More complex and farther-reaching than ever before, supply chains make it possible for organisations to venture across borders, create new relationships, and launch new commercial ventures.
But supply chains are also more vulnerable than ever before. The more third parties that a firm integrates into its network, the more exposed it becomes to regulatory risk, including money laundering, terrorism financing, and sanctions evasion risk.
As the world’s largest economy, the United States has created a strict regulatory regime to counter the threat of global financial crime. Supply chain risk is an important part of that regime and firms that operate within US jurisdiction must factor that into their compliance solutions, including implementing effective adverse media screening measures.
However, in a regulatory environment as complicated and populous as the US, implementing effective adverse media screening isn’t always straightforward. In this post, we’re going to explore that challenge.
What is adverse media screening?
The term adverse media refers to any media that indicates compliance risk. Similarly, adverse media screening is the process of actively monitoring publicly available sources of risk data in order to accurately establish individual customers’ compliance risk.
By offering valuable enhancement to standard sanctions and watchlist screening, adverse media screening eables firms to uncover otherwise hidden risk.
Also known as “negative news screening”, adverse media screening should take in all relevant data sources, including traditional media such as print and television news, and online sources such as news websites, blogs, and social media platforms.
Adverse media screening is, essentially, a name matching process in which compliance teams search for their customers’ involvement in stories and other published content from across the global media landscape. With that in mind, adverse media screening solutions need to be able to account for both structured data, such as entries in lists and forms, and unstructured data, such as names that appear in sections of prose or in recorded audio and video files.
Screening solutions should also be capable of accounting for variations in language, such as different spellings, nicknames, aliases, initials, and so on.
Why is adverse media important for supply chain compliance?
An investigative news report, for example, may hint that sanctions against a specific person are in the works, prior to a later confirmation in a government press release, thereby enabling a firm to take prompt action to minimise or eliminate its risk exposure, and avoid regulatory penalties.
That utility extends to the supply chain, and to third-party screening requirements. While firms are typically used to managing the direct risk that their customers and clients present, third-party relationships up and down the supply chain can be much harder to scrutinise. Supply chains often hide their true compliance risk, especially if a network spans multiple parties, borders, regulatory environments, and so on.
The presence of bad actors within a third-party network adds even more complexity to the problem. Persons designated on sanctions lists, for example, may try to actively conceal their identities when dealing with business partners.
Adverse media screening in the US
US AML/CFT compliance regulations impose risk-based adverse media screening requirements. Although it’s not always an explicitly stated requirement, adverse media screening is typically a part of best practice recommendations, especially those relating to customer due diligence (CDD) and, for higher risk customers, enhanced due diligence (EDD).
Key adverse media screening considerations in the US include:
The Bank Secrecy Act (BSA): The cornerstone of AML/CFT regulation, the Bank Secrecy Act requires firms to implement risk-based compliance procedures, including monitoring for suspicious activity, which typically entails screening customers against adverse media.
The Customer Due Diligence Final Rule: A 2018 amendment to the BSA, the CDD Final Rule includes a requirement for “ongoing monitoring”, which (as mentioned previously) entails adverse media checks, even if they aren’t explicitly mandated.
The Financial Crimes Enforcement Network (FinCEN): The US’ primary financial regulator FinCEN also frames the requirement for adverse media screening as “ongoing monitoring” – a component of risk-based compliance with the BSA.
The Office of Foreign Assets Control (OFAC): Like FinCEN, OFAC does not impose an explicit requirement for adverse media screening, although it does require firms to conduct risk-based compliance when managing sanctions risk. With that in mind, adverse media screening is a best practice expectation.
The primary purpose of risk-based adverse media screening is to ensure that compliance teams get an up-to-date, accurate picture of their customers’ compliance risk. In the context of supply chain and third-party screening, and with the integration of automated search technology, there are numerous benefits.
Data management
Supply chain screening necessarily requires compliance teams to collect and analyse vast amounts of customer risk data, drawing on thousands of sources from across the globe. Automated screening solutions streamline and simplify that task, adding speed and accuracy to the name search process, accounting for structured and unstructured data, and reducing or even eliminating the potential for human data-handling error.
Language variations
Cross-border supply chain relationships often mean that compliance solutions need to screen data in multiple foreign languages. Screening technology can automate multi-language analysis requirements and account for regional variations in spelling, the use of nicknames and aliases, and the use of non-Latinate characters.
Real-time updates
Global supply chains and third-party networks are constantly evolving, with each new sanction or regulation introducing fresh compliance risks. Automated screening solutions mean that compliance teams can stay ahead of these changes, and be informed as soon as election results are announced, for example, or as soon as a relevant social media post is published.
Scalability
Business growth can also complicate supply chain risk exposure, especially when firms need to expand into new territories, and adjust for new compliance regimes. Automated third-party screening gives firms a way to scale their approach to screening along with their business ambitions, keeping pace with expanding risk exposure by simply augmenting the scope of their name search process to include new regulations, new customer populations, and so on.
