Skip to content

News & opinion

2 JUN 2020

Maintaining appropriate controls for your firm in a riskier environment

As businesses in our profession work to deliver services to their clients through the disruption while staying on top of the latest local government advice as well as protecting the wellbeing of colleagues and staff, the threat of criminal exploitation remains another risk that needs to be actively managed. Money laundering is estimated to amount to up to 5% of global GDP, with real estate being a target for this activity. As criminals look to exploit COVID-19 disruption, we have assessed heightened risks firms may now face to offer considerations for how to mitigate them.

Increased risks during the pandemic

The Financial Action Task Force (FATF), the global money laundering and terrorist financing watchdog, recently highlighted the ways in which the pandemic is increasing the prevalence of money laundering attempts. FATF suggest that COVID-19 related crimes are creating new sources of criminal proceeds, that criminals are more likely to invest in real estate in an economic downturn and that criminals will try to exploit pressure on private sector firms to find ways to bypass anti-money laundering controls, such as customer due diligence.

It will be no surprise that firms also face an increased risk of fraud. We are aware of scams involving criminals posing as government officials who are contacting individuals about payments or rebates, and FATF has also warned that ‘fake fundraising’ may be on the rise. The risk of phishing emails and text messages could also increase, with criminals gaining access to business emails through weaknesses in cyber security exposed by increased homeworking and use of remote access technology. To illustrate this Google has recently said that it is blocking 18 million scam emails each day related to COVID-19.

The vast majority of fraudulent activity starts with a search for data. So whether you are contacted by post, email, text or phone, whenever you are asked for data about yourself or your firm, consider the possibility that the request might have a fraudulent motivation.

In light of all this, we have identified two key areas of risk and issued fresh guidance on anti-money laundering and client money protection to support RICS professionals and firms as they evaluate appropriate controls across prospective and existing business relationships.

Anti-money laundering controls – what to look out for

Maintaining normal levels of control may be more challenging whilst staff work remotely and as face-to-face contact is limited. As an example, firms will need to find appropriate ways to carry out customer identity checks potentially including video streaming, depending on the risk profile of the client and transaction.

As you adapt your processes and approach appropriately, key things to be aware of are:

  • being asked to work with unusual types of client or on unusual types of matter
  • resistance from a client regarding compliance with due diligence checks, for example being pressured to forego necessary checks or to "speed up" the process
  • becoming involved in work that is outside your normal area of experience or expertise – without a full understanding of the money laundering and counter terrorism risks associated with the new area of work
  • becoming party to transactions where the business rationale for that transaction is not clear

It is also important to consider putting plans in place in the event that staff performing key anti-money laundering tasks need to be off work due to illness or other leave of absence, so that you address how you will cover for their responsibilities and communicate any changes to processes.

Managing risks to client money protection

When it comes to the misappropriation of client funds, it is important to consider factors that may elevate your firm’s risks, such as:

  • key staff absent from work
  • a reduced ability to maintain normal control mechanisms and segregation of duties in accounting and banking
  • potential increased financial pressure on individuals, presenting a greater temptation and motivation to misappropriate
  • pressures elsewhere within your firm that may reduce normal levels of vigilance
  • the increased opportunity for phishing and other cyber-related fraudulent activity.

As you assess how these risks may affect your firm, it is also important to communicate them to staff so that they are supported to maintain an adequate level of vigilance. We are regularly updating our guidance pages to support RICS professionals and regulated firms. If firms have particular concerns about risk or become aware of a fraud attempt, they should contact the RICS regulation team at

  • Christine O’Rourke is Head of Conduct Standards at RICS
  • Peter Williams is Principal Audit Manager – Finance and Compliance at RICS