COVID-19 Creates Increased Risk of Financial Crimes and AML Exposure; FATF and FinCEN Provide Guidance


Earlier this month, senior officials of the global money laundering and terrorist financing watchdog, the Financial Action Task Force (FATF), issued a paper identifying challenges, good practices, and policy responses to new threats and vulnerabilities to the global financial system arising from the COVID-19 crisis. The U.S. Financial Crimes Enforcement Network (FinCEN) likewise is regularly publishing advisories regarding new COVID-19-related threats to the financial system. The FATF paper also includes a list of financial crimes-related statements and guidance issued by various other countries in response to COVID-19, in its Annex B.

As discussed below, the challenging COVID-19 environment has generated new avenues for money laundering. Specifically, new opportunities for bad actors to engage in fraud, cyberattacks, and other criminal activity have been created by the advent of remote working arrangements, increased online banking and financial services activities, as well as governmental and non-governmental efforts to distribute critical medical supplies and financial assistance.

Financial institutions’ anti-money laundering (AML) compliance programs remain an essential part of national and international efforts to identify and prevent abuses of the financial system, including with respect to COVID-19-related crimes. Financial institutions will be expected to incorporate into their AML programs information that FATF and government authorities have provided about increases in COVID-19-related crimes, related money-laundering risks, and red flags to watch out for. However, the ability of many financial institutions to exercise their compliance functions is affected by the operational changes that they are making to address COVID-19’s impacts.

Regulated financial institutions must be mindful of this new and challenging environment, and they should use the guidance provided by FATF, FinCEN, and other state and federal regulatory authorities to adapt.

Financial Institutions Must Continue To Take a Risk-Based Approach to AML

FinCEN recently reminded regulated financial institutions of their obligations to adopt a risk-based approach to AML compliance. As Orrick has detailed in a separate piece, FinCEN Director Kenneth Blanco stated they must continue “adapting in real time.” Financial institutions should consider taking the following steps in order to ensure continued compliance with their AML obligations in a COVID-19 world:

  • Identify New Risks. Assess which COVID-19-related criminal and money-laundering threats might touch upon their business, revise their written AML programs to address those threats as needed, and train personnel to identify suspicious activity related to those threats.
  • Review Transaction Monitoring Controls. Review the effectiveness of their current customer identification and transaction monitoring controls, especially in light of increased online and remote activity, and proactively address any deficiencies to ensure there are no gaps to be exploited or backlogs that prevent timely reporting. This is especially important for institutions that have not previously developed and tested remote infrastructure for high-volume scenarios.
  • Provide Support. Ensure that compliance personnel working remotely are afforded the resources and support needed to adequately perform their duties.
  • Assess Resource Allocation. Be mindful that resources may become constrained and competing business priorities may arise, but allocate or reallocate human and financial resources as required to make sure that AML obligations continue to be met.
  • Stay Nimble. Understand that flexibility will be needed. The global situation continues to evolve, and it is impossible to predict exactly what new threats will emerge, what logistical and technical difficulties financial institutions may face, and what resource constraints may arise. Financial institutions should be proactive in adapting to changing circumstances.
  • Stay Informed. Review notices, advisories, and other publications from regulators regarding COVID-19-related threats, compliance recommendations, and other relevant updates. FinCEN in particular encourages financial institutions to monitor its dedicated website for coronavirus-related updates ( and the Department of the Treasury’s website on The Coronavirus Aid, Relief, and Economic Security (CARES) Act ( for up-to-date information concerning compliance with U.S. AML obligations.
  • Communicate with Regulators. Finally, if financial institutions are experiencing difficulties in meeting any regulatory requirements due to COVID-19-related circumstances, it is critical to communicate with regulators and work with them to find a solution.

Financial Institutions Are Exposed to New AML Risks Because COVID-19 Has Created New Opportunities for Bad Actors

The actions discussed above are critical, as changes in the way people interact and conduct business have opened up new opportunities for bad actors to perpetrate crimes and launder money. FATF’s paper provides a non-exhaustive list of COVID-19-related crimes, which include: (1) fraud – such as impersonation of public officials to obtain financial information, phony sales of medical supplies, and investment scams; (2) cybercrime, through taking advantage of the sharp increase in remote working arrangement and dependence on mobile computing devices; (3) exploitation of online banking platforms; (4) exploitation of vulnerable populations; and (5) misappropriation of government resources. Likewise, FinCEN recently has advised of financial crimes related to the COVID-19 pandemic. In what it promises is the first of several such publications, FinCEN on May 18 issued an Advisory on Medical Scams related to the Coronavirus Disease 2019. The advisory warns of possible illicit activities regarding fraudulent cures, tests, vaccines, and services; non-delivery scams; and price gouging and hoarding of medical-related items, such as face masks and hand sanitizer.

Criminals are taking advantage of the global pandemic to find new ways to conceal and launder illicit funds. Financial institutions should take these risks into consideration in assessing and updating their AML compliance programs and monitoring for suspicious activity.

  • Financial institutions are increasingly relying on remote customer identification processes as more customer financial activity takes place online. Criminals may seek to bypass know-your-customer and customer due diligence measures and launder funds by exploiting challenges caused by financial institutions’ remote working situations. 
  • As more customer transactions are conducted remotely, there may be increased misuse of online financial services, and in particular virtual assets, to move and conceal illicit funds.
  • Criminals may seek to exploit economic stimulus measures and insolvency schemes to launder illicit proceeds.
  • Individuals moving money out of the banking system due to financial instability may lead to an increased use of unregulated financial institutions, which creates additional opportunities for criminals to launder illicit funds.
  • Criminals may seek to misuse or misappropriate financial aid and emergency funding by avoiding standard procurement procedures, resulting in increased corruption and related money laundering risks.
  • Because of the global economic slowdown, criminals may move into new cash-intensive and high-liquidity lines of business, in particular in developing countries, to launder illicit proceeds or fund their operations. Criminals may also fraudulently claim to be charities to raise illicit funds through online transactions.

Resource and other challenges financial institutions are facing may make creativity and a willingness to adjust their business or AML practices essential to addressing the threats created by the global pandemic. The regulatory expectation that compliance programs remain effective in the face of new developments remains strong, and financial institutions must carefully assess the risks they face, understand whether their compliance programs are equipped to address those risks, and be proactive in remedying any gaps, deficiencies, or other challenges.