Expectations for industry to spot sanctions evasion via risk and compliance
Sanctions screening is a core part of a financial crime risk management program. In recent times, the sheer number of sanctions imposed at national levels are increasingly complex to navigate. Systems to screen names, entities, and vessels continue as the foundation of a sanctions solution – and this presents the first phase of opportunity through AI-enabled capability. Expanding regulatory expectations also emphasize other parts of an organization’s financial crime strategy that come to the forefront in managing risk of navigating sanctions frameworks – whether that be a direct breach or an indirect exposure.
What do sanctions do?
Sanctions aim to influence behavior and exert pressure in situations of international concern. This includes conflict, terrorism, human rights abuses, and proliferation of weapons of mass destruction. The United Nations Security Council and some countries impose sanctions frameworks, usually as part of a comprehensive strategy, including diplomacy, to bring about change and international security.
It’s important to note that though they are similar, achieving sanctions compliance is different to the steps taken to achieve AML compliance.
AML compliance focuses on any customer or transactions that raise suspicion, whereas sanctions compliance specifically targets designated individuals, businesses, or countries as determined by key authorities.
Which businesses must abide by sanctions?
Across all continents and most countries, businesses (not just those covered by anti-money laundering (AML) compliance regulations) have the complex task of implementing sanctions frameworks that restrict trade or commercial activities, freeze assets of designated persons, and impose travel bans on individuals. There is limited guidance for industry on how to assess sanctions risk and implement controls to adhere to the various types of sanctions measures.
To make things even more complex, just as with AML compliance, detecting sanctions evasion is also part of the regulatory expectations placed upon industry. Efforts to circumvent sanction frameworks can include hiding the involvement of sanctioned entities or individuals owning an asset, concealing the origin of funds, or masking the true destination of goods. When implementing sanctions programs, businesses also need to be aware of the use of third parties, agents, and shell companies used to move funds and the sending of funds through third countries and new account relationships.
Therefore, establishing/maintaining a risk threshold is crucial for businesses to make strategic and operational decisions – and to test their sanctions compliance. For example, do the controls to find and understand exposure to sanctions risk genuinely work to help a business identify and manage risk?
Setting an appetite for sanctions risk and compliance
In setting appetite for sanctions risk and compliance, most businesses adopt an approach to avoid breaching sanctions frameworks directly. But avoiding indirect sanctions exposure is much more challenging. For example:
- Would a government entity owning a 2% share in a sanctioned country change your procurement of a good or service that your business needs?
- What if a customer has less than 5% of its business in a country subject to a sanction framework?
When it comes to indirect risk, businesses need to decide how to operate in the space of uncertainty, considering a mix of regulatory, reputational, and political risks to their operations and how they define what sanctions compliance looks like.
How a business becomes sanctions-compliant using risk controls
To reach their definition/level of sanctions compliance, businesses need to have a set of tailored sanctions risk controls. The design of those controls should be influenced by a range of internal and external factors, including:
- Internal: the type of business, where it operates, who the clients are, and what goods or services are involved
- External: geo-political changes, ethical expectations from key stakeholders, and the potential for counter-sanctions (where countries sanctioned by the UN or other nations restrict dealings with foreign businesses).
Sanctions compliance is generally attained in three ways – and usually, a combination of these will result in a balanced and practical risk management strategy.
- Prevent or avoid financial dealings with individuals and entities linked to a country-specific sanctions framework
- Screen and detect instances where assets need to be frozen, or restrictions need to be imposed on trade or commercial activity
- React to events or sanctions issues as they arise.
To achieve a balance of the prevent, detect, and react approaches, businesses dealing in assets will deploy a system to screen the names of their clients and their owners, the parties involved in payments, and other entities linked to the movement of goods or provision of services.
How to do sanctions screening effectively
Even as a foundational capability, sanctions screening is complex. Calibrating what matches is as equally important as what is considered a no-match. Other questions include: What other data is used to increase the chance a potential match is presented for review? How long do you pause a transaction, and how do you communicate to a supplier or customer that there is a delay? When do you apply technology in the process, and when do you need a human?
This last point has become the key question in an equation of increasing alert volumes and scarce resources – and the need for those resources to conduct deeper levels of AML compliance, customer due diligence on new account relationships, transactions, and ownership structures to spot indicators of sanctions evasion.
Using AI in sanctions compliance
As a first phase of a new generation of sanctions augmentation, predictive and generative AI can now expedite the initial stages of sanctions screening and sharpen the assessment of risk. This reduces the amount of time a human is needed in this loop, allowing for more time spent on due diligence activities and critical analysis to spot attempts at sanctions evasion.
SymphonyAI is introducing SensaAI for Sanctions, an augmentation product, alongside its other financial crime prevention tools in AML compliance, CDD, KYC (Know Your Customer), and payment fraud. SensaAI for Sanctions optimizes your existing screening by using generative AI to extract relevant information from unstructured free text, enabling advanced matching algorithms to assess matches with far greater accuracy. The AI matching score generated by SensaAI for Sanctions can be used to prioritize the highest-risk alerts and deprioritize low-risk alerts at Level 1, ensuring investigators are always assessing the greatest risk first.
SensaAI for Sanctions is designed to work with any existing case management system and is pretrained and ready to deploy. Models are pre-trained on datasets encompassing more than 25 years of sanctions evasion, detection, and screening expertise, enabling rapid implementation and returns.
In short, your data might not be perfect. With SensaAI for Sanctions, it doesn’t have to be.
Learn more about SensaAI for sanctions
