With the arrival of COVID-19, the threat landscape has changed significantly, increasing the risk of financial crime. What does this mean for financial services firms? How can they adapt quickly to the new-normal in a heavily regulated industry? What additional risks are emerging as we start to place more trust in the digital world?
- A recent survey, before many of the social distancing measures went into force, found that 82% of consumers were concerned about going to their bank, with 63% more inclined to try a digital app.
- Prior to the pandemic, the nature of financial crime was changing. Javelin research found that identity related fraud grew 13% to $16.9bn in 2019, with person to person payments fraud increasing an astonishing 744% between 2016 – 2019, and with account takeovers growing 72% in 2019 alone.
- Much of the regulatory guidance points to robust use of technology for KYC and verification of customers, including use of technology like that offered by Refinitiv with Qual-ID and World-Check.
We are in the midst of a (hopefully) once in a lifetime pandemic which is dominating the news, social media, conversation (at a safe, social distance) and everyday life.
Financial services are not immune to these changes, and whilst banks have been defined as essential services in many countries, the volume of customers or potential customers walking through the doors has dropped significantly.
A recent survey before many of the social distancing measures went into force found that 82% of consumers were concerned about going to their bank, with 63% more inclined to try a digital app.
Prior to the onset of this crisis bank branch numbers were already declining in many western countries, with branch numbers in the UK declining by 22% over the last seven years.
Many US and European banks have announced branch closures to limit the spread of the virus, leaving us to wonder whether we will now start to see an accelerated shift towards digital banking.
COVID-19 and financial crime
With over 1/3 of the world’s population on lockdown due to the COVID-19 pandemic, this has created enormous challenges for companies to enable their workforces virtually, and opportunities for criminals to exploit vulnerabilities and commit financial crime.
Employees are connecting to their corporate networks and systems from a plethora of ‘unknown’ or ‘untrusted’ devices, including personal computers, tablets and phones.
Employees are also communicating via video / chat platforms and applications with hitherto unknown security and encryption vulnerabilities, and this has created huge challenges to ensure connections are robust, secure, encrypted and that they are not opening up back doors for nefarious actors to access corporate systems.
The sheer surface area (defined as the endpoints and devices connected to corporate networks and assets) has increased exponentially over recent weeks.
Financial crime opportunities
This creates new opportunities for cyber criminals to exploit phishing attacks, ransomware and malware attacks and malicious domains with the numbers of such incidents increasing dramatically.
Criminals have targeted the World Health Organization with the creation of fake portals to capture Personal information (PII).
Furthermore there have been numerous examples of Business Email Compromise scams seeking to compromise corporate system access and have funds transferred to illegitimate recipients.
This increased threat landscape puts significant pressure on financial institutions to not only monitor their own systems, and employee access in a virtual environment, but also to ensure they are protecting their customers, and prospective customers as they interact with them digitally.
Financial crime risks
They now have to seriously consider not only AML related risks, but also identity, cybercrime and fraud risks simultaneously, something that FATF fortuitously highlighted they expected in their recent paper on Digital Identity.
Europol has been raising awareness of the serious financial crime risks related to COVID-19 and shared a detailed overview of examples of the types of crimes they are seeing as a direct result of the worldwide change we have seen due to the pandemic.
Even prior to the pandemic, the nature of financial crime was changing, Javelin research found that identity related fraud grew 13% to $16.9b in 2019, with person to person payments fraud increasing an astonishing 744% between 2016 – 2019, and with account takeovers growing 72% in 2019 alone.
Forward looking regulators are showing flexibility, bordering on encouragement, around the adoption of technology to combat illicit financing whilst addressing challenges posed by COVID-19.
FATF recently issued guidance encouraging ‘governments to work with financial institutions and other businesses to use the flexibility built into the FATF’s risk-based approach to address the challenges posed by COVID-19 whilst remaining alert to new and emerging illicit finance risks’ furthermore they encourage use of digital customer onboarding and simplified due diligence in the delivery of digital financial services given the social distancing measures being enforced around the world. We’ve since seen numerous regulators around the world issue their own statements supporting such action including the UK’s FCA, Hong Kong’s HKMA and the US FinCEN.
Much of the regulatory guidance points to robust use of technology for KYC and verification of customers, including use of technology like that offered by Refinitiv with Qual-ID and World-Check to streamline client onboarding and screening aligned to the organizations risk policy.
Technology is available and can be deployed quickly to transform customer onboarding. The big question is will this crisis, and the clear regulatory support, accelerate the shift to digital for more traditional financial institutions as they look to reduce costs, whilst growing their customer base, and doing both while their customers might have restricted freedom of movement?
You could describe this as the perfect storm, what does it take to sail out of it stronger and faster than you went in?
One of our Professional Services partners at Refinitiv has been working to develop a fast track digital onboarding and verification solution. Banks can use this to disburse loans for the Payroll Protection Programme under the Cares Act, supported by the U.S. Small Business Association.
The solution enables a small business to enroll, be verified and screened in under 5 minutes so they can secure an essential loan something largely unimaginable for most SME’s trying to apply for a loan prior to the pandemic.
The good news is solutions are available to help deliver robust digital onboarding, incorporating AML checks, data and document verification and anti-impersonation and anti-fraud checks, and they are available at scale from global companies including Refinitiv.
Keep well and stay safe.