Enhanced Sanctions Scrutiny – Are You at Risk?

Financial institutions once again find themselves under pressure and at risk of failing to meet regulatory obligations under the new and enhanced sanctions regime.

When the Russian occupation of Ukraine spread beyond Russia’s illegal annexation of Crimea into mainland Ukraine in February 2022, there was international condemnation followed by a raft of trade and financial sanctions from Western nations.

Empowering the Office of Financial Sanctions Implementation

In response to the invasion, the UK government expedited the Economic Crime (Transparency and Enforcement) Act 2022, which granted enhanced enforcement powers to the Office of Financial Sanctions Implementation (“OFSI”).

The changes included:

The ability to impose civil monetary penalties on a strict civil liability basis. This removed the requirement for the OFSI to prove a person had knowledge or reasonable cause to suspect that they were in breach of financial sanctions, making it easier for the OFSI to levy enforcement action.¹
The power to publicise details of sanctions breaches where a monetary penalty was not imposed, creating additional reputational risk for financial institutions.²
The ability to expedite the review process by removing the need for ministers to review all monetary penalties, enabling them to review and process far more potential breaches.³

Only time will tell whether this enhanced scrutiny results in a greater output in enforcement action.

Support From the Financial Conduct Authority

Another significant sanctions regulatory change was enhanced scrutiny applied by the Financial Conduct Authority (“FCA”). The FCA communicated to the market that if an individual or firm knows or suspects a breach of financial sanctions, they must report it to the OFSI at the earliest opportunity and notify the FCA if they:

suspect a person they are dealing with, directly or indirectly, is a designated person;
hold any frozen assets; or
discover or suspect any breach whilst conducting their business.

Subsequently, the FCA began investigating whether authorised firms have appropriate systems and controls to mitigate the risk of UK sanctions non-compliance. They have since published their business plan for 2022-23, which identifies “reducing and preventing financial crime”⁴ as one of their four key priorities and the use of a data-led approach to proactively supervise firms’ sanctions systems and controls as a key activity.

This combined enhanced regulatory scrutiny, from the UK and other Western regulators, has created a real headache for the Financial Services (“FS”) industry. Given the enhanced complexity and operational impact that sanctions pose, there are a few steps that FS firms can take to help manage their risk.

Profile the Risk Exposure

Firms should start by conducting a holistic review of the client population; updating their country-, customer- and business-wide risk assessment methodologies to reflect the enhanced risk exposure of other nations such as Russia and Belarus. In doing so, the firm can understand where they may be exposed to potential sectoral sanctions because whilst their clients may not be sanctioned individuals, they may deal in restricted or prohibited sectors. It is imperative that there is alignment between the client portfolio and the firm’s financial crime risk appetite.

Enhance, Calibrate and Validate

Firms should review and adapt ongoing monitoring processes to ensure that the firm’s name screening, payment filtering and due diligence teams are aligned. Name screening and transaction filtering systems should be calibrated and validated at regular periodic intervals.

List Management

It is essential to optimise list management service level agreements. Enhanced delays between governmental sanctions list updates and internal system updates raise the risk of breaching sanctions. The firm should be sure to build in de-duplication and quality assurance into the list management process to prevent duplicative multiple hits on the same legal or natural persons. Effective list management should include periodic updates to fuzzy logic, partial matching, whitelisting, updating of algorithms and calibrating thresholds.

Enhance Controls

Firms can create augmented sanctions lists with vendor-supplied, third-party beneficial ownership information to minimise silent counterparty exposure.

In addition, creating internal watchlists on restricted customers and deploying a hierarchy of soft blocks will help to minimise risk during the alert screening process.

To further enhance risk mitigation, firms could consider conducting domestic screening on higher-risk accounts.

Review and Enhance Processes

The firm should consider dual reporting to the FCA and the OFSI simultaneously. Their variation in remit should ensure there is no overlap in regulatory scrutiny and that the use of a single form expedites the processes.

Segregating frozen assets will reduce the risk of human error in releasing unapproved payments.

Taking some time to reconsider correspondent banking obligations can help assess how well the firm knows its counterparties.

Reflecting on whether trade finance adequately screens the client, counterparties, vessels and ports throughout the trade life cycle can help minimise the risk of third-party exposure.

Training

It is imperative that firms provide sanctions training across the firm tailored to sanctions processes — including blocking and freezing accounts and licence approvals. They should also consider cross-training individuals across name screening, due diligence and payment filtering to enable the flexing of resources during capacity constraints.

Whilst sanctions compliance has always been a crucial part of a robust financial crime framework, in the current geopolitical environment it is more important than ever to conduct a full review of the suitability and effectiveness of your sanctions systems and controls.

For more information on how to navigate financial sanctions, please contact our experts.

Footnotes:

1: https://www.legislation.gov.uk/ukpga/2022/10/contents/enacted

2: https://www.legislation.gov.uk/ukpga/2022/10/contents/enacted

3: https://www.legislation.gov.uk/ukpga/2022/10/contents/enacted

4: https://www.fca.org.uk/publications/business-plans/2022-23