Australia: COVID-19 – Dirty hands, dirtier money

Introduction

The COVID-19 outbreak has had a devastating impact on Australian businesses and workers on an economic, financial and personal level. The risks for businesses will dynamically evolve and change as the crisis continues, both in the current ‘shut down’ environment and as we begin to consider what scaling back of social distancing might look like.

One important risk factor that has not received as much attention to date is the heightened money laundering and financial crime impacts for businesses caused by COVID-19. This is perhaps unsurprising given the primary focus on businesses simply trying to survive, and ensure their employees can continue to earn a wage or receive temporary support, with the benefit of the raft of new Commonwealth and state and territory stimulus and support measures announced to date.

But that does not make the risk any less severe and, indeed, in a post COVID-19 world, it will present significant regulatory and operational challenges for businesses. And even with a degree of latitude shown by AUSTRAC towards entities managing these risks as they continue to try to keep afloat in the next three to six months, if businesses are not actively considering and planning for emerging and more sophisticated money laundering, financial crime, fraud and other advanced illicit criminal activity in this period, they may find the COVID-19 threat is quickly replaced with a new risk to their survival.

In doing so, businesses should consider, and adapt to their own circumstances, recent guidance issued by AUSTRAC on areas such as Customer Due Diligence (CDD), Suspicious Matter Reports (SMRs) and Compliance Reporting. The priority should be ensuring easy access for customers, while effectively combating money laundering and financial crime.

Electronic methods and CDD

Self-isolation and travel restrictions caused by COVID-19 have already had, and will continue to have, a major impact on reporting entities’ CDD processes and procedures. Preparing and adapting a CDD strategy to determine the appropriateness of relying on electronic copies of reliable and independent documentation or disclosure certificates is essential for entities to be able to comply with their stringent obligations under the AML/CTF Act and rules, which are among the most onerous in the world.

Reporting entities need to actively examine whether their existing CDD measures are sufficient to cope with greater reliance on electronic verification in a COVID-19 world. Specifically:

• Reporting entities must adapt to electronic methods when undertaking their CDD processes and procedures. Technological and digital barriers can present challenges for companies and individuals lacking proper access or familiarity.
• The use of video call apps such as FaceTime, Zoom or Skype or ‘taking a selfie’ can be relied on to the extent their use does not undermine the CDD process. But businesses need to carefully consider the risk of fraud and identity theft that these verification processes inherently create.
• Indeed, the increased online presence can attract risks that may affect the accuracy and legitimacy of electronically-based verification methods. The integrity of verification as part of the CDD process is critical and alternative methods should be applied based on a risk based approach.

Monitoring risk and SMRs

Reporting entities are already obliged to assess the risks connected to the delivery of their designated services. But in a world that few could ever have imagined just two months ago, reporting entities now need to prioritise adapting – if not overhauling – their existing risk assessment frameworks.

The reality is that those frameworks are gathering more dust by the day and need to be reviewed and updated by entities on a rolling ‘live’ basis as the scale of COVID-19 continues to proliferate. Entities should also consider redirecting their risk-based systems to monitor and manage transactions or services, which against the backdrop of COVID-19, increase the likelihood of a suspicion arising in the following ways:

• The immediate decline and fluctuations in business and commerce streams can be exploited by criminals and terrorists. COVID-19 has increased the use of and reliance on online platforms and activity. Monitoring and managing the commercial consistency of transactions or services in light of the current market conditions can help manage online and digital exposure to money laundering or terrorism financing.
• Reporting entities need to ensure that their transaction monitoring processes and systems are equipped to identify trends and patterns that suggest suspicious activity.
• Suspicious activity can arise whether it be the failure or difficulty in verifying customer information or in the course of providing a designated service. The increased susceptibility to money laundering and terrorism financing risks during this period requires reporting entities to closely monitor their SMR requirements. When providing a SMR, ensure that legal advice is obtained in advance in order to mitigate legal or regulatory risk exposure.

Compliance reporting

AUSTRAC has informed smaller to medium sized reporting entities that they will not face compliance action by the regulator if they are unable to submit their annual compliance reports by 31 March 2020.

But that does not remove the scale of the money laundering and financial crime threats that COVID-19 has sparked with greater online transactions and insufficient technology and cybersecurity measures to cope with a new way of doing business. If entities are not proactively assessing their compliance, and planning for new risks and reporting frameworks, they simply will not survive in a changed world in the long-term.

At a minimum, reporting entities should consider:

• The outstanding requirements of their compliance reporting (had the report been submitted 31 March 2020).
• Whether there is an inability or difficulty to meet reporting obligations by 30 June 2020.
• Implementing a timeframe for the next three months to assess new COVID-19 compliance related issues affecting their business which continue to change on a weekly – if not daily – basis.
• Obtaining legal and other professional advice and having direct conversations with AUSTRAC.