As we head into winter and the threat of widespread lockdowns increase, anxiety is mounting over the potential effects that new restrictions will have on our fragile economy.
Experts fear the UK could be heading for another credit crunch, or should we say Covid-19 crunch, pushing many European countries into a recession not dissimilar to the one that followed the 2008 financial crisis.
With this economic uncertainty, a no-deal Brexit on the horizon, the 6th Money Laundering Directive (6AMLD) coming into effect – partly due to the increasing levels of fraud being experienced – and budgets tightening generally, compliance professionals will be under increased pressure to mitigate risk.
Increased levels of money laundering and fraud
At the beginning of the pandemic, money laundering activity slowed down, directly as a result of mandated lockdowns across the World. Criminals found it more difficult to get their illicit cash into the system, without raising the suspicions of the Banks, or other financial institutions, or law enforcement agencies. However, now a total lockdown is over, (for the moment at least), and measures have eased in some areas, criminals have adapted.
Money laundering and other illicit activities are increasing again, perhaps greater than pre-covid levels, amidst signs they will take different forms, in order to exploit new opportunities running alongside financial insecurity, unemployment and other anxieties the market is facing. We have highlighted areas of particular concern below.
With increasing levels of unemployment, it is increasingly likely that professional money launderers will exploit vulnerable people by recruiting them as money mules. The term ‘money mule’ refers to a person who knowingly, or unknowingly, transfers illegally acquired money for someone else, through a courier or banking channel. For instance, a launderer might send a person hard cash to deposit into a bank and will eventually ask the mule to transfer that cash into a different account. In return, the launderer offers a percentage of the money transferred, as the mule’s incentive.
Although not a new activity, compliance professionals will need to closely monitor their, previously honest, customers’ transactional behaviour, to ensure that suspicious activities and actions are not being undertaken.
This could seriously affect the processes and resource allocation of any institutions that still rely on manual monitoring and remediation but, for those with digital programs the risk is less taxing – although a review of risk assessment would seem to be a recommended way forward, (see the section on Amber Management below).
During the peak of lockdown, criminals became increasingly reliant on remote/online activity to keep their world turning. With some people accessing online services for the first time, and unlikely to be aware of security best practices, the opportunities for illicit activity increased. The City of London Police reported a 400% increase in COVID-19 related fraud just within March 2020 (source) as criminals took the opportunity to steal people’s personal information, email logins and passwords, and banking details.
In addition to this, there has been a rise in a fraud known as ‘smishing’, which is similar to phishing but carried out via text messages. These trick people into opening malicious attachments or links which could lead to fraudsters stealing similar personal information to that referenced above.
Identity fraud is, arguably, the quickest growing weapon in the armoury of money launderers and other ‘bad actors’. There have been some suggestions that fraudulent identities are the fastest growing ‘population’ in the world. To help combat this insidious practice, there are increasingly effective digital tools, such as biometric facial recognition systems, alongside documentation verification and authentication software, that help identify fraudulent activities, individuals and companies.
Exploitation of government economic relief packages
In the scramble to contain the economic disruption caused by the pandemic and to justify Rishi Sunak’s declaration that the safety net would come ‘red-tape free’, traditional lenders often prioritised speed over their usually robust (if sometimes long-winded) client due diligence processes, leaving their systems open to organised crime groups, opportunistic individuals and identity fraud in general.
A recent BBC investigation found that, despite supposed qualifying measures designed to combat bad actors, criminals were setting up fake businesses on an industrial scale and successfully applying for government-backed Bounce Back Loans – claiming up to £50,000 on each application – with no intention of paying the money back.
NorthRow’s partner Acuris Risk Intelligence, which tracks online fraud, claims to have found more than 100 fake businesses set up by one criminal gang alone. Which, bearing in mind that one of the underlying key criteria for a BBL, was that, to qualify, a business had to have been trading for more than 6 months, is extremely worrying.
