2020 has been a tough year. The Covid-19 pandemic has sent shock waves across every industry as workers were sent to work from home by default. Homeworking has sounded the final death knell for any protection afforded by the corporate perimeter. Cybercrime and fraud too, have taken advantage of the situation of special conditions afforded by a very unusual situation.
As our workers settle into their home office for the foreseeable future, and the financial sector takes on new challenges to meet Covid-19 pandemic-related issues, where does this leave compliance with data protection laws and regulatory scrutiny?
Financial Conduct Authority (FCA) a remote working warning to the wise
A balancing act, financial access vs. cybercrime?
The FCA has rightly highlighted that under new remote working conditions older methods of monitoring employees to meet regulatory compliance may not meet the requirements.
Then, to add to this, other variables have come into play that means that financial institutions must adjust to new expectations brought on by the pandemic. These are centered around the provisioning of loans and similar payments to businesses:
Take CBILS (Coronavirus Business Interruption Loan Scheme) as an example. This is a UK initiative to provide financial support to businesses with less than 50 employees, during the crisis. Banks are effectively backed by the government to make loans to business applicants under CBILS. To remove friction from the loan application process, the UK government relaxed the rules on due diligence. In line with the relaxation, the FCA states on its website that “CONC 5.2A (responsible lending rule) contains rules and guidance on carrying out a reasonable assessment of a customer’s creditworthiness before taking the process forward. Other than for loans made under the Schemes, firms must continue to carry out creditworthiness assessments in line with the whole of CONC 5.2A on all other regulated lending.” The FCA relaxing the rules for some, but not others…
The above attempts by regulators to support financial institutions in delivering schemes to help citizens weather the storm, are multi-layered. They have to be deployed within a climate of increasing cybercrime and fraud.
Cybercrime during a pandemic
The coronavirus has turned the finance world upside down. It has also presented opportunities galore to cybercriminal networks. This is not lost on the financial regulators. Finding the balance between ensuring that payments to keep businesses afloat during the pandemic are swift and mitigating fraud is the challenge.
The cybercriminal networks are pushing the regulations to the limit at a time when they are relaxing to adjust to the financial requirements of the pandemic. The state of cybercrime during the pandemic is unprecedented. A snapshot of the dark web during 2020 clearly shows that the engines of cybercrime are on full steam ahead:
Tor Metrics collects information on the numbers of .onion sites (dark websites) over time. Between mid-March to mid-September 2020, the numbers almost tripled at the peak and are still more than double the pre-pandemic numbers.
Some of these websites may well be legitimate, perhaps journalistic data sites. However, the fact that phishing campaigns have tracked the increase in these sites demonstrates the likelihood of the malicious nature of the increase.
A report into the effect of the Covid-19 pandemic on cybercrime from the Financial Action Task Force (FATF) has two key findings that highlight the balance needed in dealing with the crisis:
- The increase in COVID-19-related crimes, such as fraud, cybercrime, misdirection, or exploitation of government funds or international financial assistance, is creating new sources of proceeds for illicit actors.
- Measures to contain COVID-19 are impacting on the criminal economy and changing criminal behavior so that profit-driven criminals may move to other forms of illegal conduct
Treading the line between facilitation of loans and other Covid-19 related payments and managing fraud is where technology can help.
Having your financial checks cake and eating it
The financial sector, during the pandemic, has had to weather the storm by ensuring that WFH encompasses the same levels of employee due diligence and monitoring. But at the same time, much of the industry also has to step in and ensure that the wider business community receives fast access to financial help. Squaring this round is a balancing act that needs smart technology to shore it up. There should not have to be a choice between effective AML checks and access to financial help. Believing that providing fast access to cash must mean a degree of acceptance of opening opportunities for cybercriminals should not be a given. There are ways to “have your financial check cake and eat it”.
Smart AML checks can mitigate payment fraud. Juniper Research concurs with this statement. Their report “Fighting Online Fraud in 2020” predicts increased use of machine learning (ML) in fraud detection and prevention. Using a smart technology like ML allows the balance between fast delivery of a service and real-time fraud detection. This gives the financial sector the ability to match customer expectations with the complexity of fraud detection. Using innovative technologies provides the balance needed to meet the challenges of the pandemic, keep regulators happy, and help mitigate fraud.
- Read: Identify and Prevent Financial Crime Schemes Arising from Current Pandemic Circumstances
- Contact us today to speak to one of our financial crime experts.