How the financial industry deals with the rising focus on sanctions

The UN has made an urgent appeal for food aid for starving North Koreans, despite the sanctions on the country. The Head of the UN World Food Programme has also made an appeal to put children’s lives before politics in funding food for the myriad of undernourished people in the country. At the same time, the world has witnessed major legal cases with heavy fines on financial institutions for violating sanctions. The key players in the field – the US, the UN and the UK – have added sanctions as a top priority to the financial industry’s agenda. What are the means, tools and digital efforts that will allow the financial industry to tackle this topic in an adequate way?

Where financial institutions matter

Sanctions regimes impact many international and national actors within the political, financial and industrial area as well as regular citizens. The international focus on sanctions has had a clear impact on the Swiss financial market.

When the UN passes its resolutions, these sanctions must be applied by all member states. The measures are seen as a means to prevent threats, and they safeguard the peace on an international level. In Switzerland, it is the State Secretariat for Economic Affairs (SECO) that implements sanction ordinances. Specific lists include the names of the individuals, groups and companies affected. With the Federal Act on the Implementation of International Sanctions (Embargo Act, EmbA), Switzerland implements and enforces internationally imposed sanctions, including those by the UN Security Council. Other countries put measures in place by either integrating such lists into legislation or adopting them separately. The regulation in the US is specific in that it states that any transaction denominated in USD must comply with sanctions regimes. As such, the sanction has an extraterritorial effect and shows how important it is for financial institutions to analyse the legal requirements of the country that is enforcing sanctions, in order to be able to ensure compliance with them.

Banks and financial institutions are under regulatory obligation to ensure that an appropriate control and compliance framework is in place so as to detect sanctioned parties and prevent transactions that violate sanctions. In Switzerland, any financial player conducting international business must ensure that it complies with the respective sanction obligations.

For banks and other financial institutions, the violation of sanctions can result in a hefty fine and reputational damage amongst other repercussions. Sanctions are usually regarded as a ‘financial crimes’ topic alongside anti-bribery and corruption (ABC), anti-money laundering (AML) and counter terrorist financing (CTF). Many larger banks choose to employ a specific sanction team to ensure correct controls and to analyse and implement relevant restrictions and measures.

Sanctions on the whole, however, go beyond one specific team and are a matter for the entire control framework and compliance programme of a bank. It is certainly appropriate for a bank to place the topic within its internal control system (ICS) as part of its key controls. By doing so, the area will be integrated into the overall risk management process and within the annual risk analysis, the budget and resource discussions, periodic reviews and reporting. The obligation to ensure an adequate internal control framework is stipulated in article 12 of the Swiss banking ordinance.

Many banks are assessing the options for optimising processes with technical and digital assistance. Within the global ‘PwC 2019 State of Compliance Study’ in the financial industry, we have measured how far the technology and digitalisation have advanced according to Compliance and Risk practitioners. The majority of the respondents answered that they were using digitalisation and technology in order to support legal and regulatory requirements. This is a trend that we can also witness in practice. 

Which of the following best describes your function’s use of compliance specific technology applications to support legal and regulatory requirements, monitoring and/or alert notifiacations?

Source: PwC 2019 Global Risk, Internal Audit and Compliance Survey

Digital solutions for an effective internal control system

One other difficulty for banks is their choice of a specific screening tool and the ability to match a specific clientele’s needs. Banks further question the selection of sanctions and PEP screening lists (politically exposed persons). How do banks recognise the sanction lists that are of relevance to them? Specific assessments of a bank’s clientele and a well-analysed strategy to match the behaviour of its clients can form the basis for selection of such lists. There are some lists that must be used or are best practice, such as the lists of SECO, EU, UN, UK and OFAC. The developments within the industry practice may also be followed within a regulatory radar, such as that of PwC.

Most banks are indeed expected to have an automated pre-onboarding and post-onboarding screening in place. This depends on the size of the bank and its clientele. It is in addition best practice to screen clients before the relationship is forged.

Banks have detected failures and insufficiencies in their controls and systems by means of periodic reviews and compliance testing. As the second line of defence, it is increasingly becoming industry practice to perform reviews and controls on the internal control system, so as to detect deficiencies and possible gaps and ensure the effectiveness of the control.

Today, the focus for most banks is on how they should handle the extortionate bulk of hits, and what resources they need in order to manage the volume while keeping the quality high at the same time. It has become a key concern to define the controls, processes and policies that are to be implemented so that both the first and second line of defence have sufficient tools available to ensure compliance with sanctions.

For the bulk of sanction hits on transactions – and to assess what specific sanction lists should be used – specific digital tools such as robotics can help to cluster false and true hits. These tools also provide information on transactional behaviour. The technology can equally adopt a risk-based approach in the handling of the sanction hits to create specific baskets. This way, prioritised alerts can be handled swiftly.

36% of the Swiss respondents of the ‘PwC 2019 State of Compliance Study’ stated that their function is already working on digital road maps. At the same time, another 32% are planning to do so within the coming two years. There is a clear tendency within the Compliance function to solve concerns of efficiency with digital solutions.

Is your function doing or planning to set desired outcomes for the function’s digital investments and technologies related to building & managing a digital roadmap?

Source: PwC 2019 Global Risk, Internal Audit and Compliance Survey

The trend to reduce risk appetite in the sanctions area is very obvious. The trend is evident in the number of banks that are choosing a better screening tool to automate their processes or are closing certain types of business relationships. However, risk reduction is also achieved by ensuring that banks and their employees completely understand how the sanctions will impact their business.

To succeed, employees of a bank need to have both business expertise and knowledge in the regulatory environment. They need to understand the risks of the products and services they sell and must be able to make use of the knowledge of their clients (KYC) to distinguish a false from a true hit. Generally, it can be said that if 50% or more of a company is owned by sanctioned persons or companies, that company should be considered a sanctioned party. These considerations need to be looked at case by case. In order to detect such a sanctioned party within a transaction, knowledge of the bank’s clients and the underlying beneficial ownership is vital.

Ensuring a solid and appropriate handling of sanctions, however, starts at the top. The culture and awareness of the executive management of a bank as well as its willingness to give sanctions and compliance an integral place within the company is crucial to how the bank will succeed.

FINMA is keeping a close watch on sanctions

The trend of increased risk awareness with respect to sanctions has not only reached banks and other financial players; the Swiss financial market supervisory authority FINMA has also embraced it.

Acknowledging the increase in legal and reputational risks due to international sanctions, FINMA is distinctly alert to the topic. This is making audit companies perform more in-depth controls within their audit procedures. Financial institutions must be prepared to show that they properly assess, limit and control the risks associated with sanctions.

The appropriateness of the chosen systems and its possible weaknesses will be audited by the audit companies. The efficiency of a bank’s review and approval processes, the strategic assessments of the risk of sanctions and handling of specific sanction cases, the inclusion of bank-specific products in the screening and the choice of sanction lists are just a few elements that will be monitored more closely by authorities and regulators over the coming year.