Fraud and cybercrime are on the rise as organised crime schemes are forced to diversify in the changing face of the pandemic, sprouting required change to financial crime control
It’s no revelation that the impact of COVID-19 (and now Omicron) and the responses to it have changed the economic environment and the lives of people the world over. In financial services, how people engage in transactions has significantly altered sparking an escalating risk for financial crime.
Scientist Dr Carl Sagan famously said, “You have to know the past to understand the present”. This is especially true in technology today and the increased threat of exploitation during a pandemic. This article reviews the context and risks created by COVID-19 and Omicron and the worldwide response to it.
It then looks back to the methodology used in one of the largest organised financial crime schemes ever prosecuted and what takeaways from that experience may be applied currently and post-pandemic.
The pandemic and its effect on financial crime
The Financial Action Task Force (FATF) acknowledged the unprecedented financial crime challenges because of the pandemic and in May 2020, published a guide highlighting Covid-19-related risks and policy responses to money laundering and terrorist financing.
With global trade in decline and individual travel at a near standstill, conventional transactional organised crime schemes, which usually take advantage of global supply chains, are being forced to diversify further into fraud and cybercrime in response to this economic change.
Interrogation of data remitted has always presented challenges to regulators, but COVID-19 has prompted regulators all over the world to expedite system updates to enable them to analyse data sets more effectively and facilitate more targeted and meaningful financial crime risk management.
In Australia, The Australian Transaction Reports and Analysis Centre (AUSTRAC) has been adjusting to COVID-19 by providing more specific guidance to reporting entities. Temporary alternative processes to verify customer identity have been facilitated on its website and via amendment of its Anti-Money Laundering and Countering Financing of Terrorism (AML/CTF) Rules. Reporting entities must apply the risk-based systems and controls into their AML/CTF program.
The following is an analysis of some of the information tendered in the prosecution of certain persons arising from Strike Force Apia (Apia), the largest NSW Strike Force in relation to mortgage fraud based on the misuse of persons’ identification and/or falsification of financial information (including accounts and tax returns).
Court documents reveal that the following modus operandi was utilised:
- The offenders would obtain copies of identification documents and other identification information from persons with good credit histories (“agents”) (whether these agents were complicit to any extent in the scheme was not settled).
- Certain documents relating to the agents, including income tax returns, were falsified to show a higher taxable income. This was typically done with PDF editing applications.
- The principal offenders applied for finance, on behalf of the agents, via brokers (to avoid any face-to-face contact between the applicant and persons employed by the finance company).
- The offenders caused the money or property obtained pursuant to the finance to be made available to them. This involved the offenders using the property obtained or dissipating the moneys.
- When the agents defaulted in respect of the facilities, the persons whose identities were used by the offenders (not being in possession of the relevant money or other property) would deny any knowledge of the fraud.
Many of the frauds involved companies and in this case, the offenders would record the names of agents as directors and shareholders who in fact had nothing to do with the scheme (or at least were only complicit to the extent of providing their personal information).
The deployment of agents in the scheme here appears to have been an essential component of the scheme and may have delayed its detection. Importantly, the agents helped the scheme withstand desktop checking or investigations. Moreover, in this case, the confidentiality of taxpayer information was used to the offenders’ advantage.
The first and most obvious take away from any increased online financial interaction is that the AML/CTF program must be reviewed to facilitate:
- first, the permitted alternative processes to verify customer identity (in accordance with the “temporary” AML/CTF Rules); but
- moreover, address the new risks that these alternative processes may create both generally and in relation to particular contexts.
The second take away is more specific to the analysis of Apia. Reporting entities must:
- not only review the AML/CTF program to confirm the customer’s identity but also that the customer applying is in fact making the application;
- finally, review the AML/CTF program to minimise reliance on good faith in relation to financial product applications and other dealings. In other words, in Apia, taxpayer privacy and good faith dealings potentially created a blind spot in relation to customers’ financial positions. In this example, alternative verification ought to be required (ie. analysis of financial statements, contact with accountants and analysis of account statements).
There is no doubt that the responses to COVID-19 and Omicron have created additional financial crime risk. AML/CTF programs need to be adjusted during and post-pandemic, however, financial institutions are not flying entirely blind and can use past cases – like Apia – as a means to inform the design of future processes.