“Western governments have outsourced the burden of responding to Russian aggression to the private sector thereby imposing a significant compliance challenge.”
~ Stephen Platt, CEO RiskScreen
This incisive quote sums up both the reality and the enormity of the task now faced by risk and compliance professionals across the world.
The invasion of Ukraine and the subsequent sanctions and export controls imposed by scores of nation states has fundamentally changed the compliance landscape – possibly for ever.
Rules and regulations are now changing almost by the hour, while the risks associated with conducting business with sanctioned individuals or entities are increasing exponentially.
The effectiveness of sanctions depends entirely on the ability of businesses to comply.
While the financial services sector is very much on the front line, it is also crucial to acknowledge that sanctions apply to all sectors of the business community: law, accountancy, shipping, aviation, logistics, gold, services, retail.
But many of these sectors are simply not equipped to assess their exposure to sanctions risk and comply with their obligations.
Punitive fines and damage to organisational reputation are the consequences of failing to ensure compliance. But the ultimate responsibility for avoiding doing business with the wrong third party falls squarely on the shoulders of those of you entrusted with implementing the right policies and controls.
And while there is little doubt that this will present a range of challenges and puts you under enormous pressure, there are certain core principles that should underpin your strategy,
Just 3 steps will go a long way toward ensuring you comply, both now, and in the future.
Step 1. Know your weaknesses.
“Don’t make the mistake of assuming that you have compliance under control simply because you screen your customers’ names against sanctions lists, nothing could be further from the truth.”
It’s the human condition that we spend far more time concentrating on our strengths, than we do identifying and working on our weaknesses.
So, an important starting point for everyone is to look for the flaws and the failings before a bad actor finds and exploits them first.
With this in mind, below are a list of some the most commonly identified sanctions compliance weaknesses that you should immediately identify and address.
- The failure to appreciate the dangers posed by sanctions risk exposure. Don’t assume you have compliance under control simply because you screen your customers’ names against sanctions lists. It’s not just your customers who expose you to risk, but your customers’ customers, your customers’ counterparties, and even your customers’ supply chains.
- Missing or out-of-date due diligence on customers. The majority of businesses have due diligence deficiencies. Even when they do hold sufficient due diligence, it’s not organised properly or stored in a way that will allow them to use it effectively in order to identify and manage their risk exposure.
- Inadequate due diligence on Ultimate Beneficial Owners (UBOs) or controllers of companies. This is a particularly difficult area to monitor, especially where the ownership structure is complex or opaque. As a result, it requires even greater scrutiny so as to clearly identify all interested parties and entities.
- Absence of due diligence on counter parties, third parties, or participants in the overall supply chain. The fundamental basis for sanctions compliance is having full, accurate due diligence on all aspects of your customer’s business. As mentioned previously, this extends beyond your immediate customer to their customers, relationships, transactions, counterparties, and supply chains.
- Manual screening without an overnight batch screening solution. With the sanctions landscape changing so rapidly, ad hoc manual screening can result in gaps and leave you dangerously exposed. So, it’s essential that you continually and regularly screen your entire customer base and all related part names through the process of overnight batch screening.
- Reliance on deficient sanctions programme data. The hard truth is that the quality of your screening is only as good as the data you are screening against. Using out-of-date sanctions programme data can provide you with a false sense of security and expose you to serious risk.
- No automated Know Your Business (KYB) data look up and screening capability. This is another crucial link in the process as it enables you to identify and screen any individuals or entities who are connected to sanctioned actors.
- False positive sanctions alert backlogs. This is often down to under resourcing or the use of outmoded screening technology that generate excessive false positives and hinder your ability to identify true matches.
Step 2. Turn weaknesses into strengths.
“The provisions of the new UK economic crime bill include a strict liability test for sanctions evasion offences. How can a business defend itself against a charge, where the absence of concern or suspicion on its part was due to the absence of a readily available solution?”
There has never been a better time to re-evaluate and strengthen your businesses’ exposure to risk.
This isn’t just because of the deluge of sanctions that have been unleashed, it’s because you now have at your disposal the technology to simplify and automate the vast majority of the processes required.
But before you start to look into the technologies available, it’s vital that you first identify exactly what your business needs to shore up its compliance capabilities.
