Coronavirus Fincrime Infection Inflection Points: Compliance teams must counter surge in alerts, attacks, with fewer resources, even layoffs

The Skinny:

  • The coronavirus pandemic is doing more than taking lives and life savings – it has the potential to also wreak havoc in financial crime compliance departments.
  • The reason: as many financial institutions see profits fall and risks soar, they could decide to trim or reorganize now-scattered fincrime compliance teams.
  • This could be a “perfect storm” scenario where banks will have fewer resources to review an avalanche of alerts – both from normal people drastically shifting money to themselves and others and from fraudsters, scammers and spammers trying to game the system.
  • Regulators don’t have their heads in the sand. Top Treasury agencies are exhorting financial institutions to brace for a surge in disaster-related fraud to better protect their operations and safeguard confused and anxious customers.
  • At the same time, these same financial sector watchdogs are also warning banks not shirk, scrimp and skimp on their compliance duties to quickly and completely review alerts and produce AML filings, while also promising in the same breath some measure of “regulatory relief.”

By Brian Monroe
bmonroe@acfcs.org
March 18, 2020

The coronavirus pandemic, or COVID-19, is doing more than taking lives, wrecking the economy and tanking the stock market – it has a bevy of diseased tendrils snaking their way to financial crime compliance teams to try and infect these departments physically, financially and virtually.

The virus, which reportedly emerged in Wuhan China in December with just a handful of cases, has in recent months jumped borders and has infiltrated nearly 160 countries and regions, including the United States, Europe, Asia and the Middle East, surging to just under 185,000 confirmed cases and more than 7,500 deaths, according to the World Health Organization

Some of the hardest hit areas have also instituted some of the most drastic and draconian measures to halt the disease’s aggressive progression – moves that have come with severe economic and societal tethers that may have inadvertently weakened financial crime compliance departments just as potential suspicious activities soar.

“It’s the perfect storm: more alerts, more false positives, fewer investigators,” said Jim Richards, the former head of AML at Wells Fargo.

How? Here are some snapshots of what could happen and, in some cases, is already happening to financial institution fincrime teams:

  • From coughs to layoffs: As profits run aground and transactional throughput falls, some financial institutions could layoff staff, including fincrime compliance teams.
  • Red alert: As institutions trim anti-money laundering (AML) and fraud teams, or disperse staffers to work from home, they may struggle to adequately analyze alerts, communicate about the proper disposition and create timely suspicious activity reports (SARs).
  • Riding the wave: Compounding the difficulty of reviewing AML and fraud alerts with a scattered or depleted counter-crime team, the overall flow of transactional alerts will likely soar as normal customers change banking patterns to hoard cash or support foreign relatives – and bad guys will try to ride the wave of the alert storm.
  • Put scammers, spammers in the slammer: Fraudsters love using international upheaval and uncertainty to plunder aplenty. So financial institutions must be more wary of fraudsters posing as a charity or company selling anti-viral equipment.
  • Methinks better avoid the links: They must also be wary of official-looking emails telling bank staff to click on a link to learn more about how to stop the spread of the virus, along with more adequately protecting customers from similar felonious fusillades.

These criminals and hacking collectives are as callous as they are opportunistic.

Case in point: Cyber hackers hit the U.S. Health and Human Services Department with an attack  Sunday night during a presentation and update on the nation’s response to the coronavirus pandemic, according to three people familiar with the matter, as cited by media outlets.

The challenges for continuing compliance in a time of coronavirus could be particularly difficult for smaller banks, said Dev Odedra, a longtime financial crime consultant, thought leader and writer who has held top compliance positions at many of the largest banks in Europe and the United Kingdom.

“For larger banks, they should be able to absorb additional work if aml/compliance staff become sick by handing over work to local colleagues temporarily, e.g., in another state/country where they might have the expertise to do the work, if no one else in the department is capable,” he said.

“Another alternative is making use of cross-trained/skilled staff if there is a pool of talent already within the bank,” Odedra said. “Where you might get a problem is in smaller banks where there is no cross state/country resource. This is where institutions may need to bring in external expertise as cover whilst the sick employees recover. This is where mobile/skilled independent individuals may be of great help in such times as these.”

“Where you might get a problem is in smaller banks where there is no cross state/country resource.”
– Dev Odedra
Designer

ACFCS Wants to hear from you – what challenges are you facing due to COVID-19 and how can we help?

At ACFCS, we are keenly aware of the challenges the pandemic is creating for all of the stakeholders working to fight financial crime, including compliance officers, investigators, regulators, auditors and others.

We realize you will be tasked with doing more with less, pressed to converge and be more efficient and effective than ever before – and while just trying to survive, become more of a target for scammers, fraudsters and hackers.

