Geopolitical realities complicate screening and due diligence; technology offers solutions
Friday, November 22, 2019
By Charles Delingpole
Sanctions have become increasingly frequent and nuanced to meet current political and economic realities. They are imposed, lifted and modified regularly, often within a few days' or weeks' time, due to any number of geopolitical factors.
The U.S., in particular, has shown an increased reliance on sanctions; listings and delistings per year number in the thousands, and the size of its Specially Designated Nationals and Blocked Persons (SDN) list has grown by 56% in the last decade. To remain compliant with the law, companies must have the ability to react quickly to changes.
Many companies have to comply with several governing bodies' sanctions lists simultaneously - from the U.S. Treasury's Office of Foreign Assets Control (OFAC), the EU, the UN and more. Yet these sanctions decisions, depending on the foreign policy goals of each entity, can sometimes conflict with one another. The EU's attempts last year to counter U.S. sanctions on Iran with its own blocking statute is just one example.
Given their unique position as facilitators of money flow, banks and other financial institutions need to be particularly attentive to changes in sanctions policy and possible conflicts between sanctions lists. The penalties for noncompliance are severe. In November 2018, OFAC fined SociÉtÉ GÉnÉrale over $1.34 billion for violating U.S. sanctions against Iran, Sudan, Cuba and Libya. It didn't stop there; in the first half of 2019, the sanctions enforcement arm of the U.S. government reached 18 settlements with companies for sanctions violations and issued fines totaling nearly $1.3 billion. UniCredit Bank and Standard Chartered were among those fined and paid $600 million each.
It's imperative that financial services companies implement a robust, responsive and efficient sanctions compliance program. Yet while most recognize the need, many fall short of succeeding on this front, making do with a hodgepodge of primarily human-driven processes and tools and hoping nothing slips through the cracks.
No Size Fits All
A solid sanctions compliance program designed for an online payment system like PayPal will be different than the one for Goldman Sachs, and both of those will be different than that of a local credit union. That's partly why OFAC has tended to stay away from issuing regulations that specify what a compliance program would look like and has focused exclusively on enforcement. The U.S. government's concern is that you follow the law. It's up to each company to determine how to ensure they do.
In a departure from that approach, possibly due to recognition that companies can comply more easily with clearer guidance, OFAC released a document last May detailing five main components every compliance program should incorporate. Management commitment, risk assessment, internal controls, testing and auditing, and training have all been identified as vital. These guidelines should help provide a starting point to build or refine a compliance program. But they are far from exhaustive.
The volume and velocity of financial activity that banks process daily means they're accruing a massive amount of data at a speed where human intervention isn't possible on any given transaction - they need the right rule sets to be able to intervene effectively. So given the millions of transactions processed daily, what are the proper sanctions screening and due diligence measures that will help them accurately assess risk? Further, how can they make it scalable?
These questions are key, especially since OFAC has specifically called out the failure of legacy sanctions-screening software and filter faults as a root cause of noncompliance.
Advanced Technology Will Help
Modern technology offers a solution. When used to determine rule sets that react to transaction data, modern technology assists financial services companies in putting many of their due diligence processes on autopilot, freeing up compliance officers' time and energy for higher-level risk assessment.
There is no grace period for compliance, so it's important to show that you're always doing the right thing. Maintaining an easy-to-reference audit trail of client transactions and the company's response to updated sanctions lists is important. Compliance departments that use customizable software to continually monitor for and document developments involving sanctions lists have a leg up on those who use internally built systems and legacy compliance software with less robust audit trails.
Identifying discrepancies between lists due to conflicting geopolitical goals, and even just choosing which lists to monitor, are also made scalable with advanced tools. Different configurations can be switched on and off, which is useful when applying compliance across different regions .
Looking to the Future
The use of sanctions as a political tool will only get more complicated. Emerging economies that haven't historically held as much influence over the global economy, like China, Mexico, Turkey and India, are now starting to explore sanctions as a way to further their own policy goals.
As their economic and political influence grows, so too will their determination to act independently and possibly pursue sanctions that are in direct conflict with the policy goals of other major players on the world stage, such as the U.S. and EU. Staying up to date on these developments will be especially important for businesses looking to operate in these jurisdictions.
Further, while all companies will be affected by these developments, banks and financial institutions are especially vulnerable. They will need to react much more swiftly to a changing economic and political landscape if they want to remain not only unscathed, but successful. Embracing compliance technology that moves at pace with the rest of the world will put them in the best possible position to do so.
Charles Delingpole is founder and chief executive officer of ComplyAdvantage, a regtech company building the first global, connected database of people and companies powering world-leading financial crime detection tools.