How well do you understand financial crime in your business?
Recognising the scale of financial crime is your first step in fighting it. The next step is to understand how your business is affected. All businesses are vulnerable to financial crime, regardless of their size, geography or industry. For organisations without a formal team managing financial crime, the following checklist is a good place to start assessing your risk.
You need to start by understanding where the main risks to your business lie. Key factors that will affect your risks include:
Industry
There are different ways of assessing industry risk.
According to OECD, high-risk industries for foreign bribery include extraction, construction, transportation/storage and information/communications.
Size of business
Usually, the larger the business, the greater the risk. This is because money is entering and leaving the business in greater volumes and through more channels.
However, smaller organisations are not immune to risk as they may have fewer resources to detect financial crime.
Jurisdictions in which the business operates
There are a few different ways of assessing which jurisdictions should be considered high risk.
The Financial Action Task Force produce a list of high-risk and other monitored jurisdictions.
The Basel AML Index 2020 ranks countries by risk for money laundering and terrorist financing.
Complexity of supply chain
The supply chain is a major source of financial crime risk. The more complex the supply chain, the greater the risk.
Consider how well you know your suppliers: do you know where goods are manufactured? Are they in any high-risk jurisdictions? How are they transported? Who are your supplier’s suppliers?
Larger organisations tend to have more complex supply chains, with each supplier having their own suppliers and so on. The more complex the supply chain, the greater the risk of financial crime.
The next step is to ask whether you understand the latest fraud risks and financial crime exposure. Consider where fraud has been detected previously in your organisation. If there has never been fraud detected in the organisation, this may be a sign that fraud monitoring is lacking. Do not assume that it means your organisation is safe.
Where fraud and financial crime has been detected, consider what lessons have been learned, what has changed since it happened and whether the same thing could happen again.
There will be some people in your organisation who will have key skills in detecting and fighting financial crime. Larger organisations are likely to have specific compliance specialists, whilst in smaller organisations it may be that finance specialists do this alongside their day job.
Some professionals have specific skills which may be of particular use. In the UK, for example, accountants with fee-paying clients must be supervised by their professional body or HMRC, which requires that they declare activities and keep up to date with legislation and guidance relating to anti-money laundering guidelines. It is key not to underestimate the inherent knowledge that your team has built up from working in an organisation for a long time. Someone who has worked on organisational accounts for a decade may be able to spot an unusual transaction more effectively than a fraud expert or a piece of software. This learned expertise is often forgotten, and risks can be created by making someone redundant without recognising their thorough knowledge of the way business is done in an organisation.
A risk assessment is an assessment made at a point in time, but risk is not static - it is constantly evolving as new suppliers are onboarded, new clients acquired and employees come and go. As technology advances, financial criminals have access to increasingly sophisticated software, new criminal organisations enter the market and new pressures force increasing innovation.
Risk assessments should be revisited and revised – both on a regular schedule and whenever an event, internal or external, causes a material change in the risk profile. If you see any changes, they should be documented and communicated to senior management.
All countries will have slightly different regulations around financial crime. It is key that you understand which jurisdictions you operate in and where you have a duty to comply with regulations. There may be associated reporting requirements. For instance, the UK Modern Slavery Act requires businesses operating in the UK that meet certain criteria to publish an annual statement on modern slavery.
In addition to nationally imposed regulations, watch out for supranational acts. For instance, the European Union for has the 5th Money Laundering Directive which is transposed into law in each member country and aims to prevent money laundering and terrorist financing across the European Union. Regulations change frequently — so horizon scanning for upcoming changes to regulation should be a key part of a financial crime mitigation plan.
The COVID-19 pandemic has undoubtedly changed the financial crime risk landscape. It has changed the way we are working. Employees are working from home around the world – does this mean that controls are less effective? For example, are documents which would previously have been evaluated in person now being verified online? Does this create a new risk? Are existing IT systems secure and able to cope with increased use?
Organisations are looking to make financial savings as pressures mount. Are compliance budgets being cut?
Are you losing key employees to redundancy, or have compliance staff temporarily stopped working? Criminals are also affected by the virus. Some forms of financial crime involve physical cash being moved around the world, so restrictions on international movement may mean that criminals are looking for new ways to get money where they want it to go. There have been numerous attempted attacks on remote working software, such as video conferencing applications. Phishing attacks have also been seen worldwide, with criminals mimicking official government communications demanding payment of fines for breaking lockdown regulations or supposedly offering tax breaks. Criminals are trying out increasingly creative schemes for stealing money, and so organisations must ensure they are constantly monitoring risk and updating controls. To find out more about financial crime and COVID-19, read FM Magazine’s Ethics column from October 2020.
