Skip to Main Content

Steps Banks and Financial Institutions Can Take to Mitigate Fraud & Risk During the COVID-19 Crisis

With the PPP receiving additional funding, financial institutions need to consider the operational risks around distribution of these funds, identification of fraud, as well as potential lawsuits from companies unable to secure funding. During a Risk Readiness Sponsored Webinar, Steven Minsky, CEO and Founder of LogicManager, and Brendan Colliton, VP, LogicManager, presented practical steps for identifying COVID-19 associated risks and how to manage them.

The presenters shared the risk management process consisting of 1) identifying and assessing risk requirements, 2) developing mitigations, policies, and procedures, and 3) monitoring. They added that this process can be overlayed across all processes in a financial institution, not just pertaining to risk management. Furthermore, they explained that risk management is about smoothing out the curves and the ups and downs that the country will face this year as we face a possible second wave of the pandemic in the fall or winter, and deal with a potentially W-shaped recession.

Identifying risks and implementing incident reporting processes now will minimize exposure to fraud and help to navigate new risks around the corner. Returning to the workplace will be challenging for banks and financial institutions. Processes and procedures for managing risks associated with returning to the workplace either didn’t exist or need to be drastically revised. Minsky and Colliton recommended developing a return to work risk assessment including centralized online incident forms and a task generator. They also suggested incident tracking and incident status reports for leadership teams to keep communication open across lines of business.

Banks and financial institutions are also managing the risks associated with PPP funding, particularly the operational risks that they can be held liable for including fraud detection. The presenters advised financial institutions to collect information, no code automated tasks, alerts, and reminders, report incidents with one centralized framework, and enforce demonstrable compliance.