COVID-19 Pandemic: The financial crime threat for private and public organizations

Financial Crime Risk Management (FCRM) in private and public organizations has undergone big changes due to paradigm shifts in business dynamics, emerging threats, regulatory climate and technological advancements. However, in the last few months, the world has been experiencing something unprecedented that has made all other changes somewhat secondary: The Coronavirus (COVID-19). This once-in-a-lifetime phenomenon will change the face of Financial Crime Risk Management (FCRM), compliance and sanctions forever. In this article, I will examine the far-reaching impacts of COVID-19 on financial crime and how private and public organizations can address them.

Increased cyber (financial) fraud

Money transfers through online wallets and online payments, including e-commerce transactions, were used moderately in the past. However, these have now become one of the only ways to conduct transactions due to social distancing measures. Seizing this opportunity, fraud perpetrators equipped with the latest technology are perpetrating more sophisticated online transaction frauds. Because a large part of the global population is not tech-savvy enough to ward off the (financial crime) risks associated with online transactions, they are becoming victims of social engineering and cyber (financial) frauds.

Proliferation of money mule-induced laundering

COVID-19 is going to trigger many small-value fund transfers from various governmental bodies, non-governmental organizations and other agencies to fund relief work. Therefore, transaction patterns may stray from the norm. Any Transaction Monitoring (TM) system will need some time to get tuned to these patterns, and this time will ironically present a golden opportunity for launderers to route funds through money mules and escape detection. Fear of being laid off and the lure of earning income from home will entice people into becoming money mules. Most of the leading regulators, including the Dutch National Police, have warned private and public organizations to be vigilant about any such situation.

Imposter scams

A pandemic of this magnitude brings panic and anxiety among the masses, which in turn presents an opportunity for imposters to design scams impersonating government agencies, international relief organizations or healthcare service providers. One such scam that is already occurring involves banking institutions’ moratorium on equated monthly installments. Borrowers are being contacted by fraud perpetrators over the phone or by email and being asked to reschedule a loan as a relief measure. This allows fraud perpetrators to extract account details and siphon off funds in no time.

Money laundering camouflaged as COVID-19 relief

While the world adapts to fight The COVID-19 Pandemic, launderers are using this time to transfer illicit funds under minimal or no suspicion. Regulators such as the European Banking Authority (EBA) have already warned banking institutions about emerging criminal activity linked to COVID-19.

As stated by the European Banking Authority (EBA), “As most economies are facing a downturn, financial flows are likely to diminish. However, experience from past (financial) crises suggests that in many cases, illicit finance will continue to flow.” Other major regulators have also released similar COVID-19 guidelines. It is incumbent for cash-starved banking institutions to maintain high levels of rigor while monitoring cash transactions.

COVID-19-related insider trading

The current COVID-19-crisis has impaired the business dynamics that drive economic activities in a normal scenario. Only essential companies are open under strict regulatory control. As a result, governmental policies and decisions carry huge implications on trading prices of stocks and if used scrupulously, can lead to market abuse.

Cybercrime and associated crypto-threats

There are reports of cyber-criminals taking advantage of COVID-19 to scam the vulnerable public. Some examples include the following:

  • Healthcare providers being attacked by ransom-ware such as Bitcoin ransom-ware, which is wreaking havoc on the already stressed hospital information technology (IT) infrastructure and cashing in on the COVID-19 Pandemic.
  • Cyber-attacks on the depleted security systems of organizations due to limited staff presence and unpatched vulnerabilities.
  • Launching fake mobile apps, which claim to be providing information on COVID-19, aimed at stealing personal data or even rendering phones unbootable.

All the above developments have two things in common: fear and chaos caused by The COVID-19 Pandemic. This has provided the perfect platform for launderers and fraud perpetrators to thrive until private and public organizations develop a defense mechanism and adaptations become institutionalized. Private and public organizations must quickly improvise to this changed scenario to avoid further damage.

Managing the impact of COVID-19: A job made for private and public organizations

Having understood the gravity of the problem, private and public organizations must now address (financial) crimes triggered by COVID-19. One silver lining in this grim situation is seeing several innovations develop that were unimaginable just a few weeks ago, such as the production of ventilators by car manufacturers and the conversion of trains, ships and even airplanes into hospitals. Private and public organizations are likely to create their own innovative solutions to stay afloat during these testing times as well. The following are realignments that might be used to mitigate COVID-19-related financial (crime) risks.

