Sanction Risk Assessment is a key regulatory expectation, however, it is not a regulatory requirement. Sanction Risk is defined as direct exposure to embargoed jurisdictions or entities included on various sanction lists.
What is the Sanctions Risk?
When an authority places sanctions upon a non-complying entity or organizations, it can make conducting trade and other financial activities with them extremely difficult. Sanctions are essentially penalties with the purpose to punish these entities, and the consequences of disobedience are often heavy. Sanctions are usually placed on countries or organizations whose activities are seen as threatening international peace and harmony. In a few rare cases, law enforcement may even place sanctions on individuals.
Failing to identify and comply with sanction rules can lead to financial penalties, freezing of assets, and even criminal proceedings. This may apply to the sanctioned country, as well as the entities dealing with them.
Sanction Screening Lists
Many financial institutions, especially those dealing with international banks, maintain sanctions screening lists. These lists may contain information about politically exposed persons, terrorists, and other suspicious people. In some cases, the FI may have to deal with a company that has a sanctioned or suspicious person on its board of directors. They may also unknowingly be dealing with a shell company formed by a sanctioned country. Many countries use innovative ways to bypass the Sanction Risk put on them and re-enter the international financial market.
To avoid falling into the trap of these entities, Financial organizations screen their clients against a number of these lists. Collectively, these lists are called ‘Sanctions Lists’. Screening can be a long and tedious process, and they need to apply thorough due diligence and weed out any dubious individuals.
Governing bodies like the Office of Foreign Assets Control (OFAC), The United Nations and the European Union maintain a database of all sanctioned entities. They share these lists with all high-ranking banks and other financial entities. Simply checking the details of the client’s board of directors is not enough. The database and lists must include details of all associated customers, employees, suppliers, and directors of the company.
How often should Sanctions Screening take place?
Authorities recommend that financial institutions perform sanctions screening of every new client they take on. However, only going through the client’s details may not be enough. Sanctioned entities have very creative ways of covering up their true identities to stay out of the spotlight.
Hence, banks must regularly monitor the nature of the transactions their clients make. Some transactions may be suspicious in nature. They may come from places bordering sanctioned areas or may be part of a trail originating from a sanctioned jurisdiction.
This process is called transaction screening. It is important to conduct especially when the clients deal with any third-party organization. If financial organizations detect that they are dealing with sanctioned entities, then they may take certain measures to remove any association with the party.
Name Screening
In name screening, financial institutions simply run the client’s name through a software program, in order to detect sanctioned entities. Individual clients may be a part of larger, sanctioned organizations. they may also hold high-ranking positions in the governments of sanctioned countries.
Name screening can help to expose Politically Exposed Persons (PEPs) and people with criminal histories. It can help banks choose which customers to welcome onboard, without dealing with complications from non-disclosure of sanctions.
However name-screening programs must be designed to carry out in-depth screening and provide fuzzy matches. Sanctioned individuals may provide slightly altered details so that screening programs do not pick up on their names. These programs must be able to provide close matches so that such individuals do not go undetected. Sometimes, the romanized translations of foreigners’ names may vary. The system must keep track of this too.
Hence, the program must be efficient and updated in accordance with all sanction-implementing bodies.
Payment Screening
Banks and other financial institutions have the authority to screen payments. Screening payments means checking all incoming and outgoing transactions. The source or destination of payments may bring up alarm bells if they are in sanctioned areas. In many cases, banks consider areas bordering sanctioned areas risky as well.
Banks have programs that screen payments in real-time to detect any risk. Screening payments also includes screening the recipients and payment-initiator. Similar to name screening, it is important that the software be adept at fuzzy matching. This will ensure that no illicit actors make their way through.
Programmatic Sanctions Risk Screening
It may be very time-consuming for FIs to manually screen their clients against the sanctions lists. So, they have developed compliance software that helps detect and store all points of interest. These programs collect information about their clients and develop a risk-based score. The FI is then able to make decisions based on the results.
Programmatic Sanctions Risk Screening takes many factors into account, only one of which is possible sanctions against the entity.
The sanctions detection program in question must be up to date with all currently sanctioned entities, countries, and individuals. The program must be in compliance with all the regulatory bodies’ lists including the EU, OFAC, and the UN.
The program must also be able to zone in on possible matches. It is not always granted that organizations will function under their true details once sanctioned. Many sanctioned entities make slight changes to their directors, organization names, and addresses to function under the radar. Hence, it is essential to fine-tune these programs enough for them to pick up on these slight changes and generate matches.
The program must also be developed to store all data correctly and in an organized manner. All data collected by the program during its searches must be easily accessible to its users. It must also be capable of generating reports on entities when and if needed. This helps in third-party functions like audits and inspections. This feature is known as audibility.
