5 AML Reputational Risk Considerations for 2023

In our State of Financial Crime 2023 survey, more than one in three senior compliance professionals cited reputational risk as the factor most likely to drive change within their organization. This was a 6 percentage point rise from the previous year. Indeed, reputational risk was the only factor to see a year-on-year increase.  

With global executives attributing 63 percent of their company’s market value to its reputation, according to KRC Research, this is perhaps unsurprising. But an awareness of the potential for fraud and money laundering to impact a firm’s reputational risk is one thing – mapping out a proactive strategy to mitigate those risks and identify emerging threats is a different proposition. So what specific anti-money laundering (AML) reputational risk considerations should firms be aware of throughout 2023?

1. Economic volatility  

According to the World Bank Group, growth in advanced economies is projected to slow from 2.5 percent in 2022 to 0.5 percent in 2023. Over the past two decades, economic downturns – most notably the Great Recession from 2007-9 – have foreshadowed a rise in financial crime. Our survey indicates firms expect this to happen again, with 59 percent preparing for an increase in financial crime. Economic volatility and pressure could even drive a broader increase in risk-taking behavior from previously legitimate actors, some of which will cross the line into financial crimes.

The challenge for compliance teams here is twofold. If firms over-adjust their risk management policies, they risk frustrating existing customers and impacting growth, making it hard to onboard new customers. At the same time, if firms don’t adapt, they may face regulatory enforcement action and the negative media coverage that results from this. 

To effectively balance and manage reputational risks associated with economic volatility, firms should be proactive in enhancing their ability to risk-assess customers to reduce the probability that they will inadvertently onboard a criminal. This will also improve compliance teams’ ability to detect unusual behavioral patterns in existing customers. According to our Regulatory Affairs Practice Lead, Iain Armstrong, this could involve more firms adopting unified platforms for initial and perpetual know your customer (KYC), complemented by more effective identity and verification (ID&V) tools. 

2. Ransomware

Ransomware has become the biggest cybersecurity threat facing financial institutions across the globe today. An analysis published by the Financial Crimes Enforcement Network (FinCEN) showed that, compared to 2020, reported ransomware incidents in the second half of 2021 increased by more than 50 percent. 

According to research company Gartner, ransomware will have infected 75 percent of all firms by 2025, with annual damage costs expected to reach $265 billion by 2031. In our survey, firms have selected cyber security as their biggest compliance-related pain point for the last three years, with 53 percent saying so in 2022. This suggests that many firms are aware of the need to ensure their cyber defenses, data hygiene, and training programs are kept under continuous review so they can rapidly adapt to the shifting threats as effectively as possible. 

Familiarity with the latest behaviors, and any specific forms of ransomware targeting their sector, will be critical to protecting a firm’s customers and reputation. Given the intersection of ransomware with crypto, firms should take extra care with their training and risk management practices relating to crypto-ransomware attacks.

2. Environmental crime

International concern about environmental crimes and wildlife trafficking soared in 2022, reflecting the threat posed to food security, political stability, conflict, and forced migration. In our survey, when asked which predicate offenses were most important to their organizations, more than one in four selected environmental crime, making it one of the top selected offenses.

Some of the growth in demand driving environmental and wildlife crimes can be attributed to the easing of pandemic restrictions, which has made activities like poaching easier. These types of crime are seen by criminals as having an attractive risk-reward ratio in that the penalties tend to be lower than many other predicate offenses, while the rewards can be just as high if not higher. Policymakers and regulators globally are taking note. In November 2022, the European Commission adopted a revised EU Action Plan to end the illegal wildlife trade. Its goals include tackling the root causes of wildlife trafficking, strengthening legal frameworks, more effective regulatory enforcement, and improving partnerships.

Coinciding with these factors is a growing public consciousness about the importance of conserving the environment and the desire to work with ethical brands that match their values. Combined, this creates a significant reputational risk for firms on multiple fronts if they are not proactive in 2023. To mitigate this risk, firms should consider enhancing their transaction monitoring scenarios and rules in light of their growing understanding of how environmental crime intersects with other types of financial crime. Developing an  Environmental, Social, and Governance (ESG) program and establishing internal controls for ESG data and reporting will also be essential for firms seeking to minimize the risk of greenwashing claims. 

3. Crowdfunding 

This year our survey asked about using decentralized finance (DeFi) platforms to support extremist political groups for the first time. 87 percent of respondents said they’d seen an increase in the use of these platforms to fund extremism, with 31 percent believing the growth to be “significant.” 

Events such as the 2022 protests across Ottawa and US-Canada border crossings fuelled this growing concern. On February 4th, 2022, GoFundMe closed a campaign supporting the “Freedom Convoy” due to concern it had become an “occupation” and amidst widespread reports of violence. Crowdfunding has also supported Islamic State (IS) operatives in Syria. Reporting indicates family members of young men trapped in Syrian camps have attempted to use the Telegram messenger service to “bring them to safety.” 

Pertinent to crowdfunding platforms, banks, and other financial institutions that support them, the risk factors associated with DeFi platforms should be managed through robust KYC measures, such as enhanced due diligence (EDD). Compliance teams should also ensure they are aware of emerging regulations in the cryptocurrency and crowdfunding space to ensure they have adequate, effective, scalable financial crime control solutions. Failure to keep up with regulations exposes firms to financial crime risks. 

4. Data 

Amidst challenges related to managing customer data, increasing regulatory expectations, and competitive pressure, our survey showed that firms are increasingly focused on data and organizational transformations. 

39 percent of firms said digitally transforming legacy systems was their most significant compliance-related pain point, a two percentage point increase on 2021 and 6 percentage points higher than in 2020. Furthermore, firms also cited “relevancy” as a critical challenge concerning data. Specifically referring to data being stored in the correct categories, 38 percent of firms said this was their organization’s most significant pain point alongside compiling global data. Not only does this represent a seven percentage point increase from 2020, but it also correlates with the growing concerns about legacy systems – as good data hygiene is only feasible when systems can support it.

Considering the high percentage of firms focusing on legacy system updates, firms that have not yet made a similar commitment to transformation risk building up a backlog of alerts that could impede their ability to act quickly in the event of any suspicious activity. This, in turn, could lead to enforcement action by regulators. On a day-to-day basis, firms also risk slowing customer onboarding and impeding the ability of customers to process transactions and manage their accounts effectively.