The Russian invasion of Ukraine continues with no signs of a resolution, and along with the protracted conflict, the U.S. has continued to issue fresh sanctions against Russian interests. For firms and organizations, compliance could mean embracing perpetual KYC procedures, writes Fenergo’s Rory Doyle.
Since unforeseen and devastating events last February, the West has responded by waging a war of sanctions on the Russian financial system. Sanctions have been enforced against Russian oligarchs and their families, as well as Russian state-owned companies and financial institutions. The scope of these sanctions has also been levied at a previously unthinkable level — with the EU banning Russia from SWIFT, a global financial transaction processing system, and the U.S. banning Russia’s largest financial institution, Sberbank, from its own financial system.
In short, this has meant that these sanctions have also had unprecedented consequences, having far wider implications for those who not only previously worked with sanctioned individuals and companies but also those a few degrees seemingly removed. For this reason, it is paramount that financial institutions take a fresh look at their compliance processes. They must assess how effective their Know Your Customer (KYC) controls have been in flagging sanctioned activity, as well as how they can better ensure their controls will protect against potential violations in the future.
Why sanctions enforcement requires strengthening compliance controls
As the U.S. continues to impose fresh sets of sanctions on Russian industries, companies as well as individuals, the U.S. Treasury has also continued to warn of enforcement actions against those that might evade or attempt to cause a violation of the Office of Foreign Assets Control (OFAC)’s Russia sanctions. Banks have previously been fined large sums by OFAC due to the violation of sanctions, as in January 2022, for example, OFAC fined the Union de Banques Arabes et Françaises $8.6 million for violations of its Syria-related sanctions program. The scope of the Russian sanctions, however, means that there is more potential for financial institutions to act as facilitators of the evasion of sanctions, without even knowing it.
Typically, at financial institutions, enforcing sanctions has required different processes to those established for the monitoring and reporting of financial crimes. Sanctions screening has historically required compliance teams to cross-check listed individuals and companies with ongoing client activity using a filter. Teams then flag any transactions potentially involving restricted individuals, confer with the next mover in a company’s compliance decision tree about next actions and ultimately choose to block or not block the transaction.
But as the list of sanctioned Russian individuals and companies continues to evolve and grow, it is worth noting that these individuals and companies are also operating at a greater level of sophistication when conducting financial transactions and maintaining their holdings than ever before. Financial institutions are also recognizing the grave compliance challenge this poses, according to our research, more than a third of financial institutions surveyed cited the changing sanctions and regulatory environment as the biggest compliance challenge they currently face. As such, it is clear that financial institutions will need to undertake a fresh approach in conducting due diligence on their clients, if they want to avoid regulatory enforcement action.
U.S. Widens Sanctions, Targets Russian Gold Production
Russia cranked up its gold production to offset previous international sanctions; now, the U.S. and a group of international allies are cutting off that particular revenue stream in an effort to hamstring Russia’s continued invasion of Ukraine.
Read moreHow financial institutions must adjust their KYC remediation processes
Certainly, financial institutions will have existing anti-money laundering (AML) and KYC/client onboarding procedures in place to meet their standard compliance requirements. Yet many are evolving and implementing technology to achieve perpetual KYC to more efficiently monitor client profiles for risk on an ongoing basis.
The way that banks currently carry out their KYC procedures on a periodic needs-only basis is no longer sufficient to accurately assess key status changes in the future. This is because as soon as new sanctions are introduced, banks need to be able to quickly identify transactions linked to newly listed entities and block them as quickly and efficiently as possible. With that in mind, to conduct effective remediation, compliance functions will need to build automated, ongoing KYC reviews into their processes to ensure that clients have not suddenly been sanctioned or are engaging in suspicious activity. Upon reviewing each client profile, banks will then need to determine whether an additional refresh of profiles is needed and check back in with relevant clients.
There is an equally important need for financial institutions to integrate transaction monitoring into the KYC review process. Last year, Fenergo found that of the 1,000-plus financial institutions surveyed, more than 50% had not yet fully integrated KYC within their transaction monitoring systems. However, it is vital for financial institutions to begin to do so because a crucial component of successfully conducting KYC reviews is understanding transactional activity and proactively identifying and reacting to unusual patterns — monitoring risk continuously and in real-time. In turn, this will better allow financial institutions to respond to changes in sanctions measures quickly and automatically.
Herein, however, lies a primary roadblock: Many financial institutions still update and review their client profiles manually. It is incredibly difficult to monitor client behavior for risk assessment live and on a constant basis when you can only do so manually. With the rapidly evolving nature of the regulatory and sanctions landscape, financial institutions need to speed up their KYC procedures in tandem. This requires moving away from slower, more error prone manual processes and toward automating client due diligence and client behavioral analysis.
Closing the loopholes
With the war showing no signs of an immediate resolution and the U.S. Treasury continuing to issue additional sanctions, it is evident that financial institutions will need to continue to be vigilant of their operational compliance with sanctions and further strengthen controls. If they want to avoid fines and ensure sanctioned parties do not conduct transactions through the back door, financial institutions will need to update, automate and strengthen their KYC remediation processes.
Additionally, if banks all endeavor to update their systems in this same way, the industry-wide collaboration will help guarantee the protection of not only their own institutions, but also of the wider financial system. Ultimately, only with industry-wide coordination will it be possible to fully and accurately enforce sanctions, remain compliant and close the loopholes.