Organisations are having to scramble to comply with the largest package of sanctions ever imposed against a G20 nation. Read on to find out the what, the why and the how.
In the wake of Russia’s invasion of Ukraine on the 24th of February 2022, the EU, UK and the US, among other governments, quickly executed the largest package of sanctions ever imposed against a G20 nation against Russia.
Organisations are now having to make sure that they are complying with the fast-changing sanctions landscape. Failure to comply with the host of new international sanctions regimes will mean severe legal and financial penalties for organisations. In the UK, it can also lead to imprisonment for up to 10 years.
The risk is not just legal and financial penalties, but that compliance holds up the normal course of business, preventing organisations from serving and onboarding the right clients. Read on to learn what exactly sanctions are, penalties for breaches, the complexities of compliance, and the solutions.
What are sanctions?
Sanctions can be:
The primary form of sanctions being levied against Russia are economic ones:
“Penalties levied against a country, its officials or private citizens, either as punishment or in an effort to provide disincentives for policies or actions.”
In the UK, those who are sanctioned have their assets in the UK frozen and no UK citizen or company can do business with them.
This includes UK nationals outside of the UK and organisations incorporated or constituted under the law of the UK.
These sanctions also apply in British Overseas Territories such as the British Virgin Islands.
EU sanctions apply to any legal person, entity or body inside or outside the territory of the EU which is incorporated or constituted under the law of an EU Member State. EU sanctions also apply to trade between Northern Ireland and Russia.
The primary EU sanctions being issued against Russia are asset freezes against individuals and organisations and sectoral trade/investment sanctions. For example, new investment in the Russian energy sector is now prohibited.
After leaving the EU, the UK is no longer under the scope of EU sanctions. Generally, however, banking and insurance agreements require compliance with UK, EU, US and other sanction regimes.
Economic sanctions administrated by the US Department of Treasury’s Office of Foreign Asset Control (OFAC) generally prohibit transactions by persons and organisations inside the US, and US citizens outside of the country.
They also extend to parties subject to US jurisdiction wherever located.
This includes foreign companies that (1) have a branch in the United States; (2) have a subsidiary in the United States; or (3) do business in the United States.
Unlike UK and EU sanctions, these sanctions have extraterritorial reach, and could reach parties not located in the US — such as foreign organisations processing payments in US dollars through US banks.
OFAC sanctions typically include asset freezes and trade restrictions.
Asset freezes mean that it is prohibited to deal with the funds or economic resources belonging to or controlled by a designated person, or to engage in actions that ‘directly or indirectly circumvent the financial sanctions.’
The possibility of ‘indirectly’ breaching the sanctions highlights that organisations are under the risk of unknowingly failing to comply with sanction rules.
Checking names on a list of sanctioned entities enables you to see directly sanctioned individuals and entities. But the risk of indirect breaches mean it is important also to detect and map out any potential association with sanction-related entities.
This means more thorough due diligence on partners, supply chains and clients that goes beyond watchlist screening.
Adverse media checks and screening has become vital to ensure complete protection. This can be time-consuming, complex work that requires painstaking attention to detail. But if done right, it enables organisations to stay on top of those who may be sanctioned in future.
None of the recent sanctions were a surprise. There was already plenty of information available about individuals’ connections to Russia and the Kremlin – for those who knew where to look.
To further complicate matters, there are implicitly related sanctioned entities, as well as explicitly listed ones. In the US, OFAC’s 50% rule states that an entity is implicitly sanctioned if one or more sanctioned individuals own 50% or more of that entity. The EU has a similar rule.
Where there are significant ownership stakes under 50% by a sanctioned individual, OFAC ‘urges caution’. It remains unclear exactly what this ‘caution’ entails. This lack of clarity from regulators poses another challenge to organisations that may have some distant affiliation to a sanctioned entity.
Failure to comply with sanctions rules can lead to severe penalties, typically heavy fines but in some cases even imprisonment.
In 2020, UK regulators issued a record £20.47mn fine to Standard Chartered for breaching EU sanctions, after it lent money to the Turkish bank Denizbank, which was majority-owned by Russia’s Sberbank.
