AML obligations in the COVID-19 recovery: be flexible, but don’t relax
29 May 2020
by Gauri Sinha Manager
Email +44 (0) 7483 379558
The emerging threats from COVID-19 have resulted in a heightened risk of financial crime across the financial services sector. But with remote working and new money laundering typologies, how will firms ensure that they emerge stronger on the other side of this crisis?
The FCA has been clear that during this period of COVID-19 disruption, firms have ‘flexibility’ when applying the rules around client identity verification, such as accepting ‘selfies’ and videos. While this is a welcome step in the current environment, firms must be clear about the difference between being flexible and relaxing the rules. The law remains unchanged, and firms are still expected to comply with the obligations in the Money Laundering Regulations 2017 and the Joint Money Laundering Steering Group guidance. Continuing to meet their obligations will have ramifications for firms both in determining the appropriate controls they need to put in place and how they assess their money laundering risk in the first place. Add into the mix the fact that the COVID-19 pandemic followed swiftly on the heels of AMLD5 in January 2020, which brought in additional obligations, and the challenges firms face are stark.
Following the amendment brought in January 2020 by AMLD5, there is a new obligation that electronic identification processes should be secure from fraud and misuse, and capable of providing an appropriate level of assurance that the person claiming a particular identity is in fact the person with that identity. So, is accepting a ‘selfie’ enough to show compliance?
With the sudden increase in fraudulent transactions, now more than ever, firms should ensure that appropriate steps are taken to verify the identity of a customer- for example, a combination of steps involving customers showing their face and original photo identification documents in a video and comparing that with scanned copies emailed by the customer.
The FCA has also acknowledged the risk of operational delays as a result of remote working, and any ‘reasonable’ delays arising from these new arrangements. But does this mean that firms can delay the monitoring and reporting of suspicious activities? Clearly not, as this would mean criminals slipping through the net.
Monitoring transactions in the current environment is more challenging, as what was flagged as suspicious prior to COVID-19 may not be suspicious anymore, and what was considered normal previously may now be an indicator of criminal activity. For example, a sudden withdrawal of cash transactions, although triggering a red flag, may simply be a result of panic due to financial insecurity in the COVID-19 environment. With less physical cash moving through the legitimate economy, activities surrounding cash intensive businesses are now a possible typology to look out for. If large amounts of cash are still being deposited and the business has been closed for months, this is something that should be classed as suspicious. International trade is also an emerging risk, and banks processing payments linked to trade transactions should take additional measures to establish whether unexpected flows, particularly linked to customers or regions badly affected by the virus, are of legitimate origin. Overall, firms must adjust their parameters for transaction monitoring in light of new vulnerabilities and risks.
Criminals have adapted quickly to the new situation, and firms need to respond by re-evaluating their customer base, customer behaviours and the overall financial crime risk. This is not a time to relax, it is an opportunity to prevent criminals from taking advantage of a pandemic.