AML Guidance From FIUs During COVID-19
July 10, 2020
Posted April 15. Updated July 10: FinCEN issues advisory
Financial intelligence units (FIUs) have responded to the current pandemic with warnings about an increase in COVID-19-related crime or guidance to help AML compliance teams focus their priorities to keep business flowing.
Although each has specific roles to play, most agencies have issued similar notices calling for businesses to concentrate on the basics to combat illicit financing and maintain AML obligations during the coronavirus pandemic.
In the U.S., the Financial Crimes Enforcement Network (FinCEN) issued a notice on April 3 cautioning that the situation is fluid. FinCEN said banks should check back regularly for updates to help comply with the American Bank Secrecy Act (BSA) and the Coronavirus Aid, Relief, and Economic Security Act (CARES Act).
“Compliance with the Bank Secrecy Act (BSA) remains crucial to protecting our national security by combating money laundering and related crimes, including terrorism and its financing,” FinCEN said. In a statement.
“FinCEN expects financial institutions to continue following a risk-based approach, and to diligently adhere to their BSA obligations.”
Regulatory relief from FinCEN
The FinCEN BSA notice provides some relief to BSA compliance. One of the changes allows exempting from beneficial ownership requirements any new loans extended to existing customers under the (CARES Act) Paycheck Protection Program.
“If the PPP loan is being made to an existing customer and the necessary information was previously verified, you do not need to re-verify the information,” FinCEN said in April 13 in a statement.
Meanwhile, FinCEN has created a COVID-19-specific online contact mechanism, via a specific drop-down category, for financial institutions to communicate to FinCEN any COVID-19-related concerns while adhering to their BSA obligations.
FinCEN is also relaxing filing obligations for Currency Transaction Report (CTR) filing during the pandemic.
“FinCEN will issue further information on these types of CTR filings at an appropriate time with reasonable implementation periods.”
FinCEN issues red flags
FinCEN issued an advisory May 18th to alert financial institutions to rising medical scams related to the COVID-19 pandemic. This advisory contains red flags, descriptions of COVID-19-related medical scams, case studies, and information on reporting suspicious activity.
BSA data, as well as information from other federal agencies, foreign government partners, and public sources indicate possible illicit activities related to the COVID-19 pandemic regarding fraudulent cures, tests, vaccines, and services; non-delivery scams; and price gouging and hoarding of medical-related items, such as face masks and hand sanitizer.
Red flags include:
- The merchant is requesting payments that are unusual for the type of transaction or unusual for the industry’s pattern of behavior. For example, the merchant requires a pre-paid card, the use of a money services business, convertible virtual currency, or that the buyer send funds via an electronic funds transfer to a high-risk jurisdiction.
- Financial institutions might detect patterns of high chargebacks and return rates in their customer’s accounts.
- The merchant does not appear to have a lengthy corporate history, lacks physical presence or address, or lacks an Employer Identification Number. Additionally, if the merchant has an address, there are noticeable discrepancies between the address and a public record search for the company or the street address. Searches in corporate databases reveal that the merchant’s listing contains a vague or inappropriate company name, multiple unrelated names, a suspicious number of name variations, multiple “doing business as” (DBA) names, or does not align with its business model.
- The merchant claims several last minute and suspicious delays in shipment or receipt of goods. For example, the merchant claims that the equipment was seized at port or by authorities, that customs has not released the shipment, or that the shipment is delayed on a vessel and cannot provide any additional information about the vessel to the customer or their financial institution.
- Domestic or foreign governments have identified the merchant or its owners are being associated with fraudulent and criminal activities
- A newly opened account receives a large wire transaction that the account holder failed to mention during the account opening process
For more red flags, read the medical scam advisory here.
Read the reference notice here.
FinCEN advisory on scams
The Financial Crimes Enforcement Network (FinCEN) issued a new advisory July 7 to alert financial institutions to potential indicators of imposter scams and money mule schemes, which are prevalent during the COVID-19 pandemic.
FinCEN’s advisory contains descriptions of the schemes, financial red flag indicators for both, and information on reporting suspicious activity.
Imposter scams have criminals impersonating organizations such as governments or charities to offer services or otherwise defraud consumers.
Money mule schemes can either be with unwitting money mules, or those where a person is complicit in illegal activities.
Read the full advisory here.
