Over the recent months, the world has been consumed by a five-letter, two-number phrase: COVID-19. As a result, many in the anti-financial crime (AFC) field have gone into crisis response mode. How will compliance deadlines be met if the entire team is out sick? What if the anti-money laundering officer (AMLO) gets sick, who will approve the regulatory filings? How will regulatory compliance be sustained with reduced staffing? Can this program be managed in a work-from-home environment and do employees have the technology they need right now? How will the financial system be protected from exploitation? What are the emerging financial crime threats? What needs to be changed in AFC programs to ensure customers and financial infrastructure are protected?

This article will provide several response steps toward coping with the present-day pandemic environment and advise how best to use limited time and team members to activate an appropriate risk-based approach. So, dust off those business continuity programs (BCPs) and disaster recovery plans (DRPs) to combat noncompliance during these uncertain times.

AFC Before Pandemic (B.P.)

In the era B.P., team resources were more than likely already maxed out. There was pressure to do more with less—especially with the promise of new technology. The focus was on modernizing anti-money laundering (AML) practices and staying ahead of emerging money laundering and terrorist financing (ML/TF) risks. Many AFC professionals were counting down the days until they could escape the cold and meet in Hollywood, Florida for the ACAMS moneylaundering.com 25th Annual International AML & Financial Crime Conference.

AFC During Pandemic (D.P.)

But now, D.P., the “Great Pause” must be faced. All attention has shifted to crisis response and there is no choice but to do even more with even less. Pressure mounts due to increasing workloads and shifting typologies. At this point, most financial institutions (FIs) have made it through the initial wave of crisis. The first wave revealed that most institutions’ BCPs and DRPs did not adequately address basic operational processes such as providing employees with the necessary technology to work off-site. Furthermore, the plans were likely deficient in addressing the layered, shifting and nuanced risk that would quickly emerge in AML, counter-terrorist financing and sanctions programs during a crisis—and certainly did not fully consider decreased staff being subjected to additional workload.

In the midst of this crisis, the same pressures continue to increase with the same strict regulatory timelines; but now, there is an additional symptomatic risk to AML programs. In an effort to offset economic damage and get funding to individuals in need, governments across the world are injecting billions into the financial system. Country-specific financial intelligence units (FIUs) are scrambling to release meaningful guidance—some more efficiently than others. Regardless, AML and sanctions professionals must address this guidance to the extent it is clear and actionable in order to realign AML programs accordingly. So where do they go from here?

Step #1: Re-Evaluate Nonessential Processes and Respond With a Risk-Based Approach

According to the Financial Action Task Force, the following is the goal of a risk-based approach,

“ … to support the development of prevention and mitigation measures that are commensurate to the ML/TF risks identified. In the case of banks, this applies to the way banks allocate their compliance resources, organise their internal controls and internal structures, and implement policies and procedures to deter and detect ML/TF, including, where relevant, at group level.”¹

This is an oft-discussed concept, especially in several of the recent guidance publications issued by government authorities. But what does a risk-based approach really mean and how can this age-old concept be leveraged to keep AML programs both resilient to noncompliance and effective in identifying emerging financial-related crimes?

In times of crisis, first look to compliance resources and processes. Is it possible to realign or shift duties? Could more risk be temporarily accepted by modifying nonessential or regulatory required processes? This does not mean abstaining from performing certain required measures such as monitoring for suspicious activity or screening for sanctions. It means assessing whether there is flexibility in how to meet legal requirements and ensuring minimal exposure to evolving AFC vulnerabilities.

Ideally, FIs have already incorporated an AML/sanctions-specific assessment into its BCP or DRP. This will assist in prioritizing compliance resources and requirements by addressing items such as, but not limited to, AML and sanctions regulatory requirements, minimum resources needed, timing requirements, systems required, steps for realignment of resources based on identified priorities, modifications to nonessential processes and documentation of temporary program modifications.

Step #2: Stop the Spread of Illicit Activity

How can a risk-based approach be applied to emerging financial crimes resulting from the crisis?

If a team has been affected by the virus and has less resources, they must re-evaluate current tasks and prioritize their time—especially since there are no signs of returning to “normal” soon. From dispositioning suspicious activity alerts to monitoring for fraud to clearing sanctions hits, AML professionals have a long to-do list. Below are some tips on making the best of this worst-case scenario.

First, look at the rules. Under normal circumstances, 100% of suspicious activity detection scenarios would run, and then their effectiveness would be re-evaluated based on productivity and schedule. In times of crisis, this is one of the most important areas to address. Re-evaluate the productivity of generating alerts and create scenarios to generate alerts relevant to the current environment. One way to do this is to suspend temporarily scenarios or rules that are the least productive alerts (i.e., efficiency ratios are less than 1%) with no transaction type applicable to the current pandemic typologies. At the same time, it is necessary to determine what new risk-based typologies have emerged or will emerge and how to incorporate applicable typologies into the system.

As much as the world would like to move past the pandemic, the reasoning behind the decisions made D.P. should be documented. This could mean syndicating a risk acceptance form to executives or the board detailing the explanation behind the decision.

Considering emerging typologies during times of crisis can be difficult. Here is a starter list of red flags or typologies that may help institutions narrow down where to look.

