Financial institutions – avoiding sanctions breaches

June 2023  |  FEATURE | BANKING & FINANCE

Financier Worldwide Magazine

June 2023 Issue

In today’s volatile economic and geopolitical environment, banks and other financial institutions (FIs) are particularly exposed to the risk of breaching sanctions regulations, especially when they are being issued and updated at an unprecedented speed. The Russian invasion of Ukraine led to significant sanctions which FIs have had to consider over the last 18 months or so, given that clients and counterparties may be affected. There is a need to review market conduct, as well as internal systems and controls, in order to maintain compliance with prevailing sanctions regimes.

Despite growing awareness of robust compliance policies and efforts to make FIs more resilient, malicious actors are still able to circumvent frameworks intended to bar them from the international financial system, according to a report by the University of Cambridge and the University of Texas at Austin. The researchers emailed 5000 banks and 7000 other financial intermediaries in 273 countries and financial jurisdictions in 2020-21 to test compliance with rules meant to combat money laundering, the financing of terrorism, tax evasion and Magnitsky Act legislation that allows sanctions to be imposed against specified Russian government officials.

According to the study, one in 30 banks did not comply with international regulations. The results for the Magnitsky sanctions test found one in 20 companies did not comply, rising to one in six if discounting non-responses. The researchers also found people named on the Magnitsky lists could gain access to the financial system and evade the rules almost as easily as low-risk individuals, suggesting sanctions were ineffective.

Virtual currencies complicate issues even further. Digital currencies introduce risks to monetary and financial stability, and raise sanctions compliance challenges. Organisations operating in the virtual currency space are on the radar of the US Office of Foreign Assets Control (OFAC), the enforcement agency of the Treasury Department.

Given the recent proliferation of sanctions, it is unsurprising that evasion is also rising. Designated persons are transferring assets and funds directly and indirectly to jurisdictions where sanctions are not currently in place. The use of alternative payment methods, such as cryptocurrencies and cryptoassets, to circumvent sanctions and mitigate reduced access to the SWIFT payment system, a measure introduced in the wake of Russia’s invasion of Ukraine, has also expanded over the last 18 months.

For FIs, the complexity of complying with a variety of sanctions regimes creates many areas where they may slip up. Rising transaction volumes, evolving regulations and shifting sanctions regimes are intersecting to create a host of hurdles. There are new approaches such as deposit caps in the EU and price caps on the purchase of Russian oil, for example. FIs also need to navigate intricacies across multiple regimes, each of which may have unique aspects on timing, implementation, enforcement, guidance and exemptions.

Enforcement activity

Meanwhile, sanctions enforcement has continued to increase in recent years. According to Fenergo, global fines imposed on banks and other FIs for failing to prevent money laundering and other financial crime surged more than 50 percent in 2022, to around $5bn. Some firms, particularly in the UK and the US, committed repeat infractions. Since it often takes a number of years for organisations to be found guilty of breaches, especially for anti-money laundering (AML) failures, the $5bn total does not include those FIs that fell foul of sanctions introduced in the wake of Russia’s invasion of Ukraine.

The top AML fines incurred in 2022 were handed out across a number of segments within the financial services sector. Combined, the US Securities and Exchange Commission (SEC) and the UK’s Financial Conduct Authority (FCA) ordered over $6bn worth of fines and restitution payments to various trading and brokerage firms. The banking sector was issued in excess of $2bn in fines, gambling $71.4m, cryptocurrency $30m and asset management firms more than $2m.

Given the financial and reputational risks of a sanctions breach, FIs must be sure of who they are doing business with.

The FCA fined several banks for failing to conduct sufficient checks for money laundering and terrorist financing when processing deposits from customers in high-risk countries. In one case, the FCA noted that a bank had also failed to undertake the required checks for some politically exposed persons (PEPs) and had inadequate compliance staff to perform the work required.

The US Financial Crimes Enforcement Network (FinCEN) also issued a series of significant fines in 2022, including a $140m civil money penalty against a bank for wilfully failing to implement and maintain an AML programme that met the minimum requirements of the Bank Secrecy Act (BSA). FinCEN further noted that the bank failed to accurately and timely report thousands of suspicious transactions.

Overall, the US has been the most aggressive issuer of fines in recent years, accounting for $37bn of the total levied between 2008 and 2022, followed by roughly $11bn in Europe, the Middle East and Africa, and just over $5.1bn in Asia Pacific, according to Fenergo. Since the 2008 financial crisis, BNP Paribas, UBS, Goldman Sachs, JPMorgan Chase, HSBC and Standard Chartered have been received the most AML and related fines.

However, there are some suggestions that fines are largely ineffective. Given the size and scale of many FIs’ revenue and profits, financial penalties may not be the best way to ensure they follow the rules. Holding individuals personally accountable when FIs are found to have breached sanctions or where compliance gaps are identified may be a better option to focus minds and spur action.

