This article is being reprinted by permission from the author. You can view the published article here.
If you’re doing AML the same way you were in the pre-COVID world, you’re doing it wrong. Nathan Lynch speaks with some of Australia’s most experienced financial crime experts on the radically changing threat landscape in 2020 — and beyond.
The COVID-19 pandemic has triggered the largest disruption in cash transmission and laundering tradecraft since the start of Australia’s modern anti-money laundering (AML) regime in 2006. In this new world of pandemic lockdowns, mass layoffs and forced business closures, law enforcement agencies and banks need to be on the lookout for changing criminal behaviour as the cash economy comes under unprecedented pressure. Reporting entities also need to understand how legitimate businesses have adapted to this new climate to enable them to identify suspicious activity in the post-COVID world.
“Everything looks unusual right now. It’s very hard to know your customer when your customers don’t even know what their own cashflow will look like in a few days’ time,” said Nick McTaggart, founder of Murinbin Consulting in Sydney.
“Monitoring systems are going to need to be recalibrated. I recommend that this process should start immediately. We can’t give organised criminals the luxury of exploiting this disruption for their own gain.”
McTaggart, who was formerly head of the Australian Federal Police’s (AFP) proceeds of crime squad, said reliance on outdated ideas regarding money laundering tradecraft could be very dangerous in this climate. Criminals have adapted quickly to the new environment, as evidenced by the spike in COVID-19 scams and cyber attacks just weeks into the pandemic, he said.
The closures of casinos, gaming venues and sports clubs will also have a major impact on cash laundering strategies for some criminal groups. This could drive people to make rapid changes to their laundering strategies, as they move their illicit funds into new channels.
Neil Jeans, principal at Initialism, a consultancy in Melbourne, said: “Many countries have shut down their gaming and gambling venues, closing off this avenue for illicit cash to enter the financial system. The ability to get cash into the financial system has also been impacted more broadly by social distancing.”
“Warehousing of cash may be the only option for some criminals until the economy opens up again.” — Neil Jeans
The COVID-19 pandemic has already had a direct impact on the economics of street-level crime, with less physical cash circulating through the legitimate economy.
This reduced circulation of cash may result in more illicit deals being done via mobile payment terminals and registered businesses. Banks need to remain attentive for these changes in typical laundering behaviour, which can undermine existing transaction monitoring filters, the experts said.
“It would be interesting to see how many new applications there have been for terminals since the social distancing measures started. People simply do not want to accept cash right now. The demand for new payment terminals for this reason could also mask changes in the methods used by organised criminals to get cash into the system,” McTaggart said.
Over a period of years, law enforcement agencies have seen an increase in the number of street-level criminals who are establishing registered businesses and accepting card payments in return for illicit goods. This is also challenging the typical “placement, layering, integration” model as funds are immediately in the financial system and look like payments for legitimate goods or services.
“It’s likely that this type of activity will skyrocket, as there’s just less cash floating around in the economy. You’re not seeing the ‘noise’ that modern money launders need to operate successfully,” McTaggart said.
Less cash in, more cash out
While illicit cash has struggled to find a home in recent weeks, counterintuitively there has been a large drawdown on banks’ legitimate cash reserves. This has been driven primarily by pandemic preparation as depositors worried about their ability to access cash during the lockdown period. In addition, there was some cash hoarding as false rumours swirled about the solvency of Australia’s major banks during the escalating COVID crisis.
Customers were making unusually large cash withdrawals, in person at bank branches, ranging from $100,000 to millions of dollars.
The Reserve Bank of Australia (RBA) took evasive action to ensure there was no shortage of cash, which would have triggered a procyclical depositor panic.
“The RBA worked closely with the large banks and cash-in-transit companies to ensure branches had sufficient cash supplies,” the RBA’s latest Financial Stability Review said.
The elevated demand for cash “has since abated”, suggesting it was linked to legitimate cash hoarding rather than criminal activity.
Looking ahead, however, banks may need to prepare for a spike in cash-based activity when the economy opens up and social distancing is relaxed. If legitimate cash is being hoarded, as the RBA suggests, this may provide cover for illegitimate funds when it pours back into the formal banking system as deposits.
“I think the biggest impact will be on the dark economy participants and self-launderers who don’t have the sophistication to move more quickly to other methods.” — Nick McTaggart
Dirty cash in the post-COVID world
Some organised crime groups own extensive ATM networks which allow them to feed in dirty cash on a daily basis. In return, they receive regular large transfers of “clean funds” from the customers’ banks. With COVID-19 suppressing the consumer demand for cash from ATMs, however, this is another major bottleneck in the traditional laundering infrastructure.
On the retail front, many businesses that are still operating are refusing to accept cash. They are encouraging contactless payments to reduce the risk of transmission of COVID-19 and to protect their staff. Most banks have doubled the dollar threshold for PIN-free card transactions, which has also reduced the risk of viral transmission.
