By Elizabeth K. Madlem, Vice President of Compliance Operations, Compliance Alliance
The formal study of risk management has been around since World War II and involves learning how to identify, assess and manage financial risks for an organization. It has long been associated with market insurance, protections from accidents and use of derivatives. It evolved into contingency planning, analyzing various risk prevention activities and portfolio management. Operational and liquidity risks emerged as a formalized concept in the 1990s as financial institutions intensified their market risk and credit risk management activities. Risk management has become a corporate affair—it is a major player in the decisions of an institution’s management and monitoring policy. The concept of risk began to cover pure risk management, technological risk management models, and operational risk. And as the identification of new risks emerged, so did an expanded concept of operational risk.
Fraud risk is a form of operational risk. It is the risk to current or projected financial conditions and resiliency arising from inadequate or failed internal processes or systems, human error or misconduct, or adverse external events. Fraud historically has been known to increase during disaster-related events. The unprecedented COVID-19 pandemic is no exception to this increase. Fraud can be characterized as an international act, a misstatement or omission to deceive others with the sole purpose of a victim suffering a loss or a perpetrator achieving a gain. It can be internal or external but the key takeaway with fraud is that financial institutions subject to the Bank Secrecy Act are mandated to upkeep an anti-money laundering compliance program and process. Meeting BSA and AML obligations during a pandemic has proven challenging. It has forced financial institutions to adopt a new “business-as-usual process” that magnified challenges for financial crime management programs within institutions of all asset sizes.
Financial institutions, despite any differences in scale, are all facing work from home shifts, evolving customer behaviors and expectations, along with a rise in pandemic-related fraud patterns. The combination of financial and health risks opens vulnerabilities and creates more opportunities for fraudsters. The Agencies recognize that the current environment is (1) unprecedented and (2) requires flexibilities. Back on March 16, 2020, FinCEN released a state to financial institutions regarding the impact of the COVID-19 pandemic. It encouraged financial institutions to communicate their concerns related to the pandemic and to, above all things, remain alert to illicit financial activity. It encouraged financial institutions that had concerns over potential delays in filing any required BSA reports (CTRs and SARs) to contact FinCEN and their functional regulator as soon as practicable.
Second, FinCEN outlined the emerging trends connected with COVID-19: imposter scams, investment scams, product scams and insider trading. Financial institutions are reminded to review FinCEN’s 2017 advisory FIN-2017-A007 for descriptions of other relevant typologies, which included benefits fraud, charities fraud and cyber-related fraud. Entering “COVID19” in Field 2 of the SAR-template when reporting suspicious transactions linked to COVID-19 was highly encouraged. But key pressure points continued to emerge in the new environment for financial institutions. Not only were financial institutions required to identify fraudulent and potentially suspicious activity outside of normal trends, they had to detect disaster-related fraud, increase their protection of elderly customers and report on COVDI-19 trends and losses. This is not to say financial institutions have not risen to the challenges.
FinCEN’s April 3, 2020 notice encouraged financial institutions to “consider, evaluate, and, where appropriate, responsibly implement innovative approaches to meet their BSA/anti-money laundering compliance obligations.” Institutions have considered the health and safety of their employees and customers, and have maintained the stability of the financial system, managing, and mitigating the risks of money laundering and fraud losses. But what considerations should financial institutions continue to focus on as they navigate BSA/AML compliance?
The COVID-19 pandemic has introduced or an increased emphasis on a risk-based approach to BSA compliance. It has supported flexibilities as promulgated by FinCEN and other agencies. While regulators have highlighted the difficulties realized or otherwise by financial institutions, little reassurance or solutions have been offered. For this reason, financial institutions need to consider, evaluate, and determine what a risk-based approach means for its own institution. Criminals are luring targeted, vulnerable individuals and companies with an even stronger virtual presence—these attempts are aimed at undermining the bank’s due diligence and “know your customer” processes within a remote environment. It is imperative that financial institutions review FinCEN and other Agencies’ releases on advisories highlighting common typologies used in fraud, theft and money laundering activities related to the pandemic. The significant increase in online and digital transactions coupled with cyberattacks and related fraud is only going to continue to impact remote platforms and processes. Understanding the new and expanding definition of fraud risk will forces financial institutions to remain diligent with BSA/AML controls and procedures related to the pandemic.