(Current Issue:Financial crime in times of Covid-19 – AML and cyber resilience measures 整理)

目录

Highlights

1. Introduction

2. Financial crime during the pandemic crisis

a)        An increase in ML and TF risks stemming from Covid-19-related crime

b)        The need to devote additional resources to ensuring the effective operation of business continuity arrangements may mean that financial institutions are less able to monitor suspicious transactions. Authorities are in a similar situation.

3. Cyber resilience measures 网络韧性

a)        The joint statement by the UK and US cyber security agencies

b)        the Singapore Computer Emergency Response Team (SingCERT) 指出

c)        the Cybersecurity and Infrastructure Security Agency

d)        complementary measures 补充方法

(3)        Information-sharing on Covid-19-related threats

4.        AML Measures

a)        各地金融机构应保持警惕,同时

b)        Issuing public statements drawing attention to Covid-19 ML and TF threats

c)        Emphasising the flexibility built into the AML/CFT risk-based framework and providing guidance on its application

d)        Providing guidance on digital customer on-boarding and simplified due diligence

e)        Working closely with the financial sector

5.        Concluding remarks

a)        Authorities

b)        Guidance issued

c)        AML frameworks

Highlights

  • Cyber attacks, money laundering(ML) and terrist financing(TF)在疫情期间越来越多
  • 全球当局通过警示金融机构并提供提高数字安全的方法来避免ML&TF
  • 尤其要注意IT网络和未公布数据、数字安全意外响应计划、并着重培养员工的安全意识;
  • 金融机构还需要警惕新的ML&TF风险并继续满足AML(反洗钱)&CFT(反恐怖组织融资行为)的要求,通过建立using the flexibility built into the AML/CFT risk-based framework, digital customer on-boarding and simplified due diligence processes.
  • 当局应强调权衡expecting financial institutions to enhance or adjust their cyber resilience and AML frameworks 和avoiding imposing an excessive burden that could hinder妨碍financial institutions in delivering key financial services

1. Introduction

- not just a convenience but a necessity.

- Work-from-home arrangements with remote access to corporate networks have significantly expanded the attack surface for cyber criminals.

- financial crime seen so far during the current crisis.

2. Financial crime during the pandemic crisis

a)        An increase in ML and TF risks stemming from Covid-19-related crime

(i) increased misuse of online financial services and virtual assets to move and conceal illicit funds

(ii) possible corruption connected with governmental stimulus funds or international financial assistance

b)        The need to devote additional resources to ensuring the effective operation of business continuity arrangements may mean that financial institutions are less able to monitor suspicious transactions. Authorities are in a similar situation.

3. Cyber resilience measures 网络环境韧性

a)        The joint statement by the UK and US cyber security agencies

-        列出practical indicators that systems have been compromised

-        encourages individuals and organisations to review their guidance on home working

-        mitigating malware and ransomware attacks恶意软件和勒索攻击

-        enterprise virtual private network (VPN) security and risk management, among other topics, to ensure that Covid-19-related challenges are addressed.

b)        the Singapore Computer Emergency Response Team (SingCERT) 指出

(i) ensuring that remote access systems are updated with the latest patches, security configurations and anti-virus signatures

(ii) performing regular audits of privileged domains

(iii) providing regular reminders to employees about cyber threats and preventative tips so that their awareness is heightened;

(iv) putting in place cyber incident response and recovery plans that can be effectively implemented in view of the telecommuting circumstances.

c)        the Cybersecurity and Infrastructure Security Agency

In the United States, the Cybersecurity and Infrastructure Security Agency – the country’s cyber security agency – has identified as essential workers, among others, third-party staff supporting banks and other financial institutions responding to cyber incidents, and the Office of the Comptroller of the Currency (OCC (2020a)) has asked its supervised institutions to reflect this consideration in their business continuity approaches.

d)        complementary measures 补充方法

In addition, a number of authorities are taking complementary measures specifically targeted at the increasing levels of cyber criminality in the financial sector during the pandemic crisis.

(1)        Raising awareness through public statements about increasing levels of cyber crime 

the April 2020 public joint statement by the Bank of Italy and the Institute for the Supervision of Insurance (IVASS) – the Italian insurance supervisor主要关注以下几点 :

(i) the vulnerabilities resulting from the more intensive use of teleworking;

(ii) conducting reviews to gain insights on the characteristics of cyber threats in the context of Covid-19

(iii) relying on information exchange mechanisms.信息传输机制

(2)        Providing guidance on the most relevant cyber resilience areas 

i)provided guidance on the heightened risks to IT networks and non-public information.

(a)New York State Department of Financial Services (DFS) (2020)强调

(i) the importance of relying on secure VPN connections that will encrypt all data in transit

(ii) using multifactor authentication protocols and updating them for key actions (eg security exceptions, wire transfers);

(iii) applying robust security protocols to company-issued devices and strong controls to personal or home devices used to access corporate technological infrastructures;

(iv) configuring corporate video and audioconferencing facilities in a way that limits unauthorised access

(v) taking measures that prevent the loss of non-public data.