As a result, the UK Government faces a potential loss of £26 billion through businesses not repaying CBIL or Bounce back loans; and other associated fraudulent activities, according to the latest National Audit Office (NAO) report.
One has to ask: would this have happened on such an industrial scale, if more of those lenders had digitally-based KYC systems in place? It’s not their problem, because the Government backed the loans 100%, but, even so, we all pay for it in the end!
Increased levels of reporting
All this increased fraudulent activity has placed a substantial additional investigative and reporting burden on regulated businesses. Firms have had to re-configure their AML controls, especially those most likely, and vulnerable, to be targeted by criminals or money launderers.
As a result, some institutions have found themselves struggling to optimise their platforms quickly in such a fast-moving environment. In some instances, this has, and will have, created problems with backlogs of False Positive alerts that reflect ‘pre-COVID’ economic activity. Again, those with digitally-based platforms are likely to come out of this situation better than those still reliant on manual, or partly manual, processes.
How to better mitigate risk and make compliance more efficient
Better Amber Management
Most compliance cost comes from managing the ‘Risk’. In an environment when even the FCA (and most other regulatory bodies) accept the benefits of, or readily endorse, a ‘Risk Based Approach’ (RBA), it’s critical that companies do not get bogged down in investigating every single incidence of potential concern.
An RBA categorises clients as Low, Medium and High risk, based on the record type, the business type and the amount of information obtained, amongst other criteria. So, High risk clients are those most likely to cause concern of breaches, Medium risks have characteristics ‘of concern’, whilst Low risk are of less or minimal concern.
To better manage these levels of risk, NorthRow suggests using a RAG (Red, Amber, Green) system of flagging cases through Onboarding, Monitoring and subsequent Remediation, concentrating on what we term as ‘Amber Management’. This works alongside an RBA, on the basis that: if a record is Green, there is no need for an entity to look into any flags, as they are of little consequence; if a record is Red, then there is a major concern and the entity should consider removing them from doing business and potentially reporting them to the relevant regulatory or law enforcement agencies; instead, most emphasis should be placed on managing those flagged as Amber, as they need to be remediated.
Concentrating efforts on Amber Management, allows entities to better manage their compliance resource, as well as their customer base.
Robust onboarding processes
Delivering robust client due diligence processes at the point of initial onboarding, without sacrificing the client experience, should be the ultimate goal of all regulated entities. They can now and should use the latest in biometric facial recognition, documentation verification and authentication software, to deliver safe and effortless onboarding experiences. Indeed, by using Genuine Presence Assurance (GPA) technology, firms can ensure that their clients are the right person, as well as a real person and authenticate them in real-time right now.
Allowing clients to update their own information and upload ID documents at their own convenience via a digital self-service, also greatly improves the efficiency of the process. Conversely, poor initial data-capture at the point of onboarding is often the reason that lenders are exposed to fraud. That’s why continual monitoring and remediation of an existing customer base, is equally as important as having a robust initial onboarding process.
Remediate your existing data and improve your client monitoring
Given the volatility of the current financial situation (but equally true in normal circumstances), the client you signed up a couple of months ago may not be the same individual or company today For this reason, compliance officers should remediate their back-book of client data, at the earliest opportunity, to quickly highlight high-risk clients.
In addition to remediation of existing clients, and given such rapid changes in the market, ideally businesses should invest in ongoing client monitoring tools, as a safety net against identity volatility, so they can have real-time alerts on relevant changes to their clients’ risk status (as per the Amber Management section, above).
Receiving alerts, of changes in company structure, beneficial ownership, directorships, and customers and their financial stability, through agile cloud solutions, can significantly reduce your business risk and operational overheads.
One of the quickest phrases to come out of Lockdown was ‘what will the new normal look like?’. Rightly, people quickly got bored with the phrase, possibly because there was no answer to the question. But, in retrospect, was there ever a ‘normal’ particularly when it comes to AML?