2012 was a banner year for fines imposed by US regulators on global financial institutions (FIs) for violating US sanctions. There are, of course, regular reminders that the repercussions of the sanctions list extend to non-financial institutions, such as oil companies, also.
Many of the fines related to payments made where the bank in question knowingly sought to subvert US sanctions by ‘stripping’ information from payment messages that would normally be identified by a filtering solution.
Most global banks will have learned from these prosecutions and will have made sure their organisation is not knowingly involved in any activity which would violate US or other sanctions. However there are still significant challenges including:
- The increase in lists that are considered valid for payment filtering.
- The overlap between these lists
An Increase in Lists Considered Valid for Payment Filtering
In addition to major sanction lists such as those provided by the United States Office of Foreign Asset Control (OFAC), the Official Journal (OJ) of the European Union (EU), the United Nations’ (UN) Consolidated List and, in the UK, Her Majesty’s Treasury (HM Treasury) consolidated list of financial sanctions (HMT), global organisations are being compelled to include similar lists from jurisdictions where they operate satellite offices, or whose currencies they trade in. Where the organisation has offices in Singapore and Australia, it will also need to include the Monetary Authority of Singapore (MAS) and Australian Department of Foreign Affairs and Trade (DFAT) lists.
Rules and best practice on monitoring the EU list are becoming increasingly challenging. This is already a challenge, in that the EU publishes sanctions in both the OJ and then thereafter in the EU consolidated list. There is often a time lag between the two publications appearing, ranging from a single day to as much as 12 days. This presents a major challenge for those banks monitoring the EU consolidated list, as they will potentially be without necessary data for a significant amount of time. German draft legislation is already recommending that its constituents update within 48 hours* and other EU countries may follow suit. Banks are also under pressure to add the 20-plus language variations provided by the EU, based on the languages spoken in the countries they operate in.
Additionally, due to expansion in the depth and breadth of US sanctions on Iran – as outlined in the Iran Threat Reduction and Syria Human Rights Act (ITRSHRA) and the Iran Freedom and Counter-Proliferation Act of 2012 (IFCPA) – global firms are increasingly paying attention to secondary lists in the US. In addition to OFAC’s Specially Designated Nationals (SDN) list, the US Treasury has also categorised banks under Part 561 of the Comprehensive Iran Sanctions, Accountability, and Divestment Act (CISADA) which have been seen to facilitate transactions to Iran and therefore “US FIs are prohibited from opening or maintaining a correspondent account or a payable-through account for the foreign FI(s) listed” The US Department of State (DoS) and the Department of Commerce are also actively listing entities based on specific sanctions or export control violations.
The US Government Accountability Office (GAO) is tasked with submitting reports to the DoS on entities which engage in certain activities in Iran’s energy sector, effectively holding the DoS to account on entities that they have found to be fitting the descriptions outlined in CISADA. Even individual US states such as California have created their own list of companies prohibited from contracting with public entities in relation to their Iran Contracting Act. States such as Indiana have adopted the California list, whereas New York, New Jersey and Maryland have come out with their own lists.
The net effect of this is more data to screen against. That means more alerts which, in turn, increases the risk of mistakes.
Overlapping between Lists can Present a Challenge
The first generation of sanctions lists used for payment screening by banks involved finding the relevant lists and including them in the payments filter. Initially, many software vendors would simply provide ‘hooks’ to download the data from the regulator’s website, with little editorial review or adaptation. The issue with this approach was that there was a significant amount of duplication among the major sanctions lists, such as OFAC, EU, HMT and UN. As case management tools within software applications have evolved, multiple matches on transactions have been ‘grouped’ together in alerts; however the duplication is still there, leaving the operator with the task of identifying whether like matches are indeed the same person or entity.
What many call the second generation of sanction list management was the use of the sanctions data from anti-money laundering (AML) databases. This was seen as a way to leverage the editorial services of content providers; namely their ability to recognise duplicates across sanctions lists and consolidate them into unique ‘profiles’. The ability to work with consolidated profiles eliminated the arduous task of eyeballing multiple matches in a particular case; however a drawback tended to be the lack of transparency of the source of data elements included. Banks would often get matches on, for example, aliases and would have a hard time tracing the source. Upon discovery of the source, they would realise the alias in question was from a sanction list they did not necessarily require for payment screening.
Most recently, data providers have released third generation formats where banks can benefit not only from the consolidation of lists, but also from having each individual data element tagged with a source code. This reduces match rates significantly, speeds up the load of data into the filtering technology and ultimately improves the user experience for operators who have the onerous task of clearing alerts.
Consolidation among Major Sanctions Lists
It can be a common perception that the major sanctions lists are very similar if not the same. This is, however, far from the truth. A study carried out at the start of February 2013 by the Dow Jones Risk and Compliance quality team on the overlap between the OFAC, EU and UN sanctions lists some interesting statistics were highlighted. At the time of the study, there was a total 5,604 unique records among these lists. Of those records there was overlap among two of the three lists for 799 of the records and only 290 records were on all three lists. Other than the need to comply with the regulations of these three bodies, clearly there is great value in screening against all three in a consolidated form.
Another major misconception is that regional European lists, such as the UK’s HMT list, is effectively a redistribution of the EU list. Although there is significant overlap between the two, the study found 2,416 records on the HMT list of which 2,373 overlapped. This means that UK firms which rely on the EU list to meet their sanctions requirements could be in breach were they to miss out on the 43 records in question. The records contain international individuals and entities but also some that are specific to the UK; for example Parviz Khan, the Birmingham-based leader of an Islamist group, was jailed for masterminding a plot to kidnap and behead a British Muslim soldier in 2008. Global banks which have offices in the United Kingdom or that trade in sterling will want to make sure they understand this overlap and the differences in the lists.
In any case, the overlap underlines the value of the consolidation of records to drive efficiencies and reduce the burden on operators. As one banker recently described it, using unconsolidated data “isn’t like looking for a needle in a haystack, it’s like looking for a needle in a stack of needles”.
— Section 18 Paragraph 12
Regulation technology is fast gaining currency by transforming how financial institutions can tackle compliance in a swift, comprehensive and less expensive manner.
The implementation date of Europe's revised Markets in Financial Instruments Directive, aka MiFID II, is fast approaching. Yet evidence suggests that awareness about the impact of Brexit on MiFID II is, at best, only patchy and there are some alarming misconceptions.
Despite all the automation and improvements that digital banking has the potential to achieve, customers and their needs still form the very core of the banking sector.
Politicians have united in urging the Reserve Bank of Australia to lend its backing to the digital currency by officially recognising it.