In the wake of a huge upswing in the usage of payment systems that allow users to send and receive funds almost instantly, The Office for Foreign Assets Control (OFAC) issued a new best practice guidance to sanctions compliance within instant payment systems. The surge in velocity, volume, and values of transactions taking place in instant payment systems has prompted questions from participating banks as to how best to implement sanctions compliance procedures.
Here’s a handy summary of the out-takes of OFAC’s recommendations.
Take a risk-based approach
The guidance reiterates that compliance controls and tech solutions should remain commensurate with the sanctions risks presented. Compliance teams should:
- Continue to take a risk-based approach
- Highlight key factors that are relevant in determining risk
- Embrace innovative approaches, and encourage the development and deployment of new technologies to address identified risk
- Incorporate sanctions compliance considerations into systems at the development stage
Rely on the five pillars of compliance
OFAC recommends that U.S. persons, including U.S. banks, employ a risk-based approach to sanctions compliance that is predicated on and incorporates at least five essential components of compliance:
- Management commitment
- Risk assessment
- Internal controls
- Testing and auditing, and
Understand your risk
The sanctions risk of financial institutions and products vary greatly according to the geographic locations and the extent of their international presence; the location, nature, and transactional history of its customers and their counterparties; the specific products and financial services it offers; and its size and sophistication. Hence a ‘one size fits all’ solution isn’t practical. It is essential that organizations asses their own risk accordingly.
Some of the key considerations for your risk assessment should include:
- Is my organisation involved exclusively in domestic transactions?
- In highly regulated jurisdictions, such entities are exposed to lower risk than those operating instant payment systems that permit cross-border transactions.
- What proportion of transactions are made by previously vetted and cleared customers, and are consistent with historic customer behaviour?
- Discrepancies in the nature and value of transactions indicate greater risk.
- How can I use AI tools and other innovative tech solutions which use information-sharing mechanisms to enhance accurate risk assessment?
- Using these kinds of scalable and accessible tools can enhance sanctions screening functions and reduce false positives.
Build in compliance sanctions at the systems development stage
Incorporating sanctions compliance during the design and development process of instant payment systems reduces the opportunities for violations. OFAC encourages the developers to maintain a sanctions compliance program, with the risks presented by their particular instant payment system, and incorporate sanctions compliance features, tools, and contractual clauses during the development stage.
Design considerations could include:
- Facilitating a communication system between participating financial institutions, giving them sufficient information to effectively adjudicate alerts of potential sanctions concerns Notwithstanding the near real-time transaction settlement demands of instant payment systems, building in the option of exception processing (holding up a transaction to allow time to investigate potential sanctions concerns).
- Establishing minimum sanctions compliance requirements around customer onboarding and ongoing due diligence and norms for screening transaction parties or details.