COVID-19: the emerging factor in risk assessment and lack of AML defences

13 min read


COVID-19: the emerging factor in risk assessment and lack of AML defences *


Giulia De Giorgi**


The purpose of this essay is to describe the challenges faced and the strategies that will need to be developed by policymakers if they are to manage the economic instability and the financial weaknesses arising from the COVID-19 pandemic.

As well as providing an analysis of the role of European and international institutions such as FAFT in handling the ongoing crisis, this article will be structured around the following topics: the virus and the related global crisis should be classified as a historical period, during which criminals have exploited pre-existing vulnerabilities.

According to an alternative perspective, COVID-19 has to be considered as an emerging type of risk factor which a legal entity should take into consideration in the context of compliance risk assessment. For these reasons, the strategies and measures implemented by the States against the virus contribute to establishing the risk level of the third-party’s location.

giugno 2020



Abstract | 1. FATF’s transparency standards. | 2. The role of the pandemic in the risk assessment and the RBA | 3. The current regulatory scenario in Italy.

1. FATF’s transparency standards.

Relative to the rich theoretical literature and from a regulatory and legal perspective, «the present needs to be viewed through the lens of former disease outbreaks»[1].

As an immediate consequence of the unstable global situation, we must acknowledge the increasing desire for consensus surrounding national governments and the role of international authorities in defining new standards and planning policies for fighting this unprecedented crisis.

In this regard, with a comparative and historically based approach and in response to the unusual circumstances, the Financial Action Task Force (FATF)[2] has promptly highlighted the exponential increase of ML-TF risks during the lockdown, which could be summarised into two well-structured alternatives:

  1. «increased misuse of online financial services and virtual assets to move and conceal illicit funds;
  2. possible corruption connected with governmental stimulus funds or international financial assistance».

From the analysis of the statistics related to the COVID-19 outbreak, it is evident that it impacts not only the public sector[3] but also the private one, both requiring an update of the anti-money laundering and counter-terrorist financing (AML/CFT) obligations[4].

Based on current rules and regulations, the future strategies and internal procedures should be strengthened by the «effective implementation of the FATF Standards which fosters greater transparency in financial transactions»[5] and the enhancement of «supervision, regulation and policy reform to suspicious transaction reporting and international cooperation»[6].

In terms of the enhancement of transparency, it is essential to establish that this principle refers to the prevention of the manipulation of legal persons and arrangements by criminals.

Further more, according to Recommendation n. 24 “Transparency and beneficial ownership of legal persons[7], the aforementioned principle of transparency can be attained by enabling authorities to appropriately access «accurate and current information concerning the ownership and control of legal persons and arrangements»[8].

To be more specific, Recommendation n. 24 emphasises the relevance of cooperation by requiring countries’ concrete action: it consists ofthe establishment of «mechanisms to ensure that companies co-operate with competent authorities to the fullest extent possible in determining the beneficial owner»[9].

Similarly, at a national level, as underlined by the Italian Financial Intelligence Unit[10], competent financial institutions have to enhance the monitoring of documentation provided by the counterparties as follows:

  • organisational charts tracing ownership;
  • any other proof related to the corporate operations arousing suspicion of «anomalous transfers of equity investments, guarantees given or received, the disposal of company assets non-market conditions»[11];

Notwithstanding with this general rule and in the interests of providing fuller information, we must notice that there are system deficiencies (caused by COVID) that can hardly be monitored remotely (i.e. insider trading threats due to uncontrolled communication channels, such as Zoom); further, as per a recent study released by the Financial Sector Supervisory Commission (CSSF), the existing ML-FT vulnerabilities have undoubtedly been increased by the COVID pandemic, due to the combination of «remote working and climate of fear»[12].

At this point it is worth mentioning the FAFT definition of vulnerabilities as «things that may be exploited by the threat or that may support or facilitate its activities» and that they are one of the characterisitics of risk factors (at a glance: «risks are defined by the FATF as a combination of the following factors: threats and vulnerabilities»[13]).

Indeed, as a remarkable effect of the spread of the virus, the financial task force has recently reported an ongoing criminal trend, consisting of «finding ways to bypass Customer Due Diligence (CDD) measures by exploiting temporary challenges in internal controls caused by remote working situations, in order to conceal and launder funds»[14].

2. The role of the pandemic in risk assessment and the RBA.

In the framework of Anti-Money Laundering legislation, the aforementioned statements reveal the impact of COVID in the future European and international risk standards legal framework: in this regard, it has been noted that the pandemic is not only a circumstance or a historical period but the most influential factor affecting the financial sector.

More specifically, the outbreak of the pandemic should be seen as a black swan, an external financial risk factor[15] which does not work in conjunction with others and whose reverberations (mostly unknown and unpredictable) have produced an independent impact on the global economies (i. e. market anomalies created by the collapse of consumption[16]).

