JULY 2020 BRIEFING // WHAT SHIFTS IN FINANCIAL REGULATION CAN WE ANTICIPATE AS PART OF THE NEW NORMAL? MIA GREGORY FINDS OUT
COVID-19’s combination of a global public health crisis and a deep economic and market meltdown is unprecedented, and according to the IMF’s World Economic Outlook, set to be the worst economic crisis since the Great Depression. Previous crises were painful, but a pandemic is different. The policy response is much more complex, too. What does this mean in the context of business crime? Whilst the FCA continues to prioritise consumer protection, its prioritisation of investigations has shifted.
The FCA has gone on record stating that it is aware that firms may need to re-prioritise or even reasonably delay some of their legislative requirements. Good examples include ongoing customer due diligence reviews and transactional monitoring alerts. But it also appears to be permitting a degree of flexibility in relation to the general regulatory requirements and the compliance pressures on firms who face sanctions, moving from crisis response to supporting economic growth.
Whilst the FCA continues to emphasise the importance of its rules (for example, any ‘bad practices’ employed by firms will remain unacceptable) it seems to appreciate that, post-pandemic, regulators need to be agile. The long-term economic impact of COVID-19 is likely to define the regulatory agenda for years to come in accordance with the regulatory body’s resources and the perceived risk of impact to the public. In fact, the FCA presupposed such a crisis in 2018 when it published a consultation seeking to address ‘operational resilience’ gaps within firms as a national stress-test for UK firms.
However, since the outbreak of COVID-19 in the UK, deadlines to meet the consultation’s requirements have been extended on multiple occasions to alleviate the burden on business. The latest update indicates that firms will not need to meet the conditions resulting from the consultation until the close of 2021, in comparison to the initial deadline of October 2020. Notably, there have even been new rules stemming from two policy statements concerning pension transfer advice which have been delayed as a result of COVID-19.
For firms already under investigation, it is worth noting that the FCA may shift away from its triage approach and impose new and aggressive deadlines for compliance in order to make up for lost time during COVID-19. Firms should prepare for this possibility by using this period to engage with trusted advisers to identify and document the structural resources available to them and ascertain where their vulnerabilities lie, so they can adapt to their ‘new normal’ and FCA re-engagement.
Today, thousands of businesses are facing their biggest challenge; remaining commercially viable and compliant. If your businesses would benefit from an assessment of your regulatory system’s fit with best practice in light of COVID-19, we can help. Contact for more details.
KEEPING YOUR BUSINESS SECURE DURING A GLOBAL PANDEMIC
MIA GREGORY // AUGUST 2020
Over the last five years cybercrimes have cost 1.5 million UK businesses, a total of around £87 billion, according to a press release from Beaming. Since the start of 2020, the National Crime Agency (NCA) identified a surge in ‘COVID-19 themed’ malicious platforms, where criminals are attempting to impersonate people, organisations and government departments to gain access to and capitalise from confidential information.
The UK has been the most severely targeted country for Covid related phishing emails, according to The Charted Trading Standards. Criminals are more likely to attack vulnerable businesses during these unprecedented times and so it more prudent than ever to consider what anti-fraud systems your business has in place. What approach do you have in place to identify unwanted activity patterns and prevent attacks on your organisation?
Since the UK went into lockdown in March this year as a result of Covid, many offices have been forced to close their doors and required their staff to take up remote working. As businesses place more reliance on digital technologies to maintain effective communication, there is in turn, an increased risk of hacking opportunities for criminals. The National Fraud Intelligence Bureau has identified 21 reports of fraud where Covid was mentioned, with victims’ losses totalling over £800,000. During the present pandemic, cybersecurity platforms have seen an average of 375 new threats per minute.
Cyber criminals have clearly been leveraging the outbreak of Covid to their advantage, attacking businesses and consumers and preying on their concern and confusion. Susceptible businesses are leaving their doors open to fraudsters – this is costing them thousands of pounds. These costs could be substantially reduced with a secure system in place.
PROTECT YOUR BUSINESS – AVOID BEING A VICTIM OF CYBER CRIME
The UK National Cyber Security Centre has identified threats businesses should be aware of, including; phishing emails, malware distribution, registration of new domain names, password spraying and focussed attacks on remote working systems. The NCA has anticipated that there will be a surge in phishing scams or calls claiming to be from government departments offering financial support, in light of the financial crisis we are currently facing.
However, the overwhelming majority of cybercrime could be prevented. 21st century fraudsters are using machine learning algorithms to find innovative ways to enter and defraud a business. The use of artificial intelligence (‘AI’) software can identify fraud attempts and calculate your fraud risk in a 250-millisecond response rate. Adopting and implementing real-time Threat Intelligence makes it possible to accurately detect anomalies and fraud patterns sooner. Security Platforms are developing AI based platforms, such as Self-Evolving Detection Systems (‘SEDS’) which autonomously collates and categorises Threat Intelligence data which is fed across their platform.
It’s also important to protect and detect insider threats. User and Entity Behaviour Analytics (‘UEBA’) can be integrated into your organisation to address insider threats by monitoring and ‘learning’ employees’ behaviour. AI software alleviates your business from the need to play catch-up to online fraud attacks, by detecting anomalous behaviour from previously undetected predators.
Your business’ security software and measures should incorporate at the very least up to date AI driven firewalls and antivirus. Remote access would ideally be password protected and cyber-crime prevention training ought to be regular, updated and communicated to relevant staff to ensure everyone is capable of identifying and reporting potential cybercrimes.
Covid themed attacks have settled significantly, dropping by some 30% (according to Microsoft), however related fraud attacks will continue to follow. Public confusion surrounding this global pandemic offers cyber criminals the opportunity to infiltrate your business. Having an incident response plan is key to an effective recovery in the event of an attack but aiming to prevent them in the first instance should always be the goal.
If your business would benefit from further assistance, including a risk assessment of your anti-fraud systems from the perspective of experienced fraud litigators, please contact Mia.Gregory@twelvetabulae.com for more