This month (May 2020), the Financial Action Task Force (FATF) published a paper entitled “COVID-19 Related Money Laundering and Terrorist Financing – Risks and Policy Responses”. The paper details recent FATF findings regarding money laundering (ML) and/or terrorist financing (TF) risks arising from COVID-19. The paper also usefully details other findings regarding cybercrime risks due to COVID-19.
The key findings within the paper to be aware of are:
- An increase in COVID-19 related crimes, such as fraud, is creating a new source of illicit proceeds as criminals exploit temporary measures caused by remote working;
- Pandemic measures are changing criminal behaviour, driving criminals to other firms of illegal conduct including new forms of cyberattacks; And
- There are emerging money laundering and terrorist financing risks that could result in –
- Criminals finding ways to bypass customer due diligence measures;
- Increased misuse of online financial services and virtual assets to move and conceal illicit funds;
- Exploitation of economic stimulus measures and insolvency schemes as a means for natural and legal persons to conceal and launder illicit proceeds;
- Increased use of the unregulated financial sector, creating additional opportunities for criminals to launder illicit funds;
- Misuse and misappropriation of domestic and international financial aid and emergency funding; and
- Criminals and terrorists exploiting COVID-19 and the associated economic downturn to move into new cash-intensive and high-liquidity lines of business in developing countries.
It is also reported that there is a risk of increased fraud. The primary fraudulent activities are listed as:
- Impersonation of officials. This may include impersonated officials seeking personal or banking information.
- Counterfeiting (including essential goods). There is an increase in online scams involving medical supplies and PPE given the increased demand.
- Fundraising for fake charities. An increase in fundraising scams where criminals pose as international organisations asking for COVID-19 related donations.
- Fraudulent investment scams. There have been fraudulent scams relating to products or services that can prevent, detect or cure COVID-19.
The paper also details increased cybercrime risks. These risks are listed as:
- Email and SMS phishing attacks. FATF has found that criminals are exploiting concerns about COVID-19 to insert malware on devices. One example of this style of attack was a criminal posing as the WHO and then sent emails with malicious links.
- Business email compromise scams. Amid the rise in remote working, criminals are exploiting weaknesses in business’ network security information to gain access to customer data.
- Ransomware attacks. FATF also indicates that different methods are being used to insert ransomware onto devices. One example is malicious websites or apps that appear to share COVID-19 information to gain and lock access to the device until payment is received.
In addition to the above, FATF also outlines other ML vulnerabilities. The increase of remote transactions and unfamiliarity with online platforms represent significant changes in financial behaviour that inherently provide ML vulnerabilities. In addition, TF risks may be increased as terrorists seek to take advantage of the focus on COVID-19.
FATF emphasises that caution should be exercised at all times. When making a payment or transaction, it is recommended that the details and parties involved are subject to due diligence so that an entity can be satisfied that the transaction is not fraudulent. FATF advises that it may also be beneficial to undertake refresher fraud training to ensure staff are up to date and aware of fraud risk and how to detect potential fraud. The risks outlined above should be.
At DQ, our team are experienced in assisting with all AML/CFT related matters. We would recommend that the risks set out in the FATF paper are considered in the context of your business and incorporated into the risk management framework accordingly.