Sanctions lists are growing daily in complexity and interpretation, making it more difficult than ever for businesses to effectively identify and manage sanctions risk.
In our recent webinar, panellists Neil Whiley, Director of Sanctions, UK Finance, and Kathy Gormley, AML Product Manager, Resistant.ai, joined Chair, Katarina Pranjic, Vertical Solutions Manager at LexisNexis Risk Solutions to discuss guidelines and valuable tips to help businesses navigate the complexities of sanction updates, through technology. This blog outlines the panel’s discussions and recommendations for further action.
Read on for an in-depth summary of the expert discussions...
The past two years have seen an unprecedented volume of changes to the sanctioning regimes of all major Western countries, largely driven by significant geo-political events threatening Western democracies. Three significant events have particularly shaped sanctions policies:
The challenge for banks and other financial institutions is not just dealing with the numbers of new sanctions, but their increasing complexity, particularly with the advent of more trade-based sanctions. This has created significant pressure for sanctions compliance teams and increasingly, financial institutions are turning to technology-based solutions to ensure the response to ever-evolving sanctions is sustainable.
Even the most tried and tested sanctions screening software will only help with name matching against official lists of the designated entity. However, the new challenge in sanctions compliance relates to dealing with sanctions evasion and circumnavigation tactics. Oligarchs and members of the Russian elite have developed sophisticated methods to hide their assets and put them out of range of the authorities. New technology such as AI, machine learning and natural language processing is helping firms investigate the wider networks of sanctioned individuals to ensure they have no indirect exposure to them – essential when you consider that firms can now be held liable for dealing with an entity, even if that entity is only linked to one that is listed!
Good data coverage is essential in helping uncover these hidden networks. When it comes to sanctions screening, firms must understand not only the person they’re dealing with, but their circle of relations and associates, too. Publicly-available PEP and sanctions lists will get you so far, but the highest-quality data sets should include Associated Entity segments, applied to profiles where the individual has a relationship with at least one sanctioned entity – be it an individual, organisation or other type. Associated entities are typically referred to within the background information of publicly available sanctions sources, but are not explicitly named as sanctioned entities in those sources – this is where globally-curated watchlists such as LexisNexis® WorldCompliance™ really deliver value to compliance processes.
Data that helps uncover the beneficial ownership structure of companies and corporate entities is also essential, to understand whether there are sanctioned or high-risk individuals involved at any level.
Sanctioned individuals often operate via their close network of associates and having this information plays a vital role when investigating sanctions evasion, particularly given the numerous examples of associates acting as the frontperson for a sanctioned entity’s business interests.
Regtech firms who provide technology and data, lead innovation of both new AI-based solutions and also ensure sanctions data is comprehensive enough to deal with the increasing complexity of sanctions compliance, extending beyond the listed entity to those in their networks where often the links are informal.
One of the indirect consequences of Russian sanctions relates to the fact that as a G20 country, Russian entities and individuals are deeply integrated into the countries applying the sanctions. Law and accounting practices were widely being used as ‘professional enablers’ in the pre-sanction era, constructing oblique corporate structures and providing legal and accounting services to Russian entities. Consequently, many western-based companies, financial institutions and banks found that they had existing exposure to the newly-sanctioned entities, posing a significant and awkward challenge, as relationships were required to be stopped and any assets frozen immediately. The estimated 40 billion transactions per year taking place in London alone, related to dealings with Russian based entities underlines the extent of the problem.
So quite apart from adequate customer due diligence on new customers, it is equally as important to analyse potential sanctions risk in the existing customer base and apply perpetual ongoing monitoring to avoid a possible breach and penalty.
Considering there are more than 500 banks in London alone facilitating the enormous volume of transactions referred to above, underlines the scale and complexity of sanctions related compliance. To make matters worse, at present, almost every bank and financial institution works in isolation performing the requisite KYC and AML checks, which leads to a huge amount of repetitive activity.
Improving information sharing frameworks and practises between banks is an obvious way to reduce this workload. If one bank uncovers a sanctions evasion network and identifies the corporate structure and beneficial owners, the advantages of sharing this intelligence in real time with other banks dealing with the same entities, should be clear.
Unlike money laundering related compliance, where information sharing mechanisms exist and are actively encouraged, laws prevent sharing similar information for sanctions compliance issues. The challenge is even greater when the international impact of sanctions is considered, as every bank and financial institution is bound by its local regulation. The risk of ‘double jeopardy’ is very real for international organisations.
The public/private partnership is key to improving effectiveness in fighting financial crime and much more needs to be done in this area. Whilst law enforcement agencies can prosecute criminal gangs involved in money laundering, cybercrime, fraud and terrorist activity, enforcing sanctions and the freezing of assets does not necessarily imply illegal activity and a cautious approach should be taken. The best advice for firms unsure about how to deal with a sanctions-related issue is to seek legal advice.
Recent research published by LexisNexis Risk Solutions estimated that the total costs of compliance in the UK has exceeded £34bn, a 19% increase since the research was last conducted in 2020. Can these costs be justified, given the low perceived level of effective prevention of financial crime in the UK and could this spend be better utilised to improve outcomes?
Financial crime remains a growth industry and criminals, unrestrained by jurisdictional boundaries, regulations and compliance, have a huge advantage. They are also highly innovative and have access to the same technology and data used by banks, law enforcement, supervision and government. The focus must be on continuous improvement in process, deployment of better solutions in banks and better coordination between the private and public sectors. To illustrate this need for better collaboration, you only need to look inside the UK Government, which has 10 separate departments dealing with sanctions-related remits, each with varying areas of knowledge and experience.
Despite this, whilst the total costs have clearly risen, the research shows that the rate of increase is falling as more firms deploy new technology and data analytics, looking to improve efficiency, eliminate labour-intensive low value adding activity and retrain and upskill compliance teams for the future.
Sanctions compliance remains complex and is often subjective in assessment, so whilst technology has a huge role to play and can handle large amounts of data processing faster and more consistently than any human being, the subjective assessment, interpretation and decisioning required to consider the multitudinous ‘grey’ areas in sanctions enforcement is likely to remain the domain of human intelligence for a long time to come.
The demands placed on sanctions compliance teams as a result of the explosion of new sanctions and their complexity has created a skills shortage across both the private and public sectors. As people enter this fascinating sector perhaps for the first time, getting involved with external accreditation for sanctions, attending events and taking part in training programmes, will ensure the industry is well resourced with skilled and knowledgeable people to support sanctions compliance programmes going forwards.
So, whilst computers may not be ready to take over all compliance functions just yet, there is no doubt that technology is vital in improving efficiency in managing sanctions risk and investigating risk in the wider network of the sanctioned individual or business.