Sanctions compliance in a shifting landscape
In March 2022, CeFPro returned to New York City for the first time since the start of the pandemic with a series of live events, including Fraud & Financial Crime USA. A key talking point at this conference was the evolving sanctions landscape and how to stay ahead of rapid change and escalation. Here, we summarize the key takeaways from our in-depth sanctions panel discussion, which featured the following industry experts:
- Bryant Moravek, Director of AML & Sanctions Compliance, Risk Advisory Services Kaufman Rossin (Chair)
- Evan Weitz Managing Director, International Controls Executive Wells Fargo
- Amber Vitale Managing Director, Financial Services FTI Consulting
- Dr. Henry Balani Global Head of Industry & Regulatory Affairs Encompass
- Bharat Sadula, Director AML/ ATF and Sanctions Audit, Global Head of Transaction Monitoring Audit Scotiabank.
The panel chair began by outlining the current landscape, warning that the stakes have never been higher. As a result of actions by the Russian Federation in Ukraine, unprecedented global disapproval has resulted in the most comprehensive sanctions ever levied against a nation. An alternative retaliation to violence, sanctions have replaced military intervention for many nations, with Russia receiving similar treatment to the likes of North Korea and Iran.
Pressure on Putin
Panel members sought to address the challenges of complying with various sanctions regimes levied against the Russian Federation, Belarus, and the separatist regions of Ukraine. At the time of discussion, sanctions by the US Department of Treasury’s Office of Foreign Assets Control (OFAC) centered around two key executive orders: 14024 and 14065. These include the addition of a specifically designated nationals and blocked persons list, including President Putin, Minister of Foreign Affairs Sergei Lavrov, Russian officials, oligarchs, and their families.
OFAC also issued sanctions on banks and financial institutions that collectively control around 80% of banking assets in Russia. SberBank, Russia’s largest bank and involved in many international transactions, was targeted with sanctions, along with 25 of its subsidiaries. The US and its allies also announced plans to remove Russian banks from the SWIFT messaging system and impose restrictive measures to prevent the Central Bank of Russia deploying its international reserves, estimated to be around $650 billion.
In addition to these unprecedented measures, OFAC imposed sectoral sanctions on a number of Russian-owned entities, as well as banning imports and exports of Russian goods, and investment in certain sectors. The current sanctions landscape aims to cripple the Russian banking industry, counteracting the need for military intervention.
Enforcement challenges
Discussion then moved towards sanctions enforcement. The current landscape is unprecedented and such extreme sanctions against an economy the size of Russia and Belarus brings inherent complexity. In a zero-fail compliance environment, ensuring adherence to all requirements is a key challenge. Even something as simple as an incorrect name – whether due to spelling variations, popular family names, or translation into English – can make it difficult for an organization to execute a sanction. And in the context of real-time payments and settlement, there is little time to verify information.
The panel therefore highlighted the importance of information sharing, not only across organizations externally but also internally within teams. Investigations and intelligence professionals must ensure that they are communicating with each other and leveraging the information gained on both sides to aid compliance and identify red flags. Obligations of financial institutions do not end at settlement; as a best practice, organizations should also investigate post-payment to proactively identify red flags and raise awareness of payments to block in the future.
Assessing risk
When discussing how financial institutions can best prepare, the panel concurred that the starting point is risk assessments. Specifically, compliance programs should be tailored to unique business and risk profiles, taking into account the size and complexity of an organization, its customer base, its exposure to geographies, and the complexity of its product offerings.
Panelists agreed that organizations must establish internal controls, outlining four key areas to consider:
- Data: Developing comprehensive, accurate, and complete data to feed through on a timely basis; considering both transactional and reference data, including customer data internally and from vendors.
- Effectiveness of sanctions screening systems: Tuning and calibrating sanctions screening and payments models.
- Managing false positives: Implementing false positive management controls and effective calibration to limit false positives or negatives.
- Operational controls: Ensuring operations teams are established for triaging alerts adequately and understanding sanctions exposure.
Enhancing regulatory compliance
The panel then considered opportunities to enhance audits and ensure regulatory success. Documentation is critical to being able to demonstrate compliance and take appropriate next steps as with such extreme sanctions in place, any weaknesses in programs will be difficult to hide. Panelists advised organizations to review their current risk assessments to ensure clear and concise documentation of areas such as risk methodology, risk identification, risk appetite, and risk mitigation.
Gaining C-Suite buy-in by aligning the risk appetite statement with senior management and ensuring consensus with senior leadership can also help to increase support throughout an organization. With numerous teams involved in sanctions decisioning, aligning processes and procedures across departments can enhance outcomes to ensure nothing slips through the cracks. However, the panel raised the point that in larger organizations, there are greater challenges in collaboration and coordination across teams and levels of management, making it important to address this upfront.
Managing technology
The panel then discussed the role of technology providers in supporting banks and financial institutions with sanctions compliance. Although access to black box models is required, it was highlighted that certain controls must be in place to ensure the technology provider retains competitive secrets, for example, through NDAs or anticompetitive clauses.
Reflecting the challenges outlined earlier regarding variations in names, access to technology and black box models can be equally difficult – one panelist noted that there were 64 variations of spelling for one name, making identification increasingly tough. Despite such issues, the panel agreed that technology can certainly help to mitigate the challenges of identifying sanctioned individuals or entities.
The role of crypto
The final area under discussion was cryptocurrency and the ongoing debate around its use as a way of evading sanctions. The panel was clear that currently, there is not enough use of crypto for it to be an effective tool to evade sanctions. The market capital of the entire cryptocurrency economy is just under $3tn; Russia is the world’s 11th largest crypto economy; therefore, there simply is not enough liquidity to effectively evade sanctions, and the crypto economy was viewed as not being structurally mature enough to have an impact.
One example provided by our panel was that it takes 10 minutes to clear a transaction on Bitcoin’s blockchain – when looking at millions of dollars, the network is not equipped to manage the increase. Therefore, if cryptocurrency is being used to evade sanctions, the transactions are likely to be small.
5 top tips to mitigate risk
Our panel of sanctions experts advised financial institutions to anticipate any business dealings with Russian organizations or entities to be increasingly limited and regularly changing. They outlined five ways to mitigate the risk posed by recent sanctions regimes:
- Identify exposure to the Russian Republic, Belarus, and separatist regions.
- Capitalize on existing technologies.
- Stay up to date with sanctions regimes, as they are constantly evolving.
- Approach vendors for supplementary information.
- Revisit risk appetite for reputational risk.
To read the full article please visit CeFPro.
Bryant Moravek, CCAS, CAMS, CGSS, is a Risk Advisory Services Principal at Kaufman Rossin, one of the Top 100 CPA and advisory firms in the U.S.