- Plug all customer due diligence gaps. Don’t be under any illusions that you don’t have any KYC deficiencies, every business has them. But this isn’t the enormous challenge that it may initially present, as the automated technology now exists that will accelerate your ability to identify and remediate any KYC gaps.
- Who to screen. Once again, it’s not just your customers’ names, but any individual or entity involved in your business relationship. As a result, it is vital that you implement automated and real-time screening of all involved parties in order to ascertain any direct or indirect connectivity with a sanctioned Russian individual or entity.
- When to screen. It isn’t sufficient simply to screen during onboarding, you need to do so throughout the lifecycle of the customer relationship. Sanctions are constantly evolving, so you need to screen against the most comprehensive and up-to-date sanctions programme data on a daily/real time basis using a cutting-edge batch screening solution that generates an exceptionally low number of false positive results.
- What to screen against. You cannot rely on one-off manual screening solutions, you must screen your data against the best, most up-to-date data sets. Which is why RiskScreen is partnered with the likes of Dow Jones, Refinitiv, and Sayari, as their many thousands of researchers from across the world present the very best tried and tested datasets. This ensures global coverage, relatability, and equally importantly, it’s completely defensible.
- Anticipate future exposure. It is also important to remain agile in anticipation of what your exposure may be as sanctions programmes evolve over time. It is possible to take steps to identify your exposure to future sanctions by proactively identifying potential exposure to any individuals or entities that already have links to Russia or Belarus.
Step 3. Stay alert for attempts to circumvent sanctions.
“Many individuals or entities will already be seeking ways to circumvent sanctions by finding ways of moving money or assets to ‘safer’ geographical regions or through the use of crypto currencies or assets. So, keep a close eye on any new or irregular activity that may indicate such behaviour.”
Red Flags such as those highlighted by FinCEN are designed to help you to identify potential sanctions circumvention activity.
As more sanctions are rolled out and more individuals and entities directly targeted, the oligarchs and their businesses will seek to find increasingly inventive ways of moving their money and assets out of the reach of the authorities.
While many of these Red Flags are aimed at the financial services and banking sectors, every business has a responsibility to maintain a watchful eye on suspicious activities.
- The use of corporate vehicles. These can be used to obscure ownership, the source of funds, and the countries involved.
- Shell companies. The use of shell companies can facilitate the conducting of international wire transfers involving financial institutions completely distinct from the company registration.
- The use of third parties. In order to shield the identity of sanctioned persons and/or PEPs, third parties can be enlisted to conduct transactions without necessarily raising alarms.
- Accounts that experience a sudden rise in value being transferred. Any accounts in jurisdictions that experience a sudden rise in value being transferred without a clear business rationale should be flagged for investigation.
- Sudden increase in new company formations/registrations. Jurisdictions previously associated with Russian financial flows identified as having a notable increase in new company formations.
- Newly established accounts. Keep an eye out for new accounts that attempt to send or receive funds from a sanctioned institution that has been removed from SWIFT.
- Non-routine FX transactions. These may indirectly involve sanctioned Russian financial institutions and should be investigated until proved otherwise.
- Crypto currencies and assets. There are increasing reports of individuals and entities seeking to use crypto currencies and assets to bypass the transfer of money through the traditional banking system.
There has never been a more pressing or pivotal time in the working lives of compliance professionals.
How we collectively respond to this ongoing sanctions compliance emergency will help to shape the future, not just for our businesses, but for Europe and even the whole world.
Whether we like it or not, the burden of the response to Russian aggression has indeed been outsourced to the business community. So, it’s up to us to face up to the challenge and ensure that we all play our part to the fullest.
There are no short cuts, but at least the technology now exists to turn the path to full compliance into a fast, efficient superhighway.
Webinar | Meeting the challenge of the Russia sanctions compliance emergency.
For additional background information on how to ensure that you fully comply with Russia sanctions, watch the recording of this special RiskScreen webinar.
In the webinar, Stephen Platt, RiskScreen’s CEO & Founder and Tom Devlin, Senior Director, Regulatory & Product, explore:
- How the West’s response to the Ukraine crisis breaks new ground in sanctions compliance
- The unique challenges of complying with evolving sanctions against Russia
- Common weaknesses in sanctions compliance and how to address them
- How to anticipate the impact of new sanctions measures and how to prepare for them
- How to uncover hidden linkages in ownership and control