Readers will not need reminding that the obligation of firms to conduct effective due diligence is one that is constantly evolving, not to mention growing. Recent events have also demonstrated that despite the ever-increasing regulatory environment, there has been little in the way of reduction in efforts to circumnavigate those regulations. There will be much commentary on the Panama Papers elsewhere, but the revelations contained therein only serve to illustrate that the greater the efforts are to curb financial crime, the greater bad guys’ efforts will be to find ways around them. This is not a reason to stop, but a reason to remain vigilant and diligent.
The violation of sanctions in the jurisdictions to which they apply is, or should be, a criminal offense. Increasingly, states are acknowledging this fact by augmenting their law enforcement agencies with the expertise and knowledge to identify such violations, with a view to prosecuting violators. The Office of Foreign Assets Control (OFAC) in the U.S. has been vigilant in this area, and others are increasing their capacity. The U.K. has recently created the Office of Financial Sanctions Implementation (OFSI),1 which will focus attention on advising the regulated sector on how to implement the various sanctions regime measures, and will also be instrumental in providing evidence of violations to law enforcement for the purposes of prosecution.
Big, well-resourced firms in the regulated sector and beyond have the luxury of being able to maintain large compliance departments, focusing on the different obligations and threats posed by both financial crime and the regulations. They will have a compliance department containing sections responsible for internal audit, anti-fraud, anti-money laundering/counter-terrorist financing and sanctions compliance—each of which pose different challenges and require different expertise. As we have seen, even with these resources, some firms often get it wrong.
The issue of sanctions is a case in point and one that needs constant attention
This only serves to highlight the challenges faced by small- and medium-sized enterprises, for whom compliance can place a disproportionate, though essential, strain on their budget. For these firms, there is no luxury of separate departments and an often very small compliance office needs to be omnicompetent and ready for anything. The issue of sanctions is a case in point and one that needs constant attention.
The Challenge
The initial challenge is at the customer onboarding stage. It is imperative that a tight distinction is drawn between sanctioned individuals/entities and politically exposed persons (PEPs). As we know, identification of a potential customer as a PEP creates the need for enhanced due diligence, both at account opening and during the life of the business relationship—this does not of itself mean a bar to that relationship. With an honest PEP and a sound risk assessment, the business can happily be undertaken, albeit with constant monitoring.
However, if a customer is identified as being designated under a sanctions regime, it is a very different matter. A lot will depend on the regime under which the customer is designated, but if it is one that covers the jurisdiction in which you operate then you cannot do business with them. Any identification of designation will be a major red flag whether or not it covers your operation, since reputational risk may well be present even if legal risk is absent.
Types of Sanctions
To clarify the different types of sanctions out there, let us look at some of them. The most well-known sanctions, and those that have universal application, are those imposed by the United Nations Security Council. All countries in the world, save Kosovo, Taiwan and the Vatican City, are member states of the U.N., and are bound by their membership to uphold its resolutions, particularly those adopted by the Security Council under Chapter VII of the U.N. Charter. Therefore, it should be the case that violation of such sanctions, whether by those designated or by those acting on their behalf, are criminal offenses in each member state. Some member states have difficulty achieving this, as their domestic legislation does not include the necessary provisions, for example, to freeze assets pursuant to U.N. sanctions where no actual crime has been committed, but the obligation remains.
In many jurisdictions, asset freezing is dependent on the assets’ involvement in terrorism or if they were the proceeds of crime (drug trafficking, theft, etc.). An asset freeze measure is not concerned with the origin of the assets, only with the fact that they are owned or controlled by a designated individual or entity.
Then we have sanctions imposed by the EU and other international organizations, whose reach extends to their member countries. Finally, unilateral sanctions imposed by individual countries, such as the U.S. (under OFAC), and the U.K. (under HM Treasury). Most other developed countries have similar regimes. These latter sanctions generally apply to business conducted with designees within the states’ jurisdiction and sometimes to nationals of those states wherever they are located.
This leads to instances where an individual may be identified as being designated under a particular country regime, to which your firm may have no exposure. In such cases, it makes sense to fully investigate the nature of the sanctions regime in question and why the individual concerned is designated thereby. In most cases, a strong reputational risk is attached—depending on the reason for designation—and it is likely that the individual is a PEP as well, since many designees are members of governments. In either case, escalation to senior management for a decision is essential. However, where the sanctions regime covers your operation, there is no doubt that you should submit a suspicious activity report and refuse to do business with them.
If you have exposure to sanctioned countries or sectors of industry, a thorough knowledge of the details is absolutely essential
The last type of sanctions regime covers whole countries and/or particular sectors, such as those imposed on Iran and Russia. If you have exposure to sanctioned countries or sectors of industry, a thorough knowledge of the details is absolutely essential.
Beneficial Ownership
The experiences of dealing with the asset freeze regime imposed on Libya since 2011 has identified a very difficult issue faced by all those investigating violations—not least compliance departments, that is, identifying the ultimate beneficial owner (UBO) of assets or companies wishing to use your facilities. If a designee has a controlling interest in such assets, this is a bar to doing business. In the U.S., 50 percent ownership by designee(s) is the limit and in the EU it is 25 percent. The difficulty is that many of those subject to sanctions have developed sophisticated means of hiding their interest in assets that should, for example, be frozen. This follows the layering process used in money laundering, utilizing front companies, proxy accountholders and placement of the assets in jurisdictions with less than perfect controls, especially offshore. A quick look at some of those mentioned in the Panama Papers will confirm this.
The fact that they are hiding the ownership of the assets to prevent freezing also means that it is very difficult to establish the involvement of a sanctioned individual or company in any business relationship that is proposed or ongoing. Therefore, it is imperative that the know your customer/know your business process demonstrates and records scrupulous identification of beneficial owners, and effective screening of the names once identified. Never rely on third parties’ assurances that they have done the necessary inquiries. Imagine the reputational consequences of having done business with sanctioned terrorists, not to mention the potential criminal penalties.
The point of all of this is to emphasize that it is essential to have a firm policy on the matter of sanctions, starting with a broad risk assessment identifying potential vulnerabilities, such as target customer profiles, geographical exposure and sector exposure. What form of name screening do you use and is it fit for purpose? Do you have ongoing screening of your client base (a client could be put on a list tomorrow) and if so, how frequently is it done? You do not want to discover that you have been doing business with an individual who was sanctioned the day after your last check a month ago.
Such an in-depth risk assessment, combined with diligent UBO identification and regular client screening with a good quality name checking solution will go a long way toward minimizing the chances of doing business with sanctioned customers with all of the potential consequences this entails. These consequences involve the very real possibility of prosecution, and at least regulatory action, with the concomitant financial and reputational risks, not to mention imprisonment.