In-depth guide to sanctions compliance provides businesses with a comprehensive overview of regulatory expectations, best practices, and the nuances of navigating international trade restrictions effectively.
The sanctions internal compliance program comprises interrelated components that form a set of rules and principles for the board and management to prevent sanctions risks and non-compliance.
The broader components of the sanction compliance program include:
- Strong compliance culture and tone from the top
- Development of sanctions compliance policies and procedures
- The hiring of a dedicated sanction compliance officer
- Performance of risk assessment
- Education and training of employees
The obligation to prevent financial crime by management and all employees, the executive leadership, and the members of governance are required to develop and implement the relevant sanctions compliance policies and procedures.
Sanctions compliance policies serve as a broader compliance principle. Applying policies, procedures, and controls helps prevent sanctions risks and ensures that regulatory requirements are complied with by the management and employees.
Sanctions compliance policies, procedures, and controls must be appropriately defined by the management and reviewed by the Board of Directors. The board approves the sanctions policies and requires an understanding of the structure, complexity of products and services, customer jurisdictions, and other operational aspects. These are needed to be understood because sanctions risks also relate to these broader factors.
Sanctions compliance policies and procedures emphasize zero tolerance for sanctions-related regulatory non-compliance. Policies and procedures require the performance of regular and periodic sanctions screening of customers, suppliers, employees, contractors, or other third parties. Sanction screening procedures are also performed on the transactions, especially the high-risk category transactions that could be related to financial crime.
In-depth Guide to Sanctions Compliance
Sanctions policies, procedures, and controls are developed based on the risk-based approach to prioritize the risks and apply the relevant sanctions-related compliance controls, including:
- Establishing requirements and designing controls based on demonstrated ability to identify and mitigate the specific sanctions risks faced by the organization; and
- Providing useful information to relevant competent authorities, as prescribed by applicable regulatory requirements.
Non-compliance may be committed by anyone, including employees, customers, other stakeholders, and the general public. Criminals’ activities need to be identified through sanctions screening.
Screening Procedure
When screening generates a relevant observation, the data is reviewed and assessed. An observation is a review of a hit, or multiple hits, of internal record information checked against sanctions screening lists. The alert then has to be checked, whether it is a “true match” or not (so-called “identity check”). When a true match is identified, or a potential match cannot be excluded, the alert is escalated through a dedicated flow in the screening tool or via other communication channels in the case of manual screening or filtering. The last step is that the sanctions compliance officer receives the alert, reviews it, conducts further investigation, and reports as appropriate.
Different Screening Approaches
There are different ways to screen for relevant information, such as Name Screening, Programmatic Screening, and Payment Screening.
Name Screening
This means the process of matching an internal record against a sanctioned list record, either manually or through an automated screening. Name screening may also include batch screening, which allows a firm to screen its entire customer base and other entities, such as vendors. It is designed to identify targeted individuals or entities during onboarding or the lifecycle of the customer relationship with the FI.
When onboarding new customers, sanctions screening is undertaken prior to accepting a new customer relationship and is done in real time. Furthermore, Name screening forms a part of entry controls, which gives the financial institution more opportunities to collect sanctions due diligence information. Transaction screening on the other hand is used to identify transactions involving targeted individuals or entities. This shall ensure that no sanctions regimes are violated.
Customer or name screening is designed to identify targeted individuals or entities during onboarding or the lifecycle of the customer relationship with the FI. Together, transaction and customer screening are designed to form a robust set of controls for identifying sanctions targets.
Payment Screening
Payment Screening focuses on the screening of payment messages. It takes place with current customers and is performed before payment or message is processed. Payment screening relies on payment messages using predefined templates, codes, and acronyms to describe certain information. The information provided in these predefined templates is typically provided by a third party; therefore, the firm has little, if any, control over how the data is presented.
Programmatic Sanctions Screening
This screening focuses on sophisticated compliance software capable of applying a risk-based scoring mechanism. The program needs therefore access to all notable sanction-issuing bodies. This method is usually outsourced to specialized companies and often databases, such as KYC6 or Refinitiv („World-Check“). Additionally, a so-called ‘Adverse Media Check‘ is conducted, using publicly available information.
List Screening
Lists commonly used for Screening are The UN Security Council Consolidated Sanctions List, the EU Consolidated Financial Sanctions List, the ALL US Sanctions List as well as the UK Her Majesty’s Treasury Consolidated List of Financial Sanctions Targets.
Final Thoughts
The sanctions internal compliance program, underpinned by a strong emphasis on compliance culture and leadership commitment, outlines essential guidelines and procedures for managing sanctions risks. This comprehensive framework, encompassing sanctions compliance policies, dedicated roles such as the sanctions compliance officer, and robust risk assessments, serves to reinforce the zero-tolerance stance towards any sanctions-related non-compliance.
Critical to the program’s efficacy are regular screenings of various stakeholders and transactions against sanction lists, using methods such as Name Screening and Payment Screening. Employing sophisticated tools like Programmatic Sanctions Screening, supplemented by vital sanction lists such as the UN Security Council and the EU Consolidated Financial Sanctions List, ensures that organizations remain vigilant against potential sanctions breaches. It is imperative for the board and executive leadership to understand, review, and implement these components diligently to mitigate sanctions risks and uphold the organization’s reputation and integrity.