Strengthening Suspicious Activity Report (SAR) investigation, factoring in emerging risks and enhancing automation

As most client interactions for banking are now happening through online channels, anti-money laundering (AML) procedures will change. The financial (crime) risk perception of banking institutions should also change accordingly as bad actors will introduce newer forms of suspicious activities into the system. The Dutch Authority for the Financial Markets (AFM) has already advised private and public organizations to remain alert to malicious/fraudulent transactions from exploiting The COVID-19 Pandemic.

Given the above changes and with minimal staff strength at their disposal, banking institutions that have introduced automations in the past will gain from these implementations. Others will need to work hard to introduce cognitive Robotic Process Automation (RPA) based on Suspicious Activity Report (SAR) investigation and reporting solutions to meet this challenge.

Fine-tuning adverse media screening

As part of anti-money laundering (AML) investigations, adverse media screening is performed to ascertain whether the investigated entity is involved in anything negative such as criminal proceedings, penalties and fines, involvement in laundering of funds, and so on. Important aspects of adverse media screening include news categorization, context-sensitive interpretation and automation of screening process. With COVID-19 introducing new sets of (financial) crime typologies, private and public organizations will face increased false positive alerts as well as true positive misses. Therefore, private and public organizations need to review their media screening and introduce necessary changes to stay effective. In short, private and public organizations must redefine screening typologies for drawing insights.

New scenario building for Transaction Monitoring (TM)

Like adverse media screening, Transaction Monitoring (TM) scenarios will also need to be adjusted so newer forms of money laundering are kept in check. Therefore, banking institutions need to review Transaction Monitoring (TM) scenarios and introduce Artificial Intelligence (AI)-based detection wherever possible to take care of any new anomalies or pattern changes automatically.

Stricter insider-trading detection through Artificial Intelligence (AI)-based models

Insider-trading as a result of regulatory policy information being leaked must be addressed. Additional scenarios to consider include timing of policy information dissemination and timing of trading. This will be a tough job as it needs to be accomplished in the interest of market integrity. A more rigorous trader and employee communication surveillance will also help a great deal.

Finding newer acceptable ways to perform Know your Customer (KYC) updates

Know your customer (KYC) updates will have serious challenges as social distancing measures continue. Private and public organizations need to develop a robust mechanism using unconventional channels wherever possible, such as online data collection for collecting customer data.

Enriching fraud scenarios with the latest event information

As newer forms of frauds are gaining prominence, Private and public organizations need to enrich their fraud event repository so COVID-19-induced frauds are not missed. Here again, Artificial Intelligence (AI)-based detection models will be quite handy for making unsupervised adjustments in flawed indicators.

Keeping cyber threats at bay by deploying adequate staff

Cyber-security and data breach prevention are nonnegotiable under all circumstances. These are now even more critical due to the following factors:

  • Stress of digital transaction volumes on IT-infrastructure
  • Current onslaught of cyber-criminals
  • Data access by employees working from remote locations

Any frugality in terms of staffing this function will only attract hefty financial and reputational losses and cause severe business continuity issues. Therefore, IT-support should receive top staffing priority.

Including the above-mentioned set of measures, the broad readiness agenda for C-level risk and compliance heads of private and public organizations is depicted below.


The COVID-19 Pandemic will likely be present for the foreseeable future, so appropriate changes in how companies manage (financial crime) risks must be made. After getting over the initial hiccups of grappling with immediate business continuity challenges, (financial crime) risk and IT teams of private and public organizations are now gearing up for the next challenges: how to plan, introduce and institutionalize the above-mentioned adaptations that will help them currently and in the long term. As there is less time to react, operational resiliency and managing speed of change is of utmost importance. One thing that will help private and public organizations a great deal is introducing Artificial Intelligence (AI)-based capabilities, which have very high levels of adaptability to changes in data and information by learning from newer patterns, anomalies and outliers. Private and public organizations that already have these capabilities stand to gain a lot and will be better equipped to handle this COVID-19-crisis now and in the future.

