Motivated by many factors—including fear, doing the right thing, protecting others, and new legal obligations—people are embracing compliance in this time of COVID-19. There was once a time when people were not permitted to enter a bank wearing a mask. Today, in most countries around the world, wearing a mask is mandatory for all customers entering a bank.

Of course, we all have also heard stories or watched viral videos of people not complying, because that is news—whereas everyday people complying with mask and social distancing rules is not news. Thus, how do we exploit this compliance culture? What opportunities does this present to businesses? How can we better communicate the need for and benefits of compliance while simultaneously advising customers to take actions to protect themselves and others?

Right now, most of our customers are listening to us, they are working with us, and we should ensure our compliance and security messages are being well-articulated to those who want to hear from us.

Now is the time to market compliance and security practices to customers who wear masks within our premises but drop the masks—and their guards—when answering telephone calls and emails from the privacy of their own homes. As we all know, fraudsters are exploiting COVID-19, and they are nimble. They are not held back by bureaucracy and approvals. As an example, presently some fraudsters are seeking to extract bank details from victims while purporting to be providing COVID-19 testing kits. If the masks are protecting all of us in public, how are we protecting customers, shareholders, and others from the fraud threats posed in private?

We need to reinforce important messages; we need to take the initiative and help customers who have recently been forced to move online because of the virus. So, what are the messages? Some are unique to your firm and your business, while others are more generic, but now is the time to enhance our compliance and protection marketing campaigns, or even add to them. What is the equivalent of the additional requirement of wearing masks online? Is now the time to introduce two-factor authentication, for those who are yet to do so?

We all know banks will not initiate a telephone call or an email and request a customer provide account details or passwords. After all, the banks already have those. Customers should be reminded that the party initiating a call or email is the party in control, such that customers need to be told to always act with caution when another party contacts them. Previously, when I investigated boiler room frauds, I engaged with global media outlets and stressed, “When someone presents a wonderful investment opportunity to you, it is never your opportunity, it is the other party’s opportunity.” I added, “When you are looking to invest, you take control, make the calls, and identify your opportunity. Don’t let someone make you their opportunity.”

All too often, a victim’s vulnerability is their trust in other people. Sometimes, it is also their fear of not complying with laws and regulations. Recently, a former retired police colleague recounted a time when a fraudster, purporting to be the tax man, demanded payment of funds and told my former colleague he would be arrested if he did not comply. He didn’t comply, he has obviously not been arrested, but others will have been intimidated and likely defrauded.

It is not possible to protect everyone all of the time, but as the threats increase and change, we need to react. Imagine our governments had taken no action to protect us from the virus. With that in mind, we need to engage here and reassure our customers, collectively through trade bodies or unilaterally. Right now, most of our customers are listening to us, they are working with us, and we should ensure our compliance and security messages are being well-articulated to those who want to hear from us. Most importantly, we need to tell them what it is we do not want from them when we initiate the communication, including their account details, password, date of birth, etc.

Use the mask as a symbol to remind them they wear a mask when visiting our premises in person but remove it in the comfort of their own home. When we call or email a customer, we do not ask them to put on a mask (i.e., solicit personal information) … and we should remind them of this:

When you visit us, please put your mask on. When you call us, we will need you to provide information, which confirms we are communicating with you. This is a collective, protective mask. Don’t tolerate people demanding you wear a mask in your own home, any more than you should allow them to demand you give them any of your personal information.

When we are not communicating with our customers, fraudsters may be doing so and pretending to be us. Don’t allow fraudsters to fill a customer communication void. Our customers want to be compliant, and we want to protect them—communication is vital to ensure both compliance and protection.