Today’s geopolitical situation presents unprecedented challenges, not just for governments and law enforcement, but for firms operating in the global market.
Sanctions are seen as a tool for resolving situations diplomatically, and act as a control measure to prevent the financing of terrorism.
The government has an arsenal of other powers to combat the threat. Nevertheless, it’s not just a state problem; preventing terrorism is the duty of all of society, from spotting a suspicious package in a public place or reporting a suspicious conversation to identifying a suspicious financial transaction. However, counter-terrorist financing (CTF) presents a different set of challenges because it’s not straightforward to spot funding for terrorist acts given the low levels of financial activity typically involved.
The financial services industry assumes an extended role in helping society to mitigate these risks. There is a clear part for financial institutions to play when you consider that most UK citizens are engaged in some form of financial service.
The threat cannot be tackled alone, so the government uses sanctions to channel the force of financial services against terrorism, with domestic financial sanctions and restrictions applied through legislation such as:
- Terrorist Asset-Freezing Act 2010
- Counter Terrorism Act 2008
- Anti-Terrorism, Crime and Security Act 2001
However, the reasons for implementing sanctions go beyond the issue of terrorism. The United Nations (UN), European Union (EU) and individual states such as the US’s Office of Foreign Assets Control (OFAC) target individuals, entities, sectors and countries.
In financial services, sanctions are seen as a strategic tool used to govern the behaviour of an individual, organisation, sector or country, thus limiting their ability to interact with financial services, and in turn minimising risk to the industry, sector and individual firm. This is achieved through many instruments, such as targeted sanctions, banned goods, travel bans and dual-use items.
There is no doubt that the financial services industry continues to move in the right direction in its treatment of all financial crime risk. The recent Policing and Crime Act 2017 and the Office for Financial Sanctions (OFSI) guidance on sanctions present more change for firms. How should financial services firms be looking at these two publications and the issue of sanctions regulation generally?
Policing and Crime Act 2017 (PCA) and OFSI Sanctions Guidance
The PCA 2017 gained Royal Assent on the 31 January 2017 and came into force in April 2017, which updated reprimands for sanction breaches. The PCA implements new changes by increasing the maximum custodial sentence from two to seven years. Moreover, there are new civil powers for violating sanctions that can result in a maximum penalty of £1,000,000, or 50% of the estimated value of the funds or resources.
Many firms are aware of the legal consequences of a sanctions breach. However, with the new civil powers, the authorities will only need to prove a ‘balance of probabilities’ as opposed to proving criminal cases which are ‘beyond reasonable doubt’. Therefore, from the view of the authorities, it will be easier to reprimand firms that do not comply with the legislation using these civil powers.
In April 2017, OFSI provided direction for businesses with their Sanctions Guidance report. OFSI expects that firms at risk of dealing with financial sanctions need to be up-to-date with the sanctions regime and take reasonable steps to mitigate the risk. OFSI advises that it does not require businesses to buy particular screening software and it may be more cost effective to use specialised software from third parties.
Those firms that carry out individual checks using e-verification or purchasing screening software must understand their capabilities and limits. OFSI provide some issues to consider in the new Sanctions Guidance:
- Does the search facility include the consolidated list?
- How often does the search facility or screening software update the list?
- Does the search facility or screening software provide for fuzzy matching, enabling differences in spelling, name reversal and number removal to be identified?
So what does this mean for firms?
A large firm that operates in multiple jurisdictions is likely to have a vast amount of data, and will need adequate resources to screen such a large volume of information. The multitude of sanctions with different objectives and restrictions creates an overwhelming amount of data to cross-reference to ensure compliance.
Screening large amounts of information is no easy feat when you consider the characters who may evade sanctions. It is more than likely that the evaders have intricately planned to confuse financial services and authorities to avoid identification by concealing or disguising their ownership. The need to ‘Know Your Customer (KYC)’ becomes clear in this context.
Sanctions screening implicates firms in making decisions that are not always clear cut. Inconclusive information presents some real challenges when a prospective customer is ‘matched’ on a sanctions list, with no conclusive confirmation that it’s the same person. A firm that has ‘reasonable grounds to suspect’ a sanction may face a delicate scenario when faced with inadequate information about customers. Firms will have no choice other than to block the account and report their suspicion to the authorities, and with this comes the potential to disrupt a genuine customer’s services.
However, is there a way to improve sanction screening processes to identify sanction breaches and minimise disruption to genuine customers?
The way forward
A way forward with inconclusive information is to get it ‘first time around’ while monitoring the relationships you enter with customers through effective customer due diligence (CDD). Promoting a ‘sanctions compliance’ culture is an effective tool to help unify your firm’s approach, and can be driven from the top of the business through senior level endorsement and ensuring education is delivered to the relevant parts of the business.
Some other considerations for firms are:
- Ensuring sufficient resources are available and have the right skills to oversee the screening of large volumes of data for sanctions
- Implementing effective technical resources with ‘fuzzy matching’ capabilities – ensuring the maximum amount of relevant data is captured and presented back to the firm when screening takes place
- Testing sanction controls on a regular basis, continuously cross-referencing their capabilities with all relevant legislation and regulation in order to gain assurance that they remain fit for purpose
- Promoting education and training in sanctions and KYC / CDD
- Ensuring risk management frameworks are built to withstand new and emerging legislation
A Shared response to a societal issue
Sanctions have long been used to apply pressure to those who do not align to the required behaviours of the markets they wish to interact with, and there is no doubt they will continue to be present in the regulatory landscape.
Firms must be adaptable to the changes and align their policies and procedures in the evolving landscape. From a reputational perspective, those firms that promote a compliance culture around sanctions, balance risk with the customer experience and ensure accuracy in their screening of customers will drive their businesses forward. Unnecessary delays for genuine customers can be minimised, and customers subject to sanctions will be appropriately restricted from operating within UK financial services.
Promoting the importance of the ‘bigger picture’ around sanctions checking (and money laundering generally) is a key element in financial services’ response to the increasing risk of financial crime. Sanctions and their changing requirements should be not viewed as a business-preventing mechanism, but as an opportunity for the industry to enhance and futureproof the way it does business for the benefit of society.