However, it is not possible to develop these capabilities overnight if not existing in their current ecosystem. Therefore, it will be prudent to develop a two-pronged strategy comprising of strategic and tactical measures. The following are key elements of this strategy:

  • All types of detections might be improved through strategic measures, i.e., either by deploying new Artificial Intelligence (AI)-based models within a reasonable time or fine-tuning existing models. For example, money laundering or fraud detection models might be retrained with additional data in order to maintain their detection effectiveness.
  • Changes in manually performed activities might be handled through remediation in the short term so that compliance objectives are quickly achieved. However, in the long run, they would require measures like Robotic Process Automation (RPA) to save effort and time as well as meet new compliance requirements.

Regardless of the strategy, it is important to stay compliant at all times as regulators are not going to provide any major leeway during this hour of COVID-19 Pandemic.

Investigations, Compliance and Defence

VAN LEEUWEN LAW FIRM combines specialist knowledge and years of experience in the various disciplines of compliance, monitoring and enforcement. It provides the services required to help private and public organizations identity the nature and extent of fraud and deliver appropriate remedies: Fraud Risk Assessment, Fraud Risk Management, Fraud Investigations, Compliance Assistance, Integrity Due Diligence, Forensic Business Intelligence, Litigation, Negotiation and Reputation Management.


Most organizations do not have a comprehensive approach to preventing and deterring Corporate Crime. In fact, most companies don’t think about Corporate Crime until they experience one. When Corporate Crime occurs, they go into crisis mode, investigate and try to resolve the Corporate Crime, and then wait until another Corporate Crime occurs.

The strategic alliance with PRAETOR FORENSIC AUDITING enables VAN LEEUWEN LAW FIRM to co-operate with this auditing and financial crime risk management firm if this is beneficial to its clients.

Through it’s servicelines PRAETOR FORENSIC AUDITING helps private and public organizations identity the nature and extent of Corporate Crime and deliver appropriate remedies to establish a more comprehensive approach to preventing and deterring Corporate Crime.

Fraud Risk Assessment

Anti-Fraud provides an independent and objective assessment of the organizations existing anti-fraud programme, gaps in the existing controls and suggest measures to mitigate the gaps.


Fraud Risk Management

To deter the occurrence of fraude, Van Leeuwen Forensic Auditing provides clients with expertise to set-up and implement a visible and transparant fraud risk management program that allows to create an anti-fraud environment.


Fraud Prevention

The attitudes within your organization lay the foundation for a high or low fraud risk environment. Where minor unethical practices may be overlooked, larger frauds may also be treated in a similar lenient fashion. In such an environment there may be a risk of total collapse of your organization either through a single catastrophic fraud or through the combined weight of many smaller frauds. A sound ethical culture and sound internal control systems are essential key components of a fraud prevention strategy.


Fraud Detection

There are a range of fraud indicators – both warning signs and fraud alerts – which can provide early warning that something is not quite right and increase the likelihood that the fraudster will be discovered.


Fraud Response

Any organization should set out its approach to dealing with fraud in its fraud policy and fraud response plan. Organizations should ensure that this includes provision for learning lessons from fraud incidents and appropriate, prompt follow-up action.


Fraud Investigations

Fraud Investigation helps organizations manage the risk an vulnerabilities that come from global corruption, from high profile and complex financial matters to employee, cash, cybercrime and procurement fraud.


Anti-Bribery and Anti-Corruption

Corruption and Bribery have serious consequences for companies operating in an international business environment. In such an environment, businesses are operating under serious pressure, competition is stiff and margins are tight. This, in conjunction with trying to adapt to unfamiliar legal systems, conventions and specific political circumstances, can make doing business in an international environment very difficult. There is therefore much depending on whether your company can win a contract, obtain a licence or market a product in good time.


Compliance and Sanctions

Corporate executives and board of directors have increasing demand on evidences of whether their corporate compliance infrastructures, processes and controls are effective, integrated, efficiently risk-aligned and embedded throughout a complex, global organization. Effective and cost-efficient management of legal, regulatory and reputational obligations is a critical element of corporate governance and enterprise risk management.


Integrity Due Diligence

Integrity Due Diligence (“IDD”) is the gathering of independent information to gain an understanding of the integrity and corruption risks associated with a third party. It provides companies with a means to both identify these risks and confirm (or otherwise) information provided to them by a third party.