“Using the terminal to punch in the PIN can increase the risk of COVID-19 transmission. As a result Visa in Australia, at the request of the government, has increased the tap-and-go limit from A$100 to A$200 to reduce the need for physical contact,” Jeans said.
This decision was made to balance the risks of card fraud with the “social distancing” benefits of going cashless. It has also increased the likelihood that criminals will be exploring other ways to place their dirty cash, including through the cash purchase of high-value goods. Jewellery, off-market purchases of precious metals, boats and vehicles are all attractive targets.
“Given the difficulties some people find themselves in, this would be a natural transition,” McTaggart said.
Know your customers, even if they don’t know themselves
In this climate, it is very difficult for banks to conduct accurate transaction monitoring and customer due diligence. The profile of what constitutes “normal” customer behaviour has been thrown out of the window. To complicate matters, some businesses have been closed down while similar businesses are still able to operate on a limited basis.
Cohort analysis will be crucial — albeit very difficult — in identifying aberrant behaviour. AML teams need to be on the lookout for small business customers, for instance, that do not show the same revenue decline as their peers in the same business cohort.
“There will clearly be businesses that are winners and business that are losers as a result of the social distancing measures. They’re trying to pivot their businesses to a distanced engagement model. One ‘red flag’ could be an increase in cash deposits, but also an increase in the use of prepaid cards which have specific and identifiable Business Identification Numbers (BINs),” Jeans said.
An obvious red flag would be business accounts in sectors that have been forced to close that are still showing revenue — for instance, nail salons and massage parlours. To detect this banks will need to build new filters quickly. The success of this is reliant, of course, on the underlying challenge of having accurate customer data.
To provide useful intelligence, banks may need to enquire as to whether a business has pivoted to other activities, such as distilleries that are now making hand sanitiser. They should also be on the lookout for glib or untenable justifications, though it’s important to recognise that the untenable is possible in this climate, as the previous example shows. Effective suspicious matter reporting has never been harder than it is right now.
Banks also need to screen their low-risk accounts for sudden changes in activity, including for previously “clean” accounts linked to individuals and corporate customers.
Gavin Coles, independent consultant at Kasker Consulting in Melbourne, said organised crime groups may approach existing businesses, which are struggling due to COVID-19, and pay to move funds through their accounts.
“Imagine a cafe that has seen a 90% decline in its business. The owners may have never thought of breaking the law — but then an existing customer offers to bring in cash to run through the business to replace the missing foot trade,” Coles said.
“The cafe owners will get 10%, as long as they send the money to requested locations when asked. That sort of offer will become much more attractive when people are desperate.” — Gavin Coles
Transaction monitoring systems typically would not pick up the change in source of funds until the outward transactions occur.
“Most financial institutions only review these transactions after the fact, especially for previously low-risk businesses. By that time the organised crime group has moved the money offshore,” Coles said.
In the United States the FBI has already warned about an increase in online money muling activity, particularly through clean accounts. Criminals have stepped up their efforts to recruit money mules, taking advantage of the isolation, boredom and financial pressure people are experiencing.
Customers who are depositing large volumes of cash may try to use justifications, such as receiving “emergency loans” to keep their businesses afloat. In some cases criminal groups may offer cash investments in return for equity stakes in legitimate businesses. This was common during the financial crisis, when businesses and even financial institutions were desperate for liquidity.
“Financial institutions are going to need to be far more diligent in knowing their customers. They need to ask more probing questions than they have in the past,” McTaggart said.
Staff vulnerabilities and social engineering
There have been extensive warnings in the media about cyber and fraud risks, as people move to remote working arrangements. In many cases these moves have taken place without a thorough risk assessment and analysis.
One risk that has been largely overlooked, however, is the vulnerability of staff to social engineering attacks. This was a major challenge during the 2008 financial crisis, when many people were financially stressed and more vulnerable to approaches from criminal groups.
AML experts expect the same vulnerabilities to be exposed this time around. In the COVID crisis, however, the risks are elevated due to the combination of financial pressure and extensive “working from home” arrangements. This makes staff behaviour far more difficult to monitor.
“In these times, where staff are subject to less oversight, there may be increased risks of coercion. With possible financial pressures from family members losing jobs or having their pay reduced, staff have potentially never been more vulnerable to coercion or corruption. Criminals are very quick and adept at seeking to exploit these vulnerabilities,” Jeans said.
Some AML practitioners, meanwhile, are taking the view that the COVID-19 crisis may prove to be a blessing in disguise as it forces compliance teams to re-think fundamental aspects of their control framework.
“Financial institutions are going to need to know their customers far better than they have before. They’re going to have to ask more questions and record this diligently. At some point regulators will return to ‘business as usual’ and then the questions are going to be asked about the new paradigm,” McTaggart said.