This is the first of a three part series.
Effectiveness, efficiency and explainability – “the three E’s” – are the interdependent foundational girders for building a sound sanctions compliance program. In the first of this three-part series, we’ll look at the role of effectiveness in sanctions compliance.
The importance of effectiveness
Effectiveness is the main regulatory objective and the bottom line for assessing any sanctions compliance process. It describes the ability of a screening programme to successfully detect any risk of dealing with a sanctioned entity.
Sanctions compliance programmes involve a combination of people, processes and technology. When properly implemented and tuned, the screening programme provides assurance that the organisation is operating within the regulatory requirements of the governing jurisdictions.
For example, detailed guidance issued in May 2019 from the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) outlines the technical, organisational and human-capital requirements that organisations are expected to implement to ensure effective compliance.
Although this type of guidance is welcomed to help clarify regulatory expectations for sanctions compliance, it also presents a new aspect to the challenge of effective compliance by setting expectations in stone.
Organisations must now demonstrate that they have implemented a comprehensive sanctions compliance programme. If regulators assess a sanctions programme as not effectively covering the organisation’s sanctions risk exposure, they may decide to engage in enforcement actions regardless of actual sanctions violations.
Navigating increased complexity
If there was any doubt about how critical it is to toe the line on sanctions compliance, the staggering fines issued in 2019 (a record of nearly $1.3bn as of October 7) are a stark reminder that OFAC takes sanctions compliance very seriously.
Despite huge fines and the potential reputational damage from violating sanctions, the uptick in OFAC settlements over the last few years is indicative of just how difficult it is for organisations to achieve effective compliance.
Managing international sanctions regulations and closing compliance gaps in transaction monitoring and filtering programmes is clearly an ongoing challenge, with many regulatory and operational obstacles.
On the regulatory side, achieving effective sanctions compliance is made more difficult by the following four trends:
- A steady increase in the number of designated entities – Broadening foreign policy objectives and the US decision to snap back sanctions against Iran has led to a record increase in the Specially Designated Nationals (SDN) List.
- Growing complexity of sanctions programmes – Trade sanctions, sectoral sanctions and targeted sanctions, such as asset and travel freezes, are being used with greater frequency. These sanctions are more difficult for institutions to identify and implement than embargos, which block an entire geography.
- More sophisticated sanction-evading techniques – Impacted countries and individuals are finding creative ways to skirt sanctions using virtual currencies, complex trade links, and engaging in illicit shipping.
- Deeper regulatory scrutiny – New York State Department of Financial Services (DFS) Part 504, which includes requirements for designing and implementing measures to ensure screening controls are sound, is a prime example of the trend towards increasingly stringent requirements on institutions’ internal sanctions filtering programmes.
Unlike regulatory challenges, which are greatly impacted by external political factors, operational challenges reflect the internal issues financial institutions and other organisations face when designing and implementing their sanctions compliance frameworks. For example, disparate systems as a result of mergers, acquisitions, and differing departmental needs can hinder the flow of information required to ensure sanctions compliance.
Another operational challenge, particularly for global organisations, is ensuring that foreign subsidiaries subscribe to the same level of compliance with internal policies as the home office. A strong and consistent culture of compliance from the top down and across geographies can be instrumental in preventing sanctions violations. However, even when a company does its due diligence and takes the right precautions, there are no guarantees.
Case in point is Virginia-based Kollmorgen Corporation, which settled a potential civil liability in February 2019 for violations of Iran sanctions from its Turkish affiliate, Elsim Elektroteknik Sistemler Sanayi ve Ticaret Anonim Sirketi (“Elsim”). Although Kollmorgen had taken proper steps prior to and after the acquisition of Elsim to make sure the affiliate complied with US sanctions requirements, Elsim continued to provide goods and services to Iran while attesting to the contrary.
Harnessing technology to optimise effectiveness
To tackle both the regulatory and operational challenges of sanctions compliance, organisations need to implement sanctions screening programmes backed by technology solutions that can accurately detect sanctions risk exposure.
In particular, solutions that leverage artificial intelligence (AI) offer advanced precision in detection to deliver a manageable number of relevant alerts. As a result, they provide a highly effective process for sanctions screening and allow for better management of sanctions risk exposure.
Another aspect of effective compliance involves end-to-end testing both pre- and post-implementation, as outlined in DFS Part 504. Testing at various stages is critical for mitigating both operational and regulatory risks. Gap analysis and health checks are the two most common types of tests to assess filter effectiveness.
Ongoing governance and internal control of the compliance testing process provide the final layer to ensure effective sanctions compliance screening across an organisation.
The overall programme design must be documented through policies and procedures that reflect the institution’s risk exposure. This documentation must be maintained in order to continue to capture the operational reality.
Finally, the institution is expected to keep records of its controls (screening results, testing reports) in order to be able to demonstrate that the programme is performing effectively and explain how it is mitigating sanctions risks.
Join our webinar or download our white paper, Excellence in Sanctions Screening: The Role of Effectiveness, Efficiency and Explainability to learn more.