Welcome to our new blog series on the challenges of sanctions screening. Over the coming weeks, we will evaluate the current sanctions screening processes in place globally, explain why and how costly false positives occur, and demonstrate how effective application of the latest technologies (including artificial intelligence and big data) can overcome these pitfalls to increase process effectiveness and efficiency.
In this blog we look at what sanctions are, the basic principles of sanctions screening and what to consider when defining sanctions risk governance.
What are sanctions?
Sanctions are economic and/or political measures that aim to influence the behaviour of a regime, group or individual. They are created by international, regional and state bodies and can change regularly.
From travel bans and asset freezes, to import/export restrictions, sanctions help protect national security, financial and national services, as well as a country’s economy.
Typically, sanctions are penalties placed against individuals or groups (known as the ‘target’) known to be engaging in behaviours that are not only illegal but constitute a threat to the international community. The label of target can refer to an array of entities, including countries and their regimes, terrorists, international traffickers of drugs, weapons, or humans, and those engaged in the proliferation of weapons of mass destruction.
A financial sanction prohibits transactions and, in some cases, any financial services, with the target.
Why China has been sanctioned:
Q1 2021 saw a coordinated effort by the European Union, UK, US and Canada to impose sanctions, including travel bans and asset freezes, on officials in China over human rights abuses against Uyghur Muslims. China immediately responded by imposing its own sanctions. In May 2021 the European parliament voted overwhelmingly to “freeze” any consideration of a massive investment deal with China, following the tit-for-tat sanctions. Most recently, China has moved forward with a law aimed at countering sanctions imposed by foreign governments.4
Principles of sanctions screening
The basic principle of sanctions screening itself is simple: compare all data relating to the customer, supplier, employee or transaction with the data contained in external sanctions lists, such as those from the Office of Foreign Assets Control (OFAC), The United Nations, or the Office of Financial Sanctions Implementation (OFSI).
To mitigate risk, sanctions screening should be conducted not only at the beginning of a new relationship with a party, but on a daily basis and when dealing with transactions that include a party external to the organisation (for example, transaction screening).
Organisations screen against a variety of lists. Some are lists of Politically Exposed People, others are ‘risk lists’ or ‘watchlists’ that contain people or entities that may be of interest to an organisation for various reasons, such as disqualified directors or people found guilty of a crime. For the purposes of this document, ‘sanctions lists’ is used as a term for all list types.
Every step within this process raises challenges and risks, which need managing and mitigating with meticulous sanctions, risk governance and due diligence.
“To migitate risk, sanctions screening should be conducted not only at the beginning of a new relationship but on a daily basis.”
Sanctions risk governance
Robust sanctions risk governance must be an integral part of every organisation’s screening process. This includes:
1. Defining the business risk appetite
For example, is the business happy to work with individuals in a potentially sanctioned country? What flags does the business want to monitor to ensure sanctions risk is minimised for the organisation? What matching terms is the business comfortable using?
2. Defining the sanctions risk management policies
Sanctions risk management policies should ensure adequate risk management. For example:
Definition of risk tier per country
This is based on how risky it is to do business with that country, or based on other factors, such as political unrest.
Definition of the type of lists to be checked
There are thousands of lists available to help organisations perform effective risk management and regulatory compliance. These may be international sanctions lists (such as OFACs) or watchlists such as lists of politically exposed individuals and their relatives, the FBI’s Most Wanted or HMRC’s Disqualified Directors. Used effectively and appropriately these allow organisations to ensure appropriate controls are in place. For example, a medical company may screen business counterparties to ensure they are not involved in inappropriate dealing of medical equipment.
Different lists will be used by different parts of the business as appropriate to the risk appetite defined.
Definition of the types of controls to be used in sanctions screening:
i. Will each customer, vendor and employee be checked against all sanctions lists available, or only subsets based on customer specificities, for example?
ii. Will manual reviews be used to address hits that are similar matches to individuals (for example, to account for spelling mistakes)?
iii. Will companies that have been checked in another geographical location be included?
3. Defining the sanctions risk management responsibilities
Define the internal department that will be responsible for sanctions risk management and the operating model (such as roles and responsibilities in the team, procedures required to perform screening processes, escalation processes, operational controls, etc).
Sanctions Screening: What Causes False Positives and How to Reduce Them
We have explored in today’s blog what the principles of sanctions and sanctions screening are, shown that robust sanctions risk governance must be incorporated into every organisation’s screening process, and discussed which definitions should be included in that integral process.
Over the next few weeks, we will touch on the current challenges in sanctions risk management, how best to approach sanctions screening, and how the latest technology, like that of Napier, can minimise error and improve the screening process.
This article is the first in a series of a larger paper authored by Napier.
If you would like to read the full paper, you can download it here.