Your AMLRx for COVID-19: Part One

By now, reality has set in. The world is in this for the long haul, and anti-money laundering (AML) and sanctions professionals have certainly recognized that the work to protect the financial system will be changed forever. Financial institutions’ (FIs) initial SWAT teams have set up temporary infrastructure to weather out the initial storm. Hopefully everyone is finding small moments to breathe and maybe, just maybe, think about something other than that five-letter, two-number phrase—COVID-19—that has ruled life for at least the past month and a half.

It is more important than ever to take this time to keep planning, keep going and keep showing the world that the financial system will be protected from this crisis. A prescription is needed to treat the current situation as well as the future state.

To ensure that the prescription is effective, FIs need to look at the three phases of COVID-19 as it pertains to AML and sanctions and implement a three-part process to make financial crimes programs secure. That process—before the pandemic (B.P.), during the pandemic (D.P.) and after the pandemic (A.P.)— should be organized accordingly to ensure proper planning and effective implementation.

While B.P. is no longer existent, AML and sanctions professionals can still learn from current pains and strains. Institutions D.P. are facing viral issues consisting of increased workload, shifting typologies, and decreased staffing and resources. The chart below advises on what steps FIs should take during D.P. Most institutions across the globe are required to maintain a business continuity plan (BCP) or disaster recovery plan (DRP). While these plans generally serve the institution at a higher level, most were not designed to consider the impact and need for direction specific to anti-money laundering and counter-terrorist financing (AML/CTF) during times like these.

On April 1, the president of the Financial Action Task Force (FATF) published a statement1 reminding institutions to remain vigilant of emerging money laundering (ML) and terrorist financing (TF) risks as well as ensure effective measures to report suspicious activity remain active. The most helpful FATF statement encouraged institutions to “activate” their risk-based approach—“the FATF encourages governments to work with financial institutions and other businesses to use the flexibility built into the FATF’s risk-based approach to address the challenges posed by COVID-19.” A risk-based approach is an often-heard term that can encompass many layers of operations, processes, as well as nuanced and changing risks. Essentially, a risk-based approach incorporates resources (people, technology), risk exposure (high-risk customers, transactions, current typologies) and current operational environments. It aims to provide flexibility, especially during the pandemic, for shifting resources to the most important areas to sustain effective suspicious activity and sanctions screening programs. Applying a risk-based approach means implementing effective and timely rules as well as customer behavior thresholds to detect activity that, given the current pandemic, requires a review.

Money laundering/terrorist financing (ML/TF) typologies and red flags will vary based on country, transactional infrastructure and existing vulnerabilities in country-level AML/CTF programs. Fraud typologies, which largely differ from ML/TF focused typologies, are ever-changing and are usually published by country-level financial intelligence units. These typologies should be reviewed and applied as much as possible throughout the institution. Separately, institutions should be looking at businesses that did not experience a decline in transactional activity during quarantine measures. Many businesses across the world came to a standstill; if they are still performing business as usual, this could indicate an illicit form of income not related to their business.

Regulated FIs often confuse fraud-focused typologies and ML/TF-focused typologies when it comes to what prevention and detection measures are required for mitigation. In times like this, it is important to note that mitigating measures can mostly take the form of customer education. On the other hand, some red flags require an institution to implement rules to detect the suspicious activity. A few overlap each other, requiring the institution to both educate the customer and implement controls to detect activity. The Venn diagram below indicates which red flags require customer education, which red flags require internal rules, and which red flags could use both measures. Larger institutions with precise monitoring systems may be able to monitor some of the customer-based red flags, but most institutions—given their limited monitoring capabilities—should focus on the institution-based red flags.

While most countries are still under partial quarantine, some are able to or will soon be experiencing life A.P. However, the measures taken during the pandemic cannot be simply switched off. Red flags and illicit activity will continue for some time after countries are declared symptom-free. At the country level, some industries and related businesses may never transact the same way again. There are multiple steps involved in exiting from pandemic processes into the post-pandemic that may include deactivation of ineffective legacy rules, implementation of permanent effective rules, exiting of certain business types, staffing increases, or changes in internal institutional structure and roles.

As with everything, the industry will continue to learn more when trends are established, typologies emerge, countries and industries recover, and people establish a “new normal” level of activity. Timely collaboration is key in the collective fight to protect the world’s financial infrastructure.

Editor’s note: This is an excerpt of an article that will appear in the ACAMS Today June-August 2020 print edition magazine. Please look for the article in its entirety on June 1 on or for your copy in the mail.

Sarah Beth Felix, CAMS, MFS, president, Palmera Consulting, Austin, TX, USA,

Lauren Kohr, senior vice president, chief risk officer, Old Dominion National Bank, Tysons Corner, VA, USA,

Angel Nguyen Swift, president, ASCollaborations, LLC; founder and executive director, Stand Together Against Trafficking (STAT), New York, NY, USA,

  1. “Statement by the FATF President: COVID-19 and measures to combat illicit financing,” Financial Action Task Force, April 1, 2020,

One comment

  1. Interesante artículo, las unidades de cumplimiento deben estar aún mas atentos en esta emergencia sanitaria, para poder comprender los movimientos y aprovechar las condiciones actuales para desenmascarar actividades ilícitas y rediseñar sus procesos.

    Interesting article, the compliance units must be even more vigilant in this health emergency, to be able to understand the movements and take advantage of the current conditions to expose illegal activities and redesign their processes.

Leave a Reply