Sanctions provide governments and international organizations with ways to achieve foreign policy objectives and to punish and prevent violations of international law, including human rights abuses. An important tool in the fight against global financial crime, sanctions measures may target entire countries, or groups and individuals, and involve a range of financial prohibitions and restrictions – which firms must screen against to ensure regulatory compliance.
The sanctions screening process is a significant compliance challenge and should be an anti-money laundering (AML) and counter-financing of terrorism (CFT) priority. Targets may be designated on sanctions lists for a variety of reasons that generally reflect their government’s involvement (or their personal involvement) in international criminal activity such as terrorism, weapons proliferation, drug trafficking, cybercrime, or human rights abuse. The financial restrictions that sanctions impose on their targets include:
- Trade embargoes
- Trade prohibitions on certain products or industries
- Investment prohibitions
- Asset freezes
- Travel bans
Firms that fail to comply with sanctions regulations face significant penalties, including fines and even prison sentences – along with the reputational damage that comes with doing business with sanctions targets and being publicly exposed for contravening regulations. With those risks in mind, it is important that firms implement an effective sanctions screening solution to ensure that they meet their regulatory obligations and do not wittingly or unwittingly help criminals break international law.
What is a sanctions list?
While governments devise and implement sanctions programs via the legislative process, sanctions measures are enforced by domestic authorities which add the names of designated targets to sanctions lists and watch lists. In the United States, for example, sanctions lists are maintained and enforced by the Office of Foreign Assets Control (OFAC) and in the United Kingdom, by the Office of Financial Sanctions Implementation (OFSI). Sanctions lists are updated regularly by their controlling authorities and are generally available online.
In order to comply with sanctions regulations, obligated entities such as banks and financial institutions must screen their customers against the relevant sanctions lists – and take appropriate action if they find a match. Sanctions lists may be organized by target countries (or target individuals), such as the US’ Cuba Sanctions, Belarus Sanctions, or Chinese Military Companies Sanctions, or, alternatively, by the nature of sanctionable offences, such as the US’ Counter Terrorism Sanctions or Counter Narcotics Trafficking Sanctions.
Sanctions screening challenges
The sanctions screening process requires obligated entities to process vast amounts of customer and transaction data and take into account a range of relevant factors such as geographic location, political status, beneficial company ownership, and foreign naming conventions. Firms must implement a screening solution that captures the relevant data efficiently without generating an overbearing compliance burden through false positive alerts, and without searching so narrowly that they miss crucial risk liabilities.
Some of the key challenges of sanctions screening include:
Sanctions updates: Geopolitical events mean that the sanctions landscape changes constantly as governments add new names to sanctions lists and withdraw old ones. In 2021, for example, US, UK, Canada, and EU sanctions on China, prompted a range of retaliatory sanctions by the Chinese government, complicating the sanctions landscape significantly for firms within the relevant jurisdictions. Firms must keep pace with updates to sanctions lists by ensuring they are conducting continuous automated searches of the most recent versions of those documents.
Jurisdictional obligations: In any given jurisdiction, firms must manage a complicated set of sanctions compliance obligations often relating to numerous countries, organizations, and individuals. In the US, for example, firms must screen against OFAC’s Specially Designated Nationals (SDN) List, the Consolidated Sanctions List, and a number of additional sanctions lists. The most efficient screening solutions should ensure that firms screen against the lists relevant to their jurisdictional compliance regulations, and apply the relevant financial restrictions to the targets.
Policy and procedure: Given the complexity of sanctions regulations, it is crucial that firms set out clear internal policies and procedures for their screening process. Siloed data, poor communication channels, and unsuitable search software may contribute to screening inefficiencies, regulatory blindspots, and, ultimately, poor compliance performance. Accordingly, firms should review the effectiveness of their sanctions screening process regularly, performing stress tests, and audits to identify and address weaknesses.