That’s why ACFCS is working to better support our members and the greater financial crime and compliance communities by shifting some future events to virtual platforms, working to unlock members-only content, webinars and resources for everyone and will dedicate more coverage to tips and tactics to survive – and even thrive during and after the pandemic.

But at the heart of this initiative is a focus on our members. We want to hear from you about what are some of the unique challenges you are dealing with and what solutions are on the table to overcome them.

We can then start sharing some of your stories to help other professionals at small, medium and large financial institutions across the spectrum of the sector. We will leave it up to you if you want to have your name, or the name of your institution, made public.

Want to share your stories and guide ACFCS on how we can help? 

Please reach out to Brian Monroe, VP of Content at ACFCS, bmonroe@acfcs.org, or Brian Kindle, VP of Product Development at ACFCS, bkindle@acfcs.org

FinCEN warns: Don’t skimp on AML, be wary of the incoming flood of fraud

These vulnerabilities for the country’s AML, fraud and cyber defenses have not been lost completely on federal regulatory and investigative bodies.

They are cognizant that when global catastrophes strike, criminals, fraudsters and hackers of all stripes will try to take advantage of the turmoil to launder money or enrich their coffers.

For instance, the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) Monday issued a rare communique encouraging financial institutions to “Communicate Concerns Related to the Coronavirus Disease 2019 (COVID-19) and to Remain Alert to Related Illicit Financial Activity.”

To read the full FinCEN advisory, click here.

FinCEN stated it is advising financial institutions to “remain alert about malicious or fraudulent transactions similar to those that occur in the wake of natural disasters.”  

Through an analysis of public reports and proprietary data in its AML database, FinCEN highlighted several emerging trends:

  • Imposter Scams – Bad actors attempt to solicit donations, steal personal information, or distribute malware by impersonating government agencies (e.g., Centers for Disease Control and Prevention), international organizations (e.g., World Health Organization (WHO)), or healthcare organizations.
  • Investment Scams – The U.S. Securities and Exchange Commission (SEC) urged investors to be wary of COVID-19-related investment scams, such as promotions that falsely claim that the products or services of publicly traded companies can prevent, detect, or cure coronavirus.
  • Product Scams – The U.S. Federal Trade Commission (FTC) and U.S. Food and Drug Administration (FDA) have issued public statements and warning letters to companies selling unapproved or misbranded products that make false health claims pertaining to COVID-19. Additionally, FinCEN has received reports regarding fraudulent marketing of COVID-19-related supplies, such as certain facemasks.
  • Insider Trading – FinCEN has received reports regarding suspected COVID-19-related insider trading. 

This isn’t the first time FinCEN has warned the financial sector about the fraud and disaster connection.

The bureau tackled the issue originally in a 2017 “Advisory to Financial Institutions Regarding Disaster-Related Fraud,” which detailed other relevant typologies, such as benefits fraud, charities fraud, and cyber-related fraud.

For suspected suspicious transactions linked to COVID-19, along with checking the appropriate suspicious activity report-template (SAR-template) box(es) for certain typologies, FinCEN is also encouraging financial institutions to enter “COVID19” in Field 2 of the SAR-template to make it easier for law enforcement to find during dives into the AML database.

In public statements and releases from other regulators, they have taken a different tack than FinCEN, stating that banks will get support from examiners in some form of “regulatory relief,” including a longer buffer between exams and be more forgiving for late or missed regulatory filings. 

COVID-19 Compliance Conundrums – how could a biological agent affect my fincrime compliance department?
The pandemic has the potential for a plethora of fincrime infection inflection points, directly and indirectly, including:

