Sanctioned individuals or representatives of sanctioned entities rarely turn up to financial institutions to open bank accounts, or even where a relationship already exists, call up asking to carry out transactions.
Nuances in sanctions risks such as these, are something that goes beyond screening against lists and can expose financial institutions to sanctions violations if risks are not handled effectively.
The following are three real life cases studies, each with different levels of sanctions risk exposure, where ineffective handling of the risks resulted in financial institutions being exposed to potential sanctions violations.
Case study one: Sanctions lists
Whilst it may seem obvious that an effective sanctions compliance program starts with up-to-date sanctions lists being fed into screening systems, a lack of oversight on even this foundational element of sanctions compliance can lead to significant risk.
In this case, a financial institution was using a manual process to add updated sanctions lists to systems. But the person responsible for the manual updates was away and hadn’t handed the process over to an alternate member of staff. This resulted in key updates of sanctions lists not being fed into screening systems, exposing the financial institution to potential sanctions violations risk.
The issue was discovered when another financial institution made a request for information following a potential sanctions match on a transaction. This prompted the financial institution to investigate why it hadn’t picked up the potential match itself. It was at this point that it came to light that sanctions list updates were not being fed into screening system due to the staff member being absent. The process and system in place lacked rigour.
The flaw was addressed with the implementation of a more robust process. But not before significant work was carried out into updating systems, retrospective checks made on missed list updates, and backlogs completed from newly identified potential matches.
Although no positive sanctions matches were found in this instance, once all the updates had been made a review revealed that the issue did create a window where the financial institution was exposed to potential sanctions violations risk. To compound the issue, it also transpired that updates to screening systems were not regularly validated to ensure systems were picking up all potential matches. Again, creating a window where the financial institution was exposed to potential sanctions violation risks.
Case study two: Sanctions evasion
Although the first case highlighted the potential for sanctions violation risks. In this second case, a financial institution was faced with a positive sanction match and instead of freezing the funds, they almost released funds in direct violation of sanctions in place at the time.
Following a transfer of funds from a remitter to the financial institution’s client, a request was made to transfer the funds back to the remitter as they had changed their mind. The remitter was a positive match to an individual on a sanctions list.
Aside from the fact that the sending financial institution had missed the positive sanctions match of their client (for reasons unknown), the receiving financial institution’s screening systems had picked up the sanctions match but had incorrectly discounted it as being a false positive. It was only when the request came from the sending financial institution to return the funds that a further review and inquiry was triggered.
Upon further review, the positive sanctions match was confirmed. But the receiving institution was under the impression that their client was not sanctioned, so there was no obligation to freeze the funds and that a return to the remitter would not be a violation of sanctions.
Further investigations revealed that the financial institution whose client had received the funds was suspected to have been a proxy, using a shell company for the sanctioned remitter in an attempt to evade sanctions. The sanctions compliance team were eventually able to convince senior management to freeze the funds.
As a result, remediation work was conducted that included retraining sanctions investigators to correctly review alerts and to include thorough rationales on discounted alerts, as well as escalated alerts where potential sanctions matches were detected.
Case study three: ‘dual use’ goods
One area of sanctions compliance that has been less appreciated, has been risks related ‘dual use’ goods and export control requirements. Dual use goods can be broadly summed up as materials, goods, technology, or software that can be used for both civil and military purposes or proliferation of WMD (Weapons of Mass Destruction) application.
The UK (United Kingdom), USA (United States of America), EU (European Union) and many other countries have dual use goods and export control requirements, which can include the requirement for licenses before goods can be exported. Such export controls may be in place for a number of reasons. One of which may be sanctions-related, but could include several other reasons, such risks related to crime, national security, or human rights violations.
Whereas the previous case shows that positive sanctions matches can be detected from up-to-date sanctions list in screening systems, when it comes to dual use goods, these may be much harder to detect. Consequently, they may not be picked up by screening against sanctions lists alone, especially where an end user is not involved in the transaction, but still could be a sanctioned individual or entity. Here, thorough due diligence plays a key role in managing sanctions risks related to dual use goods.
In this final case, a financial institution almost ended up facilitating transactions related to the supply of dual use goods, which had a military application, and where the end user was a military in a country under sanctions.
The financial institution’s client was not sanctioned and was to receive funds from one of its customers, also not sanctioned, where the payment was for ‘pontoon’ bridges (a type of floating bridge used to cross stretches of water). Whilst these can be for commercial use, they also can be used by militaries to facilitate the transportation of troops or vehicles.
Upon the financial institution asking their client additional due diligence questions at the request of sanctions compliance staff, it transpired that the client’s customer buying the pontoons was buying them in order to supply them to a military, for whom sanctions prohibited the supply of such goods. On this particular occasion, the issue only came to the sanctions compliance staff’s attention by chance. As a result, it highlighted the need for more robust controls and education within the financial institution around the issue of dual use goods and sanctions risks.
Risks related to dual use goods can be a complex area and many financial institutions may find that it is beyond the capabilities of most employees to identify them. But this is not to say that controls cannot be put into place to help identify clients and transactions that could be involved in the trade of dual use goods.
Effective sanctions compliance starts with a trustworthy sanctions screening vendor/system. It is from this foundation that broader controls can be built, as not all sanctioned parties will try to directly transact with financial institutions.
The three cases above show that given some of the nuances in sanctions risks, they can emerge in different elements of a sanctions compliance program. Consequently, as well as controls, education and training within financial institutions must also play a key role in order to manage sanctions risks most effectively.