Naming conventions: Many foreign language systems use different naming conventions that make sanctions name searches more challenging. Some Asian cultures, for example, reverse the first-name, surname convention used in Western culture, while transcriptions of Arabic names into English may involve significant spelling variation. Similarly, some names may be spelled with non-Latinate characters, using, for example, the Cyrillic, Mandarin, or Arabic alphabets. To account for foreign naming conventions, sanctions screening solutions should integrate sophisticated text analytics and transliteration tools calibrated to an organization’s risk priorities.
Sanctions best practice
Following Financial Action Task Force (FATF) guidance, firms should implement a risk-based approach to sanctions compliance and deploy compliance measures commensurate with the risk that individual customers present. Effective risk-based sanctions screening solutions are built on the Know Your Customer (KYC) process: organizations must ensure they know who their customers are, and what kind of transactions they are involved in, in order to build accurate risk profiles and to ensure sanctions compliance measures are applied correctly.
With that in mind, firms should consider deploying the following AML/CFT measures and controls to enhance their sanctions compliance performance:
Customer identification: The accuracy of the customer data that firms collect will have a significant effect on the efficiency of the sanctions screening process. Insufficient or inaccurate data will generate larger numbers of false positive alerts, over-burdening the compliance solutions and undermining customer experiences. With that in mind, it is vital that firms verify the identities of their customers prior to sanctions screening by performing suitable customer due diligence, obtaining the relevant identifying documents such as passports, driving licenses, birth certificates, and company incorporation information. During the due diligence process, firms should pay particular attention to customer names, taking into account the use of common prefixes, secondary names, suffixes and the use of AKA (‘also known as’) naming conventions.
Beneficial ownership: The use of shell companies to disguise ownership of assets and evade sanctions restrictions is a well-publicized financial crime. Recent investigations, including the Panama Papers and the Paradise Papers, have revealed numerous examples of sanctions targets concealing their identities behind foreign corporate infrastructure. The sanctions risk posed by shell companies means that firms should seek to establish beneficial ownership of any companies that they do business with, applying the same AML/CFT scrutiny to corporate customer entities as is applied to individual customers.
Technology: As sanctions list change and new regulations emerge, the technology that firms use to screen their customers becomes more important. Most sanctions regimes require firms to collect vast amounts of data – and then analyze and process that data within strict time periods. Given the potential compliance burden, sanctions technology platforms should be a priority for all compliance solutions. In addition to facilitating the flow of high volumes of data, sanctions software can help firms build out their risk-appetite as part of a risk-based response, using features like fuzzy logic and other name matching capabilities to ensure they are capturing risk liabilities without overscreening.
Sanctions data: Unstructured sanctions data elements that are pulled from an array of disparate sources will take longer to process and analyze, and increase the compliance burden that firms face. Accordingly, the sources of sanctions data should be a compliance priority: firms should consider the quality and quantity of data that a source provides, and how often that data is updated. Firms such as Dow Jones Risk and Compliance provide high quality data that firms and regulators trust globally. Similarly, firms should seek to use consolidated lists that compile all sanctions applicable under a certain regime in order to enhance the efficiency of their screening process.
Transaction monitoring: Firms should constantly monitor their customers for indications that they are transacting with sanctions targets. This means being vigilant for certain red flag financial behaviours, including unusual transaction patterns and transactions into and out of high-risk AML/CFT jurisdictions.
Politically exposed persons: Elected officials and government employees pose a much higher risk of being sanctions targets than other types of customers. Accordingly, firms must take steps to establish whether customers are politically exposed persons (PEPs) and adjust their compliance response accordingly. The PEP screening process should be performed throughout business relationships to capture changes in customer status.
Adverse media: News stories may reveal customers’ designation (or potential designation) as sanctions targets before that information is officially confirmed. With that in mind, firms should prioritize adverse media screening as part of their sanctions risk management solution. Adverse media screening should involve searches of a range of relevant sources, spanning foreign screen, print, and online news outlets from the relevant locations. While firms may be vigilant for information pertaining directly to customer sanctions designations, adverse media may also capture peripheral activities that may increase sanctions compliance risk in the future.