The financial crime landscape has evolved significantly in recent years through, for example, the implementation of the 4^th and 5^th EU Anti-Money Laundering Directives; diversification of scope of financial crime to include linked disciplines like tax evasion and market abuse; and rapid developments of new technology. Further regulatory changes are also on the horizon, including the implementation of the 6^th EU Anti-Money Laundering Directives in December 2020 and EU legislation for virtual currencies expected in the first quarter of 2021.

Firms therefore need to be aware and agile to enable them to survive and thrive in this shifting regulatory environment, coupled with reacting to the challenges posed by the Covid-19 pandemic. In our experience, this turbulent environment has given rise to a range of issues and themes including:

• How to translate regulatory obligations into an effective control environment
• Some backlogs in conducting Know Your Customer (KYC) checks, driven by the need to uplift to new regulatory standards
• Challenges in the application of a risk-based approach proportionate to the size and scale of the firm and its unique business activities
• Adapting processes and controls to react to the current crisis whilst maintaining regulatory compliance

Furthermore, as global regulators continue to place a strong emphasis on financial crime compliance, even amidst the COVID-19 pandemic, organisations could benefit from proactively evaluating their financial crime compliance framework and considering gaining independent assurance to enhance areas such as:

Regulatory change

• Has a gap analysis been conducted to identify new and incoming regulatory requirements?
• What planning has been done for the short, medium and long term evolution of anti-financial crime processes and controls?
• How are existing and uplifted process and controls independently assessed to gain assurance over their design and operation?

KYC

• Have uplifts been planned and/or implemented to meet existing and incoming regulatory requirements whilst simultaneously facilitating workarounds driven by the Covid-19 pandemic?
• Are staff clear on their roles and responsibilities to operationalise these processes and controls?
• Has training been provided to equip permanent and temporary staff with the skills needed to apply a risk-based approach to KYC in the current climate?

Transaction monitoring and Suspicious Activity Reporting

• To what extent have you seen any new financial crime / money laundering threats in light of Covid-19?
• What actions have been taken / are being taken in response to these?
• Are staff aware of new typologies emanating from the pandemic, and how these may affect the identification, escalation and external reporting of potentially suspicious activity?

Technology

• To what extent has the business been exposed to increased external cyber threats (e.g. cyber / ransomware / phishing attacks)?
• If so, what action has been taken in response to address / mitigate these threats?
• How is the business adapting to ongoing changes made to sanctions regimes, such as those brought about by the Trump Administration and through the UK’s withdrawal from the EU?

Businesses should therefore consider the ongoing effectiveness of their financial crime process and control framework, and whether proactive or reactive reviews of these could be beneficial given the evolving regulatory environment. These can help to develop a more comprehensive understanding of higher risk exposures and identify control framework gaps which could result in exploitation by criminals. Organisations can use these reviews to gain valuable insight into the root causes of any gaps identified and prioritise control framework enhancement activity to address these.