UK authorities have reminded financial institutions about the rules regarding sanctions. Deya Innab, Deputy CEO at Eastnets, says that if CEOs, compliance, and financial crime risk management leaders in these institutions don’t provide the necessary resources, processes, and technology for compliance, they will be held responsible.
Earlier this year, the UK Office of Financial Sanctions Implementation (OFSI) restated its guidance on enforcing penalties for processing payments to sanctioned individuals, entities, and bodies[i]. This move is a warning to financial institutions (FIs) and other businesses to ensure they stay compliant with the regulations.
The new guidance contains a stark warning about the risk of breaking the rules, intentionally or otherwise. If required, OFSI could impose the statutory maximum, either £1 million or 50 per cent of the value of the breach, whichever is greater.
Since its inception in 2016, OFSI has issued just eight fines to the value of about £21 million[ii], so compliance leaders might be forgiven for thinking that it doesn’t enforce many penalties. In stark contrast, the US Office of Foreign Assets Control (OFAC) has issued 92 fines since January 2017, adding up to £1.5 billion[iii].
But OFSI has now doubled the number of permanent staff available to work on policing the rules[iv]. It’s clear that this increase and its restating of the rules is a sign of the stakes rising. The UK sanctions regime has shown it means to move quickly and decisively when rules are broken. Financial institutions must take note and reassess their compliance plans.
The solution is a two piece puzzle
One of the largest elements of any compliance strategy is technology. In this instance, there are two key parts required. Firstly, a screening solution that can stop sanction-breaking transactions as they happen. This needs the power to sufficiently monitor and analyse transactions data in real-time to ensure no illicit funds are authorised. At the same time, it needs to be efficient enough to meet the transactions service level agreements without increasing the cost of compliance.
This in itself is a huge challenge and requires a very delicate balance that FIs needs to find. But a solution like this is only half of the puzzle. The second part of the puzzle is an up-to-date sanctions list, combining the latest data from all global authorities.
Feeding accurate and timely information to screening engines is critical, as delays can expose institutions to operational, reputational, financial, and political risks. And keeping up with the ever-changing regulations makes managing sanctions risk more difficult.
The conventional ways of updating the watchlists do not ensure the authenticity of the used data due to human intervention, unreliable and untraceable manual processes, and inefficient technologies.
Today’s fast-moving world pushes FIs to stop updating sanctions lists manually. And CEOs, compliance officers and senior managers need to take immediate action to mitigate the risks of manual intervention. They are all accountable.
The potential of distributed ledger technology
FIs must automate sanctions list updates as these lists grow in volume constantly and continuously. This is where real-time automated watchlist updates using distributed ledger technology (DLT) come in.
By using DLT as a backbone for their sanctions list update tool, FIs can enhance both the efficiency and security of the process. A DLT-enabled tool can be a trusted, reliable and efficient courier. It takes updates from the lists provider and injects them directly to the screening engine in real-time, with no human intervention or downtime.
The immutability of the ledger guarantees the authenticity of the data. Furthermore, all updates on the chain are traceable and time-stamped. This allows compliance teams to easily carry out historical reviews and audits (lookbacks).
Updating sanction lists at any time of the day with full confidence of complete information will ensure that all entities connected to the ledger are synchronised, resulting in harmonious and conflict-free decisions.
Importantly, these benefits come with the added bonus of eliminating the administrative burden of manual work. With so much to contend with, compliance teams need to focus on adding value to and overseeing the necessary processes, rather than having to perform them. There will be many who can testify to the pain of having to finish an after-hours manual update.
Automating sanction list updates has never been more crucial. Following Russia’s invasion of Ukraine, sanctions are being introduced on a rolling basis in the UK. The government has stated, “Nothing is off the table”[v]. At the time of writing, 1,550 individuals and 180 entities are subject to UK sanctions under the Russian regime[vi]. Not to mention the 1,473 people and 205 entities sanctioned by the EU[vii] and more around the globe.
With continually updated lists and a regulator flexing its muscles, it is clear that now is the time to act. Financial institutions must remain alert and innovative as stakes continue to rise.