FSR OUTLOOK 2023: REGULATORS TO CLAMPDOWN ON SCAMS AS ENFORCEMENT ACTIONS RISE

Explore our FSR Outlook 2023

Financial institutions can expect to face greater scrutiny as watchdogs target fraud in a drive to recover diverted funds

Covid relief fraud

Governments worldwide responded to the Covid-19 pandemic and its economic effects by distributing unprecedented sums to individuals and businesses – often through financial institutions. Hastily launched programs – such as US’s Paycheck Protection Program (PPP), the UK’s CBILS and BBLS schemes, and Singapore’s Covid-19 grants and payouts – often relied on recipients to self-certify their eligibility, with little or no verification. Unsurprisingly, widespread and massive fraud is now being uncovered. 

With the pandemic finally behind most countries, regulators and prosecutors are ramping up their efforts to claw back funds and punish the culpable. The US Department of Justice (DOJ) has formed a Covid relief fraud task fraud; DOJ has already charged approximately 500 defendants with criminally extracting over USD 700 million from government programs. One US bank recently settled DOJ’s False Claims Act charges for knowingly processing a PPP loan on behalf of an ineligible customer.

In the UK, only £160 million (of an estimated £1.1 billion) of Bounce Back Loan Scheme (BBLS) fraud had been investigated as of September 2022. The Financial Conduct Authority (FCA) is focused on allegations of fraud involving regulated firms but had no open BBLS-related investigations in March 2022.

In Australia, up to AUD 38 billion of JobKeeper payments (supporting businesses significantly impacted by Covid-19) were made to ineligible companies; some recipients received payments based on fraudulent applications—listing fictitious staff and exaggerating their losses.

The Public Institutional Fraud Division of the Commercial Affairs Department of the Singapore Police is investigating abuses or fraudulent applications of government Covid-19 grants. By January 2022, 42 people had been arrested for their alleged roles in such fraud, and eight had been convicted of cheating or forgery offenses.

Ponzi scheme collapses

Recessions and financial crises often cause long-running Ponzi and similar investment fraud schemes to collapse. In the Great Recession of 2008-09, 140 Ponzi schemes (most famously, Bernard Madoff’s) were unmasked in the US alone. The exposure of such frauds historically leads to criminal prosecutions and regulatory enforcement actions, including allegations that banks facilitated unlawful transfers, aided and abetted money laundering, and shirked their KYC obligations. Things are unlikely to be different this time.

Australian victims of financial scams can pursue non-judicial recovery, based not only on strict legal standards, but also on more general notions of “fairness.” The Australian Financial Complaints Authority can issue decisions that are binding on financial firms for refusing to compensate consumers victimized by investment scams.

The Monetary Authority of Singapore has been working with the industry to finalise a framework for equitable sharing of losses from scams, and is expected to consult on this shortly. Meantime, the Singapore Police have established processes with financial institutions to swiftly freeze bank accounts suspected of being used in scams, to mitigate victims’ losses and disrupt scammers’ operations. From January to June 2022, the Police froze more than 7,800 accounts and recovered more than S$80 million of scam proceeds.

P2P scams

While the widespread use of P2P apps (eg, Zelle, Cash App, and Venmo) facilitates payments by and to consumers, it has also led to an explosion of fraud. Fraudsters can hack customers’ accounts or steal their funds to make unauthorized transactions. Scammers also dupe customers into transferring money to them or their designees, and then vanish into cyberspace.

In the US, the 1978 Electronic Fund Transfer Act obligates payment platforms and banks to investigate electronic fund disputes and to limit consumer liability even when the consumer was negligent in allowing the transfer. However, it has been argued that this legislation is no longer fit for purpose in the era of P2P apps. The US Consumer Finance Protection Bureau is prioritising P2P fraud, and banks and payment app providers can expect increased regulation and enforcement actions in this area.

The Australian Competition and Consumer Commission is advocating for financial institutions to introduce confirmation of payees to reduce the risk of scams. We also expect the Australian Securities and Investments Commission to become more active in this space, including requiring financial firms to do more to prevent scams as part of their general duties to provide financial services “efficiently, honestly and fairly", and to provide financial services with due care and skill. As part of its Enforcement Priorities for 2023, ASIC has noted that one of its key focuses will be on protecting Australian consumers and disrupting investment scams and high-risk investment products, including crypto assets. From June 2020 to 2022, ASIC received over 2,200 reports of misconduct relating to crypto-assets or crypto scams alone. The Australian Financial Complaints Authority considers that banks should not process customer transaction orders in circumstances involving authorised push payment fraud and should reimburse customers where they do.

In the UK, the FCA recently instructed firms to consider whether they are doing enough to raise customer awareness of crimes such as authorised push payment fraud, pension scams and so-called ghost broking, where fraudsters pose as middlemen for insurance firms. The FCA expects firms to be assessing evolving risks, including the cost-of-living crisis, and re-calibrating their financial crime controls accordingly. Legislation in the pipeline will also facilitate a scheme for mandatory reimbursement of victims (consumers, micro-enterprises and charities) for any payment orders "executed subsequent to fraud or dishonesty" over the Faster Payments system vast majority of fraudulent payments), except if the victim was involved in the fraud or acted with gross negligence.  The costs of the scheme, to be shared between paying and receiving providers, should incentivize development of fraud detection and prevention arrangements. The scheme is expected to go live during 2024.

In Hong Kong, nearly HK$29 billion defrauded from more than 10,100 victims of internet, phone and investment scams in Hong Kong and overseas was laundered through Hong Kong bank accounts and cryptocurrency wallets in the 4-½ years through 2021. In 2023, we expect to see continued enforcement action by both the Hong Kong Monetary Authority and the Securities and Futures Commission against financial institutions and their senior management for failing to discharge their duties in relation to AML requirements.