If a team has been affected by the virus and has less resources, they must re-evaluate current tasks and prioritize their time

First, it is important to note that there are three general types of red flags as described in the table below:

Red Flags

Customer-Based Red Flags

Most cities around the world have experienced a decline in open businesses because of quarantine measures. With that in mind, the following are some red flags for businesses that may need cursory or high-level reviews based on their activity:

• Restaurants and bars maintaining a normal level of automated clearing house (ACH) activity even though their respective city/state may have required closure or may have restricted these businesses to to-go services only (could indicate transaction laundering)
• Nonessential businesses, like nail salons and spas, maintaining a normal level of ACH deposits (merchant card and/or private ATM) even though their respective city/state may have required closure

However, if an institution uses a behavior-centric system, it may prove difficult to focus on the businesses they are specifically searching for—those that have not changed their behavior and should not be open due to restrictions.

Transaction-Based Red Flags

In addition, there are general high-level indicators of potential suspicious activity that will continue to change as typologies, prosecutions and public advisories emerge:

• Increase of wires sent to tax-haven countries by broker-dealers, investment companies or private wealth clients
• Increase in cash, check or ACH deposits for nongovernmental organizations (NGOs) or charities with withdrawals to individuals or large retail purchases at stores not aligned with the NGO purpose
• Large ACH deposits from fundraising sites and corresponding withdrawals out of line with purported fundraising descriptions (fundraising sites can be used to transfer money under the guise of charity)
• Increases in withdrawals of monetary instruments from existing funds on the account or increases in individual monetary instruments being cashed (these typically do not show in the customer’s account in the AML system as they are cashed against the general ledger)
• Increases in electronic wire requests from customers without an AML-confirmed dual-control approval process
• Health supplement or biotech firms that have a large spike in deposits from individuals or offshore companies
• Wealth management advisors, broker-dealers and investment companies receiving several wires, checks or ACHs and leaving the money sitting there or sending the money to a related investment company with similar/same naming convention
  — For example, ABC Investment Advisors receives a spike in deposits from various individuals, trusts and small companies with several large wires and checks sent out to ABC Advisory Services, which banks at another institution. This could indicate related investment companies using institutions to layer funds gathered from investors. If outgoing funds are to a large registered investment company, that could decrease the risk. In addition, note if the investment company uses the increased deposits for luxury items or vacations (Ponzi scheme indicators).

Most cities around the world have experi­enced a decline in open businesses because of quarantine measures

Step #3: Address the Issues of a Decentralized Sanctions Process

Global sanctioning parties—such as the U.S. Treasury Department’s Office of Foreign Assets Control, the U.K.’s Office of Financial Sanctions Implementation and the Australian Sanctions Office—have continued to add entities, individuals and activity to their sanctions lists. This indicates that financial crime, money laundering, drug trafficking, human trafficking and terrorist financing are still happening, even in the midst of a global crisis.

While most institutions, even the large ones, have a decentralized approach to screening for sanctions, there are most likely gaps in perceived importance. For example, the wire department is typically responsible for dispositioning sanctions matches that are a product of their wire platform. If sanctions were not listed as a high priority under the wire department’s BCP, then the appropriate attention would not be given to assessing sanctions risk. This may impact the number of employees available to disposition sanctions matches and it may drive those decentralized areas to change the matching thresholds without the AMLO’s approval or knowledge. AML professionals must be aware of what these decentralized teams are doing right now. It is essential to keep close coordination and regular communication with department heads (wire, deposit operations, wealth management, branches, lending, etc.) so there is full transparency on staffing, timing or matching thresholds. These decisions should not be made without AML or sanctions management knowledge or approval.

A tangential, but related, risk lies within the third-party companies that provide sanctions screening processes for an institution. For example, most institutions use various third-party systems that are maintained by various companies. Are these institutions reaching out to ensure those third-party companies are updating their sanctions lists on a timely basis? Some companies that provide sanctions lists are not regulated FIs so they may not have a BCP in place that requires timely updates. Take some time to make sure that vendors have updated accordingly.

AFC After Pandemic (A.P.)

While the end is a big unknown at this time, preparing for life A.P. is just as important as dealing with the pandemic now. Apply what has been learned during this time and put that into a plan for returning to business as usual.

Some suggestions for the right prescription to move forward include the following:

• Leverage the risk-based approach to identify which processes should be prioritized
• Identify processes that were too time-consuming and not productive B.P., and permanently implement the more effective process that was identified D.P.
• Adjust resources to line up with an inevitable “new normal” as typologies identified D.P. may need to be in place for a while
• Collect metrics for compelling staffing analyses to present to executive management that highlight how AFC resources have been impacted by the pandemic
• Continue to stay tuned to law enforcement bodies that almost daily publish updates for trends regarding financial crime
• Finally, ensure that for every change, the appropriate documentation exists

Do not get caught in another B.P., prepare for a D.P. and see you A.P.!

Sarah Beth Felix, CAMS, MFS, president, Palmera Consulting, Austin, TX, USA, sarah@palmeraconsulting.com

Lauren Kohr, CAMS-FCI, senior vice president, chief risk officer, Old Dominion National Bank, Tysons Corner, VA, USA, LKohr@ODNBonline.com

Angel Nguyen Swift, CAMS, president, ASCollaborations, LLC; founder and executive director, Stand Together Against Trafficking (STAT), New York, NY, USA, angel@angelswiftcollabs.com

1. “Guidance for a Risk-Based Approach,” Financial Action Task Force, October 2014, http://www.fatf-gafi.org/media/fatf/documents/reports/Risk-Based-Approach-Banking-Sector.pdf
2. For fraud scams, see “FBI Urges Vigilance During COVID-19 Pandemic,” FBI, https://www.fbi.gov/coronavirus. For the purposes of this article, the focus will be on red flags pertaining to the transaction-based and customer-based red flags relevant to ML/TF.