The convergence of sanctions programs with AML & KYC programs is critical for effectiveness

By Elizabeth Callan

Does your institution’s sanctions compliance program rely solely on customer screening and transaction filtering? If so, based on guidance from the U.S. Office of Foreign Assets Control (OFAC), your program may be vulnerable to breaches. The convergence of sanctions compliance, AML investigations, and customer due diligence can minimize those risks, however.

OFAC has stated that financial institutions should perform due diligence to understand potential exposure to sanctions programs. U.S. Treasury Assistant Secretary for Terrorist Financing and Financial Crimes Elizabeth Rosenberg recently said, “Two areas of highest priority…sanctions…and the strengthening of the US’s own AML/CFT regime are deeply linked.”

But that type of exposure isn’t always straightforward or easy to detect with solely automated screening.

Justine Walker, former specialist with HM Treasury and the U.K. Financial Conduct Authority, said identifying circumvention of trade sanctions poses a novel challenge for most banks because they tend to screen payments for direct links to blacklisted parties rather than for signs of evasion, like attempts to conceal the ultimate destinations and users of prohibited goods.

The KYC program’s risk-rating function is fundamental to effectiveness

OFAC, in both its 2019 Framework for OFAC Compliance Commitments and, more recently, its Introduction to OFAC web series, emphasizes that proper and complete customer due diligence is a fundamental component of an effective sanctions compliance program and that financial institutions cannot rely solely on screening against OFAC lists to prevent violations. In fact, OFAC specifies that improper or incomplete customer due diligence has been one of the root causes of deficiencies in sanctions compliance programs in its prior administrative actions.

A risk assessment, along with management commitment, internal controls, testing and auditing, and training, is one of five essential components of a risk-based, effective sanctions compliance program. OFAC guidance indicates it is critical for institutions to risk assess customers, supply chains, intermediaries, and counterparties to identify potential areas in which it may, directly or indirectly, engage with OFAC-prohibited persons, parties, countries, or regions.

A robust customer risk profile and assessment enables the essential component proper internal controls and facilitates the more challenging function of determining exposure to sanctions evasion and sectoral sanctions programs.

Red flags of evasion suggest AML and sanctions efforts must converge

Speaking at ACAMS’ The Assembly in October, Rosenberg stated that, “the continued siloing of AML/CFT and sanctions departments at some financial institutions can lead to financial institutions unwittingly, or inadvertently, processing payments for controlled goods and involving designated entities.”

Many red flags of sanctions evasion techniques listed in FinCEN’s Alerts look similar to longstanding AML-related red flags. This similarity demonstrates that AML-like investigations are invaluable to detecting sanctions evasion and assets and transactions of sanctioned entities and individuals.

For example, according to a FinCEN and the U.S. Commerce Department’s Bureau of Industry and Security’s (BIS) report from May, illicit actors are using third-party intermediaries and transshipment points to evade Russia-related sanctions and export controls. These evasion schemes often involve the use of shell and front companies to obfuscate the involvement of specially designated nationals or parties on the BIS Entity List in transactions, making it easier for illicit actors to avoid detection simply through customer and transaction screening.

Sophisticated technology solutions are key

Sophisticated, nimble screening solutions remain the backbone of effective sanctions compliance programs. They must be calibrated continuously, furthermore, based on the risk profile of the financial institution (FI), routinely tested, and recalibrated as sanctions programs and requirements change. But it doesn’t end there.

As discussed above, FIs should consider their compliance efforts holistically across sanctions screening, the risk inherent in customers and other relevant parties, and ensuring interconnectivity with AML efforts and the valuable investigations that can illuminate sanctions evasion schemes. Likewise, the right mix of solutions is necessary to support those efforts and drive efficiency and effectiveness. Sanctions and AML analysts should be cross-trained, as well.

A robust entity risk rating solution coupled with a case management platform that can break down silos is a must. AI embedded in these solutions adds sophistication and can transform how two critical efforts in compliance – sanctions and AML – leverage data, intelligence, and processes to produce mutually useful outcomes for risk mitigation.

Exposure to sanctions, particularly sanctions evasion, is top-of-mind for most compliance departments today. Breaking the silos across compliance functions, along with the right mix of technology solutions, will mean the difference between fines or no fines.

Elizabeth Callan is the AML and Financial Crime Risk and Compliance Subject Matter Expert at SymphonyAI Sensa-NetReveal.