Covid-19: Exposing Existing Vulnerabilities at Financial Institutions
Let’s face it, nobody knows what is going to happen next when it comes to the current coronavirus pandemic. One thing is certain: Our vulnerabilities have been exposed. Suddenly, the casual high five with a friend, hugging our grandparents and greeting colleagues at the office with a friendly handshake have all become taboo. These are, however, not new vulnerabilities. These actions could have resulted in a viral or bacterial infection before, but more attention has now been drawn to the true impact these actions can have when it comes to the transmission of a disease.
We are not helpless in all of this though. The vulnerabilities mentioned above can be mitigated through practicing proper hygiene, wearing masks and “social distancing”, just to name a few examples that have come from health experts. Awareness creation is the first step toward mitigating vulnerabilities, action is the next and most important step.
What does that have to do with financial institutions?
Parallels of what is happening at the individual level can be drawn to the financial sector. The Financial Action Task Force (FATF), an independent inter-governmental body focused on protecting the global financial system from money laundering and other illicit activity, recently released a very informative report titled “COVID-19-related Money Laundering and Terrorist Financing: Risks and Policy Responses”. Many of the acute threats covered in the paper that are posed to financial institutions are the same as before the pandemic broke out: bypassing due diligence measures, misuse of domestic and international financial aid and emergency funding, using the unregulated financial sector to conceal and launder illicit profits, and so on.
The same holds true for the world of fraud: CEO fraud is on the rise, phishing attacks have increased, applicants for loans and stimulus package benefits are not being honest about company size or even the existence of a company, and the like. These factors are akin to the high-five, the hug, and the handshake: they were there before, and are now being highlighted and exploited in the framework of the covid-19 pandemic.
Could it be that some financial institutions have been operating with a false sense of control, with legacy systems in place to track and monitor fraudulent and illicit activities, implementing a siloed approach to combat financial crime?
The good news is that financial institutions are also not helpless in all of this. Instead of making predictions about what may come, financial institutions need to focus on what can be done today to mitigate existing vulnerabilities that have been highlighted during the pandemic, and prepare themselves to be better equipped for the uncertain times that lie ahead. Here are two examples:
Money laundering and increased money mule activity
Whether through a digital fraud scheme such as work-from-home-scams or using a direct approach, money launderers are taking advantage of people in desperation during this pandemic. Their recruits are often initially unaware that they have become the so-called money mules. Just like with many fraud schemes, the true victims are often not visible to those that may even willingly become money mules, so justifying a few deposits and money transfers becomes easier as the illegal activity behind the dirty money seems so far away.
Pandemic or no pandemic, this activity is illegal, and it needs to be stopped by financial institutions. Banks, insurance companies and payment processors, even before the pandemic, struggled to have successful anti-money laundering procedures in place. The cracks and vulnerabilities in current strategies are just now being highlighted and exploited at a higher rate due to covid-19. A main contributing factor is a lack of collaboration across departments and missing communication amongst the various tools being used within the compliance process. Managers must implement a holistic compliance process to best manage risk across all business lines and customer accounts, and deliver an enterprise-wide view on their customers and portfolios.
This can be accomplished through increased transaction and behavior monitoring. It goes back to the key to any sound anti-money laundering strategy: Know Your Customer. If nothing else, this crisis should be a stimulus for many organizations to begin improving their AML Compliance strategy.
Lending and Solvency Checks
With or without a pandemic, having a sound solvency check workflow in place should be a priority for banks and other financial institutions. I understand that as few barriers as possible were necessary to save many small businesses in the initial phase of this pandemic. That does not change the fact that many fraudsters across the globe profited from the recent capital injection into the international markets through the filing of fraudulent applications.
Now is the time for financial institutions to look at how the risk associated with further stimulus and loan application activity can be minimized. This begins with an appropriate solvency and identity check process. It is important that the process is not an additional barrier to legitimate companies that require funds, but rather a facilitator for quick approval or denial. Detailed checks to understand if the applicant has previously applied with the financial institution must be made. Applicant detail comparisons should be executed to determine if there is a match on any third party or internal fraud blacklists. Pattern analyses can be used to determine if the behavior of applicants matches a previously known fraudulent application.
As many data sources as possible need to be integrated into the process, and the key to all of this is that is must be executed in real time! The result will be fewer loan defaults, happy legitimate businesses that receive funds quickly and frustrated fraudsters that are suddenly being denied.
There is no one single solution to solving any aspect of the covid-19 crisis. It would however be a big mistake to not use this situation to improve current fraud and financial crime strategies. It is vital to assess which vulnerabilities have been most heavily exposed during the crisis (awareness creation) and develop a strategy that will ensure the future viability of the company (action). A good place to start that could bear fruit and provide protection quickly would be in the anti-money laundering and lending spaces as these have been the most exposed areas so far at an international scale.