More than compliance
For US companies, managing compliance risk is not just a question of avoiding financial penalties.
While regulators like FinCEN may punish firms for technical regulatory violations, members of the public may view association with unethical third parties just as negatively. That guilt by association may be applied even if the firm was not directly engaged with the offending entity and no regulatory violation took place. In a fast-moving and highly editorialised media landscape, the subsequent reputational fallout can be as (if not more) damaging than the government-imposed penalty.
To that end, robust supply chain screening solutions provide not only protection from regulatory punishment but valuable peace of mind that a firm is taking all possible steps to minimise risk and deliver on internal commitments to pursue ethical business practices.
Stronger, smarter screening with Ripjar
If your organisation is required to meet US supply chain screening requirements, it’s no longer enough to rely on manual adverse media processes – Google searches are both incredibly time-consuming and highly ineffective for this purpose. You need a comprehensive solution capable of capturing global risk, and delivering actionable financial intelligence in seconds.
Ripjar 3P60 is a next-generation screening platform designed to help compliance teams stay ahead of third-party and supply chain challenges. Leveraging advanced AI analytics to build flexibility and resilience into the screening process, Ripjar 3P60 cuts through the noise to identify regulatory and reputational risks from every direction as soon as they emerge, and ensure decision-makers have all the information they need to protect their businesses, and their reputation.
“Third-party risk is both daunting and kaleidoscopic.“
In global businesses, an endless stream of parties must be assessed, from payment counterparties to the value chain of suppliers and distributors. Furthermore, each party is examined for a growing list of risks, including compliance, ethical, reputational and prudential.
More than ever, businesses need a comprehensive and flexible risk management tool that scales up and down as needed to assure a consistent risk process and a singular library of all third-party risk. Welcome to Ripjar 3P60.
Different risks, different challenges
There are four key categories of third-party risk, each presenting distinct operational challenges:
Compliance risk
Legal obligations to comply with sanctions, restricted party classifications and export controls all bring compliance risks. Businesses typically assess this risk through simple screening tools in a low latency environment, such as customer onboarding or counterparty payments. False positives proliferate here due to difficulties with name matching and entity resolution.
Potential headline risk associated with customers, suppliers, distributors or other third parties can impact your reputation. In recent years, this type of risk has taken on a life of its own, especially in relation to forced labour, child labour or human trafficking. But risk coverage goes beyond these disturbing topics to cover areas including corruption, fraud, non-delivery and potential criminal wrongdoing.
Risk assessment here involves screening against wrongdoer lists and adverse media. False positives abound, due largely to ineffective entity resolution, especially among commonly used names.
Prudential risk
How well do you know your value chain? That indispensable group of suppliers and distributors? Do you know who controls them? Do you know all beneficial owners? Do you know their reputation in the market? Do you know their performance history? Do you know what political, corruption and sovereign currency risks may affect them?
Corporate entities tend to manage this risk through a largely manual process of researching, mapping and assessment. Ownership structures are identified and assessed. Political risk environments and supply routes are identified and assessed. These assessments, plus reputational risk gauging, are brought together and scored. The process is incredibly complex, heavily manual and needs to be continuously updated. In short, it is very expensive to fully implement.
Ethical risk
Do the parties you deal with share your values? Do they, or will they, follow your ethical policies and procedures? Often, risk is managed here through the use of certifications. Businesses will require suppliers and distributors to certify – usually annually – that they follow the firm’s ethical policies or procedures, or at least follow similar ones of their own. This annual certification process is tedious, time-consuming and full of manual tracking processes.
Risk strategy vs business reality
While the types of third-party risks are straightforward, the methods businesses use to assess these risks are anything but. Not every firm believes managing all these risks is prudent or commercially reasonable. No two businesses face the exact same risks, while risk tolerances – or “acceptable loss norms” as they are more broadly known – differ widely.
Some firms, therefore, make the commercially reasonable decision not to incur management expense related to particular risks, such as hiring personnel to manage the process, eliminate false positives and update results accordingly. And, even those that manage all four types of risk across the board rarely do so in a similar manner. Certain risks receive substantial management attention, while others are relegated to a “compliance only” status.
“Clearly, this is a market where one size does not fit all.”
You need a tool that fits your specific risk tolerance and enables you to scale up and down as needed. All risks and risk parties potentially need to be covered, even if you address each in your own bespoke way. You need a single, consistent and configurable way to assess and view risk, as well as an easily accessible central library providing single risk panes for all parties.
The good news is that current technology makes all this possible. A single, scalable platform is much more achievable now, and the latest AI has substantially lowered investment costs, as the number of employees required to run your system is a fraction of what it used to be.
Welcome to Ripjar 3P60
Ripjar 3P60 is the only tool on the market to afford you this convenience. The tool comes in three variations, each sharing configurable workflows which can be tailored specifically to your organisation, a common risk assessment schema, and an AI-powered Digital Assistant to double check your team’s work, reduce false positives, and constantly update your results.
