Sanctions: Where are we now?
The spotlight is firmly on financial crime, with an increase in high-profile anti-money- laundering (AML) cases in Europe and the United States, and with the Office of Foreign Assets Control (OFAC) having imposed no less than 14 global penalties in the first half of 2019.
A fast-moving global sanctions regime, coupled with high penalties and press visibility for compliance breaches, means it’s more important than ever to be clear on regulatory requirements. The shift in regulatory obligations that we have seen on both sides of the Atlantic in recent years has also served to highlight the fact that the industry is moving into unknown territory when it comes to sanctions—we’ve never seen the pace and complexity that’s coming to the fore today.
As a tool of security and foreign policy, sanctions aim to deter individual actors, groups and nations from actions that are not in line with the issuing country’s foreign-policy goals, and, given the consequences of failing to comply with AML regulations, it’s crucial that organisations across the industry are mindful of expectations and have an understanding of what could await if they are deemed to have fallen short.
Sanctions aim to counter many things, such as:
- terrorism and terrorism financing,
- money laundering,
- weapons proliferation,
- drug smuggling,
- violations of international treaties.
Some of the lists regularly consulted include the United States’ Specially Designated Nationals and Blocked Persons List (SDN) and lists issued by the United Kingdom (UK), the European Union (EU) and the United Nations (UN), affectionately known in the industry as “The Big Four”. In addition, there are many other jurisdictions that issue their own lists, including the Monetary Authority of Singapore and the Australian Consolidated List, to name a couple. There are a further 60-plus jurisdictions that issue sanctions lists.These lists, however, are offered in various formats and are updated at various intervals, which makes it time-consuming to extract the data and consolidate it into a format that can be utilised efficiently for screening. Sanctions data can contain minimal information on individuals and entities with numerous common names, and as a result, name-matching can result in a large number of false-positive matches.
Most of the regulated firms rely on premium sources of sanctions data, such as Refinitiv, Dow Jones Risk & Compliance, Acuris and others. The additional research conducted by these solutions provide additional secondary identifiers, including date of birth, photos and aliases, which helps to really understand who is behind a company, ultimately also reducing the number of false positives. The burden of correctly resolving false-positive matches remains significant, with some financial organisations turning to artificial-intelligence (AI) technology to assist in the resolution process.
Another challenge coming to the fore for customers is the difficulty of navigating compliance around the OFAC and EU 50 Percent Rules, which highlight entities owned or controlled by listed individuals and entities and also state that “any entity owned in the aggregate, directly or indirectly, 50 percent or more by one or more blocked persons is itself considered to be a blocked person”. Ensuring compliance with these requirements demands a complete picture of a customer’s ownership structure, but this can be complicated, with many parent companies and individuals spread across the globe.
Trying to define entity ownership manually is a difficult task, whereas automated data gathering and analysis gives a much better and quicker view of a company and a fuller background, which, in turn, lays the foundations for comprehensively identifying sanctions risk within a corporate customer. This is essentially why Encompass exists today, as we firmly believe and know from our own experience that the best decisions can be made only with the full picture.
Using intelligent process automation (IPA), Encompass accesses multiple data sources in seconds, downloading the generated reports to a central location that can be accessed any time for auditing—saving time and making the process more streamlined. There is no denying that the premise of sanctions has evolved, as have the ways in which the latest technologies at our disposal can play a crucial part in meeting requirements and ensuring financial institutions don’t pay the price.
What can we learn from sanctions fines and cases?
Bigger fines and increased international cooperation: Earlier this year, we saw the second-largest fine ever imposed by the Financial Conduct Authority (FCA) for AML failures. From what we hear from industry professionals and experts, the thought is that it is likely that we will see more of these large headline fines as a consequence of more effective cooperation and enforcement actions from international investigations. The crucial message here is that banks need to be confident in their compliance policies, programmes, processes and tools to ensure they stay on the right side of authorities.
Voluntary disclosure: The level of impact of voluntary disclosure has also been evidenced recently, with an example being when the UK Government’s Office of Financial Sanctions Implementation (OFSI) imposed its first monetary penalty—under new powers afforded to it under the Policing and Crime Act 2017—against Raphaels Bank. Here, the eventual penalty amount represented a 50-percent reduction of the baseline £10,000 penalty initially assessed by OFSI as a result of the bank’s voluntary disclosure of the breach and subsequent cooperation. While this fine was relatively small in monetary terms, what it does show is intent, with it clear that banks are no longer able to go under the radar and treat compliance as optional.
What this example should be is a trigger for UK institutions to review their sanctions exposure and compliance programmes. It also tells us that, in the event of a breach, voluntary disclosure offers the possibility of reduced consequences, so it is important that firms are open and act swiftly when faced with similar circumstances.
Far-reaching consequences: As we have seen in the last few years, a fine can have significant implications for a business—sometimes even leading to collapse. What this underlines is that the consequences of non-compliance are very real, showing the critical importance of robust compliance. It is no longer a matter that can be treated as an aside to other important operations.
