White paper
How financial institutions can prepare for 2021
Since the COVID-19 pandemic began hammering the global economy in early 2020, financial institutions have been at the center of a brewing economic storm. Not only have they been pressed into service by the federal government to help distribute trillions of dollars in stimulus money, financial institutions everywhere are fighting a widespread economic depression, managing a remote workforce, dealing with disgruntled customers, and guarding themselves against an increasingly aggressive and sophisticated network of fraudsters and cybercriminals.
As the pandemic continues to rage, an equally serious epidemic of uncertainty clouds the economic outlook for 2021. No one knows how the pandemic will play out. Will there be an effective coronavirus vaccine or not? Will the economy rebound or not? Will next year bring a new era of continuous economic turmoil and social unrest? Or will we somehow adapt and innovate our way to a brighter, more sustainable future?
In short, anything could happen in 2021.
That kind of open-ended uncertainty is of course what financial institutions and businesses work hard to avoid. But with so many unknowns in the equation, leaders everywhere now have no choice but to ruthlessly assess their vulnerabilities and plan for a multitude of possible futures.
Despite these uncertainties, many dynamics of the coming financial future can be anticipated, and there are many steps financial institutions can and should be taking to prepare.
Operational challenges & data security
For example, even if a coronavirus vaccine is available by the end of the year, it will take months to inoculate enough of the world’s population to allow for a sustained economic rebound. That means financial institutions can expect their current operational challenges to continue until at least the summer of 2021.
“Many financial institutions may have developed business continuity plans, but only for a short-term disruption, not an extended event like we’re seeing now,” says Gabriel Hidalgo, managing director of K2 Intelligence FIN, which specializes in financial-crime compliance and investigations.
Few institutions ever imagined having to run their operations remotely for months on end, Hidalgo says, so now is the time to re-examine remote security protocols and plan for a largely remote workforce into the foreseeable future.
“When you have a completely distributed workforce working remotely from all over the world, especially multinational institutions that have hubs in various countries, their data controls platform and cybersecurity programs become paramount,” Hidalgo says. Each spoke in those remote hubs represents a potential security risk and cybercriminals know it, Hidalgo warns, so it’s important to take all the steps necessary to ensure network security.
Those steps include:
☑ Using a secure VPN for communications
☑ Making sure data and communications are fully encrypted
☑ Training remote workers to guard against phishing and spoofing scams
☑ Not using work computers for personal use and vice-versa
☑ Upgrading tech systems that weren’t designed for a remote work environment
☑ Empowering Chief Information Officers (CIOs) and Chief Technology Officers (CTOs) to create and implement a technological adaptation plan for both in-office and remote-working environments
☑ Revising Know Your Customer (KYC) protocols
Rise of mobile banking
Another entirely predictable by-product of the pandemic is expanded use of remote and mobile banking services. Fidelity National Information Services reported that in April, mobile banking registrations doubled at the world’s 50 largest banks, and mobile banking traffic rose 85%. But no matter what happens with the coronavirus, the trend toward remote/mobile banking is likely to be a more-or-less permanent transformation, Hidalgo says, so investing in mobile platform stability and security is a no-brainer.
“The apps on people’s phones have become their lifelines,” says Hidalgo, and remote payment platforms such as PayPal and Venmo “have become essential.” Businesses are also using remote banking and payment platforms to pay vendors and employees, keep track of payroll, and execute other basic business functions.
Consequently, banking apps need to be upgraded to provide a more robust and seamless customer experience, because websites and apps are—in most cases—the primary touch point banks now have with their customers.
Compliance reporting
Operating financial institutions remotely for an extended period of time also introduces the danger of falling behind on mandatory compliance reporting. Any bank backlogs piling up now need to be addressed as soon as possible in order to avoid even larger backlogs if current work conditions persist in 2021.
“From a compliance standpoint, financial institutions need to have the ability to make sure all of the work that compliance teams would normally do in the office can be accomplished remotely, and that these remote workers have the same through-put as they would have had in the office,” Hidalgo says.
That can be difficult if remote workers are overloaded at home dealing with family matters and child-care issues, he acknowledges, but “regulators will not accept problems associated with the coronavirus as an excuse for missing reporting deadlines,” so the infrastructure for meeting said deadlines needs to remain intact.
Money laundering
For fraudsters and cybercriminals, the federal government’s rush to distribute $2 trillion in stimulus relief through the CARES Act and Paycheck Protection Program has created a “perfect storm” of bureaucratic bottlenecks and confusion, says Debra Geister, CEO of Section 2 Financial Solutions. If—or when—some version of the proposed $3.4 trillion HEROES Act is approved, it too will be exploited by criminals around the world.
Unfortunately, most financial institutions are “woefully ill equipped” to deal with the onslaught of fraud to come, she says, particularly when it comes to sophisticated money-laundering schemes.
“Currently, more than 90% of AML transaction alerts are false positives because most money laundering is not done by individuals, it is done by sophisticated international crime syndicates that operate more or less like multinational corporations,” Geister explains. “They know how to stay below the transaction thresholds that trigger alerts, so they tend to fly under the radar.”
