The global sanctions landscape is currently seeing two key trends: the use of targeted sanctions to achieve geopolitical goals, and several enforcement cases which indicate the OFAC is setting higher standards for how companies should conduct sanctions-related due diligence. After all, sanctions can only be used as a tool for foreign policy if they are complied with.
With more rather than fewer sanctions forecast for 2019, and ongoing global economic and political instability, continuous evaluation and improvement of sanction compliance programmes is essential for avoiding potentially serious sanction violation penalties, as well as major departmental operating costs.
Do these issues sound familiar?
If you’re using legacy sanction screening technology, you’re probably working with a system which is slow to run, demands high levels of manual intervention and is unable to keep up with the performance and scalability requirements of today’s screening needs.
More worryingly, in a global banking marketplace where 1.2 billion transactions take place every day, you’re probably contending with high levels of false positives and false negatives. Both are extremely problematic in their own right. False positives drain resources, time and money. False negatives can ultimately lead to sanction violation.
Draining time, resources and money with high levels of false positives in sanction screening
As you know, false positives are alerts raised by the screening system that prove to be innocent – but only after a significant amount of time and money is spent investigating them. These alerts could be for customers, suppliers, employees or transactions.
As well as being costly to process, false positives reduce the overall effectiveness of a compliance programme by diverting analysts’ focus and time away from investigating higher risk cases.
FACT: In legacy systems the average false positives rate can reach up to 5-8%
If your legacy sanction screening system falls into the normal category, for every million screened entities it’s likely 50,000 to 80,000 will be waiting for analysts to review. What’s more, with an average number of five to eights hits per entity, for every million entities there can be up to 400,000 hits to manually review.
When you consider that each false positive has to be documented in terms of an explanation as to why it is a false positive, and that it takes a minimum of 30 seconds toand one minute to review a false positive, the cost of false positives per million customers or transactions screened could exceed a hefty £200,000.
Running the risk of sanction violation with false negatives
The opposite to false positives, false negatives are customers, suppliers, employees and transactions that should be flagged as alerts but remain undetected. The reason for this can usually be blamed on both inadequate screening systems and also the sophisticated methods criminals use to bypass screening.
FACT: False negatives create the very real risk of unknowingly doing business with sanctioned parties.
If found to be in violation of sanctions, you will almost certainly incur a fine designed to dent the healthiest of bottom lines. In the US, for example, the average sanction breach fine in 2018 was $10.2 million.
The second largest penalty imposed on a financial institution for violation of US sanctions also look place in 2018. French bank Société Générale SA agreed to pay $1.34 billion in penalties to settle allegations by US and New York state authorities that the bank had processed and concealed billions of dollars in transactions related to countries under sanctions.
Another case from 2018 saw JPMorgan Chase Bank agreeing to pay $5.3 million after its voluntary self-disclosure of what the OFAC described as “reckless disregard for its sanctions compliance obligations.” The bank failed to screen entities and missed red flags and other warning signs on several occasions.
Separately, JPMorgan Chase & Co. (JPMC) also received a Finding of Violation for violations of multiple sanction regulations. The bank had used a vendor screening system that failed to identify six customers as potential matches to the List of Specially Designated Nationals and Blocked Persons (SDN List). The system’s screening logic capabilities failed to identify customer names with hyphens, initials, or additional middle or last names as potential matches to similar or identical names on the SDN List. Despite strong similarities between the account holder’s names, addresses, and dates of birth in JPMC account documentation and on the SDN List, JPMC maintained accounts for, and/or processed transactions on behalf of, these six customers.
In the UK, breaches of financial sanctions can lead to the following penalties:
• Deferred Prosecution Agreements (DPAs)
Court-approved agreements between an organisation and a prosecutor who is considering prosecuting the organisation for an offence.
• Serious Crime Prevention Orders (SCPOs)
Imposed by a court on the civil standard of proof. Designed to prevent an individual or organisation from further engaging in serious crime.
• Custodial sentences
Offences relating to EU financial sanctions now carry a maximum of seven years’ imprisonment on indictment (applying to all of the UK) and, on summary conviction, to a maximum of six months’ imprisonment in England, Wales and Northern Ireland, and 12 months in Scotland.
• Monetary penalties
Under the powers in the Policing and Crime Act 2017, the value of a monetary penalty may range from 50% of the total breach up to £1 million – whichever is the greater value.
The fact that sanction violation fines are so substantial is extremely significant, signifying that regulators take violations very seriously. Crucially though, it’s also argued that the real cost of financial crime is damage to customer trust.
Get to grips with sanction screening
In a recent Financier Worldwide sanctions compliance and enforcement roundtable, Priya Aiyar, partner in the litigation and global trade and investment groups at Willkie Farr & Gallagher, stresses that “businesses should not be afraid to invest in a rigorous compliance programme as the potential penalties for violating sanctions far outweigh the costs of a properly functioning compliance programme.”
To mitigate risk, the adoption of screening technology which is able to cope with the vast volume of transactions and complexity of data is essential. Napier’s sanction screening system, for example, screens against sanction and PEP lists, while leveraging machine learning and advanced fuzzy matching algorithms to reduce false positives and false negatives.
Of course, there are other factors to consider to get the best results from sanction screening. Any compliance programme must be adopted from the top down with genuine senior management buy-in and adequate investment in employee training. Even the best sanction screening technology will only be as good as the policies that govern it and those who are trained to use it.
If you’re keen to learn more, our new and comprehensive 33-page Sanction Screening white paper explains in detail the causes of false positives and how you can reduce them. Or, for a quick read, check out my 6 Ways to Reduce False Positives blog.
You can also read about how we have reduced false positives for a global blue-chip company.
Perhaps not surprisingly, a longstanding and significant under investment in resourcing is one of the biggest causes on non-compliance with AML obligations.
If you’d like to speak to one of our experts about improving your sanction screening system and processes, you can call us on 020 8242 4828 or send us a message and we’ll call you back.