COVID-19 and money laundering one year on: the trifecta of change
AML6 deadlines, COVID-19 operational changes and user behaviour changes – the FS sector has had a challenging 12 months. Enda Shirley looks at how COVID-19 has impacted compliance teams amidst a continuing pandemic and changed the face of money laundering
The pandemic has generated ripple effects of changes across the financial services sector. The rate of fraud has increased, new compliance directives introduced, consumer spending habits changed overnight during lockdown, and fraudsters in turn had to adapt the way they committed crime. For example, retailers stopped accepting cash for hygiene reasons, forcing money launders to look for new avenues to wash their money. All of which has left the financial services sector in a storm of change, overwhelmed with an increasing the amount of false positives. All of which takes time and resources to investigate.
In this piece, Enda Shirley puts the world of money laundering under the microscope, looking at how the trio of 2021 challenges – AML6 regulatory deadline, COVID-19 operational changes and user behaviour changes – has impacted compliance teams.
6MLD regulatory changes
Early 2020, the upcoming 6th Money Laundering Directive (6MLD) was announced not long after the implementation of 5MLD, along with its December 3rd 2020 transposition deadline and June 6th 2021 implementation deadline. To effectively meet the new regulatory changes and obligations, financial institutions need to focus transitioning from legacy, rule-based functionalities to risk-based anti-money laundering (AML) models.
Risk-based AML means that financial institutions and authorities must assess and understand the level of money laundering and terror financing risk posed by certain transactions, based on a criteria of products and services, customers and entities and geographic location. The criteria is used to assess the level of risk and the appropriate measures needed to mitigate the risk score ascertained. Many financial institutions aren’t quite ready to leave the rule-based model behind, and are developing frameworks for a combined risk-based vs. rule-based model to balance compliance and confidence.
In addition to the call for risk-based models, 6MLD also provides clearer definitions of money laundering crimes and their penalties, extending criminal liability to legal persons and companies with tougher punishments. As a result, businesses will be required to work together in the prosecution of money laundering-related crimes to protect customers from cybercrime and tackle terrorism financing. The aim of fighting cybercrime will be to root out money laundering, with an eye on new virtual currencies that present new risks and challenges for combating money laundering.
While the UK opted out of 6MLD as
“domestic legislation is already largely compliant with the Directive’s measures, and in many cases goes further than what the 6AMLD proposes”, any UK business that wants to operate within the EU, regardless of Brexit, will need to comply with 6MLD requirements.
COVID-19 and operational changes for Financial Services
Compliance departments within the financial services sector are used to working in strict and secure environments. For example, employees leaving their personal phone at the door may have been common practice for many pre-COVID, and working remotely wouldn’t have been a secure option. Fast forward to now, and many have had to work remotely from home since early 2020, forcing teams to transform ways of working and security protocols to work from home. A major juxtaposition from working in sterile secure offices to working in a busy home, with children also learning from home for many.
Rather than introduce further security measures per se, auditing and traceability of work has increased in importance and as a requirement. Users can’t be restricted from accessing personal technology while working remotely, but they can be held accountable and their actions monitored within corporate systems and solutions monitored. If existing systems and solutions do not have the ability to tightly monitor user activity then this would key area to be addressed.
COVID-19 and user behaviour changes
On top of 6MLD and operational changes for financial services businesses, the sector has been faced with consumer behaviour profiles doing a complete 360 overnight. Consumers reduced their typical everyday spending while in lock down and many moved to mostly online spending, and for some, their financial circumstances changed drastically due to job cuts. This drastic change of user behaviour impacted customer due diligence, Know Your Customers (KYC) verification policies and on-boarding practices, with an increasing risk of cybercrime, identity theft and financial fraud – all of which are predicate crimes for money laundering.
Many would assume that forcing money laundering behaviour away from cash may make it easier to detect money laundering behaviour. However, money laundering detection requires a long string of transactions across banks and due to the combined value of the predicate crimes to the end criminal, that is often a millionaire, criminals are prepared to make their supply chain as complex as possible between multiple networks to avoid being caught out, making it hard for banks to spot risky behaviour. Money launderer’s also have large funds to invest in the technology they use, which is often ahead of the banks.
Another factor of the changing behaviours and another key challenge facing the financial services sector is the volume of data begin created every minute of the day. According to IDC, there will be more than 175 zettabytes (that’s 175 trillion gigabytes) of data by 2025. As the volume of data continues to increase, the financial services sector is struggling to harness its true value due to transactional data often being held within numerous legacy systems.
Data is the most important asset in the fight against financial crime. Banks must work towards creating a single combined view of data sources, as AML data is difficult to unpick and requires the adoption of new technologies to connect and enrich multiple streams of disparate data. By using intelligence-led tools such as contextual analysis, banks can understand and identify the relationships and connections to accurately identify potentially money laundering activity.
Learn more about BAE System’s banking compliance solutions.