By Andrea Moundi Savvides, Head of Compliance, MLRO (Cyprus), at Harneys.

Introduction

COVID-19 has changed the world in a lot more ways than one could imagine. An increase in the level of crime and changes in the type of criminal activity is just one of the many consequences of COVID-19 on global businesses. According to “COVID-19 related Money Laundering and Terrorist Financing, Risk and Policy Responses” (FATF COVID-19 paper), new Money Laundering (ML) and Terrorist Financing (TF) threats and vulnerabilities from the outbreak of COVID-19 related crimes have been created.

Cyprus

Before the outbreak, the first National Risk Assessment (NRA) with regards to Cyprus was completed. Following that, it was evident that Cyprus is a strong international financial centre with a significant and advanced professional services sector.[1] The NRA acknowledges that the ML threat in Cyprus has increased due to international engagement. According to the NRA, the banking sector is the most fragile to an ML threat followed by TCSPs[2] or lawyers or accountants offering company and trust services.[3] The Cypriot NRA[4] identified that TSCPs have a “medium-high” risk for ML/TF. The relative ease by which companies are set up may cause, the otherwise lawful activities they provide,[5] to be used for criminal purposes. For instance, in Cyprus companies can be formed in less than two weeks and the actual cost does not exceed €700-800. If pre-approved names have been obtained, the service provider might be able to set up a company in just a few days. Cypriot companies have, in the past, been involved in recent laundromat instances,[6] a fact which both justifies (i) the level of risk allocated to this sector and (ii) the risk that COVID-19 may pose if proper due diligence procedures cannot be followed.

In 2020, Moneyval, the Council of Europe’s expert committee on the evaluation of Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) measures, published a report summarising their findings on the Cyprus AML/CFT measures in place following the on-site visit which took place between 13-14 May 2019 for the period 2013-2018.

COVID-19 related crimes

Increased fraud is one of the consequences of the pandemic. In April, the FATF president stated that: “criminals are taking advantage of the COVID-19 pandemic to carry out financial fraud and exploitation scams, including advertising and trafficking in counterfeit medicines, offering fraudulent investment opportunities and engaging in phishing schemes that prey on virus-related fears. Malicious or fraudulent cybercrimes, fundraising for fake charities, and various medical scams targeting innocent victims are likely to increase”.[7]

The European Commission has issued statements attempting to enlighten the public and prevent them from becoming victims of fraudsters.[8] Interpol[9] has also encouraged the public to exercise caution in general, including when buying medical supplies (including the immediate need to obtain face masks and antiseptic sprays) from “online providers” as there have been reports that the promised goods may never be delivered despite the payment having been made. Similar warnings have been issued by Europol[10] as well as the local police in Cyprus.[11] COVID-19 related crimes include fraud, cybercrime, misdirection or exploitation of government funds or international financial assistance.

With many places physically shutting down, working from home has become the new norm. This increases the use of online platforms for socialising, as well as purchasing goods and services which means that increased efforts need to be made both on a national level (for instance by regulators) and on a business level to ensure that adequate safeguards are appropriately used to guard against the further exploitation of the opportunities presented to criminals. Increased misuse of online financial services and virtual assets to move and conceal illicit funds is also on the rise.

The FATF COVID-19 paper highlights the increase in fundraising scams. As a jurisdiction, Cyprus should ensure that proper oversight is in order to ensure that criminals are not posing as charities by circulating emails and requesting donations for COVID-19 related fundraising campaigns. During the Moneyval inspection, Cyprus was rated as “partially compliant” in relation to Recommendation 8 of the FATF Recommendations[12] pertaining to the standards required of non-profit organisations.

According to the Moneyval inspection, Cyprus is hugely exposed to receiving proceeds from criminal activities abroad due to its activity as a financial centre. Hence, one of the challenges that trust and company service providers based in Cyprus need to overcome as a result of COVID-19 is the collection and verification of client due diligence and the execution of documents. Arguably, the various financial crime compliance programmes are commensurate to the various risks that countries and businesses face on a daily basis, as a result of inter alia, the globalisation of crime.

