By Laurence Parish, Director, Head of Financial Crime
The impact of the COVID-19 virus has placed an enormous financial strain on individuals, businesses of all shapes and sizes, and on national economies across the globe. It is in such uncertain times that criminals will seek to exploit panic, confusion and misfortune.
Since the UK lockdown commenced on March 24th, all who can have worked from home. Many have either been placed on furlough or been made redundant. It is largely only ‘frontline workers’ who continued to work in their usual workplace, albeit with very unusual arrangements for most of them. Whilst the focus has understandably been on the risk to health, these changes to personal and business routines introduces several risks to organisations, such as:
- Disruption to business processes and controls
- An increase in financial crime
- Reduced confidentiality of business communications
- Threats to information security
- Compromised customer experiences, leading to lost business
We have read about the heroic acts of our first defenders. Neighbours have stepped forward to provide support to those who are less able, or in high risk categories. Also, the dramatic reduction in global activity has resulted in some striking positive developments. Air pollution over China’s cities fell to its lowest levels in decades. UK insurers are providing rebates to their customers, thanks to a reduction in car insurance claims.
Conversely, reports of domestic violence have increased, and there has been a dramatic increase in the number of online sites preying on the pandemic, exploiting vulnerable people and businesses.
The World Health Organisation, together with cyber security experts, have warned of the dangers of fraudsters disguising themselves as official or approved bodies in relation to the virus. Using fraudulent credentials to sell inadequate face masks and other PPE, scam COVID-19 cures, or purporting to be seeking donations on behalf of charities. None of these strategies are new, however the prevalence is heightened.
Cyber criminals are also on the lookout for vulnerabilities within organisations and within their systems. It is therefore critical that employees are educated in how to detect potentially criminal activities.
The sudden and forced migration to homeworking meant many firms had to find remote working solutions in short order to support and enable a continuation of their ongoing operations. This has undoubtedly compromised the controls within some organisations, especially those that did not previously entertain homeworking, or who are smaller in size and therefore perhaps have less sophisticated shielding of their data and communications. You can almost visualise the cybercriminals drooling with the anticipation of the spoils that awaited them.
Many organisations will have AML systems in place, and certainly for those which are regulated within the Financial Services industry, this is not optional. However, in smaller and less sophisticated firms the processes may be largely manual, and internal controllers may lack the resources to quickly adapt business processes to support their new way of working. It does not take a subject matter expert to fathom that such limitations in a world of sudden and extensive change can confuse and jeopardise critical risk assessments, investigations and reporting of fraudulent or suspicious behaviour and activity.
Industry experts are urging institutions to be alert to suspicious activity, which is capitalising on fear, confusion and rapid unexpected change. It is not only the changes in the way businesses need to operate that is introducing risk. The behaviour and buying habits of the customer has changed in an equally dramatic way, providing further opportunities to the financial criminal. For instance, many personal and corporate customers are asking for new cards and increased credit limits, to support increased demand for online purchases or cashflow challenges. Such changes in customers’ requirements and behaviours must be analysed within a robust financial crime risk management framework to detect illegal activity before data or money can fall into the hands of the criminals.
If COVID-19 has taught financial services firms anything, it is that going forward they need to be agile in a way they have never been before. Able to rapidly respond to widespread changes in customer behaviour and demands, whilst continuing to meet the expectations of their shareholders and the needs of their employees, and to conform to the regulatory environment they operate within. Organisations must be secure in the knowledge that they understand exactly who they are doing business with.