As part of its Covid-19 cyber guidance, the DFS has also asked their regulated entities to address third-party risks connected with the current exceptional circumstances.

It expects regulated entities to coordinate with critical vendors to ascertain that they are adequately addressing the new risks and challenges posed by the pandemic crisis.

ii) The adjustment of cyber security incident response plans to the pandemic environment.

(a)the Abu Dhabi Global Market’s (ADGM) Financial Services Regulatory Authority (FSRA) (2020)

- communicated to their financial institutions the importance of instituting incident response plans that are commensurate with the nature, scale and complexity of their business in the current context.

- to increase preparedness for identifying and mitigating operational and cyber risks, thus enhancing the financial sector’s resilience so as to diminish the impact of possible cyber attacks.

iii)several authorities are emphasising staff training and awareness at financial institutions.

(a)the Financial Industry Regulatory Authority (FINRA (2020)), as part of its Covid-19 guidance to members, recommends that firms train their staff on

(i) how to connect securely to the office environment or office applications from a remote location

(ii) potential scams, fraudulent communications and other criminal activities.

另外,emphasises the need for IT support staff or others involved in managing or supporting staff using the firm’s systems to be alert and adequately trained to deal with fraudsters and social engineering schemes, such as bogus calls requesting password resets or fake reports of lost phones or equipment.

(3)        Information-sharing on Covid-19-related threats

i)        Organisations such as the Bank of Italy and IVASS:

- disseminate security bulletins

- organise webinars on attack techniques and possible countermeasures

- facilitate training on the correct use of company devices and the strengthening of controls connected to remote work.

ii)        At the international level, the Euro Cyber Resilience Board (ECRB) for pan-European Financial Infrastructures and the BIS’s Cyber Resilience Coordination Centre (CRCC) are expected to play an important role in facilitating the exchange of information on Covid-19-related threats.

(a)        ECRB:

The ECRB serves as a forum on systemic resilience against cyber risks. In recent weeks its members have agreed to share more cyber information and intelligence, with the aim of identifying cyber threats and exchanging best practice to prevent attacks.

(b)        CRCC:

CRCC seeks to provide a structured and careful approach to knowledge-sharing and collaboration between central banks in the area of cyber resilience. A core service is to provide a secure collaboration platform for information-sharing on multilateral cyber threats.

4.        AML Measures

a)        各地金融机构应保持警惕,同时

(i) using the flexibility built into the FATF’s risk-based approach to address the challenges posed by the crisis;

(ii) implementing responsible digital customer onboarding for the delivery of digital financial services to the fullest extent possible in the light of the lockdown and social distancing measures;

(iii) working closely together, including by sharing relevant information

(iv) offering effective mechanisms through which the industry can report Covid19-related financial crime to authorities.

b)        Issuing public statements drawing attention to Covid-19 ML and TF threats

(1)        FATF statement

c)        Emphasising the flexibility built into the AML/CFT risk-based framework and providing guidance on its application

(1)        A number of authorities worldwide have provided guidance on the way the AML/CFT risk-based framework will be applied flexibly in the Covid-19 context 

i)        the Financial Crimes Enforcement Network (FINCEN)

In the United States, the Financial Crimes Enforcement Network (FINCEN) has provided for certain regulatory relief under the risk-based approach to the AML/CFT requirements, including exempting firms from requirements to (re)verify beneficial ownership for new loans extended to existing customers under the Coronavirus Aid, Relief, and Economic Security (CARES) Act Paycheck Protection Program.

The OCC (2020b) has publicly expressed support for the FINCEN’s approach and stated that, when evaluating banks’ AML/CFT compliance programmes, it will consider the actions taken by banks to protect and assist employees, customers and others in response to the Covid-19 pandemic, including accepting reasonable delays in reporting filings and other risk management processes.

(2)        Authorities have also emphasised that financial institutions should continue to provide essential financial services, while at the same time seeking to mitigate ML risks by using the various tools at their disposal. 

i)        machine learning -->  improved ML detection

But the Covid-19 crisis has changed the behaviour of retail and corporate clients, which could drastically reduce the effectiveness of machine learning techniques, particularly those trained on past patterns of behaviour. Other tools may face similar challenges.

d)        Providing guidance on digital customer on-boarding and simplified due diligence

(1)        digital ID systems with technology, processes, governance and other safeguards 

digital ID systems with technology, processes, governance and other safeguards that assure an appropriate level of trustworthiness in line with relevant FATF Guidance (eg on digital identity).

i)        the CSSF considers that live video-chats could provide appropriate safeguards to verify a customer’s identity.

(2)        simplified due diligence approaches 

i)        “grant a facilitation” in the application of due diligence requirements for new business relationships entered into before 1 July 2020.

It has extended the 30-day period for confirming the authenticity of identification documents to 90 days.

