21st October 2020

Efficient Compliance During a Recession

As a consequence of the COVID-19 pandemic, the global economy is going through one of its most uncertain periods in modern history. After the initial hard impact on global output in the spring, the summer saw a moderate economic recovery in several parts of the world. But with the virus entering second – and third – waves in some countries, anxiety is growing over the potential effects that new restrictions will have on fragile economies. What was seen by some economists as likely to be a deep, sharp but short recession in the first half of 2020, now looks likely to be a prolonged downturn, possibly into 2021. 

The pandemic and its economic consequences have created a particularly challenging environment for compliance professionals, who, even before the start of the recent crisis, were focusing on the unsustainable costs of a range of people-heavy AML/CFT controls. Continuing economic troubles, evolving criminal behaviours and public health controls mean that businesses are now redoubling their efforts to find lighter, more efficient, but still effective ways to meet essential regulatory requirements. With international standard setters and regulators again highlighting the potential value of new technology, businesses are looking at whether now is the time to transform how they comply. 

The Current Crisis

Every recession and recovery have their own unique characters, shaped by the economic and financial factors that lie in the origins of the crisis. In the Global Financial Crisis (GFC) of 2007-08, for example, mass defaults on high-risk mortgages in the US-led to dramatic declines in liquidity in the financial system and bank collapse. Because of the interconnectedness of the global financial system, recovery was long and slow and had further systemic repercussions at points of vulnerability such as the Eurozone. 

What is unusual about the current crisis is that the causes and progress of the economic situation are being driven not by failures within the economy, but health and social pressures from without. Governments have been driven by a sense of moral responsibility – along with a recognition of the economic gravity of the situation – to take radical measures that have included huge stimulus packages and financial support programmes for businesses and individuals, such as the UK furlough scheme and the US $1200 stimulus for citizens. This expenditure has created levels of public debt not seen since the GFC or even the Second World War, reflecting the clear sense that existential issues have been at stake, and dramatic action has been needed.  

So far, the economic situation in individual jurisdictions appears to have tracked the scale and spread of the virus and the social restrictions that inevitably follow it. East Asian jurisdictions such as South Korea and China, which have had some success in containing the pandemic, have suffered less economically than those in Europe, Asia and the Americas that have struggled to do so. This suggests that, for as long as the virus is with us and is not contained, economic troubles will remain. With expectations that mass access to vaccines is still 3-6 months away, this means we can reasonably expect economic disruption in many key regions into 2021. 

Although government action has mostly – though not universally – mitigated the worst economic consequences, especially in terms of mass unemployment, expectations need to be managed with regard to how long this can continue. The disbursement of public funds at the current scale will not be sustainable in the medium term, and some actions that governments have taken to help individuals have already had negative impacts on some business. In several countries, governments have moved to mitigate personal debt burdens by suspending credit repayments, hitting financial services providers hard, and in the instance of German FinTech Monedo, a loan provider in several European countries, leading to its bankruptcy in September. As long as the public health crisis continues, we can expect to see increasing pressure on vulnerable businesses.

Compliance and Recessions 

Recessions always have particular consequences for compliance functions too, usually shaped by three contextual themes:

  • Risk Environment:  During economic downturns, there is often a rise in criminal activity, much of which will have an impact on the financial system. Volumes of fraud typically rise, as do criminal attempts to launder illicit proceeds through the financial system. 
  • Cost Drivers: Businesses increasingly focus on where they can reduce costs on non-revenue generating activities. Compliance, as a regulatory responsibility, is often a target for financial retrenchment within businesses, leading to potential friction with regulators themselves. 
  • Regulatory Change: Regulators often revisit aspects of regulation which they believe could have prevented or mitigated the economic crisis. For example, the GFC led to increased consumer protection in financial services in the 2010 Dodd-Frank Act in the US and the UK’s Financial Services (Banking Reform) Act of 2013.

The current crisis is having – and will continue to have – effects along these lines too, although shaped by its unique features and wider political contexts. According to reports from Europol, the EU’s policing agency, and FinCEN, the US Treasury’s Financial Intelligence Unit (FIU),  although some ‘traditional’ criminal activities such as face-to-face drugs sales have suffered, illicit activity has been on the rise where criminals are able to take advantage of health fears, exploit government economic relief packages, or target the vulnerable via cybercrime under the cover of increased online activity that has resulted from lockdowns. 

This has put a substantial additional investigative and reporting burden on the financial services sector, and in several jurisdictions, including the UK, Financial Institutions (FIs) have worked directly with law enforcement agencies to detect and disrupt COVID-19 related organised criminality. FIs have also had to look again at the configuration of their AML controls, especially those likely to be affected by changing patterns of licit and illicit financial behaviour, such as Transaction Monitoring (TM). Some institutions have found themselves struggling to optimise their platforms quickly in fast-moving environments, which in some instances have created problems with backlogs of False Positive alerts that reflect ‘pre-COVID’ economic activity.

At the same time, despite the important roles they play in the fights against economic and financial crime, compliance professionals have also increasingly become the target of internal cost-cutting exercises to help businesses remain commercially afloat. Several institutions which were planning compliance cuts earlier this year and held off in the early stages of the pandemic are now looking again at the potential for substantial cuts in compliance staff numbers. In regions where there has been significant growth in compliance staff numbers over the last five years, such as Scandinavia, FIs are seeking to mitigate regulatory risks that might emerge by investing more in new technologies, hoping not only to reduce costs but to improve the quality of AML outcomes too.

In this, at least, there is also a synergy between how the financial services sector and regulators are beginning to think about the delivery of AML/CFT controls. The early stages of the crisis created situations where some compliance officers could not access key systems out-of-office, and vital processes such as Identification and Verification (ID&V) and Client Due Diligence (CDD), which in many FIs still depend on a combination of manual checks and antiquated legacy technology, were impossible to complete. Although regulators have initially shown some forbearance on these issues, it is noticeable that the regulatory community has also been encouraging compliance functions to think radically about how they tackle problems of resilience and flexibility in the future. In March, AML/CFT’s international standard-setters, the Financial Action Task Force (FATF), issued a document that supported for the development of Digital Identity (DI) schemes to support frictionless ID&V, and in April, FinCEN have used a COVID-19 related announcement to restate its support for technological innovation as a potential solution to compliance challenges. 

Getting Ahead of Change 

Much remains unclear about exactly how the pandemic and its linked economic crisis will play out over the next six month. However, even if the most optimistic targets for the delivery of a vaccine are met, it seems unlikely that we will revert to the previous status quo. The world will indeed be different – it is currently hard to imagine a swift return to all our past patterns of behaviour, especially as many see the pandemic as something of a ‘dress-rehearsal’ for the likely impact of climate change. This suggests we are heading into a ‘new normal’ of higher levels of cybercrime, more remote working, potentially slower economic growth and legal and regulatory requirements for greater societal and economic resilience.  

All of these changes will have significant implications for compliance functions: platforms and controls will need to be configured to meet new risks, and be flexible enough to change quickly as those risks change. Compliance functions will need to be able to shift to remote delivery of services at high speed and with no loss of service. Management of costs will be a key criterion; ‘throwing money’ at the problem is unlikely to be an option for any business in the near future. 

In light of the experience of COVID-19 and the economic crisis we face, regulators are going to expect the sector’s professionals to learn the lessons, and learn them quickly.  Fair warning has been given, and it is reasonable to suppose that in the medium term, once the crisis is over, regulators will have higher expectations of FI’s applying agile new approaches, including new technologies. In a world that does not appear to be getting any less tumultuous, compliance functions will need to be able to do ‘business as usual’ even in the most unusual of situations.