Indeed, it is evident that the strict relation between the diffusion of the virus and the increase in the percentage of ML crimes can be divided into: 

  • financial aid. The illicit activities: «misuse and misappropriation of domestic and international financial aid and emergency funding by avoiding standard procurement procedures»[17];
  • medical stocks. «The suspects claim to be employees of businesses, charities, and international organisations offering masks, testing kits and other products, and request credit card information for payment or a shipping fee but never deliver the goods»[18].

Based on that assessment, the cases mentioned above represent proof of the criminals’ capacity to «adapt investment scams to elicit speculative investments in stocks related to COVID-19 with promises of substantial profits»[19].

As a starting point and to clarify the relevant impact of the current scenario, we need to consider the mechanism the risk assessment is based upon[20].

As a general principle, the «countries must understand the legal persons that exist in their jurisdiction and the associated risks» and this «should form part of the broader assessment of the ML/TF risks in the country» [21].

Moreover, by the application of a risk-based approach (RBA), countries’ ML-FT obligations have the primary aim of ensuring that measures to prevent or mitigate money laundering and terrorist financing are proportionate with the risks identified. In the end, the virus has acted as a factor aggravating pre-existing weaknesses: in fact, there have been «indications that some countries with less resilient AML/CFT regimes or resources may be unable to maintain AML/CFT operations while they prioritise responding to COVID-19»[22].

Indeed, the central role of COVID in risk management is evident if we consider that jurisdiction is always involved in the risk assessment procedure; in this regard, it is worth mentioning the NCJ list, concerning the policies related to non-cooperative jurisdictions which follow an independent transaction workflow if compared with compliant jurisdictions. At this point, we must acknowledge that during the assessment of the risks associated with different types of legal persons, the risk controller «should also consider assessing the risks of specific jurisdictions»[23].

From a practical perspective, the EIB Group have recently updated the “Policy towards weakly regulated, non-transparent and non-cooperative jurisdictions and tax good governance[24]. As per its core principles, these countries have been divided into “restricted” and “prohibited”, both requiring the enhanced due diligence monitoring.

To summarise, the triggering circumstances, as previously described, have a strong effect on the risk identification process, and although these new crimes fall into the category of fraud, it may be useful to give them their own regulatory qualification.

For these reasons, and with the aim of implementing a broader risk management approach, «technology tools need to be leveraged for consolidated risk reporting including the rapid development of key risk indicators that are specific to pandemic risk»[25].

3.The current regulatory scenario in Italy

In the Italian regulatory framework, law enforcement authorities involved in the AML monitoring process, have immediately provided the guidelines for conducting specific «data analysis in order to identify, assess and understand the money laundering and terrorist financing risks»[26].

For instance, the Bank of Italy[27] has released the Recommendation to the financial intermediaries «on issues relating to the economic support measures drawn up by the Government»:

  • theoretically, at the onboarding stage and during business relationships the customer evaluation will be enhanced to foster anti-money laundering and financial crime prevention;
  • practically, this means that further documentation needs to be performed by the customer, implementing the Costumer Due Diligence measures.

In this context, the Institute for the Supervision of Insurance (IVASS), in collaboration with the Bank of Italy, has alerted financial institutions and intermediaries of COVID cybersecurity deficiencies[28], strengthening the «information exchange mechanisms»[29].



* The views expressed in this paper are those of the author and do not necessarily reflect those of the EIB Group.

** Compliance risk trainee at the European Investment Fund (EIF).

[1] Helena Legido-Quigley 1, Nima Asgari 2, Yik Ying Teo, Are high-performing health systems resilient against the COVID-19 epidemic?, The Lancet, 2020, v. 365, pp. 848-850.

[2] Financial Action Task Force, International standards on combating money laundering and the financing of terrorism & proliferation, 2019, pp. 6-7: «the FATF Recommendations set out a comprehensive and consistent framework of measures which countries should implement in order to combat money laundering and terrorist financing, as well as the financing of proliferation of weapons of mass destruction».

[3] E. D. Bloom-D. Cadarette-JP. Sevilla, Epidemics and economics: New and resurgent infectious diseases can have far-reaching economic repercussions, Finance and Development, 2018, pp. 46–49.

[4] Art. 1 of the Directive (EU) 2015/849 of the European Parliament and of the Council, of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, introduces the Financing of terrorism definition: «the provision or collection of funds, by any means, directly or indirectly, with the intention that they be used or in the knowledge that they are to be used, in full or in part, in order to carry out any of the offences within the meaning of Articles 1 to 4 of Council Framework Decision 2002/475/JHA».

