As war rages in Ukraine, the international business community is understandably concerned to ensure that it plays its part by complying fully with the sanctions that are being imposed by western governments. As major international financial centres acting as way-stations for large capital flows for wealthy individuals and corporates London, New York, Luxembourg and a host of smaller offshore centres have a vital role to play. It’s also important to stress that as sanctions apply across the board ALL businesses at risk of violating sanctions must act including the many oil, gas, gold, property and shipping businesses which are at just as great a risk as banks, investments houses and trust companies.
In response to the crisis the UK initially imposed sanctions on specific Russian banks and three of Putin’s allies. As the crisis escalated the UK announced a range of further measures effectively freezing Russian banks including the Russian Central Bank out of the UK financial system and Russian airlines out of the UK’s skies. Sanctions were also imposed against Putin. Further sanctions measures will undoubtedly be imposed in the coming days and weeks as the crisis evolves requiring businesses to remain agile.
How then should businesses react to the emergency in order to guarantee compliance and protect their reputation?
First and foremost businesses need to understand that sanctions are designed to prohibit the facilitation of activities by sanctioned parties. That means they can breach a sanction not only by having a sanctioned person or entity as a client but by doing anything that facilitates prohibited activity. For example if they administer a company that trades with a sanctioned entity they will be in violation. Early in my legal career I learned just how tangential sanctions risk can be when I advised on a case involving a group of lenders that held security over an aeroplane that had been chartered by the owner to a sanctioned party. Even though the lenders customer wasn’t sanctioned, their customer’s customer was and that placed them in significant danger of a sanctions breach and serious regulatory action. The truth is that sanctions risk can manifest in many ways in customer relationships.
The most important practical step for businesses to take is to implement automated and real time screening of business relationships to ascertain any direct or indirect connectivity with a sanctioned person or entity. To do this a business must have full customer due diligence on file and use it to screen against the most comprehensive and up to date sanctions programme data on a daily/real time basis. Businesses often struggle to do this for the following reasons:
- They have missing or out of date due diligence on customers;
- They do not possess adequate due diligence on beneficial owners or controllers of companies particularly where the ownership structure is complex or opaque;
- They fail to identify that agents are acting on behalf of disguised principals;
- They do not possess due diligence on counter parties or third parties with whom their customers deal;
- They do not have an automated screening tool and instead rely on manual screening methods;
- They rely on deficient sanctions programme data;
- They do not have automated Know Your Business (KYB) data look up and screening capability that allows the identification of the connections of sanctioned people or entities;
- They have sanctions alert backlogs because of under-resourcing or excessive false positive alerts hindering their ability to work new potential sanctions matches
Where any of these deficiencies exist the chances of non-compliance at best and a possible sanctions breach at worse, materially increase. If a business does have gaps in its due diligence it should look to remediate them as quickly as possible. New tools such as RiskScreen can allow businesses to identify any gaps and fill them quickly following which the data can be seamlessly utilised to automatically screen against sanctions programs as they evolve.
It’s also highly advisable for businesses to screen not only against UK sanctions but also against EU and US sanctions programs. Whilst those programs don’t apply directly the reality is that any non US business that acts contrary to a US sanction will be placing itself at risk of US extra-territoriality. Facing off against the US authorities is a prospect perhaps even more sobering than the risk of a domestic regulatory action. I know from first hand knowledge of the US Treasury Department which is responsible for sanctions enforcement, both the degree to which it weaponises the dollar to advance US foreign policy and the extent of its willingness to bring non-US businesses into its cross hairs.
There is no question that businesses are on the front line of the West’s response to Russian aggression because sanctions only work if businesses respond by acting in compliance with them. Governments are effectively outsourcing their response to Russian aggression by requiring businesses to detect, report and where necessary freeze relationships. Businesses must use the time they have wisely by ensuring they are utilising the most up to date screening technology and the best underlying sanctions data. New sanctions are inevitable and will be imposed with little notice emphasising the need for all businesses to consider whether they are sufficiently well equipped. Russia’s invasion of Ukraine has prompted a sanctions compliance emergency. How well businesses in the West respond to it could help shape the future of Europe.
Stephen Platt is the original co-founder of the International Compliance Association and the CEO of the award winning Regulatory Technology business RiskScreen