“Thoroughness, consistency, flexibility, efficiency and tailoring is what you need.”
Ripjar 3P60 comes in three options to suit different third-party risk management requirements:
Ripjar 3P60 Screen
This dual low and high latency screening engine enables you to satisfy your regulatory compliance obligations. Screening against a potentially limitless group of sanctions, restricted party and export control lists, Ripjar 3P60 Screen utilises the latest in probability-driven entity resolution and AI digital assistant technology to significantly reduce false positives and work to avoid all false negatives. Its configurable scoring matrix allows you to customise your risk assessments to meet your needs, enabling all results to be scored properly and consistently.
Ripjar 3P60 Assess
This option meets your compliance and reputational risk needs as well as covering baseline prudential risk management. Screen all counterparties for compliance purposes, screen all suppliers and distributors (and potentially some or all customers) for reputational risk concerns, and identify all beneficial owners and control persons across your value chain.
Ripjar 3P60 Assess is backed by the same technology and features as Ripjar3P60 Screen, while enabling you to cast the net wider to assess a broader range of risks. Your AI-powered Digital Assistant will continuously monitor and update records, scores and approvals as needed, and will create the building blocks to establish your global value chain map.
Ripjar 3P60 Intelligence
This comprehensive solution covers all your third-party risk management needs. Everything in Ripar 3P60 Screen and Assess is included, plus a full value chain map listing vulnerabilities from political, sovereign and transport route risks. All parties are thoroughly vetted and assessed, with your Digital Assistant working continuously in the background and supporting your team to avoid false negatives and positives.
Your Digital Assistant ensures that all work is up to date and properly assessed according to your configured scoring rules. Furthermore, our ethical certification engine configures certifications for your needs, with Ripjar’s Digital Assistant constantly tracking and ensuring compliance across your supplier and distribution chains.
In a volatile global political climate, effective sanctions screening isn’t optional – spotting potential supply chain sanctions evasion is critical for global organisations.
The United States, for example, added over 3,000 names to its Specially Designated Nationals (SDN) list in 2024, compared to 2,500 in 2023. Similarly, in May 2025, the European Union imposed its 17th package of Ukraine sanctions, expanding restrictions against Russia and Vladimir Putin’s regime.
Long story short, the complexity of the global sanctions landscape, the severity of penalties for violations, and impact of ensuing reputational consequences, have increased the compliance burden significantly.
For global firms with a network of cross-border business relationships, that means it’s no longer sufficient to screen only customers and clients for sanctions risk. Instead, the scope of their screening solutions must expand to cover their wider third-party networks and supply chains, taking in suppliers, partners, distributors, contractors, and so on.
Meeting that expanded screening obligation requires firms to not only adjust their compliance tech stacks, but understand their third-party risk exposure. However, the sanctions risk posed by a supply chain or a third-party relationship is not always obvious or intuitive, and may even be hidden from basic sanctions screening processes.
With that in mind, we’ve put together a guide to some of the key red-flag indicators of supply chain sanctions risk. If you’re looking to strengthen your screening process, it’s worth becoming familiar with these red flags so that you can optimise your compliance performance from the ground up, and avoid unnecessary regulatory friction.
Why Are Supply Chains Vulnerable to Sanctions Evasion?
While most organisations are familiar with the immediate risks posed by their customers and clients, the need to factor in supply chains and third-party risk management makes things more complicated.
That’s because, in a global professional landscape, most firms operate amidst sprawling physical and digital networks, which span borders, industries, and regulatory environments. As part of that connected world, firms necessarily face a higher volume of sanctions compliance threats, and consequently, a greater exposure to risk.
Unfortunately, in this context, compliance isn’t quite as easy as checking a customer’s name against the relevant sanctions list (or lists). Third parties pose significant hidden sanctions risks because they may operate to different regulatory standards, may be concealing their liability, or, in worst case scenarios, attempting to evade sanctions and thwart scrutiny.
The only way to effectively manage that expanded risk is to implement a robust screening solution, capable of managing vast amounts of third-party data and of adapting to the fluctuations of the sanctions landscape.
Now that we know why it’s important to strengthen supply chain sanctions screening, let’s move on to the things you need to look for.
Common Red Flags for Sanctions Evasion
Proximity to sanctioned jurisdictions
Counterparties that are based in, or that route goods through, a country bordering a sanctioned jurisdiction may be masking the ultimate destination of those goods. Not all countries maintain solid borders, and certain trading entities may attempt to exploit that by covertly moving goods into an adjacent sanctioned jurisdiction.
Changes in trading behaviour
When a counterparty makes abrupt changes to its trading behaviour, the goods and services it offers, or its ownership structure, this may be indicative that it’s engaging in sanctions evasion. For example, a shift away from the trade of electronic goods, which are typically designated on sanctions lists, in favour of trade in textiles, which are not frequently targeted, could be an indicator of risk.
