John Hyde reports that the SRA has warned that ‘cybercriminals are eyeing up lawyers working from home as potentially easy targets for online fraud’ (23 April).
This mirrors similar warnings from the global Financial Action Task Force that ‘criminals and terrorists may seek to exploit gaps and weaknesses in national anti-money laundering systems while they assume resources are focused elsewhere’. (‘Statement by the FATF president: Covid-19 and measures to combat illicit financing’, 1 April.)
With staff working from home and face-to-face meetings largely impossible in the current lockdown, there is a clear risk that existing manual processes will be open to abuse. Reliance on ‘workarounds’, such as scanned PDFs of original documents and ‘selfie’ photos or videos is inherently risky, and sophisticated fraudsters will be quick to pounce on any lowering of the guard.
Firms need to ask themselves whether it is appropriate for staff to be handling sensitive personal data while working from home. There is also a risk, however slight it may be considered at present, that handling documents from a contaminated source could expose both parties to infection.
Business continuity plans will in future need to demonstrate how firms can conduct due diligence if key staff are working remotely. While the lockdown remains in place, only a fully digital approach to KYC and AML due diligence can allow firms to continue with ‘business as usual’, while remaining fully compliant with the money laundering regulations.
John Dobson, Chief executive, SmartSearch, Ilkley