Operationalizing the CARES Act: The Impact on Fraud and AML Controls

Due to the COVID-19 crisis and the recently adopted CARES Act, fraud and AML teams need to address the rapidly evolving financial crime landscape. As financial criminals become savvier, it’s critical to adapt quickly and effectively to stay ahead. To help you navigate these new dynamics, NICE Actimize partnered with other leading industry experts on a four-part webinar series. The following blog offers highlights and insights from the “The Impact on Fraud and AML Controls” webinar.

This webinar session featured insights from PwC and NICE Actimize. Don’t miss the first blog in our series here.

As the CARES Act continues to present new challenges, it’s also resurfacing existing issues related to financial crime. Even though it means processing large volumes of loans to existing and new customers at unprecedented speed, multiple regulatory bodies have specifically called out that financial services organizations (FSOs) are still expected to comply with Bank Secrecy Act (BSA) requirements.

As a result, it is imperative that lenders establish a customized Know Your Customer (KYC) and onboarding process that balances their commercial interests, while still meeting compliance obligations. It’s important to note that PPP loans for existing customers will not require re-verification of beneficial ownership information for relevant BSA requirements, unless those requirements already exist in the institution’s BSA compliance approach. For example, if an FSO opened a new account for an existing customer, they would have to verify Beneficial Ownership. However; since the CARES Act, regulatory bodies have eased that due to the influx of loans. For existing customers, they were not required to verify as they normally would. With that said, regulators also stated that if the verification of Beneficial Ownership was part of their policy – they would still need to do that.

Increased Internal Fraud

In addition to external fraud associated with the PPP, internal fraud may be a concern as well. In fact, the internal fraud cycle may take months or even years to discover. As a result, we encourage clients to interact more than ever with their enterprise security and information security teams to help lessen negative impacts as much as possible.

The usage of external agents as loan initiators also represents a potential fraud risk during these times. Agents’ employees can feed loan applications to an FSO, that may include falsifying loan records. In fact, this happened with the Small Business Administration (SBA) program even before the CARES Act. To help minimize potential fraud due to agents, FSOs should re-evaluate their vendor controls and enhance their vendor risk management initiatives as necessary.

We also suggest that our clients with enterprise lending responsibility reach out to their small business counterparts and share key learnings and best practices. In addition, those administering small business loans should consider consulting with partners in the consumer home mortgage or automotive loan segments. By becoming more familiar with managing fraud in those areas, those handling SMB loans may be better able to mitigate small business loan fraud as well.

Scaling Controls

When monitoring for financial crime related to economic relief or stimulus programs, FSO controls need to be ready to scale for all CARES Act distributions methods, including checks, direct deposits (ACH), and debit cards. FSOs should look at the intelligent monitoring of their fund deposits to make sure they know where that money is coming from.

Some recommended actions include matching recipient and account name for electronic transactions and name verification and account titling for checks. It’s also important to verify that entities are valid and ensure they’ve not be involved in prior fraud activities.

Social engineering is becoming rampant as well, which creates more potential for fraudulent account takeover. One step to mitigate this is to make sure call centers are attuned to abnormal money movement and that call center detection and transaction detection are connected.

On the transaction monitoring front, observe deposit thresholds and duplicate detection rules in ATM and teller platforms. FSOs also should ensure that controls in place to monitor for extended typologies covering behavioral changes, layered relationships and requisite flow of funds.

In short, the pandemic has created a “Black Swan” event that requires enhanced review and controls above and beyond those provided by existing preparation and statistical modeling.

Efficient KYC Processes

In supporting the Small Business Payroll Protection Program, FSOs must implement end-to-end controls to help avoid fraud and abuse. Now, having solid KYC processes is more important than ever. When it comes to risk, relationships with long-standing existing small business customers that only do business locally or domestically are on the lower end of the scale. Small businesses that have international fund flows with complex ownership structures are higher risk. As a result, they have multiple touch points in their supply chains that may allow them to launder money easily. Because of this, FSOs may be giving out large loans to SMBs that could potentially make them susceptible to reputational damage in the future.

To help with your KYC processes, consider:

• Implementing enhanced data validation for borrowers and exception reporting
• Use layered ID proofing controls to evaluate owner information and digital identity
• Cross reference small business information with various public and curated sources 

We’ve seen a number of challenges on the KYC front – chief among them is simply getting up and running in this new work-from-home environment. Validating Optical Character Recognition (OCR) and other documentation is another significant KYC challenge to address. Many large financial institutions still rely on paper and “wet” signatures, so the recent push to digital signatures and authorization has caught many institutions off guard, creating unease due to lack of in-person identification.

That said, there’s definitely a push toward digitalization that’s presenting some tactical measures that will stay with us for a long time. For example, we’re seeing a significant rise in cloud solutions, specifically with hosting and SaaS, which mean testing and deploying of real-time fraud strategies faster than ever before. FSOs may also want to consider deploying an internal fraud SaaS solution, which provides instant value to institutions looking to restore controls and stop corroboration.

Moving Forward

As a potential solution for FSOs, NICE Actimize offers ActOne, a unified platform to manage alerts and cases. Built for fighting financial crime, the platform provides a way to divert “low-hanging-fruit” alerts into robotic process automation, and the ability to quickly put controls against the more relaxed policies we’re seeing under the CARES Act. It also offers complete visibility using Customer Due Diligence information. ActOne also gives transaction monitoring teams quicker alert resolutions. The ability to have fraud teams quickly communicate with AML teams helps significantly – especially when considering today’s potential for spikes in fraud.

To further help address critical FSO needs in operationalizing CARES Act initiatives, NICE Actimize launched KYC Xpress. The cloud-based solution expedites operations and procedures with advanced automation and also retrieves client data from public and premium sources, identifying risk factors like adverse media, sanctions and political exposure. The process eliminates manual and time-consuming tasks and reduces the time to set up KYC processes. With the tremendous influx of loan applications, KYC Express speeds up the process while still performing an accurate check of potential customers.

For more specifics and detailed information, visit this page to hear the full series.