OFAC to consider pandemic effect on enforcement
The U.S. Treasury Department says it will consider the effects of the pandemic on the ability of companies to comply with sanctions as it evaluates possible enforcement actions.
The Treasury’s Office of Foreign Assets Control (OFAC) issued a notice April 20 acknowledging that some companies may need to temporarily reassign sanctions compliance resources due to the pandemic.
The reallocation of those resources could weaken a company’s sanctions compliance efforts, such as its ability to vet business partners or customers and conduct in-person audits.
OFAC has encouraged FIs to tell the agency about pandemic-related compliance concerns, including delays in meeting deadlines. OFAC said it would evaluate resource issues on a case-by-case basis, but noted companies and individuals are still expected to meet their regulatory requirements.
“This includes requirements related to filing blocking and reject reports within 10 business days as required … and responses to administrative subpoenas, … reports required by general or specific licenses, or any other required reports or submissions,” OFAC stated.
Canadian regulator sets up email hotline
Canadian regulator FINTRAC issued guidance saying reporting entities are expected to meet all of their obligations, including those in relation to reporting.
“However, FINTRAC understands that some reporting entities may find themselves in a situation where they are required to reassign and reprioritize their internal resources in response to COVID-19, which may affect their ability to meet certain obligations,” they said in a statement.
FINTRAC said when it comes to reporting, priority should be given to submitting suspicious transaction reports (STRs). In exceptional circumstances, such as terrorist financing, FINTRAC has published a new email hotline where reporting entities can reach out and have an analyst contact them immediately.
FINTRAC has updated its guidance on What is a suspicious transaction report? and Reporting suspicious transactions to FINTRAC. The update includes amendments to the Proceeds of Crime (Money Laundering) and Terrorist Financing Regulations that come into force June 1, 2020 and the feedback FINTRAC received from businesses.
The change to the regulations concerns the timeline to submit a Suspicious Transaction Report (STR). Businesses now have 30 days to report a suspicious transaction from the day they detect something that makes them suspect it. As of June 1, they will need to submit a report as soon as practicable after they have completed the measures that allow them to establish reasonable grounds to suspect a suspicious transaction.
The change should not significantly alter businesses’ current practices leading to the submission of suspicious transaction reports, FINTRAC said.
Europe calls for financial safeguards
Meanwhile, the European Banking Authority issued a statement saying it is important to safeguard the integrity of financial markets as a shared objective of the EU’s anti-money laundering and countering the financing of terrorism (AML/CFT) frameworks.
“It remains important to continue to put in place and maintain effective systems and controls to ensure that the EU’s financial system is not abused for money laundering or terrorist financing (ML/TF) purposes,” EBA said in a statement March 31.
It called on financial institutions to ensure the following:
- Making clear that financial crime remains unacceptable, even in times of crisis such as the COVID-19 outbreak;
- Continuing to share information on emerging ML/TF risks and setting clear expectations of the steps credit and financial institutions should take to mitigate those risks; and
- Considering how to adapt the use of their supervisory tools temporarily to ensure ongoing compliance by credit and financial institutions with their AML/CFT obligations.
UK financial services firms get COVID reprieve
The Financial Conduct Authority (FCA) is giving financial services firms in the UK an additional six months to implement strong customer authentication (SCA) for e-commerce. This is to reduce disruption to consumers and merchants due to the COVID crisis.
Firms are required to take all necessary steps to comply with the revised detailed phased implementation plan and critical path to avoid the risk of enforcement action.
FCA said it expects UK Finance, as coordinator for the industry, to discuss the detailed phased implementation plan soon. In the meantime, the regulator says firms should continue with the necessary preparatory activities such as robust end-to-end testing.
The new timeline of September 14, 2021 replaces the March 14, 2021 date.
FATF says fraud schemes on the rise
The Financial Action Task Force (FATF) , the global money laundering and terrorist financing watchdog, warned April 1 that fraudulent schemes are on the rise and that financial institutions need to ensure due diligence is procedures are followed, in particular because in-person banking has been shifting to online banking.
“Use of financial technology (Fintech) provides significant opportunities to manage some of the issues presented by COVID-19. In line with the FATF Standards, the FATF encourages the use of technology, including Fintech, Regtech and Suptech to the fullest extent possible,” FATF president Xiangmin Liu said in a statement.
