COVID-19: Financial Crime Risk – Regulatory ExpectationsFinancial services providers have been very active in maintaining essential services, managing their own duties as employers and managing operational and compliance risk in the COVID-19 environment.

There have been many reports on emerging financial crime risks related to the COVID-19 pandemic, including increased cybercrime risk and COVID-19 related fraud targeting vulnerable customers.

According to a Europol report, financial criminals are taking advantage of the COVID-19 pandemic and using phishing emails to target individuals. An Garda Síochána also published a coronavirus scam warning at the beginning of the epidemic, highlighting increased risks around 'phishing' and associated frauds, fraudulent selling/trading and social engineering scams. 

Against this backdrop, regulators have provided guidance on their expectations in managing financial crime risk. 

The European Banking Authority (EBA) has issued a statement on actions to mitigate financial crimes during the COVID-19 pandemic, calling on competent authorities to support credit and financial institutions' ongoing anti-money laundering and counter financing of terrorism (AML/CFT) efforts. Competent authorities are requested by the EBA to:

  • Make clear that financial crime remains unacceptable even during the pandemic
  • Continue to share information on emerging AML/CFT risks
  • Set clear expectations on the steps financial institutions should take to mitigate those risks
  • Consider how to adapt their supervisory tools to ensure ongoing compliance by credit and financial institutions with their AML/CFT obligations

The Central Bank of Ireland's website has also been updated with FAQs for regulated firms, providing guidance on what firms should do to manage increased financial crime risk. The regulator continues to emphasise the importance of maintaining effective systems and controls to ensure that the financial system is not abused for money laundering or terrorist financing purposes.

Firms should monitor and assess regulators' ongoing guidance in this area as matters develop. Key points arising from this guidance to date include:

In terms of risk management processes:

  • The Central Bank of Ireland emphasises that firms should remain up to date on the changing AML/CFT techniques and how they might change due to an economic downturn.
  • This will involve in particular reviewing and, if necessary, updating AML/CFT risk assessments and transaction monitoring processes, paying particular attention to changing spending patterns, funds flows and a migration to online payments.

In terms of suspicious transaction reporting:

  • Suspicious Transaction Reports (STR) should continue to be made to the Financial Intelligence Unit of An Garda Síochána using the GoAML electronic process.
  • The usual requirement to also submit STRs to the Revenue Commissioners may not be possible with working from home arrangements. The Revenue Commissioners have indicated that MLROs who are unable to print STRs remotely can provide a paper filing when they return to the office.

In terms of customer due diligence:

  • A statement by the Financial Action Task Force (FATF) highlights the innovative ways in which financial institutions can on-board customers and deliver digital financial services and refers to its recent guidance on Digital ID.
  • The FATF statement also reminds financial institutions to use a risk-based approach to ensure that legitimate non-profit relief work is not hampered so that aid can be delivered to its intended recipients.

Regulated firms should consider what appropriate actions they need to ensure that they continue to meet regulatory expectations during the crisis, including potential changes to their risk assessments and transaction monitoring systems. 

Article supplied by A&L Goodbody