  • Looming layoffs: Many financial sectors, including banks, casinos and other operations under the rubric of financial institution, are getting hit hard, with profits, and stock prices, plummeting. As a result, that could mean some operations lay off staffers – including those in AML, counter-fraud and cybersecurity areas.
  • Bad moon (of alerts) rising: Making matters worse, as operations attempt to trim AML departments – due to a foundering business or a significant drop in transactional throughput with so many people staying home – or even make the most out of a far-flung fincrime team working from home, these individuals may have to deal with a massive surge in alerts.
  • The good, the bad and the new normal: Compounding the challenge of the above scenario, transaction patterns for rank-and-file customers are going to change drastically. They will buy hundreds of dollars in groceries, rather than spending less than $100.
  • Swimming with the fishes: They will pull out cash as fast as they can. They will wire money all over the United States and beyond – to support stricken colleagues, comrades and scattered and quarantined foreign family members. Fraudsters and money launderers also use these opportunities to try to hide in an overall rising tide of transactions – swimming illicit with legal funds.
  • Scams, spam and, no, I don’t want any green eggs and ham: And just when you thought it couldn’t get any worse: bad guys actually get worse when there is a global catastrophe. All manner of cyberattacks, spam emails and charity scams surge when the world convulses.
  • Gimme all you got: In recent decades, whether it was hurricanes decimating parts of the U.S. or the wildfires in California, scammers, spammers and fraudsters attempt to take advantage of those who have already lost nearly everything – and those wanting to help.
  • Real problems, fake sites: They will create fake websites to take your credit card details, checks and cash – and pocket the money. They will send weepy emails begging for financial support from an official sounding group, or a slick copy of legitimate aid and charity groups.
  • Beware viruses in the real, virtual worlds: Hackers also have no problem tugging at your heart strings about the aftermath of a deadly virus – so you will click on a diseased link to give you a virus.
  • Locked in and locked out: A further ignoble irony from these virtual villains: They also won’t hesitate to lock you out of your computer in a ransomware attack – while you are locked in your house on lockdown in a regionally-enforced quarantine.

Acknowledgements and further reading:

Dev Odedra: https://www.linkedin.com/pulse/covid-19-outside-biological-risks-financial-crime-threat-dev-odedra/?trackingId=GPGdMywoRHS5oL43mp7gFQ%3D%3D

Becki LaPorte: https://www.linkedin.com/pulse/overlap-coronavirus-pandemic-financial-crime-laporte-cfcs-cams/

Jim Richards: The Perfect Storm: More Alerts, Fewer Investigators, & More False Positives

More alerts, attacks and risks, but fewer resources

FinCEN is also urging institutions to contact the bureau and their federal functional regulator if they feel they could, or are likely, to fall behind on any of their AML duties, including customer transaction and suspicious activity report filings – a vital message as failures now could be the foundation or formal enforcement actions or monetary penalties later.

And that is a line fincrime compliance professionals should pay close attention, said Richards, the former head of AML at Wells.

Specifically, FinCEN requested that financial institutions contact FinCEN and their functional regulator as soon as practicable if it “has concern about any potential delays in its ability to file required Bank Secrecy Act (BSA) reports,” Richards stated in a blog post.

“This is an important acknowledgment by FinCEN,” he said. “The previous Advisory focused on the increase in fraud as a result of natural disasters. This press release adds another element: at the same time fraud is increasing, the ability of financial institutions to manage that increase is impacted because of the ‘shelter in place’ or work from home requirements.”

In short, risks will rise as resources retreat.

“To put it in simple terms, where a bank may have had 1,000 fraud alerts handled by 50 investigators prior to the pandemic, it may now have 2,000 alerts being handled by only 20 investigators,” Richards said.

“And all of this at a time when banks have fewer investigators able to handle the output: they’re at home and either unable to access bank systems or less efficient in doing so.”

FinCEN’s statement comes on the heels in recent weeks of other U.S. financial watchdogs, like the Office of the Comptroller of the Currency, Federal Reserve and others calling on banks to bolster succession planning if staffers fall ill, not shirk duties to protect customers from fraudulent attacks and to be transparent and forthright if they are falling behind and need regulatory relief.

As virus explodes, revenues dry up, institutions still must try to comply

While these preventative measures may seem extreme, these statements by government agencies evince the seriousness of the disease and still-expanding hot zone.

China currently has more than 82,000 confirmed cases of COVID-19. Wuhan, a city of more than 11 million people at the epicenter of the outbreak, has been on lockdown for nearly two months.

In Italy, with nearly 28,000 cases, the government has initiated a full lockdown, with cafes and restaurants closed.

In the United States, last week President Trump declared a National Emergency in response to COVID-19 as the country grapples with more than 3,500 confirmed cases – currently the eighth highest number in the world.

Broadly, the U.S. has instituted travel bans related to China and Europe, expanded screening procedures for other countries and loudly preached the virtues of social distancing, working from home and not gathering in groups of more than 10 people – a move made easier as certain states, like Florida, have forced bars, restaurants and nightclubs to close for a month.

As a result, some entire sectors have been forced to close up shop temporarily with the hovering specter of permanence, such as travel, tourism, including hotel, airlines and cruise lines, the restaurant and entertainment industries, and some financial institution arenas, such as casinos.

So these battered areas of the economy must somehow juggle no or little income, keep the lights on and craft continuity plans for the business to survive and for those subject to AML duties, not fail in running the program and identifying, analyzing and reporting on suspicious activities. 

In fact, more companies in recent months, have been so worried about the potential or actual impact to business, they have made formal mentions to the U.S. Securities Exchange Commission to be as upfront as possible with regulators and investors. 

