Using COVID-19 as a security and compliance teaching tool
When COVID-19 first hit the U.S. in the spring, the lending departments at many financial institutions were caught off guard as branches and offices quickly shut down and employees processed loan applications while working from home. They also felt pressure to help a large number of small business customers that urgently needed additional financing.
This double whammy – employees working remotely on computer systems that had not been properly security-tested, while responding to a flood of new loan applications – caused a huge burden for the banks and credit unions. It also raised a number of red flags with regard to compliance and security.
Compliance and security experts agree that the need to quickly set up remote operations and the increased number of loans processed created problems for lenders.
The first concern was the security of information coming via employee computer systems. “There was a lot of security risk associated with home computer networks,” says Alma Angotti, partner and co-head of global investigations and compliance for management consulting firm Guidehouse.
And while FIs have had lending officers working remotely before, they were previously able to plan for such arrangements and thoroughly test remote systems prior to running sensitive information over them. When the pandemic began, the movement of data from corporate systems to questionable home and other remote networks often happened quickly, without the luxury of thorough testing, Angotti says.
Moving operations to remote locations has put pressure on other bank employees, says Monique Melis, global head of compliance and regulatory consulting at Duff & Phelps, a provider of governance, risk and transparency solutions.
“It has also put pressure on colleagues who have had to do many manual workarounds in lieu of automation, which carries enhanced fraud risk and lower customer satisfaction,” she says. “Waiting times when dialing a call center have exploded and colleagues have a harder time making decisions, and so mistakes happen.”
Despite these problems, Angotti believes most financial institutions did a pretty good job of meeting the compliance requirements during the pandemic. By mid-summer, the Department of Justice quickly identified a number of fraud cases related to the Paycheck Protection Program. Angotti believes most of the suspected fraud was identified by the lenders.
“DOJ could not have found these cases this quickly without the banks identifying the problems,” Angotti says. “In one case, a small business claimed it had 239 employees, but the business was run out of a relative’s apartment. Someone at a bank had to have been on the ball to look at the documentation and see there was inconsistencies in the data.”
New technology has helped banks through this crisis. “Outsourced service providers, such as Silicon Valley voice recognition systems, fraud prevention systems, AI to detect unusual activity, etc., have worked well throughout the COVID-19 pandemic and have assisted banks in their ongoing operations,” Melis says.
Having gotten through the early phase of the crisis, banks need to conduct a thorough review of how they did to prepare for the future. “Banks need to review the results of the pandemic for handling the next catastrophe they will face,” Angotti says. “What went wrong, and what changes need to be made for the next inevitable crisis?”
And it is not just catastrophes that financial institutions need to think about in the future. The pandemic may have accelerated the movement toward greater and more sophisticated remote banking.
“The COVID pandemic may force banks up the risk curve, and they then need to have systems and controls in place to deal with that,” Melis says. “Additionally, they will need to hire new teams to deal with default and recovery, which they haven’t really had to focus so much on in the past few years.”
Lauri Giesen has spent more than 25 years writing about banking technology and payments for numerous business and financial publications. In the 1990s, she founded and edited Financial Service Online, a magazine covering internet-based forays into banking and investment services.