Opinion article by Burcin Atakan, Partner, and Ioana Ungureanu, Manager, Financial Advisory, Deloitte Romania
As the new coronavirus continues to spread across the globe, top-down measures are imposed to slow down its effects and minimize potential damages. Countries across the globe are taking diversified approaches to fight against the virus spread. When these measures are combined with the long awaited recession, being hit by a financial crisis in the virus era is inevitable.
While economies decline and employment rates drop drastically, cases of fraud are known to rise during recessions. Serving in the domain of forensic and compliance for more than two decades, we have witnessed four major crisis. After each one, we observed the increasing fraud phenomena and were able to see the damages suffered by companies, institutions and states. For this particular economic turmoil, expectations are not so different. A survey conducted byDeloitte showed that over 60% of companies expected an increase in fraud related to the global financial crisis experienced in 2008.
Even though during the last decade we have intensively discussed about AML (Anti-Money Laundering) and KYC (Know Your Customer) compliance, the profession itself is still relatively new. Probably most of the professionals working in this field today do not have any real recession or economical slow down experience while working in compliance departments. The experience and the internal literatures of the organizations concerning money laundering are generally limited to covering the periods of economic boom.
The latest case of fraud, marked by a criminal action opened by the NBR at DIICOT in February 2020, is a product of social engineering and data theft. If 3-4 years ago this type of fraud was the responsibility of the prosecutors of the Romanian state, who tried to identify only the persons involved in the fraud, now, banks are also being held accountable. This is why, currently, the NBR is putting pressure on the financial institutions in the country and rightfully asking Romanian banks to carefully and thoroughly apply KYC measures. This is a milestone in AML and KYC compliance for the banking sector.
How does fraud usually happen? By means of social media, hackers or information manipulators obtain critical information about the companies. They simply learn the name and the email address of the local staff working in the finance department. Using the conclusions of the obedience test conducted in the 1960s by Milgram, perpetrators reach out to these people and firmly instruct them to transfer a sizeable amount of money to a third party. The instruction also imposes a threat to the employee as well. The employee urgently makes the payment. Only hours or days (and in some cases, even weeks) later, s/he notices that it was an illegitimate order and the amount of money was defrauded by a con artist.
In the meantime, at the bank’s end, a person or a company opens an account. To keep the account under the radar, some transactions are performed for some time and the account’s activity seems to be normal but, in fact, it is waiting for the sizeable amount to reach it. When this happens, with the means of the above defraud, the money is directly transferred to another account in a third bank outside of the EU. Due to well known reasons (lack of international agreements on financial crime, data privacy, banking secrecy and a lack of cooperation between banks) unfortunately, this last transfer is generally enough to lose track of the funds transferred. Essentially, the money perishes in the dark alleys of the crime. This is a typical monetary fraud.
What is the connection with compliance? Why did the NBR consider to show its index fingers to the banks? The answer is hidden in the AML legislation, namely Law 129/2019. KYC is no longer a tacit reporting area for the banks, but a key responsibility that can safeguard financial institutions from fraudulent activities. Therefore, the blame is no longer only with the fraudsters, the crime networks or international organized crime groups, but also with the banks.
We know that even the midsize banks have hundreds of thousands of clients in Romania. Everyday, thousands of accounts are opened and millions of transactions are performed mostly online or via ATMs. It is therefore a great challenge for the banks to identify the suspicious transactions performed through the accounts used by the criminal groups.
During the COVID-19 days and afterwards, increasing fraud cases are likely to occur. Are Romanian banks ready to handle massive fraud attempts and stay compliant with the new AML and counterterrorism laws?