The banking sector is facing a dire situation with respect to rising fraud and money laundering amid the coronavirus pandemic. Sujata Dasgupta explores how COVID-19 is impacting fincrime compliance (FCC) and shares strategies financial institutions can employ to protect their FCC frameworks when future disasters strike.
This new year was special: It heralded a brand-new decade that promised progress and development in all spheres of life like never before. It arrived with hopes of a better tomorrow, but unfortunately it turned out to be short-lived. While the eastern end of the world had already contracted the deadly and contagious coronavirus by December 2019, from January onward it started taking the rest of the world captive. And by mid-March 2020, the entire world had come to a standstill. COVID-19 had arrived.
Human lives, economies and governments have been paused by an invisible microbe that has now become synonymous with fear, isolation and death. But the world is fighting it together, with people on one hand staying at home to prevent the spread, and on the other trying to lead a life as close to normal as possible by embracing digital alternatives. As difficult as this crisis has been for all of us, financial criminals have taken advantage of the unfortunate situation to commit various crimes like fraud and money laundering. What lessons have banks learned from this crisis, and what measures can they now take to strengthen their financial crimes compliance (FCC) frameworks that can withstand disasters like this pandemic? We’ll explore these aspects here.
Desperate Times, Desperate Needs – An Opportunity for Financial Criminals?
Layoffs across the globe have grown to gigantic proportions due to global industries and economies coming to a halt during the pandemic. There are a large group of people whose livelihoods depend on providing services physically; for those, the lockdown worldwide has taken away their means of income, leaving them desperate for employment. Around 22 million people have filed for unemployment benefits in the U.S. alone, and close to 59 million jobs in Europe are at risk. The act of luring these job seekers into money laundering on the pretext of employing them has been on the rise as criminals play on job seekers’ desperation and need for income. Fraudulent investment and Ponzi schemes have flooded the scene, promising incredibly high returns and sucking vulnerable people desperate for an income into this net. Coronavirus-themed sales of goods are also rampant on the internet – many of which turn out to be bait planted by cybercriminals for phishing attacks. While COVID-19 has hindered the lives and/or livelihoods of most, it seems to have provided the perfect opportunity for financial criminals to conduct their business with ease.
Employment Rackets Creating Money Mules– With massive job losses and many millions more at risk of losing jobs, employment rackets have mushroomed, preying on this panic. These job offers are primarily intended for transfer of illicit funds, where the employment seekers’ accounts are used to layer funds and disguise the ultimate owners. Unsuspecting employees are used as money mules; they are paid for this activity without their knowledge of being conduits of money laundering.
Frauds and Scams – Many charities have emerged, apparently for collecting donations to fund treatment and research around the coronavirus. A large number of these are actually scams or facades for converting ill-gotten funds into legitimate ones. Several of these scamsters have also been impersonating genuine charities, as well as health organizations like World Health Organization (WHO).
Coronavirus-Themed Sale of Counterfeit Goods and Price Gouging – Fake medical kits, equipments and masks touted to be N95 and 3M are being sold online at exorbitant prices, as these items are in high demand during this crisis. Even essentials like sanitizers and toilet papers are being sold at unreasonably high prices by some hoarders and black marketeers with no conscience and an intention to profit from this natural disaster.
Misuse of Benefit Packages Provided by Governments – Several governments have announced stimulus packages to provide economic assistance to businesses and households impacted by the COVID-19-induced lockdown. The U.K.’s £330 billion loan package and the U.S.’s more than $2 trillion CARES package are some such measures. As applicants are signing up for relief benefits in very large numbers, the banks through which the economic relief packages are being delivered are getting overwhelmed with conducting thorough and quick due diligence of all such applicant profiles. Unscrupulous criminals are likely to take advantage of this high stress situation when due diligence can be lean, and make money out of the relief payout.
Surge of Malware and Ransomware Attacks – Remote working has become the norm during this pandemic-triggered lockdown, and individuals and businesses have turned to digital means for purposes as varied as staying connected, ordering essential supplies, making utility payments, working collaboratively with distributed teams, and so on. With a drastic upsurge in online activity, this is the perfect opportunity for cybercriminals to execute phishing attacks and hack accounts for ransom demands, among other crimes. Online links related to COVID-19, like health tips and sale of medicines, are being used for such attacks. Hospitals and clinical labs testing COVID-19 vaccines have been victims of ransomware attacks demanding money, failing which their IT systems and data would be held hostage.