Increasingly the individual decision-makers are personally held accountable. In the UK for example, the Senior Managers Regulation, was put in place following the 2008 financial crisis which increases the focus on individual responsibility among senior managers in the financial services industry. An individual can therefore be held personally accountable through financial penalties for breaching sanctions regulations.
As well as financial penalties, the reputational risk that come from association with sanctioned individuals or organisations is severe. It can also be a significant deterrent to future clients and partners. Anyone seen to be associated with illicit or sanctioned money could be subject to negative press with long-lasting adverse reputational and financial impact.
Identifying sanctioned entities
Different countries are under the jurisdiction of different sanction lists. This makes the task of identifying the ones which your organisation must comply with hugely challenging. Most businesses with global supply chains, even aside from large multinational corporations, have to deal internationally on some level. Regulations in another jurisdiction may well affect your course of business. A globalised world means globalised risks.
In addition, sanction lists are updated constantly, and tools that provide database searches don’t always update them in real-time.
Many of these tools also have a huge issue with false positives. These stem from limitations in translingual name matching, fuzzy name matching and entity resolution technology.
False positives and the costs entailed with having to sift through them and detect which ones are your subject can be a significant pain point for organisations. Companies have to balance being compliant with the need to keep costs under control. The time wasted going through false positives delays client onboarding which risks alienating a valuable client base. In a competitive, global world a delay in the onboarding process can mean that banks and other organisations lose valuable clients to competitors.
Complex, rapidly evolving regulation
As can be seen from the penalties associated with direct and indirect breaches, in the UK and EU, checking lists and databases, though necessary, is not sufficient. The burden is on institutions to map out networks and associations of sanctioned entities in order to prevent association with any implicitly related entities.
This is also necessary to cut through strategies used to hide ultimate beneficiaries and sources of funds. This network mapping requires going beyond sanctions lists, using open-source data and media articles.
Step 1: It is necessary to make sure that the tools you are using for your PEPs and Sanctions checks are updated in real-time. ComplyAdvantage, for example, is an automated PEPs and Sanctions provider that can update its databases more quickly than one powered by manual researchers.
Step 2: It is then essential to go through and apply an analyst’s mind to screen out false positives, by applying other contextual information known about your subject. This costs time and money, but it is work that can’t be rushed as the stakes are high if an analyst makes a mistake.
AI-powered intelligent choice
An automated solution streamlines this process as it can perform these two steps simultaneously, with a speed and efficiency that a human analyst could not manage.
Xapien’s AI-powered system can run searches on PEPs and Sanctions databases whilst cross-referencing that data against news and media articles, corporate records and wider internet data from sites such as LinkedIn, Wikileaks, offshore leaks, and more. This enables Xapien not only to gather far more valuable data but to:
- Extract knowledge and insight from that data can be used to signpost potential future enforcement actions and previously unknown red flags.
- Use that data to conduct deeper and broader onward research.
Verify and disambiguate results to ensure that analysts can focus only on genuinely risky entities and individuals, and businesses can better serve valued customers.
Our Natural Language Processing functions also goes beyond keyword searching for explicit sanctions, to highlight business associates and locations. Xapien draws out affiliations, assets, family members and other crucial insights about a subject so that you can detect potential areas of risk or any risk of ‘implicit sanction’ associations.
For example, someone might not be directly sanctioned but could be mentioned in media articles as a ‘close friend’ of a sanctioned figure. Traditional Sanctions checks would not flag these risks, but Xapien’s NLP identifies key networks and affiliations. It enables organisations to stay ahead, and detect who is likely to be added to the sanctions lists in advance of it happening.
Xapien’s greater accuracy and the detail of its report enables you to proceed quickly with the right clients whilst also being certain that you are able to detect any unsuitable clients. By reducing false positives and giving you the full contextual information, you don’t have to waste hours on manual due diligence for clients who are legitimate. Xapien gives you the clarity upfront, in just a few minutes.
AI insights, straight to your inbox
Search engines are great but they are only the starting point. Finding, reading and condensing the full picture is slow, hard, and painstaking work. Xapien can help.