The complexity in sanctions, and with it the number and volume of monetary penalties, has made the area of sanctions compliance a growing concern for banks and financial institutions. Institutions that do not incorporate a comprehensive sanctions programme are essentially accepting a trade-off between profiting from potentially ‘sanctionable’ business and the risk of detection and penalties.
Paying a penalty can no longer be treated as ‘cost of doing business’, as penalties may include jail time and loss of operating licenses. Alongside the penalty, the reputational risk associated with a violation and the resultant loss of correspondent banking relationships is an adequate consideration for banks to put in place a robust programme for sanctions compliance and ensure that this programme is reviewed and fine-tuned regularly to keep pace with the global regulatory environment.
Recent Enforcement Actions
The Office of Foreign Assets Control (OFAC) of the US Department of the Treasury is responsible for imposing penalties for violations in US economic and trade sanctions and is by far the most active sanctioning authority. An analysis of OFAC sanctions violations in the last couple of years suggests some common types of violations.
Many of the lapses seem to revolve around the failure to monitor third party relationships adequately. In a recent enforcement action in 2019, Allianz Insurance Company was penalized USD 270, 690 for Cuban sanctions related lapses that allegedly went unaddressed for several years. Allianz in Canada issued travel insurance policies through a ‘fronting’ partner that involved coverage provided to Canadian residents’ travel. For the policies underwritten, Allianz failed to collect information regarding the travel destination, which led to a lapse in detecting travel by policyholders to Cuba.
A similar violation was detected for Chubb Life Insurance and a penalty of USD 66, 212 was imposed in December 2019. Western Union, in June 2019 was penalized USD 401, 697 for the inability to detect an entity on the SDN list, which was operating in a sub-relationship with Western Union’s agent bank in Gambia.
The use of complex payment structures caused British Arab Commercial Bank (BACB), a commercial bank based in London, to shell out a penalty of USD 4 million in 2019 (the proposed initial penalty in this case was USD 228.84 million). The BACB was found guilty of processing bulk funding payments to Sudanese financial institutions through a complex structure involving Nostro accounts via a non-US financial institution. However, the non-US financial institution routed these payments through a US bank for further credit, leading to the sanctions violation.
In two similar enforcement cases by the Office of Financial Sanctions Implementation, UK, Raphaels Bank and Travelex UK were each penalized GBP 10,000 for dealing with funds belonging to a person designated under the EU’s Egypt Sanctions regime. Although the penalty amount in these cases was not as high as those in the US cases, the violations could have likely been avoided by comprehensive screening of transactions.
Several other enforcement cases relate to willful negligence about potential sanctions violations as well as intentional breaches. In April 2019, Standard Chartered Bank admitted to illegally processing transactions in violation of Iran sanctions and were penalized in excess of USD 639 million.
Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division proclaimed while announcing the order against Standard Chartered Bank – “When a global bank processes transactions through the U.S. financial system, its compliance program must be up to the task of detecting and preventing sanctions violations—and when it is not, banks have an obligation to identify, report, and remediate any shortcomings.”
Regulators typically show a degree of leniency in cases involving self-reporting of lapses by financial institutions and where institutions demonstrate that corrective actions were taken as soon as the lapses were detected. Western Union, in the case above benefited from two ‘aggravating factors’ – self-reporting of a violation of the Global Terrorism Sanctions Regulation and demonstration of corrective and remedial action that was taken even before the lapses were discovered.
Misconceptions around Sanctions
In Fintelekt’s experience and interactions, we routinely come across banks & financial institutions in Asia assigning relatively lower priority to sanctions on the pretext that they are not doing significant trade or remittance business or that do not have branch locations in the US or UK. Such banks are clearly not adequately taking into consideration the counterparty risks involved in trade transactions or remittances with sanctioned countries or sanctioned entities.
The second misconception is that if the institution is not doing business in US dollars, they are safe from US sanctions. However, US sanctions are currency-agnostic and are applicable to non-USD business where this concerns a US person or involves the US financial system.
Another observed misconception is that screening for sanctions is a one-time activity. On the contrary, sanctions screening needs to be continuous and comprehensive. Sanctions lists are updated frequently, and institutions must keep track of changes in the lists of denied and restricted parties, issued by multiple regulators like the US, UK, EU or the UN.
A widely held belief is that sanctions screening simply involves name matching. However, this becomes more complicated as institutions are also expected to screen for entities owned 50 per cent or more by a sanctioned entity. The name screening problem is compounded by a large number of false alerts.
Consequently, the amount of effort in name screening is often underestimated – especially when this is being done manually or from unconnected data sources from various departments in the organisation.
While banks are relatively more aware and conscious of sanctions screening responsibilities, other financial institutions often regard it to be the banks’ responsibility to undertake the required due diligence.
However, as the case of Allianz and Chubb quoted earlier in this article demonstrate, passing the buck cannot absolve players like insurance companies or brokers of their responsibility in complying with sanctions.
How can the Institution Strengthen its Sanctions Compliance Programme?
There is a wealth of guidance material available from regulators and other agencies for banks and financial institutions to consider for their sanctions compliance Programme. OFAC in 2019 released a detailed guidance framework for OFAC compliance commitments advocating a risk-based approach to sanctions compliance. The five essential components listed in this guidance are management commitment, risk assessment, internal controls, testing and auditing, and training.
The Wolfsberg group has similarly issued guidance for sanctions screening as a part of an effective financial crime compliance programme.
A risk-based approach has been recommended by most of these guidance papers, urging institutions to consider which types of operations within the bank or financial institution may fall under the purview of sanctions regimes, understanding the nature of such operations, the currency being utilized, and the type of stakeholders involved, based on the institution’s risk appetite.
The key question for banks and financial institutions going forward is not whether a sanctions compliance programme exists within the organisation on paper, but to ask whether it is foolproof and can stand up to the complexity of the international sanctions environment.
About the Author: Arpita Bedekar, Director-Strategy & Planning, Fintelekt Advisory Services.
Arpita has more than 15 years of experience in planning, managing and executing consulting & research projects in various verticals. Writing and editing has been part of this core experience, leading to several articles in Indian and international publications to her credit. She has worked with organizations such as the Department of Economics and Statistics at the TATA Group, ValueNotes Strategic Intelligence and KPMG. She joined Fintelekt in 2012 and is currently responsible for strategy & planning.
Arpita holds a graduate degree in Economics from St. Xavier’s College, Mumbai, India and Master’s degree in Economic History from the London School of Economics and Political Sciences, UK.
Additional Reading Material: