Sanction lists are growing daily and sanctions published by the multiple different issuing bodies don’t always align. Coupled with this, the definition of sanctions is broadening and is becoming more open to interpretation, making it more difficult than ever for businesses to effectively identify and manage sanctions risk. This best practice guide on sanctions screening provides useful advice to help you overcome these challenges.
What is a sanction?
A sanction is a preventative measure often implemented by governments and international bodies to change behaviour, prohibit illicit activity and curb undesirable actions by certain high-risk persons or groups.
What is a sanctions list?
A sanctions list is a compilation of individual sanctions that can be applied to individuals, countries, groups or companies. Sanction lists are often collated by governments or international bodies such as the European Union.
Managing SANCTIONS RISK has never been so complex.
- Sanctions lists are evolving constantly.
As governments increasingly rely on economic sanctions as a tool for political foreign policy, new entities are added to and removed from sanctions lists, all of the time.
- The nature of sanctions is becoming more complex
Whereas governments previously targeted only specific named entities (states, ships, aircraft, organisations and individuals) in their sanction lists, now narrative and sectoral sanctions have been introduced targeting specific sectors and prohibiting specific activities, which are more open to interpretation.
- Sanctions aren’t limited to the entities themselves
Organisations owned or controlled by sanctioned entities also need to be in scope of sanctions lists and compliance programmes. Additionally, customers who aren’t on a sanctions list but have a relationship with a sanctioned entity could also present a risk.
- There are multiple sanctioning bodies with their own sanctions lists
The multitude of sanctioning bodies, including sovereign states, regional unions and international organisations such as the UN, each publish their own sanctions – which don’t always align.
Who are the relevant SANCTIONING BODIES?
For UK businesses, the most relevant sanctioning bodies include the European Union, HM Treasury, US Office of Foreign Assets Control (OFAC) and the UN Security Council. Beyond these, companies may also need to consider other sanctioning bodies depending on the territories in which they trade, the currencies they trade in, and their partnerships and alliances.
EU Consolidated List of Sanctions
The EU consolidated list of sanctions applies to:
- all EU citizens, wherever they are located in the world
- corporate entities constituted in a member state
HM Treasury Sanctions List
The UK consolidated list of financial sanctions targets applies to:
- all UK citizens, wherever they are in the world
- corporate entities trading in, or constituted in the UK
OFAC Sanctions List
The specially designated nationals and blocked persons list (SDN) applies to:
- all US citizens, wherever they are in the world
- corporate entities constituted in the US
- any entity that:
o trades in US dollars
o uses US goods or components
o has a US parent, subsidiary or affiliate
o and/or work through a local agent or supplier with a US connection
The United Nations Security Council sanctions list applies to:
- all UN Nation states
Which companies and industry sectors NEED to screen for sanctions?
All businesses are obliged to comply with sanctions screening requirements, and therefore need to have adequate controls in place. Historically, enforcement actions have been more prominent in Financial Services, but other sectors have also received significant fines and some regulatory bodies are increasingly turning their attention to other industries. For example, the Office of Financial Sanctions Implementation (OFSI) has published financial sanctions guidance for charities and non-governmental organisations. Additionally, the US OFAC has issued significant fines to organisations across a wide range of sectors outside of the United States for not having conducted appropriate sanctions checks. View this guide to US OFAC sanctions for more detail on whether your business is in scope and how not to breach OFAC sanctions.
It’s not just customers who present sanctions risk…
Organisations should consider the risk exposure in their supply chain – diligently checking sanctions controls and ownership structures of their partners and affiliates.
HOW does sanctions screening work?
Sanctions screening involves screening individuals, groups or companies against designated sanction lists according to the territories in which an organisation trades, the currencies they trade in, and their partnerships and alliances. This can take the form of manually inputting a name into an online search tool, checking a customer database for any sanctions alerts en masse, or automatically screening customer and stakeholder databases regularly.
WHEN should sanctions screening be performed to ensure sanctions compliance?
Companies need to be able to keep pace with the ever-changing sanctions landscape to stay compliant. To manage sanctions risk effectively, organisations need to screen their customers (both existing and new) and payment transactions against multiple sanctions lists, which can be a challenge, particularly where volumes are high.
Sanctions screening should take place both at the point of onboarding and on an ongoing basis, so that when new sanctions are issued, they can be identified and actioned quickly. For some businesses, this can mean screening millions of customers daily, including new applicants alongside their entire existing back book.
Sanctions screening CHALLENGES
The real challenge for many companies is not just to detect customers who are on sanctions lists and prevent them from transacting with the business, but also to avoid disrupting the customer journey for legitimate customers and undermining the efficiency of the company’s operations.
Other key challenges include:
- Under or over screening
If organisations do not screen robustly, there is a danger of ‘false negatives’, where entities subject to sanctions slip through the net.
Conversely, over-screening can result in organisations generating high volumes of ‘false positives’, where non-sanctioned entities are flagged as potentially sanctioned. These false positives need time and resource to remediate to confirm they are not sanctioned.
Whilst previously commonplace, relying on a third party for sanctions compliance or ‘equivalence’ is no longer acceptable. For example, banks historically relied on the sanctions screening controls of their correspondent banks for mutual customers. This is no longer permissible.
In certain cases, the economic sanctions applied by different sanctioning bodies are inconsistent. For example, with Iranian sanctions, OFAC and the EU have a different stance – OFAC has decided to reinstate sanctions against Iran, whilst the EU is still providing sanctions relief and encouraging EU businesses to engage with Iran. When transacting with an entity sanctioned by one body but not another, you should exhibit extra caution and implement additional controls.
TOP TIPS for effective sanctions screening
- Prepare your customer data well
- Use proven, reliable technology to support sanctions screening
- Screen against high quality and comprehensive sanctions data
Sanctions Screening Tip 1: Prepare your CUSTOMER DATA well
It’s critical that customer data is up-to-date and it’s worth investing time, upfront, to cleanse and prepare data. Incomplete or inaccurate data will result in false positives and when companies are screening millions of customers daily, this can become a real problem.
Where possible, it is prudent to use data enrichment software to append secondary identifiers, such as date of birth, address and nationality for individuals, or business address and registration number for companies. This will help screening platforms to focus results and will greatly improve process efficiency, saving time in unnecessary remediation, which can take up to 18 hours for a single match. *
Sanctions Screening Tip 2: Use proven, reliable TECHNOLOGY to support screening
It’s important to ensure that the sanctions screening software you use to support your screening is fit for purpose. Here are some of the key considerations you should take into account:
- Capacity to handle high volumes and to scale for business growth
The sanctions screening software you use to support your sanctions checks has to be both stable and scalable, enabling you to screen the volumes of customer and transactions that your business requires. For many companies, this will amount to millions of records daily.
Does your technology provider have the resource and infrastructure to ensure your screening and onboarding systems are operationally resilient in the long term?
- User-friendly with customisable settings
The technology platform should be easy to use and offer configurable risk-based settings, so that you can avoid over-screening and adjust screening criteria to match your organisation’s risk appetite.
The platform should also have workflow tools to manage the remediation of sanctions matches in a logical fashion.
- Proven functionality and the ability to automate
Having industry-proven functionality and the ability to automate tasks is vital, as this will help ensure the process is effortless and efficient all the way through from the initial loading of files, through to the results.
- Capabilities such as fuzzy logic matching will increase effectiveness and help avoid false negatives.
- An ‘accept list’ function is critical, so that once customers are cleared by screening, they will not be re-screened unless the data on their file changes in some way. This is particularly important when volumes of records are high, as it avoids the needless re-screening of records which have seen no change.
- Date stamp functionality ensures that any searches have an audit trail, evidencing for both regulators and internal stakeholders that adequate procedures have been followed.
Sanctions Screening Tip 3: Screen against high quality and COMPREHENSIVE sanctions data
To ensure you are identifying sanctions from all relevant bodies, the data you screen your customers against must be comprehensive and up-to-date and, ideally, consolidated all in one place with other watchlist databases such as politically exposed person lists.
Some businesses rely on search engines to locate such information, but this is inefficient and could leave your organisation exposed to sanctions breaches and reputational risk.
To have confidence in your compliance, consider whether the data source you rely upon:
Is curated by a global network of experts
Full coverage of global sanctioning bodies requires multi-lingual research experts around the world to collate the information on a 24/7 basis.
Whilst the data within sanctions listings must be returned as originally published, the best researchers will add value by providing additional contextual information. The same research can also apply to politically exposed persons to ensure profiles are fully substantiated.
Offers a consolidated view of global sanctions lists
An individual or business could be listed on any number of the multitude of sanctions lists. Consolidating all associated sanctions listings into a single view could improve efficiencies, and help avoid missing any sanctions.
Conversely, screening against data taken solely from the relevant authority may be more efficient – consider whether your data source offers both options.
Has standardised sanctions records
Sanctions lists come in a variety of formats and sizes. Being able to view them in a standardised fashion, whilst retaining the original data as published, can enhance the sanctions review process.
Adds and updates sanctions listings as soon as possible
Sanctions listings are always changing, with new sanctions being added and existing ones amended or retracted. Being aware of change at the earliest possible opportunity following a sanctions notice is critical.
Article by LexisNexis