Combating financial crime – COVID-19’s financial fallout


Johannesburg, 27 May 2020
Read time 5min 20sec
Jaco van der Merwe, Capability Architect, Ovations Group.
Jaco van der Merwe, Capability Architect, Ovations Group.

The financial impact of the COVID-19 virus will likely put enormous pressure on organisations’ financial results, while also presenting potential challenges for individuals. In these uncertain times, and with no clear end to the pandemic, criminals will be all too eager to exploit the current situation.

Jaco van der Merwe, Capability Architect at Ovations Group, says: “Since the nationwide lockdown came into effect on 26 March, the majority of the country’s workforce is working remotely. This, in itself, introduced several challenges, ranging from, but not limited to:

  • Potential disruption to business operations and business continuity;
  • Threats to information security;
  • Potential rise in financial crimes;
  • Threats to confidentiality of basic communication; and
  • Impact on customer experience.

Van der Merwe says as much as the pandemic has highlighted strengths and weaknesses in humanity, bringing out the best in people wanting to assist others, it has also brought to the fore opportunities for others to commit crime.

The interesting thing is that the advent of COVID-19 has resulted in a reduction in many types of crime around the world. A report by USA Today on 4 April 2020 detailed a drop in criminal incidents (in the United States) since 15 March 2020 in 19 out of 20 police agencies examined. However, the report also noted an increase in domestic violence. Closer to home, Police Minister Bheki Cele confirmed a decrease in cases of murder, rape, assault with intention to inflict grievous bodily harm and what he referred to as trio crimes – car hijackings, house robberies and business robberies.

However, in contrast, cyber crime has surged and ConsumerFraudReporting.org published an article detailing the top 10 scams that consumers should be aware of:

  1. Debt collection;
  2. Fake government officials;
  3. Identity theft, phishing and pharming;
  4. Phone scams;
  5. Loan scams/credit fixers;
  6. Fake prizes, free gifts and lottery scams;
  7. Internet merchandise scams;
  8. Automobile-related complaints;
  9. Credit bureau and related credit scams; and
  10. Phishing/spoofing e-mails.

Van der Merwe goes on to discuss the two main approaches that cyber criminals are taking to exploit the COVID-19 pandemic, and he talks about what can be done to protect individuals and organisations against this onslaught.

“Phishing sites and phishing attacks have exploded since the outbreak of the coronavirus. There’s been a massive increase in the registration of Web sites relating to the coronavirus. The World Health Organisation (WHO) issued a statement regarding scammers disguising themselves as the health authority, while many other information and cyber security experts have also advised that users must take particular care when dealing with communications and information relating to the virus.

“They further advised that demand for information about COVID-19 was creating the ideal situation for phishing attacks, with scamsters offering everything from fake cures to appeals to people’s charitable instincts. This type of scam is not new, it’s just the subject matter that’s changed, so it’s vital that employees and users are educated in how to avoid phishing e-mails.”

Cyber criminals are also on the lookout for vulnerabilities within organisations’ systems. “With a large part of the workforce working remotely, many organisations had to rush to find remote working solutions to support and facilitate their ongoing operations. This could potentially result in vulnerabilities and weaknesses within systems, controls and products for cyber criminals to exploit.”

Although many organisations have anti-money laundering (AML) and anti-fraud systems in place, depending on the business’s size and systems, many AML and compliance programs rely on manual processes. They might even lack the technical resources to adapt business practices to support this new way of working. These limitations can hinder critical investigative workflows, risk assessments and reporting of potentially fraudulent or suspicious behaviour and transactions.

In addition, when working remotely, financial crime management teams may have difficulties securely connecting to core banking and investigative systems or navigating multiple applications supporting their daily operations. Employees may also need to travel to the office if they are limited by manual investigation tools or lack adequate means to perform required compliance functions or file regulatory reports.

While remote working can potentially impact operational efficiencies and productivity for the business, it can also lead to several challenges for employees. They have to adapt to a new way of working while trying to juggle health and safety concerns and family responsibilities. All of this can place added stress on employees and the emotional toll can’t be understated or overlooked.

Van der Merwe recommends that organisations put policies, processes and procedures in place to minimise the impact of the COVID-19 pandemic and to ensure business continuity. Industry agencies are urging institutions to remain alert and vigilant in monitoring for rising fraud schemes and report potentially suspicious activity capitalising on consumer fear surrounding COVID-19.

The pandemic has also led to a change in consumer behaviour and this, by default, also introduces new challenges. For instance, many consumers are asking their banks to increase their daily transaction limits to meet increased demand for additional cash, card purchases and transfers. As organisations strive to support customers, financial crime management programs are necessary to monitor for illicit activity.

Also, change in consumer behaviour can potentially increase the number of false positive alerts for anti-money laundering compliance professionals to review. Risk management and compliance programs with limited resources may find it challenging to manage the added workload that false positives can create, while ensuring effective monitoring and reporting of suspicious activity.

Van der Merwe concludes: “Organisations need to think about using everything at their disposal to future-proof their practices and create an ability to respond very quickly, accurately and defensibly to the changing regulatory landscape and to have confidence in the people with whom they do business.”