RegSol Blog


COVID-19 and Cyber Crime: What to watch out for

May 2020

On the 31st of March the EBA published a statement on actions to mitigate financial crime risks in the COVID-19 pandemic. The document discusses from a supervisory level the actions competent authorities should take in urging credit and financial institutions to effectively put in place internal controls and systems to ensure the EU’s financial system is not abused by crime. 

In identifying emerging trends and typologies, legitimate financial flows are likely to diminish. However, experience from past crises suggests that in many cases, illicit flows will continue regardless perhaps unchanged and it is in those instances, credit and financial institutions should question source of funds and wealth of those transactions and most importantly whether they make economic sense.

For example, there is already some evidence of increased levels of cyber crime, COVID-19-related frauds and scams targeting vulnerable people and companies, of fake fundraising campaigns and of criminal networks selling rationed goods, including PPE at a higher price. Furthermore, as criminals are highly adaptive, new techniques and channels of laundering money are likely to emerge. 

On the 27th of March, Europol published a report on how criminals have adapted to the COVID-19 pandemic. It is based on information Europol receives from the EU Member States on a 24/7 basis and intends to support Member States’ law enforcement authorities in their work. According to the  report, the number of cyber-attacks is significant and expected to increase further. 

Cybercriminals will continue to innovate in the deployment of various malware and ransomware packages themed around the COVID-19 pandemic. They may expand their activities to include other types of online attacks. Cybercriminals are likely to seek to exploit an increasing number of attack vectors as a greater number of employers adopt telework and allow connections to their organisations’ systems.

Our Top 5 Tips:

  1. Update your AML-CTF Risk Assessment and any other relevant policies, internal controls or systems
  2. Train staff
  3. Transaction monitoring calibrated to recognise patterns in areas known to be impacted by COVID-19 but still yielding uncharacteristically large or unchanged profit flows
  4. Ongoing monitoring of impacted industries such as pharmaceutical or medical supply equipment
  5. Risk assess your own IT systems and work from home strategies for resilience against cyber attack

Click HERE to read EBA's statement. 

Click HERE to read the Europol Report:

By Judy de Castro - Regulatory Consultant