Sanctions Screening Guide

Managing SANCTIONS RISK has never been so complex

Sanctions lists are evolving constantly

As governments increasingly rely on sanctions as a tool for political foreign policy, new entities are added to, and removed from sanctions lists, all of the time. Over the past 5 years, the average number of designated entities has increased significantly.

The nature of sanctions is becoming more complex

Whereas they previously targeted only specific named entities (states, ships, aircraft, organisations and individuals), now narrative and sectoral sanctions have been introduced targeting specific sectors and prohibiting specific activities, which are more open to interpretation.

Sanctions aren’t limited to the entities themselves

Organisations owned or controlled by sanctioned entities also need to be in scope of sanctions lists and compliance programmes. Additionally, customers who aren’t on a sanctions list but have a relationship with a sanctioned entity could also present a risk.

There are multiple sanctioning bodies with their own sanctions lists

The multitude of sanctioning bodies, including sovereign states, regional unions and international organisations such as the UN, each publish their own sanctions – which don’t always align.

Who are the relevant SANCTIONING BODIES?

For UK businesses, the most relevant sanctioning bodies include the European Union, HM Treasury, US Office of Foreign Assets Control (OFAC) and the UN Security Council. Beyond these, companies may also need to consider other sanctioning bodies depending on the territories in which they trade, the currencies they trade in, and their partnerships and alliances.

HM Treasury Sanctions List

The UK consolidated list of financial sanctions targets applies to:

• all individuals and legal entities who are within or undertake activities within the UK’s territory
• all UK nationals and legal entities established under UK law, including their branches (irrespective of where their activities take place)

Office for Financial Sanctions Implementation (OFSI) is responsible for ensuring UK sanctions are implemented and enforced.

OFAC Sanctions List

The specially designated nationals and blocked persons list (SDN) applies to:

• all US citizens, wherever they are in the world
• corporate entities constituted in the US
• any entity that:
• trades in US dollars
• uses US goods or components
• has a US parent, subsidiary or affiliate
• and/or work through a local agent or supplier with a US connection

EU Consolidated List of Sanctions

The EU consolidated list of sanctions applies to:

• all EU citizens, wherever they are located in the world
• corporate entities constituted in a member state

UN Sanctions

The United Nations Security Council sanctions list applies to:

• all UN Nation states

Which companies and industry sectors NEED to screen for sanctions?

All businesses in all sectors are obliged to comply with sanctions screening requirements, and therefore need to have adequate controls in place. Historically, enforcement actions have been more prominent in Financial Services, but other sectors have also received significant fines and some regulatory bodies are increasingly turning their attention to other industries. For example, the Office of Financial Sanctions Implementation (OFSI) has published financial sanctions guidance for charities and non-governmental organisations. Failure to comply with sanctions or obtain the correct licence, in the case of export controls, can lead to significant fines. In 2022 alone, U.S OFAC’s enforcement penalties hit a record of $1.5 billion. View this guide to U.S. OFAC sanctions for more detail on whether your business is in scope and how not to breach OFAC sanctions.

It’s not just customers who present sanctions risk…

Enforcement agencies can levy fines not just for sanctions violations, but also failure to have adequate controls in place. This means firms must ensure that they carry out effective sanctions screening, not only on direct third parties, but also their associates, beneficial owners and the extended supply chain, particularly in geographies known to have strong links to sanctioned countries.

HOW does sanctions screening work?

Sanctions screening involves screening individuals, groups or companies against designated sanction lists according to the territories in which an organisation trades, the currencies they trade in, and their partnerships and alliances. This can take the form of manually inputting a name into an online search tool, checking a customer database for any sanctions alerts en masse, or automatically screening customer and stakeholder databases regularly.

WHEN should sanctions screening be performed to ensure sanctions compliance?

Companies need to be able to keep pace with the ever-changing sanctions landscape to stay compliant. To manage sanctions risk effectively, organisations need to screen their customers (both existing and new) and payment transactions against multiple sanctions lists, which can be a challenge, particularly where volumes are high.

Sanctions screening should be a top priority after the initial risk assessment when onboarding a customer or third party. In addition, companies should ensure existing customers and third parties are screened on a regular basis to maintain compliance against the dynamic and ever-changing financial and trade sanctions landscape. Possible matches should be addressed urgently, with clearly defined processes for escalation. All firms must have clearly defined senior management responsibility for sanctions compliance, since regulatory authorities are now applying much deeper levels of scrutiny to controls and procedures, than ever before.

Sanctions screening CHALLENGES

The real challenge for many companies is not just to detect customers who are on sanctions lists and prevent them from transacting with the business, but also to avoid disrupting the customer journey for legitimate customers and undermining the efficiency of the company’s operations.

Key challenges include:

Under or over screening

If organisations do not screen robustly, there is a danger of ‘false negatives’, where entities subject to sanctions slip through the net.

Conversely, over-screening can result in organisations generating high volumes of ‘false positives’, where non-sanctioned entities are flagged as potentially sanctioned. These false positives need time and resource to remediate to confirm they are not sanctioned.