Becoming commercial and pragmatic is perhaps the best way for businesses to manage the risks that have arisen because of COVID-19. For instance, when dealing with the need to comply with client due diligence and onboarding requirements, it is important for compliance officers to apply the Risk-Based Approach (RBA) to its full extent whilst acting with caution. For instance, the requirement to obtain identification documents in hard copy certified form is undoubtedly difficult, if not impossible, depending on the level of lockdown in each country. On the other hand, obtaining documents in certified format is not only a regulatory requirement in certain jurisdictions it is also a way of ensuring that the risk of impersonation is significantly minimised.

The COVID-19 pandemic has yet again highlighted the importance of shifting from traditional methods of identifying and verifying the identity of clients and using reliable digital ID verification methods. The further use of electronic platforms should also be encouraged to the extent that appropriate safeguards are in place. In scenarios where regulated institutions identify instances of lower risk, then the FATF Standards provide for simplified measures to be applied. More generally, supervisors are encouraging the full use of electronic and digital channels to continue payment services whilst maintaining social distancing.

Encouraging responses

According to the FAFT, the swift and effective implementation of measures will act as a shield against the rising risks. Such responses could include better domestic coordination and the strengthening of communication between governments and the private sector.

In Cyprus, the various regulators have issued guidance or policy papers as a response to COVID-19. For instance, the Cyprus Securities and Exchange Commission (CySEC) has issued several circulars and guidance notes informing regulated entities of the impact that COVID-19 might have on their operations. CySEC encourages regulated entities to consider their business continuity procedures and systems, proportionate to the size and complexity of a regulated entity’s activities.[13] WFH requires a company’s systems to be just as robust and operational as on-premises. From a compliance with applicable AML/CFT procedure perspective, means providing the compliance team with unhindered access to the client files whilst at the same time ensuring that the use of those files remotely is not susceptible to external threats. It is also important to ensure communication channels between employees remain intact so criminals do not take advantage of a “broken phone” to facilitate their illegal aspirations.

Another example of the intervention by regulators in Cyprus includes the response that the Institute of Certified Public Accountants of Cyprus (ICPAC) has issued. This includes guidance as to what should be perceived as a red flag by its supervised entities during the pandemic. ICPAC urged its members to remain alert to any changes in the known business activities of their clients, or change in the behaviour of their clients, as well as new clients. With regards to the completion of client due diligence procedures, ICPAC has provided its members with general guidance notes to complete the CDD requirements such as using reliable online sources.[14] Supervisors have also responded by extending submission deadlines to the various annual reports, which are due during the first quarter of each year.

In general, less supervision and less direct contact between supervised entities and regulatory authorities is also a risk which has arisen due to the COVID-19 pandemic. Onsite inspections have been postponed or substituted and most national and international policy departments have activated business continuity plans with most staff working from home. This development signifies yet again the importance of ensuring that robust IT infrastructure is in place to support workers, working from home and to ensure that all parties involved fulfil their obligations to the best extent possible.

It is also important to ensure that regulated entities have a central point of contact to reach out to in difficult times. Due to limited resources, it is also vital for regulators to focus their resources in the area where the risk is greater – this means that regulators may need to revisit their risk assessment on the various regulated entities in due time to ascertain whether the risk of each entity has changed.

Encouraging and enabling the use of technology to the fullest extent is also highlighted in the FATF COVID-19; it is advisable that regulators should issue guidance which would further assist companies to meet regulatory requirements in a digitalised and socially distant era. Areas where the regulator may intervene, is in instances where certified true copies and the maintenance of hard copy files are a legal requirement and CDD completion, as mentioned above. Further, within the EU it is a legal requirement to train employees to be able to identify and manage ML/TF risks in discharging their day-to-day duties. With face-to-face meetings becoming a privilege and any “mass” gatherings prohibited, businesses need to turn to e-learning, webinars and virtual workshops and other forms of distance learning. Digital payment solutions are also vital in helping social distancing rules be adhered to.

It is important to balance out the commercial needs of all types of regulated businesses with possible risks. To remain alive, companies need to be agile and take a proactive approach to address the various issues in order to come out of the crisis best.

Economic relief measures and monetary assistance to individuals and businesses is yet another area where regulated entities may need guidance on in order to detect suspicious financial transactions, particularly in the context of cross border flows from countries that are receiving emergency COVID-19 related funding from international organisations and other donors. The FATF COVID-19 paper includes a reference to the fact that measures may be implemented to prevent the misuse of economic relief packages for ML/TF purposes and manage risks including the risk of corruption.[15] Regulated institutions should remain vigilant and ensure that AML/CFT procedures are applied correctly in such instances to avoid misuse of such economic relief, irrespective of whether it has been obtained locally or abroad.

