With the increasing complexity and scope of international sanctions, companies need to ensure they have effective sanctions screening processes in place to avoid significant legal and financial repercussions related to money laundering and terrorist financing.
However, many businesses struggle with understanding the requirements and challenges of managing sanctions screening and sanctions risk. With different sanctions lists to consider, varied regulations to comply with, and the potential for significant financial costs and penalties, businesses are in search of guidance to navigate this complex process.
In this article, we will provide a comprehensive guide to sanctions screening and best practices to ensure your business remains compliant. We will cover the regulatory landscape, the importance of sanctions screening, the requirements and challenges of sanctions screening, and best practices for implementing a sanctions screening program. By the end of this article, you will have a better understanding of how to effectively manage the complexities of sanctions screening and protect your business from financial crime.
What is sanctions screening?
Sanctions screening is the process of screening individuals and entities against lists of sanctioned parties. Sanctions lists are compiled and maintained by governments and international organizations, such as the United States’ Office of Foreign Assets Control (OFAC), the United Kingdom’s Office of Financial Sanctions Implementation (OFSI), the European Union’s Consolidated List of Person, Groups and Entities Subject to EU Financial Sanctions, and the United Nations’ Security Council Consolidated List. These lists identify individuals, companies, and organizations that are subject to sanctions for a variety of reasons, including, among other things, involvement in war, money laundering, terrorism, narcotics trafficking, human rights abuses, and weapons proliferation.
Why is sanctions screening required?
Sanctions screening is a required control to prevent illicit transactions by prohibited entities or individuals seeking access to the financial system. It is required by law in many countries, including the United States, Canada, the United Kingdom, and the European Union to name a few. Failure to comply with sanctions regulations can result in significant financial, legal, and reputational risks for businesses. Penalties for non-compliance can include fines, and in the most severe cases can lead to loss of business licenses, and even criminal charges.
Case studies of companies fined by regulatory authorities
Microsoft: In April 2023, Microsoft was fined $2,980,265.86 for exporting services and software from the United States to sanctioned jurisdictions and Specially Designated Nationals (SDNs) in violation of OFAC’s Cuba, Iran, Syria, and Ukraine/Russia-related sanctions program. By not identifying end users, OFAC found Microsoft to have failed to prevent the use of it’s products by sanctioned parties. (Source OFAC: read more)
BitPay, Inc.: In 2021, BitPay, Inc., a bitcoin payment processor based in the United States, was fined $507,375 by OFAC for 2,102 apparent violations of multiple sanctions programs. OFAC found that BitPay had processed digital currency transactions on behalf of individuals in sanctioned jurisdictions, including Cuba, North Korea, Iran, Sudan, and Syria, among others. (Source: OFAC – read more)
Standard Chartered Bank: In 2019, the FCA fined Standard Chartered Bank £102,163,200 for failures in its anti-money laundering controls and sanctions screening processes. The FCA found that Standard Chartered had failed to adequately identify and manage the risks associated with customers who may have been involved in sanctioned countries, including Iran, Syria, and Zimbabwe. (Source: FCA – read more)
Société Générale: In 2018, Société Générale S.A. was fined $53,966,916 by OFAC for violating US sanctions against Cuba, Iran, and Sudan. OFAC found that Société Générale had processed transactions on behalf of sanctioned parties, and had failed to implement adequate sanctions compliance policies and procedures. (Source: OFAC – read more)
These examples highlight the importance of effective sanctions screening processes and the serious consequences of non-compliance with sanctions requirements. Companies that operate in multiple jurisdictions need to ensure that they have effective sanctions screening processes in place that address local and global regulations to avoid legal and financial repercussions.
What are the sanctions screening requirements?
Businesses are required to not conduct business with sanctioned individuals and entities. To do so, they are required to screen all customers, vendors, UBOs, employees and other entities that they do business with against certain government-maintained sanctions lists depending on the jurisdiction in which they operate. Sanctions screening, also referred to as name screening, should be conducted during the know your customer (KYC) process and on a regular basis and must be documented to ensure compliance.