Shell companies
Persons engaging in sanctions evasion may attempt to avoid screening measures by concealing their identities (and, by extension, the true risk they pose) behind shell companies, or behind overly complex corporate infrastructure. Examples of this kind of red flag include companies that have suspiciously little or no online presence, minimal staff, or no physical premises.
Document discrepancies
Discrepancies in documentation, such as mismatches between shipping records and invoices, may indicate sanctions evasion activity – specifically, attempts to conceal the trade of sanctioned goods. Be alert for vague or inconsistent descriptions of shipped goods, or miscalculated quantities of cargo.
Financial holdings in third countries
Be vigilant for companies that hold settlement accounts in third countries with deficient anti-money laundering (AML) and counter-financing of terrorism (CFT) regulations. Lax enforcement in these jurisdictions may create opportunities for sanctions evasion.
High risk and dual-use goods
Certain goods are highly regulated because of their potential for criminal misuse, while others have both civilian and military applications, and so are classified as “dual-use”. Companies that trade in these types of goods pose a higher sanctions risk and should be scrutinised closely during screening.
Unusual intermediaries
Companies that engage multiple intermediaries or third-party consignees to facilitate trade, without explanation, may be attempting to distance themselves from buyers and end-users in an attempt to avoid sanctions. A sudden engagement of a new intermediary may be similarly indicative of risk.
Lack of end-use documentation
End-use of goods is a critical sanctions consideration. Legitimate trading partners should be able to provide documentation to support the end-use of the goods they are importing or exporting. Therefore, failure to provide end-use documentation may indicate an attempt to evade sanctions restrictions.
In isolation, each of the listed red-flag indicators doesn’t necessarily confirm that an organisation or individual is engaging in sanctions evasion. Collectively, however, or in combination they may inform a compliance response, and represent the difference between a decision to initiate enhanced screening, to freezing a transaction and alerting the relevant authorities.
Firms should perform risk assessments on third parties in their supply chain. That process will necessarily involve data collection and analysis, and a need to obtain a range of identifying information from third parties, including names, addresses, company incorporation documents, financial records, and so on. Where that information points to a higher level of risk, firms may seek to perform enhanced due diligence.
Continuous monitoring
The shifting geopolitical landscape means that third-party risk exposure can change quickly. To account for this change, firms must conduct ongoing sanctions screening of third parties (rather than just at onboarding, periodically or the start of a business relationship), in order to ensure the accuracy of established risk profiles.
Harness external data
To perform risk assessments on targets up and down the supply chain, firms need to be able to collect and manage vast amounts of external data. That data should be of a sufficient quality, and broad enough scope, to support effective compliance decision-making. In practice, this means screening not only official sanctions lists and watchlists, but a range of credible global adverse media sources, including screen and print media, and social media.
Leverage technology
Screening solutions are key to the sanctions data management challenge. Firms should aim to automate as much of the process as possible in order to manage the thousands of data sources necessary to build accurate risk profiles. Artificial intelligence (AI) systems offer a significant advantage in supply chain screening: not only do they provide speed and accuracy, but can spot hidden patterns and connections in risk data to help build a comprehensive overview of a firm’s risk exposure.
Build a culture of compliance
Screening technology is only as effective as the human experts using it. To ensure optimal third-party risk management, firms should support their employees’ roles in the compliance effort by offering regular training and skill development. That process will ultimately contribute to a company-wide culture of compliance that can only enhance the contribution of compliance teams as they adapt to new regulations and new sanctions evasion strategies.
Spot More Red Flags With Ripjar 3P60
Ripjar’s AI-powered screening platform Ripjar 3P60 is designed to help firms meet their third-party and supply chain compliance challenges in jurisdictions around the world. A comprehensive third-party risk management solution, Ripjar 3P60 builds flexibility and resilience into your screening process from the ground up, and leverages advanced AI analytics to help you deal with risks whenever and wherever they emerge.
Sanctions risk is a fact of life for every global business but in the last few years, that risk has grown significantly. Geopolitical crises, such as Russia’s invasion of Ukraine, have prompted governments to add hundreds of new designations to sanctions lists, and renew or expand existing measures. The US, for example, added over 3,100 names to its Specially Designated Nationals (SDN) and Blocked Persons List in 2024 – a 25% increase on 2023.
In this climate, sanctions obligations don’t end with a round of basic checks of global watchlists. Compliance solutions need to be capable of dealing with the direct sanctions risk exposure posed to firms by their customers and clients, but also with the third party risk posed by their supply chains.
An organisation’s suppliers, partners and vendors may represent third party networks that span multiple jurisdictions, geographies, goods, intermediaries, and ownership structures. Add to that, the potential for bad actors attempting to evade sanctions, or conceal their actions with shell companies, and the supply chain risk factor quickly becomes considerable.
Given the complexity of this environment, and the potential regulatory penalties, it’s imperative that sanctions risk is treated as a core compliance priority as firms build their supply chain.
And the best way to approach that challenge is to build robust sanctions compliance into the supply chain from the outset, with a solution that can adapt to an evolving regulatory landscape and emerging geopolitical risks.
In this post, we’re going to discuss the key steps involved in doing just that.
Effective screening remains the best way for firms to learn about their clients and establish the sanctions risks that they pose. Accordingly, acquiring suitable screening technology should be your first priority when building a sanctions-ready supply chain.
However, while most approaches to sanctions compliance entail a screening process for clients, involving a search for names designated on the relevant sanctions lists (such as the SDN list), supply chain risk requires a much broader screening scope.
That means that you must implement screening technology capable of covering all relevant counterparties that form part of the third party network – vendors, suppliers, partners, and so on – in those list searches. This comprehensive approach to sanctions risk shouldn’t stop at list searches, either, but should serve to acquire as much data as possible on search targets including:
Adverse media stories: Sanctions risk is often revealed in adverse media stories long before persons are officially designated on sanctions lists. Investigative journalists may break stories that impose sanctions evasion activities and indicate that you should change your compliance response.
Politically exposed persons (PEPs): Elected officials and government employees pose a greater sanctions risk because of their proximity to political and bureaucratic financial resources.
Following Financial Action Task Force (FATF) recommendations, sanctions screening solutions should be risk-based. This means that you must deploy compliance measures in proportion to the risk that your organisation faces: lower risks demand a less intensive compliance response, higher risks, a more intensive response.
However, the effectiveness of a risk-based screening solution relies on you being able to accurately assess your supply chain to determine the risk that it poses. The sanctions risk assessment serves to help establish your risk appetite, define thresholds for compliance decision-making, and then dedicate resources to achieving those compliance objectives.
To conduct an effective risk assessment, you need to map your supply chain and capture any relevant risk factors. These may include:
Sanctions lists: It’s important to identify the relevant sanctions lists that pose a compliance risk to your organisation. For example, firms in the EU must screen against the EU consolidated list, and so on.
Industry: Different industries pose different levels of sanctions risk. Persons involved in, or connected to the shipping industry, for example, or those that trade in dual-use items, often carry a high sanctions risk.
Location: Supply chains that contact certain geographic locations, such as Russia, China, and the Middle East, may carry an elevated risk.
Corruption: Supply chains that involve jurisdictions with comparatively weaker regulatory infrastructure may be more vulnerable to corruption and associated sanctions evasion activities.
Step 3: Leverage Technology and Data
The success of the steps outlined above is dependent on you being able to implement a technology solution capable of managing the vast amounts of data involved in the supply chain risk assessment process. The solution must also output high quality intelligence that facilitates effective compliance decision-making in a constantly evolving sanctions risk landscape.
Given the expanded data demands of supply chain compliance, you’ll need to move your solution beyond manual processes and focus on automating as much of the process as possible, enabling your compliance team to focus their time on the activities where their skills are best used. With that in mind, you need your sanctions screening technology tools to deliver the following capabilities:
Real-time monitoring to help identify suspicious activity, including red flag indicators of sanctions evasion.
Data integration from a wide range of sources, including sanctions, watchlists, PEP data, adverse media, plus your own internal data in both structured and unstructured formats.
Entity resolution and advanced analytics capable of revealing hidden links to sanctions risk, and connecting supply chains to persons designated on sanctions lists.
Global adverse media screening capabilities covering screen and print media, digital media, and social media content.
Multi-language tools capable of screening natively against foreign language sources, and accounting for regional spelling and naming variations.
Automation to streamline responses to sanctions risk, including triaging alerts, assessing evidence, and automatically reviewing and closing false positive alerts.
Step 4. Train and Raise Awareness Across Your Organisation
A sanctions screening solution is only as good as the human employees that run it. To that end, you’ll need to ensure your compliance team members understand the organisation’s risk appetite, and have the necessary expertise to deal appropriately with the outputs and alerts that your solution generates.
So, to keep compliance teams up to speed with the capabilities of your screening technology, and the latest regulatory developments, you’ll need to implement a schedule of regular training and skill development. Your goal should not only be to impart regulatory and technical understanding, but to create a culture of compliance in which emergent challenges don’t disrupt services, and teams can adapt quickly to new risks.
You’ll need to extend this culture of sanctions compliance across your wider business, especially if your firm is part of a larger group of companies where some may be operating in different regulatory environments. This could mean establishing your sanctions obligations at group level, identifying further obligations for different locations, developing additional training materials, and implementing a mechanism to verify that overseas branches, subsidiaries, and local partners have understood, and are compliant with, the relevant standards.
To facilitate this kind of organisation-wide transformation, think about:
Policies: Consider centralising your compliance policies while localising specific controls.
Overseas training: Focus on training overseas offices on key sanctions obligations and red flag indicators of sanctions evasion activity specific to their locations.
Tools and frameworks: Provide access to shared screening tools and decision-making frameworks to ensure a consistent approach.
5. Maintain Robust Third Party Due Diligence Processes
Your supply chain sanctions compliance work is never done – it’s an ongoing process that evolves and grows with the business relationships that you maintain, and the sanctions risks that you face.
It’s therefore important to think about the following third party due diligence processes:
Continuous monitoring: Don’t simply conduct a risk assessment at the beginning of a business relationship as a one-off. You’ll need to monitor third parties in your supply chain constantly to ensure their risk profiles remain accurate. Leverage technology to automate rounds of screening and integrate real-time adverse media monitoring tools to be notified of changes in risk as soon as possible.
Geopolitical risk: Stay informed of emerging areas of geopolitical risk as a way of anticipating sanctions risk. The greater your awareness of potential new risks, the better able you’ll be to adjust your sanctions solution.
Evasion strategies: Be aware of the latest sanctions evasion tactics. Monitor for updates and guidance from relevant national and international regulators, such as the FATF, to ensure you receive the correct information and advice when the global risk landscape changes.
Reassess regularly: Conduct periodic risk assessments to test the efficacy of your supply chain risk solutions. Reevaluate your risk appetite after regulatory updates and geopolitical events.
Master Supply Chain Screening with Ripjar
In a period of unprecedented geopolitical uncertainty, it’s more important than ever to protect your organisation, and your reputation, from risk. You can do that by extending your sanctions compliance priorities to your supply chain, and leveraging technology to shoulder the increased data burden.
Ripjar’s AI-powered screening platform Ripjar 3P60 is designed to help firms meet that goal. A scalable, comprehensive approach to third party risk management, Ripjar 3P60 builds automated efficiency, flexibility, and resilience into your third party screening process, leveraging advanced machine learning to help you spot supply chain risks, and deal with them before they can harm your business.
The proliferation of weapons of mass destruction (WMDs) is one of the critical security issues of the 21st century. With geopolitical tensions rising, the business community must play its part in preventing terrorist and criminal organisations not only acquiring these types of weapons, but facilitating their movement around the world.
In this climate, spotting potential proliferation financing activity is a compliance priority. This means that firms must understand the relevant regulations, and adjust their screening solutions to account for risk exposure.
What is Proliferation Financing?
Proliferation financing (PF) is the act of providing funds that support the movement of WMDs, including nuclear, chemical, and biological weapons, around the world.
Given the elevated global risk of terrorist attacks, and the challenges involved in detecting financial crimes, governments have placed regulatory obligations on businesses, and particularly on financial services firms, to help combat PF and target its sources.
PF shares characteristics with other financial crimes, specifically money laundering and the financing of terrorism, and so may be detectable via existing screening measures. Persons involved are often designated on sanctions lists, for example, or may attempt to conceal their transactions via shell companies and corporate infrastructure.
In other contexts, however, it is harder to detect PF because related transactions and activities do not necessarily share the same red flag indicators of criminality. For example, criminals may seek to bypass regulations and screening measures by transporting only legal component parts of WMDs, or by transporting “dual use” materials that may be repurposed for the construction of WMDs by end users.
The risk of PF goes beyond persons directly paying for the transport of WMDs, and extends to persons that may be providing services unknowingly. On the other hand, persons that are knowingly involved in PF often employ sophisticated evasion tactics to evade screening measures. In some cases, heavily sanctioned governments may engage in PF activity, and use state apparatus to do so.
High Risk Countries
Certain countries represent a higher PF risk than others, these include:
North Korea: The government of North Korea is actively pursuing a nuclear weapons programme and has demonstrated a willingness to attempt to evade sanctions.
Russia: Heavily sanctioned by multiple countries since the invasion of Ukraine in 2022, Russia is attempting to evade restrictions by importing dual use materials for use in military weapons technology.
Iran: The government of Iran has demonstrated an ongoing desire to develop a nuclear weapons programme.
China: China has demonstrated a desire to expand its own nuclear arsenal, and has facilitated other countries’ evasion of sanctions, including North Korea and Russia.
Syria: Under its previous government, Syria was known to have deployed chemical weapons, and financed its acquisition of WMDs via the sale of oil and petrochemicals.
Global Regulatory Response
Governments around the world are increasingly framing PF as a serious criminal risk, however, other than designation in sanctions programmes, dedicated PF regulations lag behind those applicable to similar financial crimes, such as money laundering and terrorist financing.
In light of the FATF’s strengthened focus on PF, the United Kingdom has led the international community in taking regulatory action. In 2021, for example, the UK government conducted its first National Risk Assessment of Proliferation Financing (NRAPF). Given the UK’s status as an international financial hub, the NRAPF suggested that the UK government put regulatory measures in place to address PF risk.
Accordingly, in 2022, the UK government amended the Money Laundering and Terrorist Financing Act to introduce new PF identification and risk screen requirements. The UK has also applied strict liability to sanctions breaches, meaning that penalties may be applied regardless of knowledge or intent behind the violation.
Firms that break PF rules and regulations face serious financial and even criminal consequences.
In the UK, for example, under the Money Laundering Act, the Office of Financial Sanctions Implementation (OFSI) has the authority to impose unlimited fines, and prison sentences of up to 7 years for PF rules breaches. Those penalties may be imposed in addition to existing sanctions rules, under which OFSI can fine companies up to £1 million, or 50% of the value of the offending transaction (whichever is greater), and name and shame companies publicly.
Regulatory Risk to Financial Institutions
Banks and financial services organisations are on the front line in the fight against PF, and may be exposed to compliance risk in numerous ways. Key examples of PF risk include:
Layered transactions: Persons designated on sanctions lists may route transactions through multiple accounts in order to obscure their origin and evade screening measures.
Dual use materials: Companies trading in dual use materials, particularly technology such as aerospace components or microelectronics, pose an elevated PF risk.
Shell companies: Criminals may attempt to use shell companies or complex corporate infrastructure to obscure the origin and destination of PF-related transactions.
Missing or incorrect transaction details: Criminals may intentionally withhold or misspell PF-related transaction details in order to evade AML/CFT scrutiny.
High risk countries: Transactions that involve parties in high risk AML/CFT territories (such as those listed above) carry an elevated PF risk.
Cryptocurrency: The anonymity of cryptocurrency transactions puts them at a higher risk of involvement in PF activity.
Third Party Risk
PF activity typically involves firms’ relationships with third party organisations, such as shipping and transportation companies. With that in mind, PF compliance screening should go beyond a singular focus on companies in the financial sector, and include relationships up and down the supply chain.
That means screening measures should account for the complexity of supply chains, and the potential for regulatory disparity across international borders. Key third party and supply chain risk factors include:
Persons designated on global sanctions lists.
Companies trading in dual use materials.
Suppliers operating in high risk industries, such as shipping.
Suppliers operating in high risk jurisdictions.
Persons designated on politically exposed persons (PEP) lists.
While third party risk factors may not necessarily result in direct regulatory violations, firms that are revealed to have relationships with third parties that are exposed as being involved in PF often incur reputational damage.
Implementing a Proliferation Financing Risk Management Strategy
The scale and complexity of PF risk means that firms should carefully consider their compliance posture, and, ideally, integrate an AML/CFT screening solution to help them manage their threat environment.
An effective PF risk management strategy should involve the following measures and controls:
Screening during onboarding
Firms should establish new clients’ PF risk levels as quickly and as accurately as possible. This means conducting robust customer due diligence (CDD), and applying suitable screening measures during onboarding, with a focus on sanctions designation, and designation on PEP lists. The screening process should be global in scope, which means searches should be conducted in multiple languages, and include scrutiny of other critical risk indicators, such as adverse media stories.
Beneficial ownership
As part of the due diligence process, firms should aim to establish the beneficial ownership of client companies in order to account for the possible misuse of shell companies or complex corporate structures as a means to disguise PF activity.
Continuous monitoring
Following onboarding, firms should continuously monitor their clients for PF risk in order to account for changes to risk profiles over time. This means maintaining a regular screening schedule with a focus on updates to sanctions lists, suspicious transaction patterns, changes in company ownership, and emerging adverse media stories.
Risk scoring and segmentation
PF screening should be risk-based. With that in mind, firms should seek to establish a risk scoring system to enhance their risk assessment process, with higher scores applied to higher risk jurisdictions, industries, and transactions, or to persons designated as PEPs. Similarly, audience segmentation – the process of grouping audiences by risk characteristics – can help compliance teams conduct risk assessments more efficiently.
Sanctions and watchlists
Effective sanctions and watchlist screening is a critical component of PF compliance. Firms must implement sanctions solutions that capture domestic and international sanctions designations, and listings on the relevant watchlists.
Adverse media
Changes to a client’s risk profile may be revealed by the media before they are confirmed officially. With that in mind, PF screening should include automated adverse media searches, in multiple languages, and with sufficient scope to capture third party risk.
Going Beyond the List
Given the global scale of PF, it’s critical that compliance solutions “go beyond the list”, which means going further than simple sanctions and watchlist name searches, and instead building out the most complete risk profile possible for each client.
That means leaving manual screening processes behind and, instead, implementing automated AML/CFT screening tools with powerful name search and identity matching capabilities. The tools that you choose should be able to screen against thousands of data sources, in multiple languages, while accounting for sanctions evasion tactics, disparities in spelling and naming, and the possibility of PF risk emerging from third party relationships and PF-adjacent activities. With those factors in mind, and the need to manage vast amounts of customer screening data, it’s worth leaning into the efficiency benefits of AI-enhanced search technology, which can not only boost the accuracy of PF screening results, and reduce false positives, but support stronger compliance decision-making.