Forensic Business Intelligence

Forensic Business Intelligence assists in conducting research and collecting information about a target or an entity through searches on public domain information sources on-site visits and interviews.


Corporate Fraud and Criminal Law

In order to prevent, deter and mitigate Corporate Fraud, organizations have to (a) assess their corporate fraud risk, (b) set-up and strengthen their corporate fraud risk management systems and (c) investigate allegations and indication of corporate risk.

What is Fraud?

There is no universal definition of fraud in law and definitions and scope what constitutes fraud vary from one jurisdiction to another. There are three main categories of fraud that affect organizations:

  • Asset misappropriation, which involves the theft or misuse of an organisation’s assets. 
  • Fraudulent statements usually in the form of falsification of financial statements in order to obtain improper benefit. 
  • Corruption such as the use of bribes or acceptance of kickbacks, improper use of confidential information, conflicts of interest and collusive tendering. 

Who commits Fraud?

Fraud perpetrators usually cannot be distinguished from other people on the basis of demographic or psychological characteristics. People that commit fraud are usually good people who consider themselves to be honest – they just get caught up in a bad situation as a result of pressure, opportunity and rationalization.

The Fraud Triangle

People commit fraud because of a combination of perceived pressure, rationalization and opportunity. The majority of frauds starts small as the result of an immediate financial need. Once individuals gain confidence in their fraudulent scheme, the fraud continues to get larger and larger until it is discovered. The fraud triangle provides a lens from which to examine any fraud. The fraud triangle is comprised of perceived pressure, perceived opportunity and rationalization. Fraud will only occur if all three elements of the triangle are present.

  • Pressure is one of the three elements of the fraud triangle. Pressure is especially important because it is typically an immediate financial pressure that leads people to engage in fraud, e.g. money problems, gambling debts, alcohol or drug addiction, overwhelming medical bills.
  • perceived opportunity to commit fraud, conceal it, and avoid being punished is the second element of the fraud triangle. Opportunity is an essential part of every fraud because if fraud perpetrators don’t have the opportunity to commit fraud then fraud becomes impossible to commit. While eliminating all fraud opportunities may be impossible, reducing or minimizing the opportunity for fraud to occur can pay big dividends for organizations.
  • Rationalization is one of the three elements of the fraud triangle. Rationalization is important because it is the mechanism that allows otherwise ethical individuals to justify unethical behavior. People rationalize to eliminate the inconsistency between what they do and what they know they should do.

eCommerce Fraud

eCommerce Fraud involves the use of stolen or counterfeit payment cards to make direct purchases or cash withdrawals. It also includes the use of stolen card data to buy items over the phone or via the internet. Fraud perpetrators will target retailers that sell goods and services online using stolen credit card details. Online business appeals to those fraud perpetrators, because there is no physical contact with the business or the legitimate cardholder. Businesses should be fully aware of the risks otherwise they are more likely to be targeted.


Long and Short Firm Fraud

Fraud perpetrators hijack or set up an apparently legitimate business with the intention of defrauding both with its suppliers and customers. Those fraud perpetrators are happy to deal in any goods or services that have a market value, preferably those that are not traceable and easily disposable, for example electrical goods, toys, wines and spirits, confectionery etc.


Online Fraud

Businesses now operate in a connected world. They sell across multiple channels and geographies. But as the number of channels and markets businesses operate in continue to rise, so does the risk of fraud. Fraud perpetrators are becoming more sophisticated. Fraud is increasingly difficult to detect. As a result standard fraud verification tools can prove to be insufficient.


Invoice Redirection Fraud

Invoice Redirection fraud (or Mandate Fraud) occurs when your company receives a request to change a direct debit, standing order or bank transfer mandate, from someone purporting to be from another organisation to which regular payments are made, for example a business supplier. It generally takes place when a criminal impersonates your company and deceives the customer into making payment of the company’s genuine invoices to a fraudulent third party account instead.


Procurement Fraud

Employees may be trusted with certain procurement responsibilities which can provide opportunities to commit fraud-related offenders. It’s difficult to identify the risks. A common sense approach is always essential.


Business Email Compromise (BEC) Fraud

Business Email Compromise (BEC) Fraud (or CEO Fraud) is similar to Invoice Redirection Fraud however in this case junior employees in the finance department of a company receive an email from a fraud perpetrator purporting to be the Chief Executive Officer stating that an important deal or some other urgent matter is pending and that a substantial payment needs to be processed immediately.


