By Shin ParkFinScan, a global provider of AML/KYC consulting and compliance solutions, conducted a broad survey to see how the anti-money laundering and anti-financial crime compliance communities are dealing with the unprecedented challenges brought on by the COVID-19 pandemic. Hoping to gain some insight into how compliance professionals are dealing with the challenges as a result of the pandemic, surveys went out to those in the banking, regulation, law enforcement, auditing, compliance and technology industries.
The results illustrate different pandemic response strategies and what the “new normal” will look like in the post-pandemic era. The results also provided insightful knowledge as to how institutions can be better prepared for future crises.
Like so many other industries around the world, anti-financial crime compliance departments were caught off guard by the sudden onslaught of the coronavirus pandemic. The survey revealed three major challenges:
1. Challenges to working from home
Across all responses, the survey found that the top challenge facing the compliance community during the coronavirus pandemic has been the need to work remotely from home while lacking the proper technology and access to internal IT systems required to support such a work environment. The fact that 61 percent of respondents listed this as the largest problem shows how unprepared the compliance community was for a significant disruption.
Working remotely has caused many companies to enter into crisis management mode, prohibiting them from returning to normal operations. The burden placed on IT systems to get employees set up and running securely, not to mention getting processes online as quickly as possible, has proven to be a challenge. Securing data is difficult when employees can no longer use a central network and instead must rely on their personal networks.
Shelter-in-place orders affected 89 percent of respondents, and working remotely has presented an additional challenge: how to best monitor staff productivity. Those companies that already had an automated productivity monitoring system in place were much more likely to consider themselves ready for business as usual than those that did not. Other companies had to rely on manual ways to monitor productivity, and were less likely to consider themselves ready to return to normal operations.
2. Increase in compliance risk
Most organizations feel that their exposure to compliance risk has increased, as their normal compliance controls and processes have been disrupted and compromised due to:
- Difficult remote working conditions
- Inadequate IT support for remote access
- Suboptimal due diligence on new business opportunities
- Rushed to roll out new online services
A majority of respondents felt that the lack of IT systems supporting remote work, and the halt of normal operations in order to immediately get all services online, will contribute to an increase in compliance risk. Many expect to see more risk as a result, but others are optimistic that there are some risk-mitigating factors going in their favor.
Risk drivers include:
- More fraud/scams/cybersecurity issues
- Risk of more transactions completed online
- Data leaks
- Limited resources to maintain procedures
- Suboptimal due diligence
- Pressure to de-prioritize compliance
- Government shutdowns
- Physical risks of employees
Risk mitigating factors include:
- Organizations are shut down or slowed down, decreasing the amount of overall transactions.
- Some businesses had implemented business continuity planning and can contain their risk.
3. More criminal activity
Increases in the number of criminal activity attempts and increased alert volumes were also identified as important risk drivers. Sixty-three percent of respondents expected that criminal activity levels would rise. Because of the various risk drivers facing companies, many feel that they will not be able to respond as timely as they would like to alerts. Most expect to see an increase in alert volumes and backlogs, creating further opportunities for criminal behavior. In addition to the increase in criminal activity and backlogs, organizations also have to consider their ability to meet regulatory requirements that might be hampered due to the pandemic situation.
Compliance professionals working for organizations were more optimistic in their outlook of how the COVID-19 situation would impact them and how effectively pandemic-related challenges could be addressed. This difference was especially pronounced in their views on whether the backlog would increase and if they would be able to meet regulatory requirements and deadlines. This could be the result of more companies in this industry seeing an increase of closures, and therefore a greater slow-down in overall transactions.
What was learned from response strategies?
Better planning means lower risk. Throughout the survey, there was a correlation between having a business continuity plan in place and the organization’s level of risk exposure. For those who had a business continuity plan in place, the reported risk level was lower.
Monitoring staff productivity in a remote environment is a challenge and one that invites further risk, especially due to limited automation capabilities which is shown to significantly limit general readiness for business continuity and increase risk exposure.
Those using automated management dashboards were twice as confident in their business as usual readiness than those with no way of monitoring staff productivity. Those businesses that had taken the opportunity to increase the digitization of their systems saw less risk and spent less time in crisis management.
What are the implications?
In order to be better prepared for another crisis, AML and AFC communities should consider the following steps:
- Improve digital infrastructure and support.
- Ensure “anytime, anywhere” compliance support.
- Digitize customer onboarding and due diligence.
- Upgrade criminal detection tools.
- Install automated staff monitoring system.
- Plan ahead using a risk-based approach.
This crisis has highlighted digitalization of AML compliance functions as a key opportunity for improvement, especially in the areas of customer onboarding and enabling virtual “anytime, anywhere” compliance, to support increased online customer transactions.
As many organizations feel that they have some level of business continuity planning in place—but not sufficient planning to accommodate this particular pandemic situation—an opportunity arises to incorporate a more pandemic-related risk-based approach into their existing business continuity frameworks.
Shin Park is Director, product marketing for FinScan, a global provider of AML/KYC consulting and compliance solutions trusted by leading organizations worldwide.