Supply chains are critical to the global corporate landscape, but any reliance on a third party also comes with a level of regulatory risk, which firms must factor-in to their compliance solutions.
From breaches of anti-money laundering (AML) and counter-financing of terrorism (CFT) rules to institutional corruption, cyber-security failures, and human rights abuses, the consequences of third party risk can be just as damaging as internal regulatory failures – not least because incidents often also inflict reputational damage. Third party risks are not a low-priority issue: a focus on cybersecurity risk alone reveals that up to 98% of organisations worldwide have had a business relationship with a third party vendor that has suffered a data breach.
Awareness and understanding are key to identifying and managing third party risks, and to implementing effective mitigation measures. In this post, we’re going to examine some of the key pain points associated with third party risk management, and how firms can deal with them.
Supply chain risk
Most organisations are comfortable managing the challenges of their immediate risk environment, including carefully calibrating their screening and monitoring solutions. When it comes to the risk environments of their suppliers, however, identifying threats becomes more complicated.
Supply chains typically cross multiple borders and multiple risk environments, which complicates the risk assessment process. Not only do firms have to think about a higher volume of threat vectors, but take steps to ensure that their suppliers are operating in compliance with the relevant regulations. The complexity of a supply chain magnifies the compliance challenge: cross-border chains carry a higher likelihood of regulatory disparity, while multiple different entities make different internal compliance approaches more likely.
Key supply chain compliance risks include:
Suppliers that operate in high risk industries, such as shipping or payment services.
Suppliers that operate in jurisdictions with lower AML regulations.
Sanctions designations against persons or countries within, or connected to, a supply chain.
The presence of politically exposed persons (PEPs) within supply chain companies, or connected to them via friends or close associates.
The principles of supply chain risk management are similar to those applied to customers. That means firms must implement suitable supply chain due diligence measures, along with screening and monitoring processes, in order to assess and establish risk as accurately as possible.
Reputational risk
We’ve focused on the regulatory risks that supply chains pose, but third party risk is not just about legal consequences – it also includes reputational damage. In fact, reputational damage can occur even in cases where there is no technical breach of law, and can hurt a firm just as much as a financial penalty.
In some contexts, the mere existence of a business relationship between one entity and another can be enough to create a negative public impression, regardless of whether a client organisation has broken compliance rules. With that in mind, reputational damage is often a result of negative environmental, social, and governance (ESG) factors, which may include:
Carbon emission levels
Preservation of biodiversity and natural habitats
Ethical labour practices
Workplace diversity, equity, and inclusion
Health and safety practices
Corruption
Human rights abuses
The consequences of reputational damage can be difficult to predict, but may translate to customer boycotts, adverse media stories, and increased regulator attention. The sheer diversity of reputational concerns can be a particularly problematic factor for corporate entities with large global footprints, or with extensive supply chains. Reputational risks can be managed in the same way as other compliance concerns but, again, may require firms to extend the scope of their screening and due diligence measures.
Ongoing due diligence
The supply chain and reputational risks listed above represent ongoing compliance concerns, and mean that firms must factor them into their risk-based compliance solutions. In practice, this means treating third party relationships in a similar manner to business relationships, including performing due diligence in order to inform risk assessments.
Where conventional customer due diligence (CDD) measures help firms verify that customers are who they say they are, supply chain due diligence helps to verify that suppliers are meeting the standards that they claim to be. Supply chain due diligence is often a compliance pain point because it involves an intensive manual collection process of third party documents and information such as:
Company names, addresses, tax numbers and incorporation documents
Beneficial ownership details
Historical financial data such as tax reports
Internal risk assessment data
Internal financial data such as cash flow, debts, and liabilities
Regulatory environment information and historical AML/CFT compliance records
Supply chain due diligence should take place at the start of the supplier relationship and should be refreshed on a regular schedule to capture changes in a supplier’s risk profile. Ideally, that ongoing due diligence should be supported by peripheral compliance measures, including adverse media screening, and sanctions and watchlist screening.
Stay ahead of third party risks
Third party risks typically require firms to expand the scope of their compliance solutions, rather than taking a different approach to existing screening, monitoring or due diligence. That need adds volume to the compliance burden – a factor that can put unsustainable pressure on firms that rely on manual techniques to establish risk, such as searching for customer names on Google, or manually entering names into sanctions lists or PEP lists.
Fortunately, compliance teams have options for mitigating the challenges of third party risk, not least by supporting or (where possible) replacing manual processes with automated software tools. Automated screening software adds valuable speed to tasks that would have taken hours to complete manually, and high detail accuracy which reduces the potential for human error.
Most importantly, automated third party risk screening enables firms to dramatically boost the scope of their searches to a truly global scale. Automated name searches, for example, can cover thousands of global data sources, including news reports, sanctions lists, watchlists and more, delivering actionable intelligence in seconds, and helping firms make faster, stronger compliance decisions about every third party relationship.
