Coronavirus should not be a pretext for lowering AML defences

John Dobson, chief executive, SmartSearch, declares that the coronavirus pandemic should not be justification for lowering AML defences

The spread of the novel coronavirus COVID-19 is taking a terrible toll on people’s health, first and foremost, but also on the economy. Much of this is unavoidable: the restrictions on movement now in place across not just the UK but large parts of the world, are a necessary measure to combat the spread of the disease.

There is a real risk, however, that in adjusting to the strange new world in which we all find ourselves, we end up throwing the baby out with the bath-water.

Money laundering regulation and COVID-19

Earlier this week, the FCA sent out a ‘Dear CEO’ letter to firms, in which it set out its approach to money laundering regulation during the lockdown. While no doubt well-motivated, the letter in effect signals open season for criminals to target UK financial institutions and other firms in sectors covered by the money laundering regulations (MLRs).

Paper documents

More than half of firms on those sectors continue to rely on documents provided by clients for the purposes of Know Your Customer (KYC) and anti-money laundering (AML) compliance. This is in spite of the clear evidence that this approach is wide open to fraud, with money launderers increasingly adept at producing forged or falsified papers that are capable of hoodwinking all but the most expert fraud detectors.

According to the FCA’s letter, the regulator now proposes to give the green light to firms to rely not even on original documents but on scanned PDFs. Frankly, this beggars belief. Professional money launderers will be firmly on the lookout for any sign that defences are being dropped in response to the coronavirus threat. The FCA is giving them exactly what they want.

Where I agree with the FCA is that restrictions on movement make it exceedingly difficult to carry on business while relying on document-based checks. I would go further – I believe it is impossible to do so.

Personal data

Clients are unable to present documents in person, and with staff working remotely there is no secure address to which to send documents containing sensitive personal data. Often, remote working locations will not have the facilities to process and store those documents appropriately. Moreover, there is a small but not insignificant risk that the documents themselves may carry contamination if they come from an infected source. Do financial institutions and others really want to take the risk that their employees will be stricken with the virus as a direct result of doing their jobs?

Digital solutions

But this is no reason to water down the defences against money laundering, where there has been so much progress in recent years. Digital solutions are now widely available that use secure credit reporting data to provide completely reliable ID verification, and can also perform full due diligence, including global sanctions and politically exposed persons (PEP) screening, in a matter of seconds. Firms can be up and running on one of these platforms in less than 48 hours so there is no need for significant business interruption.

Instead of well-intentioned attempts to provide ‘flexibility’ during the crisis, regulators should instead be looking at how they can ensure that AML processes are robust and resilient in the face of this and any future threats.

The workarounds proposed by the FCA may make life easier for firms, but they make it plain sailing for criminals.  The FCA should be insisting that firms have a business continuity plan that enables them to stay fully compliant with MLRs. Scanned PDFs should play no part in that. Only a fully digital solution can meet this need.