Sanctions risk: what is the regulatory challenge for compliance officers? Nov 02 2012 Miriam Gonzalez, John Forrest and Chloe Barker Compliance with domestic and international sanctions regimes has become one of the main regulatory challenges for compliance officers from financial institutions. With a sharpened focus on initiating investigations and the determined enforcement of export control and sanctions provisions together with a series of recordbreaking penalties the consequences of breaching the associated regulatory obligations are extremely serious and almost always lead to heavy fines and significant reputational damage. Given their important role in facilitating global trade and the international economy, regulators on both sides of the Atlantic are increasing placing high expectations on financial institutions to manage their sanctions risk. Compliance officers need to manage potential exposure based not only on the conduct of their own company but also on the conduct of their clients and counter-parties. While many financial institutions are devoting increased attention to sanctions compliance and implementing effective screening tools, many remain ill equipped to determine whether or not a particular transaction, service or product is prohibited, for example if it involves facilitating the transfer of prohibited goods or investment in a prohibited sector. Relevant competent authorities, enforcement agencies and financial regulators expect financial institutions to have in place effective systems and procedures for minimising the risks associated with financial crime. This includes a requirement for effective measures to manage the risks associated with export control and economic sanctions. Indicative issues for financial institutions The types of issues on faced by compliance personnel from financial institutions include: Capital markets transactions Ensuring that asset management functions have adopted appropriate sanctions risk management procedures in relation to the acquisition of securities and administration of funds. This includes the potential implications when a sanctioned investor is identified, or when it is established that a financial institution has traded,
either in a primary or secondary market, securities in a company which may have breached international sanctions. The associated obligations include ensuring that the financial institution is not engaged with prohibited investors, shareholders or investments. These issues are likely to arise in a situation where a financial institution does not have existing processes to (re-)screen counter-parties and third parties to assess whether a company derives its profits from activities which are sanctioned, or is owned or controlled by a sanctioned party, or is head-quartered or established in a sanctioned jurisdiction. Global transaction banking Given the volume of daily transactions undertaken by major financial institutions, the ability to undertake "real time" screening of transactions in a manner which does not overly burden business continuity is an important factor. But while screening is a core component of any compliance programme, financial institutions should be able to demonstrate that they have wider procedures to manage the screening process, for example: proper escalation of matters to appropriate senior management committees; staff who are properly trained to perform their sanctions functions; relevant risk categorisation of issues raised by screening software; risk sensitive (re-)screening of both customers and payment transactions; and appropriate calibration of any screening system's settings. International money markets Cash management is a key issue for all financial institutions. Should a significant client, account, or investor become subject to asset-freezing measures this is likely to have wider implications for the management of the company's liquid assets, especially where money market deposits are drawn from collateral held in accounts in
the name of a newly sanctioned individual, entity or body. Corporate financing Functions involved in managing due diligence in relation to M&A activity, including carrying out advisory, debt restructuring, and equity issuance must consider compliance with international sanctions provisions. Increasingly sanctions provisions extend beyond traditional asset-freezing measures. In particular, they now focus on financing and financial assistance in relation to the production or export of arms and weapons and other so-called "dual-use" items. Specific sanctions programmes also focus on financing, financial assistance and investment activities in key economic sectors, for example the energy sector, the financial services sector, or the logistics sector. Trade finance The ability to issue, advise, confirm or ultimately pay out against a letter of credit often raises sanctions issues where a sanctioned destination or a sanctioned party is involved, or when the presentation of documentation by a beneficiary highlights that the underlying transaction may in itself be prohibited. In addition, banks are often faced with very difficult legal and relationship management issues with regards to trade financing instruments such as, performance bonds, advance payment guarantees and counter-indemnities where it is claimed that the underlying transaction has been adversely affected by sanctions measures. Insurance and (re)insurance As indicated above, sanctions provisions increasingly extend beyond traditional asset-freezing measures. In addition to financing and financial assistance many sanctions programmes have strict prohibitions on the provision of insurance or re-insurance services, in particular in relation to the underwriting of activities in key economic sectors, such as the energy sector, the financial services sector, or the logistics sector. Not just a matter of compliance with OFAC regulations wider UK enforcement action Many financial institutions are geared up towards compliance with U.S. sanctions and AML provisions and have implemented procedures to screen against relevant OFAC sanctions lists. Recent fines in the United Kingdom however highlight a growing need for awareness raising and implementation of effective sanctions risk management procedures in the European Union. In March 2012, the UK Financial Services Authority (FSA) fined Coutts 8.75 million for failures in its risk management procedures including failures to establish the wealth and source of client's funds.
