The list of sanctions grows longer every day, and the sanctions published by the various issuing bodies do not always coincide. In addition, the definition of sanctions is becoming broader and broader, leaving more and more room for interpretation. This makes it more difficult than ever for companies to effectively identify and manage sanctions risk. Our best practice guide to sanctions review provides useful advice to help you overcome these challenges.
What is a sanction
A sanction is a preventive measure often taken by governments and international organisations to change behaviour, prohibit illegal activities, and stop undesirable actions by certain high-risk individuals or groups.
What is a sanctions list
A sanctions list is a compilation of individual sanctions that can be imposed on individuals, countries, groups, or companies. Sanctions lists are often compiled by governments or international organisations such as the European Union.
Complexity of sanctions risk managing
The sanctions lists are constantly evolving
As governments increasingly turn to sanctions as a means of foreign policy, new entities are constantly being added to or removed from sanctions lists. Over the past 5 years, the average number of designated entities has increased significantly.
The nature of the sanctions is becoming increasingly complex
While they used to target only specific named entities (states, ships, aircraft, organisations, and individuals), narrative and sectoral sanctions have now been introduced, targeting specific sectors and prohibiting certain activities that leave more room for interpretation.
Links between sanctions: Sanctions are not limited to the entities themselves
Organisations owned or controlled by sanctioned entities must also fall within the scope of sanctions lists and compliance programmes. In addition, customers who are not on a sanctions list but have a relationship with a sanctioned entity may also pose a risk.
Multiple sanctioning bodies: There are multiple sanctioning bodies with their own sanctions lists
The multiple sanctioning bodies, including sovereign states, regional associations, and international organisations such as UN, each publish their own sanctions, which are not always consistent.
Relevant Sanctioning Bodies
For the companies based within EU, the main sanctions authorities are the European Union, HM Treasury, the US Office of Foreign Assets Control (OFAC) and the UN Security Council. In addition, depending on the territories in which they trade, the currencies in which they trade and their partnerships and alliances, companies may also need to consider other sanctions bodies.
The EU consolidated list of sanctions applies to all EU citizens, wherever they are located in the world and corporate entities constituted in a member state.
The UK consolidated list of financial sanctions targets applies to all individuals and legal entities who are within or undertake activities within the UK’s territory, and all UK nationals and legal entities established under UK law, including their branches (irrespective of where their activities take place).
Office for Financial Sanctions Implementation (OFSI) is responsible for ensuring UK sanctions are implemented and enforced.
The specially designated nationals and blocked persons list (SDN) applies to all US citizens, wherever they are in the world, corporate entities constituted in the US, any entity that trades in US dollars, uses US goods or components, has a US parent, subsidiary or affiliate and/or work through a local agent or supplier with a US connection.
The United Nations Security Council sanctions list applies to all UN Nation states.
The companies and industries need to screen for sanctions
All businesses in all sectors are required to comply with the sanctions check requirements and therefore must have adequate controls in place. Historically, enforcement actions have been more prevalent in the financial services sector, but other sectors have also been subject to significant fines and some regulators are increasingly focusing their attention on other industries. For example, the Office of Financial Sanctions Implementation (OFSI) has published guidance on financial sanctions for charities and non-governmental organisations. Failure to comply with sanctions or to obtain the correct licence in the case of export controls can result in significant fines.
Law enforcement agencies can impose fines not only for sanctions violations, but also for failing to have adequate controls in place. This means that companies must ensure that they effectively screen not only direct third parties, but also their partners, beneficial owners, and extended supply chain for sanctions, particularly in regions known to have strong ties to sanctioned countries.
The way sanctions screening works
Sanctions screening involves matching individuals, groups, or companies against specific sanctions lists based on the territories in which an organisation operates, the currencies in which it trades, and its partnerships and alliances. This can be done by manually entering a name into an online search tool, by mass screening a customer database for sanctions alerts, or by periodically automatically checking customer and stakeholder databases.
When should a sanctions screening be conducted to ensure compliance with sanctions
Companies need to be able to keep up with the ever-changing sanctions landscape in order to remain compliant. To effectively manage sanctions risk, companies need to review their customers (both existing and new) and payment transactions against multiple sanctions lists, which can be challenging, especially for high volumes.
Sanctions review should be a top priority after the initial risk assessment when adding a customer or third party. In addition, firms should ensure that existing customers and third parties are regularly reviewed to ensure compliance with the dynamic and ever-changing financial and trade sanctions. Potential compliance issues should be addressed urgently, with clearly defined processes for escalation. All companies must have clearly defined responsibilities for sanctions compliance, as regulators are now scrutinising controls and procedures much more closely than ever before.
Challenges related to sanctions screening
The real challenge for many companies is not only to track down customers who are on sanctions lists and prevent them from doing business with the company, but also to avoid disrupting legitimate customers in their customer relationships and undermining the efficiency of the company's operations.
Under or over screening
If organisations do not screen thoroughly, there is a risk of 'false negatives' where companies subject to sanctions slip through the net.
Conversely, over-screening can lead to organisations producing a large number of 'false positives' where non-sanctioned companies are flagged as potentially sanctioned. These 'false positives' take time and resources to confirm they are not sanctioned.
A screening engine must be able to accurately match the company's risk exposure and screening rules, as well as handle inaccurate or imprecise data. Machine learning technologies can be used to automate the routine elimination of false positives.
It used to be a common case when companies relied on a third party for sanction compliance or "equivalence". But it is not acceptable anymore to work in the same format.
For example, banks historically relied on their correspondent banks' sanctions checks for mutual customers. Companies should seek advice from their professional advisers where appropriate.
In certain cases, economic sanctions imposed by different sanctions authorities are inconsistent. For example, OFAC and the EU have different stances on sanctions against Iran. OFAC has decided to reinstate sanctions against Iran, while the EU continues to grant sanctions relief and encourage EU companies to do business with Iran.
If the company is doing business with another company that is sanctioned by one agency but not another, they should be extra cautious and conduct additional checks.
Main tips needed for effective sanctions screening
Prepare the customer data well
Financial crime compliance costs have escalated, requiring a greater focus on operational efficiency in KYC/AML. It is highly recommended to streamline data collection processes, create common data pools and invest in enriching customer and third-party data.
Use proven, reliable technology and software to support sanctions checks
Solutions should be able to handle multiple lists, perform batch screening, and set up predefined searches tailored to an organisation's risk and policies.
Check against high-quality and comprehensive sanctions data
Screening activities should be based on extensively researched and constantly updated global risk information that includes the latest PEP and sanctions lists, negative media reports and enforcement reports from around the world.
AlphaLAW team can help you successfully manage sanctions risk. Contact us to find out more.