Geister specializes in an area of financial investigation called Hybrid Threat Finance (HTF), which involves analyzing money-laundering typologies used by networks of state and non-state “threat” organizations such as the Sinaloa Cartel, Hezbollah or Iran.
According to Geister, the pandemic has directly impacted these networks by depriving them of trade-based money-laundering opportunities, so they are exploiting the U.S.’s stimulus programs by, say, laundering money through bogus healthcare-related shell companies.
“We’re seeing all kinds of nefarious groups try to get involved in the sale of Personal Protective Equipment (PPE), for example,” she says. “So instead of laundering a million dollars here or there through a restaurant or hotel, they can place an order for $250 million worth of PPE and sell it at a margin, without much overhead. It’s a highly effective way to launder those funds.” According to Geister, trade-based money-laundering through products such as PPE is just one of the ways these groups are taking advantage of the global pandemic.
Because criminals are targeting government spending programs, thorough due diligence on new customers and staying alert to anomalous deposits and spending patterns is crucial. But in general, financial institutions hoping to detect or prevent these types of schemes are fighting an uphill battle using conventional procedures and protocols, Geister says.
And going into 2021, the economic churn from so many businesses trying to adapt and survive all at once “is going to create a whole new playing field” for fraud, she says—one financial institutions need to understand as they re-calibrate their own risk/reward metrics and investment strategies.
Investment opportunities
Banks are among the businesses that will be trying to adapt in 2021 as well, so mitigating risk will of course be a top priority, especially if credit card, residential mortgage, and commercial real estate defaults begins to pile up. Calculating those risks will likely be more difficult in 2021 as the economy struggles to gain traction, but for financial institutions, a roiling economy can also yield promising investment opportunities, says Geister.
Some of the questions financial institutions in 2021 should be asking themselves:
American capitalism has no choice but to radically restructure itself in response to the pandemic, Geister says, and that activity will definitely create opportunities. At the same time, she warns, financial institutions everywhere need to keep in mind that international crime organizations and rogue nation states will be trying to exploit these same volatile business activities to launder funds and cloak their operations in the guise of legitimacy.
Financial institutions are at the cliff’s edge
Aside from worries about ongoing internal operations and security threats, many financial institutions in 2021 will likely be facing existential questions of their own. According to one estimate reported by Fortune magazine, big bank profits could nosedive as much as 60% in 2021—a decline several magnitudes worse than any worst-case scenario envisioned in even the most pessimistic of business continuity plans.
Indeed, according to Jim Richards, founder of RegTech Consulting and former head of financial crimes risk management at Wells Fargo, many banks are already perilously close to imploding, and 2021 could usher in an historic wave of bank closures and consolidations.
Trouble for small banks?
No matter what happens in 2021, big banks will find ways to weather the storm, Richards says—partly because they have more resources to offset loan losses and partly because, unlike during the Great Recession, during the COVID-19 crisis the federal government has given banks the responsibility of distributing stimulus money in order to maintain some semblance of economic stability.
Rather, it’s the small- and mid-sized banks already working in the margins that may suffer the most in 2021, Richards says, particularly if funds from the Fed dry up.
“If the COVID-19 crisis drags on through 2021 and into 2022, there won’t be 5,100 banks in the U.S. (as there are now), we will see more like 2,100 banks,” Richards says, as troubled banks either consolidate or go out of business. Richards expects many players in the FinTech space to follow suit and consolidate or disappear as well.
Much of what happens in 2021 will of course depend on how the 2020 presidential election and congressional elections play out. Until then, “everyone is just guessing,” Richards says—but there are several things banks can and should be doing now to prepare.
“Banks should be doing what they should always be doing,” Richards says, which is continuously reviewing their risk profile and adjusting accordingly.
That means continuing to ask basic questions like:
- What are we doing now?
- What should we stop doing?
- What should we start doing?
- What should we continue to do?
Considering the potential stakes, however, “this might also be a good opportunity to take that bold step that you wouldn’t otherwise do, whether it’s consolidate, divest, restructure, cut spending, or whatever,” Richards says.
After all, treading water in the middle of the ocean only makes sense if you believe someone is going to rescue you, he says. “Otherwise, it might be time to start swimming.”
☑ Expect to manage a largely mobile workforce and plan for it
☑ Re-think the need for physical infrastructure
☑ Assess (and upgrade) usability of websites, apps, and other remote solutions
☑ Make sure enterprise security is airtight
☑ Don’t allow personal devices on the network
☑ Make sure BSA/AML compliance teams are keeping up with their workload
☑ Work to reduce “false positives” in compliance reporting
☑ Communicate frequently with regulators for guidance
☑ Report any changes in business continuity plans to regulators
☑ Manage operations using risk-based analysis techniques
☑ Educate and train staff to recognize spoofing, phishing, and other scams
☑ Conduct thorough due diligence on new customers (even if it takes more time)
☑ Remain alert to strange transaction patterns (even if they don’t meet the usual thresholds)
☑ Guard against bad debt (especially credit cards and mortgages)
☑ Look for promising investment opportunities
☑ Hold on tight; 2021 is going to be a rollercoaster ride, no matter what
Explore our new resource hub for more thoughtful commentary related to AML, KYC and commercial lending.