Controls, processes, technology and training

To maintain compliance with various sanctions regimes and avoid breaches, including those set out by OFAC, FIs must ensure they have suitable measures in place.

There is a pressing need to keep up to date with ongoing sanctions changes and observe sound compliance practices. Compliance takes in a variety of areas, including anti-money laundering (AML) and counter terrorism financing (CTF). Transactions processed by FIs need to be closely monitored. Knowledge is required of the different counterparties involved, gained through know your customer (KYC), know your intermediary (KYI) and know your transaction (KYT) procedures. Across jurisdictions, FIs need to assess the adequacy and effectiveness of their governance and internal controls to maintain compliance, adapting and enhancing systems where necessary.

Access to beneficial ownership information is a key instrument in the fight against tax evasion, money laundering, corruption and other financial crimes. As defined by the Financial Action Tax Force (FATF), beneficial ownership refers to the natural persons behind an entity, whether a legal person or arrangement, who exercise control over it. Transparency on beneficial owners is now required under the international standards of exchange of information for tax purposes and for financial account information, for example. While uncovering the true identity of beneficial owners can be complex, it lies at the heart of successful AML and CTF processes.

Robust internal controls must be put in place, with well-defined policies and procedures for employees to follow. These measures should aim to make it easier for FIs to identify, interdict, escalate, report and keep records related to sanctions compliance. Sufficient resources should be allocated, including appointing a sanctions compliance officer.

One of the first steps toward building this framework is a risk assessment of customers, client relationships and transactions. This aim is to develop a strategy for solid due diligence covering onboarding and ongoing processes.

To achieve this, FIs need to increase their spending, which they have been doing. According to Burton Taylor, they are embracing new data-driven approaches to improve and modernise due diligence processes, spending a reported $905m on KYC-related data in 2019.

According to McKinsey, the average onboarding process for a new corporate client can take up to 100 days and varies significantly depending on the banking products and geographies involved. This not only has revenue implications for banks (with time to revenue becoming an increasingly important metric in recent years), but can also lead to ‘bottlenecks’ and delays for KYC due diligence processes.

Artificial intelligence (AI), including automation, also has a key role to play. Automated electronic ID verification, for example, ideally in real-time at the point of access online, can help to meet increasingly stringent global KYC and AML regulations. Particularly with respect to low and medium risk parties, automation can free up KYC teams to devote more time and effort on screening higher-risk customers.

Automated pattern recognition and machine reasoning assist companies in identifying potentially fraudulent documentation. Transaction monitoring solutions, which can be configured according to different risk appetites for various business lines, are also being deployed. Such tools are more effective if FIs prioritise good data hygiene practices.

Sanctions screening software can readily update FIs on new developments so they can adapt accordingly. As authorities add or remove entities, PEPs or other individuals to sanctions lists, an FI’s system should be able to take account of these changes in its customer screening processes to avoid inadvertent breaches.

At present, many FIs do not have the technology infrastructure to make onboarding clients the seamless, transparent digital experience it needs to be. But greater investment is coming, with many banks now actively investing in intelligent workflow solutions to address the problem.

Another important step FIs can take is to nurture a culture of compliance. This process begins with senior leaders – executives, directors and high-ranking managers. Setting the right ‘tone at the top’ requires alignment with the compliance programme.

Beyond this, sanctions-specific training for employees is needed to communicate the responsibilities of each employee. In 2022, OFAC’s enforcement actions explicitly flagged investment into training and developing employees on sanctions compliance procedures as an essential component of sanctions compliance.

Staff should be kept up to speed on AML requirements, including reporting obligations, sanctions and asset-freezing measures, and conducting adequate source of funds (SOF) and source of wealth (SOW) checks on prospective customers. This creates a deeper knowledge base across the organisation, allowing employees to better understand compliance expectations and related accountability.

Outlook

Looking ahead, the regulatory focus in the US is likely to be on strengthening laws to tackle illicit financial flows, building, modernising and enhancing enforcement frameworks, particularly in the crypto space, and identifying actors targeting the US financial system in order to launder the proceeds of crime.

The EU, for its part, will be occupied with the overhaul of its AML/CTF regulations, as the AML package moves through the EU governance process. It is also likely to introduce new measures targeting environmental crime, a strategy to address de-risking, and action to counter the rising number of cross-border money laundering cases.

Given the financial and reputational risks of a sanctions breach, FIs must be sure of who they are doing business with. Against a backdrop of tighter sanctions enforcement, FI compliance teams need to prioritise compliance efforts and utilise the right tools, including AI applications and other software, to prevent sanctions breaches and avoid fines.

© Financier Worldwide

BY

Richard Summerfield

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.