Managing sanctions risk has never been so complex.

In the span of ten days following the invasion of Ukraine in March, Russia, as widely reported, became the world’s most sanctioned country[1], subject to more than 5,000 different sanctions from a host of governments and international bodies.

This quick turn of events served as a reminder for organizations of the challenges associated with implementing a robust sanctions program in today’s fast-evolving economic and political environment. Companies failing to stay compliant with new requirements face not only the threat of significant fines, but also far-reaching reputational and operational risks.

A&M Disputes and Investigation practice leaders recently joined senior compliance, risk management and legal professionals at the C5 Group’s European Forum on Global Economic Sanctions in Berlin to debate the rapidly changing global sanctions landscape.

In the article below, they discuss the main takeaways from the conference and outline best-practice responses for companies trying to navigate sanctions compliance.

Sanctions screening challenges

According to attendees and panellists at the event, critical pain points in sanctions risk management include:

Multitude of sanctioning bodies and conflicting sanctions regimes: As the number of bodies issuing sanction lists continues to expand, companies are subject to multiple, sometimes conflicting sanctions regimes[2]. They need to exhibit additional caution in monitoring watchlists and understanding which ones to adhere to.

Rising enforcement: Whereas in the past the focus was almost exclusively on financial services firms, regulatory bodies have broadened their focus and are now targeting a wide range of industries, as well as charities and non-governmental organizations[3].

Keeping up with lists: One of the common challenges regarding the sanctions lists is to ensure these are constantly up to date when used for screening. This is particularly true given that sanctions lists evolve constantly, with new entities being added to and removed from the lists continuously, in turn meaning companies need to check new lists against their internal customer database on a regular basis.  

The nature of sanctions is becoming more complex: In recent years, narrative and sectoral sanctions have been introduced. Because these rules target specific sectors and prohibit certain activities instead of focusing on specific named entities, they are more open to interpretation.

Complex ownership and control structures: Unwrapping ownership and control structures to identify Ultimate Beneficial Owners (UBOs) has become critical as targeted firms may deliberately restructure their subsidiaries or use shell companies to evade sanctions.

Avoiding business disruption: Companies need to find the right balance between implementing an efficient sanction screening program and running the business, ensuring that protocols do not disrupt the customer journey and hurt operations. 

Optimizing screening processes is a critical first step 

To ensure sanctions screening processes remain effective and compliant in this fluid environment, companies should focus on the key measures below:

Having adequate controls in place – Enforcement authorities can levy fines not just for sanctions violations, but also for the organization’s failure to have adequate controls in place to account for and mitigate the potential risks posed by its clients and customers, products, services, supply chain, intermediaries, counter-parties, transactions, and geographic locations[4].

Improving data governance – Firms must evaluate the overall quality of source data and derive a comprehensive method of gauging data completeness. Close collaboration with data owners is also required to ensure a streamline processing of the data, including extraction, formatting and data templates. In addition, companies should determine the level of parsing, data cleansing and enrichment performed for effective screening as well as periodically validate related processes to ensure they are operating as intended.

Recalibrate matching engine models – Solutions such as optical character recognition (OCR), native language processing (NPC), robotic process automation (RPC) and AI are some of the technologies helping companies speed up data processing and optimize the matching engine underpinning their sanctions screening process. Machine learning models, for example, can be used to automate the routine elimination of false positives or to detect changes in customer behaviour in the investigation stage.

However, the complexity and sophistication of these tools require careful implementation. Companies should be able to explain machine learning and other AI-enabled models, as well as demonstrate their advantages over traditional rules-based/stochastic systems. While regulators are starting to warm to innovative approaches, firms need to prove that they understand and can validate their models in line with regulatory guidance.

Finally, there is no “one-size-fits-all” approach: understanding what solution and automation opportunities are the most suitable for your needs and vetting technology vendors are a key part of the process.

Support remediation teams – The remediation of sanction matches is often a nuanced decision which tends to rely more on humans than on technology. Organizations must maintain dedicated departments to ensure ownership of the sanction compliance process but also work hard to ensure collaboration with data owners and other departments across the firm.

For more information relating to any of the topics discussed, please contact Kallia Gavela at kgavela@alvarezandmarsal.com and Raphael Kiess at rkiess@alvarezandmarsal.com.

A&M. Action. Leadership. Results.

A&M’s privacy and data compliance practice focuses on supporting clients to navigate the evolving and complex data protection regulatory landscape to develop and implement solutions to address these challenges. The A&M team is also highly experienced to conduct forensic investigations into alleged data privacy violations.

The practice brings specialist advisory and consulting services on international and cross-border privacy, data protection, secrecy and related laws and sectoral rules. Professionals within the practice include former consultants, regulators, data protection officers and certified information privacy professionals who are skilled at aligning and implementing complex regulatory requirements within operational processes and settings.

Senior Directors Kallia Gavela and Peter Kwan were recently featured in WorldECR were they set out how advanced analytics and artificial intelligence are disrupting the sanctions-screening space. 

Subscribe to read the full article here: WorldECR | The Journal of Export Controls and Sanctions #113

Gavela, K and Kwan, P. 2022, The journal of export controls and sanctions, WorldECR, November 10, p.g. 28