Russia/Ukraine Fallout: Mitigating and Managing a Multitude of Risks via KYC

Sanctions put in place after the Russian invasion of Ukraine highlight the need for companies and risk managers to not only verify the identities of their direct customers and suppliers, but even their suppliers’ suppliers.

Beyond minimizing reputational and compliance risks, know-your-customer (KYC) processes can also reduce operational and credit risks when integrated into an organization’s enterprise risk program. Risk managers need to look beyond KYC’s impact on the bottom line to see how it can favor the top line.

Unprecedented Sanctions

Disputes between nations over borders, trade or other actions are common throughout history – and sanctioning of countries is nothing new. However, the sanctioning of the Russian government resulting from the invasion of Ukraine is remarkable for both its breadth and speed.

No country of Russia’s size has previously faced such wide-sweeping restrictions on its trade and financial activities. What is also amazing is the timing and coordination of sanctions across nearly every other country, within days of the start of the military conflict.

U.S. companies have faced trade restrictions and embargoes, with countries such as Cuba, Iran, and North Korea, for many years. Moreover, global financial institutions regularly receive notices and injunctions that prohibit them from conducting business with specific individuals or organizations involved in money laundering, terrorism or organized crime.

Expanded sanctions on Russian oligarchs, banks and other companies complicate these existing compliance requirements. While processes for screening customers already exist, a new development is the rise of “self-sanctioning” by companies that are not legally bound to restrict commerce.

In response to the concerns of employees, customers and other stakeholders, companies are voluntarily choosing to withdraw from the Russian market entirely. Some are even going a step further and restricting activity with entities with indirect ties.

This creates a potential ethical dilemma for risk managers, who must determine parameters that extend beyond legal requirements. Where do FRMs decide to draw the line? Should they limit their employer’s business activity with direct relatives of Russian oligarchs? What about acquaintances or associates? The decision becomes even more complex as reputational risks grow.

Moreover, penalties for non-compliance with government-imposed sanctions can be severe – including fines, operating restrictions and even criminal prosecution. Luckily, KYC databases and tools available today allow businesses to be much more efficient at screening transactions for possible connections to restricted organizations. Financial institutions and other companies can now trace individuals through shell companies and complex corporate structures more easily than ever before.

Cristian deRitis

The Benefits of Knowing

While we may view these KYC activities purely as a compliance cost, they can have significant benefits for managing a company’s operational risk and credit risk, as well as its reputational risk.

For example, companies can use KYC tools to verify each of the links in their supply chains. They can not only validate the identities of the principals of their direct suppliers but also obtain similar information on the suppliers to their suppliers – going all the way back to raw materials. This allows for pinpointing vulnerabilities that could impact fulfillment, manufacturing or other operations.

Furthermore, individual consumers are increasingly interested in knowing the provenance of their goods and services, and are willing to pay a premium for guarantees that their deliveries were produced without the use of slave labor or with green energy sources. The traceability provided by KYC algorithms can turn a compliance cost into a marketing opportunity to satisfy customer demand.

In addition to improved insight into supply chains, understanding customers’ networks can add value to the management of credit risk, as creditors are better able to understand the relationships between principals, businesses and their parent companies. A lender, moreover, can assess whether assets offered as collateral by a loan applicant may have been pledged to multiple lenders, potentially increasing risk exposure in the event of a default.

At the individual consumer level, KYC can help to reduce fraud through identity verification, and can enable borrowers to prove their creditworthiness by authenticating relationships with previous creditors and service providers. This information can directly translate into decreased losses and lower interest rates for qualified applicants.

The Crypto Factor

The need to confirm the identities of customers and suppliers also ties in directly with the growing global movement by both companies and individuals to adopt cryptocurrencies as a medium of exchange. While the promise of anonymity and decentralized control is attractive, crypto adopters need to recognize that they are not immune from the restrictions and rules that exist in the traditional financial system – including sanctions.

Businesses, banks and other lenders still need to verify the identities of their customers and suppliers, even if they happen to be utilizing cryptocurrencies for their transactions. Moreover, while crypto does offer a level of anonymity, the open nature of the public blockchain allows for a level of traceability when combined with other data sources.

Investigators have, in fact, been able to trace and recover assets in recent ransomware attacks, suggesting that individuals and companies should not assume their cryptographic transactions are completely anonymous. Due diligence and process controls are therefore paramount for companies that decide to engage in the buying and selling of cryptographic assets.

Parting Thoughts

What’s old is new again. History is filled with examples of the cat-and-mouse game between those imposing financial restrictions and those trying to evade them. The magnitude and complexity may have expanded with the latest round of sanctions, but the fundamental task for companies to ensure compliance with all applicable laws is the same.

KYC has, in fact, been part of institutional risk management for a long time. Businesses have always needed to verify orders and invoices to ensure they are legitimate. Credit card processors, for example, are constantly authenticating identities to separate legitimate customers from fraudsters. Moreover, even in cases where availability of funds or fraud is not an issue, businesses may be legally restricted from – and held liable for – entering into transactions with certain individuals or groups.

What has changed in recent times is the widespread availability of KYC databases and tools. Improvements in data collection, data sharing and computing power enable even the smallest banks and credit unions to flag potential compliance issues seamlessly. Given that evaders and fraudsters are constantly changing their tactics, real-time monitoring further empowers institutions to catch suspicious transactions early – before they can translate into larger problems.

As risk managers, we are equally challenged to identify ways to leverage these new technologies, to ensure that they aren’t purely identified as compliance costs. The COVID-19 pandemic and fallout from the Russia-Ukraine conflict highlighted the need to build more resilient supply networks or webs, rather than supply chains riddled with single-point dependencies.

Moreover, while the jury is still out on the long-term value proposition of cryptocurrencies such as bitcoin, the value of blockchains themselves is undeniable. Indeed, blockchains have already enabled manufacturers to manage their production processes more efficiently and lenders to lower their risk profiles through better documentation and clear establishment of property rights.

With apologies to the pop band ABBA, knowing me, knowing you is the best we can do.

Cristian deRitis is the Deputy Chief Economist at Moody's Analytics. As the head of model research and development, he specializes in the analysis of current and future economic conditions, consumer credit markets and housing. Before joining Moody's Analytics, he worked for Fannie Mae. In addition to his published research, Cristian is named on two US patents for credit modeling techniques. He can be reached at cristian.deritis@moodys.com.