In addition, businesses should also screen transactions for potential sanctions violations. This applies to financial transactions such as payments or loans, as well as non-financial transactions such as the exchange of goods or services. In addition to screening the sender and recipient of a transaction, businesses must also screen any intermediaries involved in the transaction to ensure that they are not subject to sanctions. This process is known as transaction screening.
Which sanctions lists should you screen against and where do you find the data sources?
To adhere to sanctions screening requirements, businesses must conduct screenings against all pertinent global sanctions lists and watch lists in all jurisdictions where they conduct operations. It’s essential to note that if a business conducts transactions in US dollar, it falls under US jurisdiction, and thus must comply with US sanctions regulations. For example:
In the United States, the primary sanctions list is the Specially Designated Nationals and Blocked Persons List (SDN) provided by the Office of Foreign Assets Control (OFAC). Other relevant lists include the U.S. Department of Commerce’s, Bureau of Industry and Security (BIS) Entity List (EL), Denied Persons List (DPL), and Unverified List (UVL).
In the European Union, the primary list is the Consolidated List of Sanctions, maintained by the Directorate-General for Financial Stability, Financial Services and Capital Markets Union (DG FISMA).
In the United Kingdom, the primary list is the Consolidated List of Financial Sanctions Targets, maintained by the Office of Financial Sanctions Implementation within HM treasury.
In Canada, the primary list is the Consolidated Canadian Autonomous Sanctions List, published by the Government of Canada.
It is also recommended for businesses to screen against the United Nations Security Council Consolidated List and other lists relevant to their region or industry.
Sanctions list data is typically available on government websites and from data providers like Dow Jones and World-Check. It’s important to keep up to date with changes to sanctions lists, as newly sanctioned entities are added and removed on a regular basis.
Setting up a sanctions screening program
Setting up a sanctions screening program involves several steps, including:
Determine your sanctions risks and obligations: Identify the risk associated with your business and the sanctions lists relevant to your business based on the jurisdictions in which you operate. Get some guidance from industry experts.
Choose sanctions screening software: Select reliable and efficient AML sanction screening software that can handle all of your data and scale as your needs grow.
Customize your sanctions compliance and screening program: Customize your internal controls and procedures as well as your screening tools and configurations to effectively identify and manage sanctions risks.
Integrate the software: Integrate the sanctions screening software into your existing systems and workflows to ensure a smooth and efficient process.
Train your staff: Provide training to employees on how to use the screening software and to make sure they understand the importance of sanctions compliance.
Regularly screen against sanctions lists: Conduct sanctions screening during onboarding and on a regular basis for all customers, vendors, and other entities that your business interacts with.
Keep up to date with changes: Stay informed of any changes or updates to sanctions lists and adjust your screening program accordingly.
Monitor and evaluate the effectiveness of the program: Establish procedures for monitoring and evaluating the effectiveness of the program and ensure that your program is scalable and can adapt to changes in your business or the regulatory environment.
In addition, we suggest that you consider the Compliance Commitments Framework provided by the Office of Foreign Assets Control (OFAC).
Challenges to sanctions screening
Sanctions screening can be a challenging process for businesses due to various factors that can impact its effectiveness. Some common challenges include:
Data quality: The quality of the data used in sanctions screening can impact the accuracy of results. Poor data quality can result in false negatives (missing a true hit) and false positives resulting in inefficiency and exposing the business to the risk of hefty fines.
Volume of data: Businesses with large customer bases and high transaction volumes may find it challenging to process a significant amount of customer data quickly.
Keeping sanctions data up to date: Sanctions lists are regularly updated, and businesses must keep their screening systems current to identify new risks.
Resources: Establishing a comprehensive sanctions screening program requires a significant investment in terms of personnel, time, and money.
Keeping up with regulations: Global sanctions regulations and requirements can vary across different jurisdictions making it challenging for businesses to stay up to date and avoid potential violations.
Addressing these challenges requires financial institutions and other businesses to implement the appropriate tools and processes, such as high-quality data management, advanced screening algorithms, and regular updates to sanctions lists. Additionally, businesses need to establish clear compliance procedures, including record-keeping, escalation workflows, and the use of case management tools to ensure that sanctions screening processes are carried out effectively and efficiently.