[5] Financial Action Task Force, Statement by the FATF President: COVID-19 and measures to combat illicit financing, 2020,

[6] Financial Action Task Force, COVID-19-related Money Laundering and Terrorist Financing Risks and Policy Responses, 2020,

[7] For a comprehensive analysis of the scope of Recommendation n. 24, see Financial Action Task Force, Transparency and beneficial ownership, 2014,

[8] Financial Action Task Force, An introduction to the FATF and its work, 2010,

[9] Force, Transparency and beneficial ownership, op, cit., p. 27: by the selection of «one natural person resident in the country of incorporation to be accountable to the competent authorities for providing all basic information and available beneficial ownership information»; under the art. 3, paragraph 6, Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing, “beneficial owner” is defined as: «any natural person(s) who ultimately owns or controls the customer and/or the natural person(s) on whose behalf a transaction or activity is being conducted».

[10] For further information related to the italian UIF’s government and functions, see art. 6 of D.lgs 21 November 2007, n. 231, Attuazione della direttiva 2005/60/CE concernente la prevenzione dell’utilizzo del sistema finanziario a scopo di riciclaggio dei proventi di attività criminose e di finanziamento del terrorismo nonché della direttiva 2006/70/CE che ne reca misure di esecuzione e successive modificazioni e integrazioni ; similarly, for the EU regulation of FIU’s purpose, see Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018; see also European Commission, Report from the Commission to the European Parliament and the Council assessing the framework for cooperation between Financial Intelligence Units, COM/2019/371 final,

[11] Unità di informazione finanziaria per l’Italia, Prevenzione di fenomeni di criminalità finanziaria connessi con l’emergenza da COVID-19,, pp. 1-4.

[12] For further info, see Financial Sector Supervisory Commission, ML/TF sub-sector risk assessment – Collective investments, 2020, on 

[13] The Committee of Experts on the Evaluation of Anti-Money Laundering Measures and the Financing of Terrorism, Assessment of ML/FT risks,

[14] Financial Action Task Force, COVID-19-related Money Laundering and Terrorist Financing Risks and Policy Responses, op. cit., p. 11.

[15] L. Morales-B. Andreosso-O’Callaghan, Covid19: Global Stock Markets “Black Swan”, Critical Letters in Economics & Finance, 2020, n. 1, pp. 1-14.

[16] Modern theoretical work on pandemics and the role of global diseases in the economy, W. McKibbin-R. Fernando, The Global Macroeconomic Impacts of COVID-19: Seven Scenarios, CAMA (Centre for Applied Macroeconomic Analysis), 2020, n. 19; for a complet analyses of the decrease of consumption, see C. Haiqiang-Q.Wenlan-W. Qiang, The Impact of the COVID-19 Pandemic on Consumption: Learning from High Frequency Transaction Data, 2020, available at SSRN

[17] Financial action task force, COVID-19-related Money Laundering and Terrorist Financing Risks and Policy Responses, op. cit., p. 11.

[18] US Food and Drug Administration, There Are No FDA-Approved Drugs Or Vaccines To Treat COVID-19, 2020,

[19] European Union Agency for Law Enforcement Cooperation, Pandemic profiteering how criminals exploit the COVID-19 crisis, 2020,; for the analyses of the lack of transparency in the Italian corporate internal controls and the outbreak of corporate crimes COVID-related, see M. Fedele, Emergenza Covid-19. Nuove casistiche di riciclaggio e corporate crime, Diritto del Risparmio, 2020,

[20] For further information about the Italian risk assessment mechanism and the implementation of TCF (Tax Control Framework), see M. Fedele, Reati tributari nel d.lgs. 231/2001 – I modelli di prevenzione del rischio, Diritto del Risparmio, 2020,

[21] Financial action task Force, Transparency and beneficial ownership, op. cit., p. 13: countries should have mechanisms to: a) the idenfitication of legal persons in the country b) describe the: (i) creation of legal persons; and (ii) the storage of beneficial ownership’s information c) the public availability of information, «and d) assess the ML/TF risks associated with the different types of legal persons».

[22] Financial Action Task Force, COVID-19-related Money Laundering and Terrorist Financing Risks and Policy Responses, op. cit., p. 11.

[23] Financial Action Task Force, Transparency and beneficial ownership, op. cit., p. 13

[24] EIB Group, Policy towards weakly regulated, non-transparent and non-cooperative jurisdictions and tax good governance, 2019, available on

[25] PwC, COVID-19: What risk functions can do right now, 2020,

[26] Financial Stability Institute, Suptech applications for anti-money laundering, 2019,

[27] Bank of Italy, Raccomandazione della Banca d’Italia su tematiche afferenti alle misure di sostegno  economico predisposte dal Governo per l’emergenza Covid-19, 2020,

[28] Bank of Italy and the IVASS, “Cyber security in times of Covid-19, Bank of Italy and IVASS’ coordination group for cyber security”, 2020,

[29] J. C. Crisanto-J. Prenio, Financial crime in times of Covid-19 – AML and cyber resilience measures, op. cit., p. 5.

Ricerca avanzata

  • Categorie

  • Autori

  • Seleziona il periodo

Copy link
Powered by Social Snap