsbijstandsverzekeraar.


https://eur-lex.europa.eu/legal-content/NL/TXT/?uri=CELEX%3A62018CJ0667

EnglishTurkeyFrenchDutchPolandEurope