COVID-19 has resulted in varying levels of business interruption for seemingly every company around the globe. Measuring the long-term business impacts of the pandemic will be difficult until the situation fades, but history often demonstrates that during crises criminals are opportunistic and will attempt to leverage vulnerable systems and controls.

What has not changed is that accurately identifying financial crime risks is the first step in preventing, detecting and reporting fraud, money laundering, sanctions avoidance, and corruption. When operating at peak performance, even the very best compliance programs are unlikely to detect all financial crime all the time. Introduce the evolving risk environment brought about by COVID-19, and a program’s ability to identify financial crime could be reduced, or worse, become subject to failure.

For this uncertain (and hopefully truncated) period, A&M has highlighted some key risk analyses that we recommend companies perform across their entire value chains:

• Sourcing
• Supply
• Manufacturing
• Distribution
• Sales, Finance and Payments

While evaluating and addressing these risks is certainly difficult in today’s environment, it is important to note the increasingly important role good data can play in decision-making. Remote risk assessments, risk triage and targeting, and leveraging underutilized team members to perform adjusted compliance functions are all viable options to mitigate the risks that data uncovers.

Evolving Risk Considerations

1. Operationally, compliance functions are likely to feel some effects of a decentralized workforce in both effectiveness and data security. Regarding effectiveness, reviewing the top-to-bottom connectivity between your risk assessment, policies and procedures, and what your compliance teams are actually doing everyday may reveal some risk gaps that were previously patched by tribal knowledge or “ghost procedures.” These ghost procedures may be defined as the daily activity and conversations that compliance teams were having in an office environment to achieve their risk-mitigating missions, which may now be more infrequent while employees work remotely.
2. Fraud, bribery and corruption risks often present themselves when people and companies are most vulnerable. Understanding heightened risks in areas impacted by severe economic slowdown may be key to a company’s jurisdictional and customer risk profiles and ensuing controls. As Vincent Walden highlighted in March, part of the U.S. Department of Justice’s renewed focus targets various forms of collusion and related red flags. As opportunistic vendors, criminal organizations, and financially desperate employees seek new sources of income, the threats of product theft and diversion, procurement collusion, bribery, and other financial crimes become more prominent; especially when companies eventually ramp back up to quickly regain sales and revenue.
3. Since the current global business disruption is specifically related to health risks, companies are likely to observe counterfeiting and adulteration risks regarding medical devices and pharmaceuticals, especially in manufacturing areas impacted by COVID-19. Again, manufacturing and supply chains may be most susceptible when demand for drugs, personal protective equipment, and ventilators exceeds supply. In this environment, there is more financial gain to be had through selling fake or inferior human health products.
4. As economically disadvantaged regions experience labor shortages, heightened risks of forced labor or human trafficking become apparent in areas that source and distribute raw materials, opening up upstream companies to future human rights claims and public outcry.
5. Usual methods of trade, transportation, and shipments are increasingly likely to change as certain ports of entry, free trade zones, and shipping hubs experience labor shortages or temporary closures and quarantines. Subsequently, goods moving around the globe are increasingly likely to change routes and exchange methods, which could lead to gaps in controls related to sanctions avoidance, tariff avoidance, diversion of dual-use components and equipment, and trade-based money laundering.
6. Social distancing equals a higher percentage of transactions occurring remotely or online. Risks of payments fraud, social engineering, and account takeover will increase commensurately. Rocco Grillo noted recently and importantly, “With Accounts Payable teams becoming virtual, email will become the primary authorization mechanism for wire transfer requests / vendor payment requests.”

COVID-19 will pass and businesses will resume to full capacity over time. However, failing to understand and mitigate new financial crime risks now may delay reaching long-term operational and financial capacity for retailers, manufacturers and financial institutions. It may also be unlikely that compliance failures which occur over the new few months are addressed with compassion by the public, regulators, or law enforcement down the road. Expectations are clear, and relying on the circumstances of a pandemic as a risk mitigation strategy may result in severe operational, reputational and financial impacts.