Testing and Auditing
A bank must have extremely strong internal controls. These internal controls are what keep its security intact, which protects its funds and integrity. When a bank’s internal controls are weak, it can cause negligence on its part when checking for sanctioned or blacklisted entities.
Auditing is an important step in ensuring that all the internal controls are up-to-date. Conducting timely audits can help to make sure that banks are dealing with their clients properly, and following the necessary guidelines.
Communication and Training
The chain of command in an organization is extremely important. Each employee must know the proper procedures when dealing with a suspicious client. The level of information shared with each employee depends on their position and security level. However, even lower-ranking employees must know who to approach if they come across these situations.
Companies must hold training sessions for their employees on a regular basis. This will help them identify the risks that come with blacklisted and sanctioned clients. They must also give their employees the proper resources to report and deal with any cases they come across. The training must be updated on a periodic basis, as sanctions and evasion techniques are constantly changing.
Know Your Customer and Sanctions
Sanction Risk screenings are essentially a part of Anti-Money Laundering measures. KYC norms require that every customer must provide details about their financial and criminal background as well as details like their birthdate, address, etc.
This is essential in helping FIs detect any politically associated individuals and former financial criminals, to protect their assets and reputation. Unknowingly dealing with such individuals may not only land them into trouble with the authorities but also prove dangerous to them in case they repeat their previous actions and default again.
KYC norms help to identify Politically Exposed Persons (PEPs), individuals dealing with sanctioned governments or organizations, and fraudsters and defaulters. It is up to the banks to make sure that they have a database with all of their client’s KYC information on hand.
Many PEPs and criminals usually rope in their close friends or family members to conduct their business dealings for them, in order to bypass sanctions screenings and function as normal. Hence, it is important for FIs to conduct thorough research on all of their associate and note them in the database.
Not complying with KYC measures themselves may also land FIs in hot water. In many countries, it is compulsory for banks and other financial institutions to comply with KYC norms. Not acting in accordance with sanction watchlists or dealing with sanctioned entities under the table can not only attract steep fines but also result in the freezing of the FI’s assets. In extreme cases, authorities may shut down the banking corporation entirely.
Investigating Sanctions Breach allegations
Authoritative bodies may receive allegations related to financial institutions breaching sanctions from many sources. They may be from employees, anonymous tip hotlines, the press, or regulators. These allegations must be taken extremely seriously, as they can cause severe damage to the involved bank’s reputation.
The steps to conducting a proper sanctions breach investigation are-
Identifying the FI’s intentions
The investigator must first attempt to identify the purpose behind the transactions. A person breaching sanctions is most likely involved in illicit activities. Tracing the source and destination of the transactions can help to determine the true purpose of the client’s actions.
The team must also review whether the bank was an intentional party. Did they intentionally breach the sanctions in return for compensation, or were their actions due to negligence?
The investigators must also keep the geographical scope in question. They must check if the bank has in fact broken any laws of the country they are situated in, as each area has different stances on the same issue.
Collecting Documentation
Next, they must collect all necessary documentation. They must collect data on each and every transaction that took place during the reported time period. They must also collect emails, letters, and other means of correspondence. The investigators will run these documents through sanctions screening programs to detect keywords and create an audit trail.
Interviewing witnesses and collecting information from various sources
The team may also decide to interview key witnesses and employees. This includes the whistleblower on the situation. Interviewing people can help gain different accounts and points of view on the same situation. They may also uncover crucial evidence through these interviews, which they can then follow up on.
Preparing Reports
Once they finish the initial investigation, the team must prepare a report on their findings. The report must include their methods of investigation, which measures they use to detect sanction breaches and all the evidence that led them to their final decision. They must also note down all the assets and funds involved in the case. If a watchlisted entity breaches sanctions, then the governing body will freeze or seize its assets. Hence, the investigators must include a comprehensive list of all assets involved.
Finally, they must advise the bank or financial institution on how to proceed with their operations so that this doesn’t happen again. if the bank is a willing conspirator, then the OFAC or OFSI is notified, and they deal with their institution.
In the case that the bank did not co-operate with the clients knowingly, they will draft preventive measures to abide by in the future. If the company follows these rules, then they do not need to be formally apprehended.
Conclusion- Why Sanctions Risk Screening is a must
Keeping up with sanctioned entities is becoming more and more complex every day. Intern-governmental authorities update Sanction Risk lists quite regularly, with financial crimes and money laundering on the rise. Sanction Risk is a vast concept. Furthermore, many sanctioned countries, especially countries like North Korea and Russia, are finding new ways to evade economic sanctions and trade normally despite their wrong-doings.
Hence, it is up to banks and other FIs at the international level to ensure that their sanction screening procedures are up to date. Non-compliance with sanctions is punishable by law, but in some cases so is dealing with sanctioned entities. Adhering to sanction lists and KYC and AML norms when taking on new clients is of the essence for FIs to protect their operations and reputations.