During this period, a new business relationship can be entered into with sufficient information regarding the contracting parties and a simple copy of the identification document provided that, on the basis of a risk-based assessment, the application of this flexibility is deemed appropriate.

e)        Working closely with the financial sector

(1)        Supervisors, FIUs and law enforcement agencies are using their existing channels to share ML/TF risks linked to Covid-19 with financial institutions and other private sector entities

(2)        In addition, authorities have started to set up mechanisms by which victims, financial institutions and other businesses can report Covid-19-related fraud.

5.        Concluding remarks

a)        Authorities

In both areas, authorities have highlighted the need for

(i) drawing attention to these crimes so that financial institutions and the general public are better informed;

(ii) extra vigilance with respect to increasing and evolving risks

(iii) active sharing of information between the public and private sectors, and within and between jurisdictions

b)        Guidance issued

The guidance issued underscores the trade-offs between expecting financial institutions to enhance or adjust their cyber resilience

c)        AML frameworks

AML frameworks and, on the other hand, avoiding imposing an excessive burden that could hinder financial institutions in delivering key financial services.

Financial crime in times of Covid-19 – AML and cyber resilience measures 整理相关推荐

  1. covid 19如何重塑美国科技公司的工作文化

    未来 , 技术 , 观点 (Future, Technology, Opinion) Who would have thought that a single virus would take dow ...

  2. stata中心化处理_带有stata第2部分自定义配色方案的covid 19可视化

    stata中心化处理 This guide will cover an important, yet, under-explored part of Stata: the use of custom ...

  3. 【李宏毅《机器学习》2022】作业1:COVID 19 Cases Prediction (Regression)

    文章目录 [李宏毅<机器学习>2022]作业1:COVID 19 Cases Prediction (Regression) 作业内容 1.目标 2.任务描述 3.数据 4.评价指标 代码 ...

  4. 亚洲国家互联网渗透率_发展中亚洲国家如何回应covid 19

    亚洲国家互联网渗透率 The COVID-19 pandemic has severely hit various economies across the world, with global im ...

  5. ikeas电子商务在covid 19时期就已经很糟糕了,它绝对崩溃了

    By Mark Wilson 马克·威尔逊(Mark Wilson) Ikea has long known the shortcomings of its business. The world's ...

  6. covid 19个案例数据如何收集

    This week, health informatics became a hot topic in the US as the responsibility for collecting COVI ...

  7. 语料库建立_通过挖掘covid 19科学语料库建立对病毒的理解

    语料库建立 At the time I publish this, we are entering the 9th month since COVID-19 froze the world. Sinc ...

  8. IEEE R10 2021 Special Call For Proposals Related To CoViD‘19

    Great way for visualize the time remaining https://sac.ieeer10.org/special-cfp-covid-19/

  9. 用python进行营销分析_用python进行covid 19分析

    用python进行营销分析 Python is a highly powerful general purpose programming language which can be easily l ...

  10. 我如何使用smartwatch传感器限制covid 19感染

    Put your hands up if the amount of times you wash your hands a day has quadrupled since February 202 ...

最新文章

  1. Android Studio中mac上面的安装
  2. Feign的日志级别设置(显示feign调用服务过程中的日志信息)
  3. GPU Gems1 - 23 景深技术综述
  4. 计算机u打字,win7电脑打字打不出来怎么办
  5. 别人家的防疫实时监控大屏是怎么做的?方法和技巧都在这里了
  6. Qt学习笔记-Qt程序切换皮肤
  7. kvm 网络配置及克隆
  8. cesium label和billboard 的一些配置注释
  9. 微信小程序-区分版本:开发版、体验版和正式版
  10. OK6410移植UBOOT
  11. deepin更新失败_deepin V20 20200826升级失败
  12. 测试设计点-pc端和移动端微信加入群聊
  13. 解决谷歌浏览器你的时钟快了和证书问题
  14. name norm is not defined
  15. 关于注册Google账号时遇到“此电话号码无法用于进行验证”的问题的解决方法
  16. 【C语言】判断一个浮点数是否等于零
  17. cc2541中文数据手册及cc2541蓝牙源程序
  18. centos挂载和取消挂载
  19. 服务器配置80端口文件在哪,给服务器配置一个80端口
  20. python-message v0.2.x 全接触

热门文章

  1. AMap(高德官方图层)
  2. JavaFX报错: Exception in thread WindowsNativeRunloopThread java.lang.NoSuchMethodError
  3. scrapy---拉勾网Ajax爬虫
  4. python爬虫系列——拉勾网
  5. clob informix java_informix如何插入clob
  6. mac ~/.vuerc may be outdated. Please delete it and re-run vue-cli in manual mode.
  7. python读数据库的通信协议是什么_Python中TCP协议的理解
  8. python如何导入背景图片_背景图片的正确导入方式
  9. WPF学习之绘图和动画--DarrenF
  10. Endnote 基本使用教程