Lessons Learned: Strengthening Financial Anti-Crime Frameworks for Disaster Situations
When the pandemic struck the world, people were caught almost unawares by the sudden lockdown, with no certainty of when they would get back to what we knew as normal life. So, it was natural for everyone to panic, stock up essentials, withdraw extra money and make emergency fund transfers to relatives to tide over the crisis. Individuals’ financial behavior changed drastically as they increasingly moved to digital channels and online payments, causing a marked shift in their transaction behavior. Financial institutions suddenly found themselves swamped with a spike in alerts due to customers’ abnormal behavior. The problem was that the financial institutions’ detection models were built for normal situations, while the spikes were due to a natural disaster – an undoubtedly abnormal situation. The pandemic has provided enough lessons to financial institutions to encourage them to strengthen their FCC frameworks such that they can withstand disaster situations in the future.
Strategic Changes to Make Now
Strengthen detection models to adjust to customer behavior changes during disaster scenarios. Financial institutions have already gathered a lot of data on customer behavior changes that led to alert spikes during this pandemic. This data can be used to generate patterns and insights and finetune detection models that can be activated during crisis situations. Detection scenarios for crisis situations should be differentiated from those in normal situations.
Adopt new financial crime typologies for detection rules. FinCEN has encouraged financial institutions to adopt new financial crime typologies that have emerged during this pandemic. Imposter scams, charities and benefits frauds, investment and product scams are some of the new fraud categories financial institutions must incorporate into their FCC frameworks, with appropriate detection tools and reporting mechanisms for taking action on the criminals.
Implement customer self-service for fraud alert resolutions. As financial institutions experienced a heavy surge in suspicious activity alerts primarily due to a sudden change in customer behavior, it was a tremendous task to investigate thoroughly and close all such alerts, most of which turned out to be false. Such effort and resources can be optimized if financial institutions implement customer self-certification and alert resolution through a user interface enabled on digital channels like mobile apps. Fraud alert notifications sent to customers on such channels can then be auto-resolved by them.
Extend adverse media screening to cover negative news around malpractices that thrive in disaster situations. Crimes like hoarding essential goods, price gouging, black marketing, racketeering and sale of counterfeit goods have become extremely common during this crisis. Financial institutions must extend their adverse media screening to cover news about individuals and entities who are found guilty of such offences specifically during disasters.
Strengthen digital identity verification and onboarding. COVID-19 has made it imperative for customers to turn to digital alternatives for almost all needs, including banking. Whether applying for new products or claiming stimulus packages governments have announced, digital processing is the modus operandi of financial institutions. This makes it essential for financial institutions to have strong digital identity verification and seamless digital onboarding framework, as a number of regtech solutions have emerged in this space. The FATF has also released guidelines to this effect to make contactless banking efficient and fraud-proof.
Integrate social network analysis (SNA) to finetune detection algorithms. When any geopolitical event or disaster impacts a region, certain social behavior becomes a pattern in that region in response to such event. SNA-based analytics can be integrated into FCC frameworks to tune detection models to handle regional/geographical events that can lead to change in customer behavior. This can enhance detection and reduce the generation of false alerts.
The Road Ahead: A New Normal
The pandemic arrived like a storm, destroying everything it touched. The world has changed forever, and the way businesses work will see a transformation. Working from home will drive collaborative digital technologies with enhanced security. Amidst all this, financial institutions will have to strengthen their FCC frameworks to prevent and detect the complex crimes that are breeding in this new world. Using advanced technologies, more robust detection models – ones that can integrate internal and external data, review the performance of risk models and analytical algorithms to tune them at frequent intervals and share intelligence on financial crimes among industry peers – can strengthen the global FCC landscape. COVID-19 has taught us how financial crimes proliferate during disasters, and future-proofing financial institutions’ FCC frameworks against such eventualities is an imperative. Here begins a new road, a new normal.