Lastly, in the FATF COVID-19 Paper it is stated that agencies are considering pooling available resources, including repurposing assets confiscated or forfeited from criminals to assist in COVID-19 responses (eg using confiscated properties as temporary/emergency hospital facilities). The Moneyval inspection on Cyprus notes that the local competent authorities have not been proactive at freezing and confiscating foreign criminal proceeds, although they have been instrumental in assisting other countries. Unless the outbreak lasts for years, it is not likely that Cyprus will be in a position to utilize such confiscated assets for covering existing needs. According to Europol, only 1 per cent of criminal proceeds are confiscated in the EU.[16] Nevertheless, this could be an area of development both locally as well as on an EU level.

[1] Cyprus National Assessment of Money Laundering and Terrorist Financing Risks, (2018), p.9.

[2] Trust and Company Service Providers.

[3] Cyprus National Assessment of Money Laundering and Terrorist Financing Risks, (2018), p.10,11.

[4] Cyprus National Assessment of Money Laundering and Terrorist Financing Risks, (2018).

[5] Transparency International UK, ‘Hiding in plain sight – how UK companies are used to launder corporate wealth’ UK, (November 2017).

[6] Council of Europe, ‘Committee on Legal Affairs and Human Rights Laundromats: responding to new challenges in the international fight against organised crime, corruption and money-laundering Report’, Rapporteur: Mr Mart van de VEN, Netherlands, Alliance of Liberals and Democrats for Europe (March 2019). Accessed October 20, 2019. http://website-pace.net/documents/19838/5636250/20190304-MoneyLaundering-EN.pdf/c69d9ea9-e583-4fd2-9cb2-65ed360a4b3e

[7] FATF, ‘COVID-19-related Money Laundering and Terrorist Financing Risks and Policy Responses’, May 2020 https://www.fatf-gafi.org/media/fatf/documents/COVID-19-AML-CFT.pdf

[8] https://ec.europa.eu/cyprus/news/20200324_2_en

[9] https://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-warns-of-financial-fraud-linked-to-COVID-19,  https://www.interpol.int/en/Crimes/Financial-crime/Financial-crime-don-t-become-a-victim, https://www.interpol.int/en/News-and-Events/News/2020/Unmasked-International-COVID-19-fraud-exposed

[10] https://www.europol.europa.eu/covid-19/covid-19-shopping-scams

[11] https://cyberalert.cy/anakoinwseis/pws-egklimaties-epwfelountai-apo-tin-pandimia-covid-19/ , https://cyberalert.cy/anakoinwseis/covid-19-pseudeis-eidiseis/

[12] FATF, ‘International Standards on Combatting Money Laundering and the Financing of terrorist & proliferation’ The FATF Recommendations, Updated June 2019 https://www.fatf-gafi.org/media/fatf/documents/recommendations/pdfs/FATF%20Recommendations%202012.pdf

[13] https://www.cysec.gov.cy/CMSPages/GetFile.aspx?guid=40287f92-008d-474b-9510-1415ed686547

[14]https://www.icpac.org.cy/zePortal/WebFiles/SELK/WebDocuments/Members/General%20Circulars/2020/07%202020/GC_7.20%20%CE%A3%CF%85%CE%BC%CE%BC%CF%8C%CF%81%CF%86%CF%89%CF%83%CE%B7%20%CF%83%CE%B5%20%CF%80%CE%B5%CF%81%CE%AF%CE%BF%CE%B4%CE%BF%20%CF%80%CE%B1%CE%BD%CE%B4%CE%B7%CE%BC%CE%AF%CE%B1%CF%82.pdf

[15] According to the Moneyval inspection, the GRECO evaluation report on Cyprus, Fourth evaluation round – Corruption prevention in respect of members of parliament, judges and prosecutors) adopted in June 2016, it is stated that that “…It would appear that general awareness about corruption in Cyprus has increased over the years but although Transparency International’s Corruption Perception Index has ranked Cyprus among countries less affected by corruption (32 out of 168), other surveys indicate that corruption is perceived to be widespread in the country;…”.

[16] https://ec.europa.eu/commission/presscorner/detail/en/mex_20_987