In August 2010, the FSA fined Royal Bank of Scotland 5.6 million for failures in systems and procedures to manage risks with respect to UK financial sanctions. Increasingly UK and wider EU financial services regulators are "benchmarking" financial institutions against regulator's expectations with regards to standard requirements for managing sanctions risk. In the UK, the FSA's enforcement action with respect to sanctions compliance has generally focused on: Principle three of the FSA's Principles for Businesses (PRIN), "A firm must take reasonable care to organise and control its affairs responsibly and effectively, with adequate risk management systems"; Rules 3.2.6 of the FSA's Senior Management Arrangements, Systems and Controls sourcebook (SYSC), "A firm must take reasonable care to establish and maintain effective systems and controls for compliance with applicable requirements and standards under the regulatory system and for countering the risk that the firm might be used to further financial crime"; and Rule 6.1.1 of the SYSC, "A firm must establish, implement and maintain adequate policies and procedures sufficient to ensure compliance of the firm including its managers, employees and appointed representatives (or where applicable, tied agents) with its obligations under the regulatory system and for countering the risk that the firm might be used to further financial crime." These principles and rules form the basis of regulated firms' requirement to have effective systems and controls to counter the risk that the firm might be used for the purposes of financial crime. In addition, enforcement action taken against Royal Bank of Scotland Group (RBSG) was based on Regulation 20(1) of the Money Laundering Regulations 2007, which requires financial institutions to have in place appropriate, risk-sensitive policies and procedures to prevent activities relating to money laundering and terrorist financing. Regulation 20(1) A relevant person must establish and maintain appropriate and risk-sensitive policies and procedures relating to: a. customer due diligence measures and continuing monitoring;
b. reporting; c. recordkeeping; d. internal control; e. risk assessment and management; the monitoring and management of compliance with, and the internal f. communication of, such policies and procedures, in order to prevent activities related to money laundering and terrorist financing." UK financial institutions are prohibited from providing financial services to persons on the HM Treasury sanctions list. The Money Laundering Regulations 2007 require that financial institutions maintain appropriate policies and procedures in order to prevent funds or financial services being made available to those on the sanctions list. Between December 15, 2007 and December 31, 2008, RBS Plc, NatWest, Ulster Bank and Coutts and Co., which are all members of RBSG, failed to adequately screen both their customers, and the payments they made and received, against the sanctions list. This resulted in an unacceptable risk that RBSG could have facilitated transactions involving sanctions targets, including terrorist financing. The FSA considered that RBSG's failings in relation to its screening procedures were particularly serious because of the risk they posed to the integrity of the UK financial services sector. This is the biggest fine imposed by the FSA to date in pursuit of its financial crime objective. The FSA regulates the financial services industry and has five objectives under the Financial Services and Markets Act 2000: maintaining market confidence; promoting public understanding of the financial system; securing the appropriate degree of protection for consumers; fighting financial crime; and contributing to the protection and enhancement of the stability of the UK financial system. In 2009, the FSA published the results of its thematic review work on firms' systems and controls relating to UK financial sanctions, in which it noted that there was much room for improvement. The report encourages firms to increase their awareness of the financial sanctions regime, draw on the examples of good practice that were found at some firms and use the FSA's report to benchmark their own procedures. The FSA noted the following misconceptions were often evident at firms visited during its review:
Individuals and entities on the list are all based overseas wrong! In fact, a number of the names on the list are UK-based; Financial sanctions targets are the same as politically exposed persons wrong! Most PEPs are not the subject of financial sanctions, although some may be; By carrying out anti-money laundering checks, we satisfy the financial sanctions requirements wrong! Only screening against the financial sanctions list will do this; and If we do not hold client money, we do not need to check the list wrong! The prohibition extends to providing financial services. The FSA paper includes examples of good and poor practice that it observed during its review. In particular, firms must ensure that as part of their client take-on and AML procedures, all relevant persons are checked against the current financial sanctions list. HM Treasury is responsible for updating the consolidated list of sanctions, which can be found on its website. In addition, firms should consider which parts of their business are subject to the requirement to check the financial sanctions list. Depending on the type of firm, examples include (but are not limited to): Taking on new investment management or advisory clients (where the client is an entity, firms should consider whether checking of individual controllers would be prudent) Changes in control (for example directors or beneficial owners) of existing clients; New investors in a fund (where a third party administrator is appointed, firms should obtain confirmation that procedures include financial sanctions checking); Investments in private companies, where the firm carries out due diligence for AML purposes;
Co-investment parties; and Continuing monitoring of existing relationships. Financial institutions must also ensure that they have written procedures which include the requirement to check the financial sanctions list and that training is provided to relevant staff on the meaning of the financial sanctions regime and its application to the firm. Miriam Gonzalez is a partner in Dechert LLP s London office and head of the firm s EU Trade and EU Government Affairs practice, focuses on international and EU trade law and policy. John Forrest is a director and Chloe Barker is an associate in the same office. The views expressed are their own. THOMSON REUTERS GRC 2011 THOMSON REUTERS. ALL RIGHTS RESERVED CONTACT US DISCLAIMER TERMS & CONDITIONS PRIVACY STATEMENT ACCESSIBILITY RSS TWITTER GRC CONNECTS LINKEDIN