The coronavirus crisis and general chaos of 2020 has created the perfect conditions for criminals to thrive. Opportunities are rife, and compliance teams are occupied in assessing a range of suspicious activities. LexisNexis Risk Solutions’ Michael Harris discusses how risks are higher than ever.
The COVID-19 pandemic has brought unprecedented challenges for businesses across every sector – from keeping employees and customers safe to ensuring continued access to capital and adapting to the new digital way of working. Yet there is one group who has benefitted from the crisis and chaos of the last few months: criminals.
For criminals, the pandemic has created the perfect conditions to target weaknesses in businesses’ procedures. Smaller firms, who may have moved resources away from compliance to battle more immediate issues during the pandemic, are particularly at risk from fraudsters.
As more and more businesses move their operations online, there has never been a more important time for firms to invest in robust, data-led solutions that protect organizations from these ever-growing threats.
The Rise of Digital Crime
With organizations, governments and people grappling with the widespread disarray caused by COVID-19, criminals have been quick to take advantage of changing behavior patterns and people’s increased anxieties and sense of emergency. Within hours of lockdowns being imposed across Europe, one criminal posted on the dark web: “How can I make a profit from COVID-19?”
Tony Sales, once dubbed “Britain’s Biggest Fraudster” by the Sun newspaper and now, Director of Strategy at We Fight Fraud, has warned that the opportunities for criminals are vast, stating, “fraudsters will be looking for weaknesses to exploit, and when they find them, they will share them across their criminal networks at the speed of light. There’s many an entrepreneur in the criminal world, and they all want to see each other succeed.”
The implementation of social distancing measures and the growth of remote working have accelerated the use of online services and digital communication, and there has been a corresponding rise in digital criminal activity. By early May, over 500 coronavirus-related scams and over 2,000 criminal phishing attempts had been reported to U.K. fraud authorities, with total losses estimated at £1.6 million.
One relatively new scam that has been increasing in prevalence is so-called “vishing” attacks, where social engineering is used to replicate a person’s voice and ultimately results in the victim conceding personal information such as bank account details. Other ways criminals have been using the crisis to take advantage of vulnerabilities include the exploitation of coronavirus relief schemes, money-laundering, online shopping fraud, ransomware attacks against health service providers and the sale of counterfeit personal protective equipment (PPE).
The effects of these criminal activities can be far-reaching. Lord Mervyn King, ex-governor of the Bank of England, has expressed serious concern around the devastating potential impact of cybercrime on the U.K. economy, calling it “one of the biggest threats we face.” Cyberattacks not only cause immense disruption and cost to the organizations targeted, but could also have a catastrophic effect on critical infrastructure, such as health services or power supply, potentially resulting in significant economic damage and loss of life.
Risks for Businesses
The risks businesses face from the rise in digital crime should not be underestimated. In just the last 12 months, according to our “Future Financial Crime Risks” report, financial institutions reported seeing several types of attack including: money mules (37 percent), criminal use of third parties (37 percent) and trade-based money laundering (31 percent). Now, in an attempt to tackle to the seemingly more pressing challenges presented by the pandemic, some smaller businesses have shifted their resources away from compliance, weakening their systems and procedures even further. For some businesses, this shift may have been a conscious decision; for others, it may simply be a side effect of having reduced staff numbers.
Meanwhile, there has never been a more difficult time for compliance officers to keep one step ahead of the fraudsters. The pandemic has created new criminal opportunities, and cyberattacks are becoming more sophisticated. Compliance teams are having to re-evaluate what suspicious activity really is and employ online verification and authentication tools that they were not previously familiar with. All of this means the risk is higher than ever for businesses.
Even firms who are spending vast sums of money on compliance should not rest on their laurels. On average, firms are spending 3 percent of their annual revenues on financial crime compliance, meaning average annual costs for mid to large U.K. firms is a huge £45.1 million. This may, however, instill a false sense of confidence in some businesses that they are effectively dealing with threats. Firms must also ensure they have the necessary understanding to actually tackle the risks they are facing.
With many businesses being forced into undertaking digital transformations and others reorganizing themselves to cope with the economic pressures they are under, there is a real opportunity for firms to improve all their business processes. A key part of this should be adopting robust, data-led solutions to ensure fraud, identity and compliance procedures are up to scratch. Criminals have fully embraced the digital world, and compliance officers must follow suit. In an increasingly digital world, data is king.
Data-led solutions can, for example, use global databases to carry out robust identity checks to ensure individuals know who they are dealing with and provide enhanced due diligence (EDD) checks on businesses to understand any adverse media associations, thereby providing confidence that the transaction is not fraudulent. Artificial intelligence allows data to be processed more effectively, and it can be used to fulfil KYC regulations, again allowing individuals or businesses to understand who they are dealing with and to spot suspicious activity.
Alongside data, businesses need to ensure they understand what the risks really are. Compliance officers – and all those involved in the fight against financial crime and money laundering – must educate themselves in the evolving risks and be extra vigilant in the face of heightened risks.
The latest government statistics indicate that at least $100 billion is still being laundered annually through the U.K., with only around 1 percent being detected, and the pandemic has brought even more challenges for businesses across every sector. However, it has also created an opportunity for firms to take a step back, undertake a thorough review of their processes and future-proof themselves for the ever-sophisticated digital world. By using robust technology solutions, firms can not only protect themselves against cybercriminals, but also generate widespread improvements in the efficiency and effectiveness of their operations.