Email Fraud

Email fraud (“Phishing”) involves fraud perpetrators making contact by email and can take a number of forms. The email may appear to be from a reputable company however when one clicks on the email or attachment or link within the email, malicious software (malware) is downloaded onto the PC or other device allowing the fraud perpetrator to track online activity and identify personal or financial information for fraudulent purposes. Both individuals and companies can be victims of this type of crime.


Phone Fraud

Telephone fraud involves criminals contacting you by phone (vishing) or by text (Smishing) pretending to be your bank, credit card issuer, utility company or often a computer company. During the conversation they will try and trick you into giving personal, banking or security information. Fraud perpetrators may also convince you to make a money transfer to them or inform you that you have won a prize and need to send money to release it. Their intention is to use this information to commit fraud against you or other parties in your name.


Computer Software Service Fraud (CSSF)

Fraud perpetrators may cold call you claiming there are problems with your computer and they can help you to solve them. Those fraud perpetrators often use the names of well-known companies such as Microsoft, Apple or IBM. They could even use the name of your broadband provider to sound more legitimate.


Private Automatic Branch Exchange Fraud

A substantial increase in your telephone bill is an indication your company could be the victim of Private Automatic Branch Exchange (PABX) fraud. Detailed billing will assist in identifying any potential unauthorised calls, usually International calls but they can also be National telephone calls. Another indicator is where customers trying to dial, in or employees trying to dial out, find that the lines are always busy.



Most organizations do not have a comprehensive approach to preventing and deterring Corporate Crime. In fact, most companies don’t think about Corporate Crime until they experience one. When Corporate Crime occurs, they go into crisis mode, investigate and try to resolve the Corporate Crime, and then wait until another Corporate Crime occurs.

The strategic alliance with PRAETOR FORENSIC AUDITING enables VAN LEEUWEN LAW FIRM to co-operate with this auditing and financial crime risk management firm if this is beneficial to its clients.

Through it’s servicelines PRAETOR FORENSIC AUDITING helps private and public organizations identity the nature and extent of Corporate Crime and deliver appropriate remedies to establish a more comprehensive approach to preventing and deterring Corporate Crime.

Investigations, Compliance and Defence

PRAETOR FORENSIC AUDITING combines specialist knowledge and years of experience in the various disciplines of compliance, monitoring and enforcement. It provides the services required to help private and public organizations identity the nature and extent of fraud and deliver appropriate remedies: Fraud Risk Assessment, Fraud Risk Management, Fraud Investigations, Compliance Assistance, Integrity Due Diligence, Forensic Business Intelligence, Litigation, Negotiation and Reputation Management.


Forensic Technology and Discovery Services

PRAETOR FORENSIC AUDITING leverages proven methodologies, as well as innovative and proprietary technologies, to identify relevant investigative and dispute resolution evidence in a timely and credible manner.


Forensic and Financial Crime

PRAETOR FORENSIC AUDITING help clients identify and assess financial crime risk, respond to evolving regulation, react to regulatory action, and enhance their existing financial crime risk management programme. Our services include: Strategy Consulting, Risk Advisory, Compliance Solutions, Independent Review, Technology Innovation and Investigations.


Legel Department Operations

New technologies and processes are transforming in-house legal departments, but staffing models, too, are shifting to create new efficiencies and respond to the need for updated departmental skills and expertise.

Meet the legal department operations (LDO) professionals – a new position in corporate legal departments that is increasingly helping free up attorney time to focus on legal matters instead of operational ones. The recognition that operations, innovation, technology, and procurement should actually be the responsibility of an identifiable individual, rather than part of the portfolio of the general counsel is the biggest emerging trend in legal operations.

The legal department operations (LDO) professional is typically occupied with project management, financial planning, and managing outside counsel. But these legal department operations (LDO) professionals are also responsible for strategy, goal setting, and managing budgets, people, and vendors. Additionally, legal department operations (LDO) professionals play a crucial role in change management, which might explain their recent popularity.

The legal department operations (LDO) professional is often the person to decide what technology changes make sense and to determine how those technologies should be implemented with consideration of financial and operational implications such as budgeting, staffing requirements, outsourcing, and training.