2020 has clearly been a year like no other.  Both businesses and criminals have had to adapt to the abrupt and far-reaching impacts of the COVID-19 pandemic.  This has drastically accelerated the shift away from cash to digital payments, and encouraged both governments and global actors such as the Financial Action Task Force (FATF) to promote a shift towards digitisation.  The pandemic also provided ample opportunities for criminals to devise new schemes and take advantage of a rapidly changing, uncertain environment.  Many financial institutions in the Middle East, particularly the Gulf Cooperation Council (GCC) struggled with sluggish performance, but most still planned to grow their compliance teams and increase compliance spend over the course of the year, with a focus on technology.  

Below are some of the key financial crime stories and trends from the year across the MEA region:

Fraud and COVID-19

COVID-19 has created opportunities for organised criminals and fraudsters across the globe, and MEA is no exception.  The region has traditionally been dominated by cash payments, but the pandemic accelerated a huge shift to digital transactions (e.g. a PwC survey shows 53% of Middle East respondents making purchases online).  This change, coupled with public anxiety which left people vulnerable to scams, led to a massive increase in fraud including phishing, online shopping fraud, impersonation fraud, and fake charitable appeals. The UAE, for instance, saw a 250% increase last year in cyberattacks, including phishing and ransomware incidents.

Financial institutions need to respond by re-examining their fraud controls, conducting risk assessments to capture the latest threats, and educating their customers on new risks and typologies.  Informal collaboration or industry groups such as the regional charters of the FinTech FinCrime Exchange can be invaluable here.

Spotlight on digital onboarding and eKYC

Regulators in the Middle East and Africa were already moving towards greater digitisation and use of technology to fight financial crime, and this trend has only been accelerated by the COVID-19 pandemic.  In April 2020 the Arab Monetary Fund published a report on ‘Digital Identity and e-KYC Guidelines for the Arab Countries’ to further the debate on adopting digital onboarding tools.  Within the Middle East, the UAE and Bahrain have been the national frontrunners - Bahrain launched an eKYC project mandated by the Central Bank of Bahrain in 2019, to facilitate KYC data sharing amongst participating financial institutions which has continued to develop over the course of 2020, and the UAE introduced its own eKYC platform which went live in July last year.   

As more and more firms look to digitise their compliance processes, against this backdrop of growing official support, care must be taken to select technological solutions which allow firms to reduce any potential risk exposure, and that their use and integration is properly assessed and re-evaluated on an ongoing basis.

FATF Mutual Evaluation Report on the UAE

One major regional news story in 2020 was the publication of FATF’s critical Mutual Evaluation Report on the UAE’s money laundering and terrorist financing controls.  FATF stated the UAE needed to make “fundamental and major improvements” to its AML/CTF systems, and placed it under a year-long observation to ensure that it is properly implementing its recently adopted laws.

The UAE has faced other criticism last year.  It was the only GCC state included in a list of 82 major money laundering jurisdictions identified by the US State Department in March.  A report from the Carnegie Endowment in July on financial crime in Dubai highlighted a number of risk areas and stated that “Dubai’s prosperity is a steady stream of illicit proceeds borne from corruption and crime.”  The investigative and policy organisation The Sentry issued a report in November on how Dubai has become the main destination for illicit gold from Africa.

While the UAE government works to meet FATF requirements over the next 12 months, individual financial institutions need to ensure they have up-to-date risk assessments that reflect the financial crime threats relating to the country highlighted by these external sources, and then align their procedures and controls to address and mitigate the risks.

MEA regulators start to warm up to cryptocurrencies

The growth of cryptocurrency remained relatively low-scale but continued to show promise across both Africa and the Middle East.  Commentators believe the growing level of interest in Africa in particular, and compelling crypto use cases (the instability of fiat currencies and high remittance fees) will force regulators’ hands and encourage the issue of crypto-specific regulations in the near future.  2020 saw the issue of new regulations in Nigeria, South Africa and the UAE, with other jurisdictions such as Kenya and potentially Saudi Arabia likely to follow soon.  The UAE and Bahrain (which issued crypto regulations in early 2019) have both granted licenses to crypto exchanges under the relevant regulations, and currently have a number of crypto companies in their sandbox programmes.

The growing adoption and acceptance of cryptocurrencies in the MEA region will not only require crypto firms themselves to establish robust compliance programmes, but also other companies with potential exposure to them, such as conventional banks.  Crypto is perceived to be a high-risk sector but this does not mean it should be off-limits, and with greater knowledge and training on the associated risks and necessary controls, an increasing number of financial institutions are likely to engage with it in the coming years.

Slow steps towards greater transparency and access to data

Finally, 2020 has seen some positive developments relating to one of the region’s key issues in financial crime compliance, namely transparency and accessibility of data.  A small number of governments have made moves to align themselves with international standards, such as the UAE, Egypt and Kenya, which all introduced new requirements in 2020 for companies to declare their ultimate beneficial owners.  The onus is now on industry bodies to lobby to make all this information public, and on financial institutions to work out how best to integrate these new sources of information into their onboarding, customer risk assessment, and ongoing due diligence processes. Once again, technology is likely to play an increasing role here.

FINTRAIL in 2020

2020 was a key year for FINTRAIL’s coverage of the Middle East and Africa, with the appointment of Maya Braine as managing director, allowing for dedicated coverage and enhancing our understanding and expertise.  We completed several exciting projects with a focus on the region, including an ongoing assignment to provide training to compliance teams across Kenya, Nigeria and South Africa, and the launch of a digital product focusing on the African diaspora.  We also became a Venture Acceleration Partner  of Bahrain FinTech Bay, one of the world’s leading FinTech hubs.  We have ambitious plans for the region in 2021, so watch this space!

If you would like to contact us about any of the topics raised in this article, or about your financial crime compliance needs in the MEA region, please contact maya.braine@fintrail.co.uk. FINTRAIL can assist with performing risk assessments, providing training, implementing RegTech solutions, composing policies and procedures, and designing and reviewing FinCrime controls. For more details on our services, please visit our website.