A screening engine must be capable of precision tuning to reflect the company’s risk exposure and screening rules, as well as being able to deal with imprecise or inaccurate data. Machine learning technology can be used to automate the routine elimination of false positives.

Equivalence

Whilst previously commonplace, relying on a third party for sanctions compliance or ‘equivalence’ is no longer acceptable.

For example, banks historically relied on the sanctions screening controls of their correspondent banks for mutual customers. Firms should seek the advice of their professional advisers, where appropriate.

Divergence

In certain cases, the economic sanctions applied by different bodies are inconsistent. For example following the Russian invasion of Ukraine there was an international surge in sanctions applied to prominent Russian individuals and organisations. However, not all sanctioning bodies were aligned or even agreed on which entities should be designated.

When transacting with an entity sanctioned by one body but not another, you should exhibit extra caution and implement additional controls.

TOP TIPS for effective sanctions screening

1

Prepare your customer data well

Financial crime compliance costs have escalated, requiring greater focus on operational efficiency in KYC/AML. Streamlining data acquisition processes, creating common data lakes and investing in enriching customer and third party data, are highly recommended.

2

Use proven, reliable technology to support sanctions screening

Solutions should be capable of handling multiple lists, batch screening, and be able to set up predefined searches tailored to an organisations risk exposure and policies.

3

Screen against high quality and comprehensive sanctions data

Screening activities should draw from extensively researched and continuously updated global risk information incorporating the latest PEP and sanctions lists, adverse media and enforcement records from around the world.

Sanctions Screening Tip 1:

Prepare your CUSTOMER DATA well

It’s critical that customer data is up-to-date and it’s worth investing time, upfront, to cleanse and prepare data. Incomplete or inaccurate data will result in false positives and when companies are screening millions of customers daily, this can become a real problem.

Where possible, it is prudent to use data enrichment software to append secondary identifiers, such as date of birth, address and nationality for individuals, or business address and registration number for companies. This will help screening platforms to focus results and will greatly improve process efficiency, saving time in unnecessary remediation, which can take up to 18 hours for a single match.^*

* Time taken to remediate an average sanctions match as reported by over 150 financial services professionals in ‘KYC and Sanctions Remediation: The Impact of Inefficiency’ – a LexisNexis® Risk Solutions report.

Sanctions Screening Tip 2:

Use proven, reliable TECHNOLOGY to support screening

It’s important to ensure that the sanctions screening software you use to support your screening is fit for purpose. Here are some of the key considerations you should take into account:

Capacity to handle high volumes and to scale for business growth

The sanctions screening software you use to support your sanctions checks has to be both stable and scalable, enabling you to screen the volumes of customer and transactions that your business requires. For many companies, this will amount to millions of records daily.

Does your technology provider have the resource and infrastructure to ensure your screening and onboarding systems are operationally resilient in the long term?

User-friendly with customisable settings

The technology platform should be easy to use and offer configurable risk-based settings, so that you can avoid over-screening and adjust screening criteria to match your organisation’s risk appetite.

The platform should also have workflow tools to manage the remediation of sanctions matches in a logical fashion.

Proven functionality and the ability to automate

Having industry-proven functionality and the ability to automate tasks is vital, as this will help ensure the process is effortless and efficient all the way through from the initial loading of files, through to the results.

• Capabilities such as fuzzy logic matching will increase effectiveness and help avoid false negatives.
• An ‘accept list’ function is critical, so that once customers are cleared by screening, they will not be re-screened unless the data on their file changes in some way. This is particularly important when volumes of records are high, as it avoids the needless re-screening of records which have seen no change.
• Date stamp functionality ensures that any searches have an audit trail, evidencing for both regulators and internal stakeholders that adequate procedures have been followed.

Sanctions Screening Tip 3:

Screen against high quality and COMPREHENSIVE sanctions data

To ensure you are identifying sanctions from all relevant bodies, the data you screen your customers against must be comprehensive and up-to-date and, ideally, consolidated all in one place with other watchlist databases such as politically exposed person lists.

Some businesses rely on search engines to locate such information, but this is inefficient and could leave your organisation exposed to sanctions breaches and reputational risk.

For full confidence in your compliance, your data sources should:

Be curated by a global network of experts

Full coverage of global sanctioning bodies requires multi-lingual research experts around the world to collate the information on a 24/7 basis.

Whilst the data within sanctions listings must be returned as originally published, the best researchers will add value by providing additional contextual information. The same research can also apply to politically exposed persons to ensure profiles are fully substantiated. What is a PEP?

Offer a consolidated view of global sanctions lists

An individual or business could be listed on any number of the multitude of sanctions lists. Consolidating all associated sanctions listings into a single view could improve efficiencies, and help avoid missing any sanctions.

Conversely, screening against data taken solely from the relevant authority may be more efficient – consider whether your data source offers both options.

Optimise sanctions records

Sanctions lists come in a variety of formats and sizes. Being able to view them in a standardised fashion, whilst retaining the original data as published, can enhance the sanctions review process.

Add and update sanctions lists as soon as possible

Sanctions listings are always changing, with new sanctions being added and existing ones amended or retracted. Being aware of change at the earliest possible opportunity following a sanctions notice, is critical.