Compliance is not an option
What the increased attention on sanctions and recent cases demonstrates is that, when it comes to compliance, ignorance is not an excuse. Sanctions compliance, particularly, must be a priority, with organisations placing appropriate resources and efforts in establishing effective programmes that run through the different levels.
Policies must be fit for purpose and continuously reviewed in line with changes in sanctions regimes. Only then will compliance professionals know that procedures and policies are being followed properly and that they won’t be caught out.
How can banks get it right?
The key here is to hire and retain top talent. Only by having on your team the best compliance professionals, who understand the area and how to make it work for your firm, will you succeed; however, we know that many of our customers are struggling to attract and hold on to talent as the current shortage of skilled compliance professionals means they are in high demand. Technology may not seem like an obvious solution to this problem, but we see banks that are automating routine manual tasks in order to increase job satisfaction. It is also crucial, with the speed of business and moving targets to which financial institutions operate, that banks are realistic with their targets and set goals that are attainable without salespeople feeling so under pressure that they engage in business activities that carry risk.
What we know is that, since the financial crisis, banks, particularly in Europe, have been struggling to maintain profitability. Structural deficiencies, overcapacity and the absence of a pan-European banking regulatory agency have all been cited as some of the factors for banks across the continent experiencing persistent challenges. Having to fight against these difficulties, and the uncertainties that come as a result, means that sales teams can come under intense pressure to meet unrealistic business-development targets. Therefore, it is more important than ever to set attainable goals that can be met without staff having to cut corners or take risks to meet them.
In terms of practicality, it is important that banks have the tools and procedures in place to promptly detect inadvertent breaches of sanctions regulations so that these can be self-reported to the relevant authorities promptly and efficiently. Previous cases show that this can have an impact on the level of penalties. The importance of a comprehensive audit trail, which can be provided to investigators quickly and efficiently, can also not be underestimated when looking to aid investigations, and this is another area in which automation technology can prove invaluable.
By taking these key points into consideration, firms will be able to operate with the confidence that they are meeting obligations and doing all they can to avoid any negative ramifications of not coming up to scratch within an environment that is growing in importance with the passing of time and constant business developments.
The role of technology
While in years gone by, checks against sanctions lists were largely manual and time-consuming activities, the development of capabilities such as intelligent process automation (IPA), which combines fundamental process redesign with robotic process automation (RPA) and machine learning (ML), assist workers by eliminating repetitive, replicable and routine tasks. This removes much of the burden from employees and ensures a consistent approach.
Maintaining and monitoring sanctions lists involve the processing of large volumes of data, including not just the names of listed individuals but also details such as known aliases and locations. Checking and keeping up-to-date with these lists is a challenge, becoming harder as the customer base of a business becomes larger. This is why many are now opting to integrate screening tools and automation, such as Encompass, into their practices. This can offer not only significant time and cost savings but also provide an extra level of security that manually performing the associated tasks would not give.
When it comes to sanctions and demonstrating compliance, IPA allows firms to work smarter. It has a vital role to play and can help firms consolidate steps in the process. By gathering all of the required data, rather than leaving it to humans, it also allows them to work more efficiently while demonstrating a commitment to regulators and auditors without added costs.
IPA from Encompass enables firms to get the full picture on the people and entities with whom they are considering entering into business relationships, and it can be done in a way that is both efficient and cost-effective. This approach gives financial institutions a clear advantage. Utilising the best in technology is the easiest and most convenient way to satisfy regulators as well as ensuring continued productivity and efficiency.
We are at a pivotal point for sanctions. While some have questioned the use of this tool and whether it is being overused, it is something that continues to develop at pace, with an increased rate of enforcement actions likely over the coming years. Organisations must keep up in terms of how they assess risk and put their own robust strategies and programmes in place. Preparation—throughout a company—is key.
The issue of Brexit also means that there is much uncertainty. Developments relating to Russia and Iran are a key focus for financial firms, especially in the UK, where, after Brexit, there could be additional sanctions against Moscow. Concerns regarding Brexit and sanctions are increasingly overlapping due to the uncertainty of their impacts on financial markets and what the landscape will look like after the UK leaves the EU.
According to a UK Government paper on the issue entitled “The future of sanctions”, the UK has had an outsized influence on shaping EU sanctions policy. Britain has been possibly the most important supplier of intelligence to the EU, and the UK’s important financial sector has also given it extra weight.
“The UK has often pushed for a robust sanctions policy within the EU; after Brexit there is a strong possibility that the EU will become less enthusiastic about sanctions in general,” it continues.
Whatever happens, what is clear is that this is an area that must be taken more seriously than ever. With the examples of recent high-profile sanctions cases, it is obvious that regulatory bodies are not treating compliance in this regard lightly, and firms must ensure that their programmes and procedures match up to expectations, as it is an area that will only grow in importance and focus as time moves on.