Graphic Courtesy WSJ, Kaleidoscope

What is a coronavirus?

Coronaviruses (CoV) are a large family of viruses that cause illness ranging from the common cold to more severe diseases such as Middle East Respiratory Syndrome (MERS-CoV) and Severe Acute Respiratory Syndrome (SARS-CoV).

Coronavirus disease (COVID-19) is a new strain that was discovered in 2019 and has not been previously identified in humans.

Coronaviruses are zoonotic, meaning they are transmitted between animals and people.  Detailed investigations found that SARS-CoV was transmitted from civet cats to humans and MERS-CoV from dromedary camels to humans.

Several known coronaviruses are circulating in animals that have not yet infected humans. 

Common signs of infection include respiratory symptoms, fever, cough, shortness of breath and breathing difficulties. In more severe cases, infection can cause pneumonia, severe acute respiratory syndrome, kidney failure and even death. 

Standard recommendations to prevent infection spread include regular hand washing, covering mouth and nose when coughing and sneezing, thoroughly cooking meat and eggs. Avoid close contact with anyone showing symptoms of respiratory illness such as coughing and sneezing. 

Source: World Health Organization

FFIEC calls on banks to shore up continuity in pandemic planning

The chief regulatory body behind some of the seminal tomes of the AML field, including industry bible, the interagency AML manual, is leaping again into the fincrime fray to help institutions better endure a viral assault that could bring operations to their knees.

The Federal Financial Institutions Examination Council (FFIEC) this month issued guidance in an “Interagency Statement on Pandemic Planning” to remind financial institutions that “business continuity plans should address the threat of a pandemic outbreak and its potential impact on the delivery of critical financial services.”

The guidance is a rare update on how to continue banking as institutions battle a biological threat.

The FFIEC has done this before, in 2007 and 2006, tied to Influenza, with credit unions echoing those sentiments.

Here are key takeaways from the FFIEC Statement about what banks should be doing to gird themselves against the raging coronavirus, according to Financial Services Perspectives.

Key Takeaways

  • Leadership of a financial institution must either prepare or update existing business continuity plans to include all aspects of pandemic planning.
  • Actions must be commensurate to the size and operations of the business.
  • Financial institutions must cooperate with local governmental agencies and emergency organizations to determine how best to proceed during a pandemic. Constant monitoring of communications from those agencies is important.
  • Employee and consumer safety are essential. Educating employees, including providing a thorough understanding of the pandemic planning efforts of the institution, should take place.
  • Cross training of employees should take place in the event there are significant absences of employees.
  • An evaluation of risk must take place, with a particular focus on company systems and dependency upon third parties. Financial institutions should be aware of the pandemic planning efforts of their critical third-party vendors and prepare back-up options in the event that a critical vendor may not adequately provide services.
  • Evaluate internal systems with a focus on remote capabilities (e.g., capacity, bandwidth, and authentication mechanisms) to determine whether they can handle significant numbers of employees working from home.

Fraudsters in a pandemic will be ‘running rampant’

But even with these safeguards to continue operations and compliance teams remaining roughly unscathed, banks and other financial institutions will be hard pressed to identify the bulk of illicit funds that could be flowing through their institutions.

For bad guys, there has “never been a better time to commit fraud,” said a former federal investigator now doing compliance at a large financial institution in the U.S., who asked not to be named. “We are already in the midst of a renaissance of fraud” and a virus weakening compliance officers, investigators and prosecutors will only make things worse.

Overall, fraudsters are “going to run rampant,” said the person, adding that the U.S. Department of Justice (DOJ) may need to shift resources and make a concerted effort to go after the mushrooming number of frauds, which could soar in number and the individual and cumulative amount stolen from victims.

The moves could be similar to how in recent decades a host of agencies banded together for the seemingly unwinnable “War on Drugs,” said the person, adding that the U.S. may have to consider changing laws to increase prison time and bake in enhancements for those convicted of large-scale frauds or have been deemed serial fraudsters themselves.

The U.S. should consider taking drastic measures against individuals and organized criminal groups engaged in expansive fraud schemes, including strengthening civil measures to freeze and seize their assets during investigations and even a crafting a public database of Serial Fraudsters to help institutions not grant profligate proliferators of fraud accounts in the first place.

Whether they are targeting securities or savings accounts, credit cards or tax returns, “frauds are already out of control,” said the former investigator, adding that during a pandemic, fraudsters will be “trying to scam grandma and grandpa even more.” 

For bad guys, there has “never been a better time to commit fraud,” than during a natural disaster or global catastrophe  a former federal investigator now doing compliance at a large financial institution in the U.S.

John Doe