In addition, the International Monetary Fund (IMF) came out with additional bad news on April 14, warning of a major recession that will affect the world economy. They are predicting the worst year since the Depression.
In May, FATF issued a new paper in response to an increase in COVID-19 related crimes, including fraud, cybercrime, misuse of government funds and international financial aid.
The FATF said COVID-19 and the new remote methods of working create new sources and methods of finding funds for criminals. At the same time, it is hurting the ability of governments and the private sector to fulfil their AML/CFT obligations.
This could create new risks and ways to bypass customer due diligence measures, FATF said.
The FATF said criminals use the unregulated financial sector to launder illicit funds and exploit financial aid and emergency funding. The organization is also concerned that COVID-19 the global economic downturn could see a move to new cash-intensive businesses in developing countries.
The paper describes the ways in which AML/CFT policy responses can help support the swift and effective implementation of measures to respond to COVID-19.
Australia offers pointers for KYC and fraud
Australia issued guidance for dealing with customers at a time when face-to-face procedures are not always available.
“We recognize that some ‘know your customer’ processes cannot be used,” AUSTRAC said in a statement.
The AML/CTF Rules support flexible KYC processes and procedures, it said. AUSTRAC said other ways that you could verify your customers’ identity and fulfil your KYC requirements include:
- using alternative proof of identity processes
- using electronic copies (scans or photographs) of reliable and independent documentation, in accordance with your AML/CTF program, to verify the identity of individual customers or companies
- relying on disclosure certificates to verify certain types of information about customers who are not individuals, where measures put in place by industry as part of their response to the COVID-19 pandemic mean that such information is not otherwise reasonably available from other sources
The Australian FIU stated if institutions choose to verify a customer’s identity using these options, they should still apply the risk-based systems and controls in your AML/CTF program.
AUSTRAC also encouraged FIs to monitor for new and emerging threats and submit suspicious matter reports (SMRs).
The FIU has also identified areas of criminal exploitation where the financial system may be more vulnerable during the COVID-19
- Targeting of government assistance programs through fraudulent applications and phishing scams.
- Movement of large amounts of cash following the purchase or sale of illegal or stockpiled goods.
- Out of character purchases of precious metals and gold bullion
- Exploitation of workers or trafficking of vulnerable persons in the community.
- An increase in the risk of online child exploitation following restrictions on travel.
- A rise in extremist views either against members of the community or the government.
Movement on Beneficial Ownership
While FIUs are busy with COVID-19 related issues, countries are pressing ahead with regulations for shining a light on ultimate beneficial ownership.
In Europe, there has been some movement on implementing AMLD5 – the latest directive for anti-money laundering.
The Dutch lower house of Parliament accepted in April a bill for consideration to implement the EU directive on the ultimate beneficial owner (UBO) register.
The bill in the Netherlands includes measures to oblige companies and legal entities to register their beneficial owners; and require specified beneficial owner details, including the nature and extent of the beneficial owner’s economic interest.
At the end of March, Luxembourg brought in its law to implement the EU directive to enhance the beneficial ownership registry.
US to push ahead on BO Registry
Turning to North America, CaseWare RCM has learned that officials in the U.S. are confident the delays due to COVID will not prevent legislation from passing before the November elections.
“The bill has strong bipartisan support in the Senate, as it did in the House,” an insider connected to the legislation told CaseWare RCM. “Before the coronavirus pandemic, the bill was expected to be considered in the Senate Banking Committee and once … we return to regular order in the Congress, we will be able to get the Corporate Transparency Act through the Senate.”
Canada is still a long way away from a central registry for beneficial ownership, but the province of British Columbia has a new registry available online to allow for searches of ultimate beneficial owners of property.
However, COVID crisis has caused the province to delay its full beneficial ownership transparency register until October 1, 2020. Previously, the register was to come into effect on May 1.
Links to the latest statements from some of the major agencies can be found below:
- United States: Federal Reserve (US) | FDIC | FinCEN | FINRA | OCC | OFAC | SEC
- Canada: FINTRAC | OSFI
- European Union: EBA
- UK: PRA
- Australia: AUSTRAC
- Rest of World: FATF | IMF | Egmont Group
If your business or FI has been affected by COVID-19, ask us how we can help you through the crisis. We may have an immediate solution for you. To speak to a risk specialist from Alessa about AML compliance, regtech or fraud detection, please contact us today.