Sanctions

Beyond the mere language of the statutes and regulations. A set of services that will allow your organization to restructure your Regulatory policy and comply with the regulators requirements.

Sanctions & EmbargoesFinancial Crime AML/KYC/PEP

Professionally structured services aiming to provide a flexible range of tools specific to your Sanctions & Embargoes operations.

A comprehensive approach of the Financial Crime operations comprised by individual modules for the Regulatory professionals. 

Governance (Common)

Framework governance with clear accountabilities (including KYC, AML, Sanctions, PEP risk assessment), risk appetite and policy, management information and risk reporting, independent testing of the framework and program oversight.

This service aims to help you define and document your organization’s commitment, a crucial factor for the success of the Compliance program as this is required by regulators. Starting with a Regulatory Risk Assessment (clients and customers, products, services, supply chain, intermediaries, counter-parties, transactions, and geographic locations, depending on the nature of the organization) and KRIs definition on any Compliance activity: KYC, AML, Sanctions, PEP where the regulatory risk and controls are clearly defined. 

Identification

Activities and products exposed to sanctions. Processes to identify new regimes and maintain the sanctions framework to reflect new requirements (for example: Secondary Sanctions, Russia Sanctions, SSI). Identification of suspicious transactions and review of screening tools configuration. Identification of digital indices and links to sanctions.

Identification of the risk remains the first step of the Compliance process, matching the Sanctions framework to the business operation. The definition of all those trigger conditions that will isolate suspicious behavior, requires the review and evaluation of the screening tools, IT systems configuration, procedures and risk rating. The service report will assess your organization’s capacity to identify the regulatory risk, evaluate the Compliance integration with all your IT tools, propose system updates for eventual failures and alignment to the organization’s sanctions risk policy

Sanctions Risk Assessment

Comprehensive sanctions assessment of customers and entities, products, services, and geographic locations compliant with jurisdiction guidance (OFAC & Local Regulators). The purpose of a risk assessment is to identify inherent risks in order to inform risk-based decisions and controls. Analysis of the information identified to better assess the risk categories.

The service aims to help organizations elaborate a Sanctions Risk Assessment following strictly the OFAC recommendations for both US and non-US organizations. The service will consist of a holistic top-to-bottom review of the organization’s touch-points to the outside world: description of the potential threats and vulnerabilities related to sanctions for both local and OFAC regulators, potential areas where the organization may directly or indirectly engage with prohibited persons, parties, activities, countries or regions including customers, supply chain, intermediaries, counter-parties, products, services, networks, systems and geographical locations and due diligence standards during mergers and acquisitions with other companies and corporations. The purpose of the Sanctions Risk Assessment will be to identify inherent risks in order to inform risk-based decisions and controls. with a special attention to the methodology used to identify, analyze, and address the identified risks.

Client On Boarding

Client on-boarding procedures including client identification, sanctions specific due diligence for particular activities (traders), indirect sanctions screening, risk classification process. Determine ultimate beneficial ownership, activity, transactions, source and destination of funds. On boarding of digital customers including: imaging, biometrics, automatic validations, optical recognition. Documentation and periodical reviews.

Customer or Name screening is designed to identify targeted individuals or entities during on-boarding or the life cycle of the customer relationship with the Financial Institution. As with the management of all regulatory risks, and FI should assess and identify the sanctions risk during the on boarding process. Our service will help FIs establish the methodology and the appropriate tools for an effective on boarding process. The sanctions specific due diligence is at the center of the service, providing a professional expertise on multiple, conflicting and U.S. secondary sanctions to non-US financial institutions.

Digital Currencies & Transactions

Review of all products, processes and procedures concerning digital assets and transactions. Compliance procedures for customers accessing services from sanctioned areas. Control tools: IP address blocking, as well as email-related restrictions, for sanctioned jurisdictions. Review of screening configurations on ‘hot wallet’ accounts.

In the era of digital currencies, away from any regulatory authority, potential sanctions threats may come from everywhere. New customers may want to deposit funds in crypto-currencies that may be impossible to trace with usual investigation tools and methods or process new transactions and/or investments in such non-regulated instruments. In addition, the use of internet, e-banking and e-commerce, extends the need of sanctions compliance to the organization’s IT, like never before.

Sanctions Message Screening

Inter-banking message screening including appropriate message fields, message counter parties, fuzzy matching on key fields, correct rationale and documentation, phonetic matching techniques, ‘hit’ escalation, investigation procedures, decision rating and false positives elimination.

Inter-banking message screening involves an important organization at all levels. Starting from the sanctions list management and other internal lists like: Black, White lists or Exceptions and Exclusions lists require a strict process and daily follow-up. Sanctions hits need to be intercepted before they get into the core-banking system and eventually become transactions or before they are sent outside the bank and intercepted by another financial institution. From software algorithms to phonetic matching techniques and elimination of  false positive hits that may overwhelm the investigation’s desk, the sanctions message screening is a complex environment requiring proven methodology and experience. 

Sanctions Investigation Methodology

Risk based investigation methodology. Understand the customer, the activity, the product, the transaction and the geographical risk. Investigation process and documentation. Rate indicators based on risk. Thinking map. Decision rating based on case severity. Use of AI in investigation process.

 Sanctions hits arriving to the investigator’s desk should be processed following a predefined risk based approach as it is required by regulators. This crucial phase, where the human decision prevails, the methodology plays a foundation role. Usual ‘guts’ decisions may jeopardize the bank and breach the sanctions risk management with unpredictable consequences for the organization.

False Positives/Negatives

Review of the sanctions screening tool efficiency. Reduce false positive hits (that should not have been triggered) based on risk and AI methodology. Review of screening configuration for reducing the false positive hits (that should have been triggered and they have not).

The False Positives or ‘irrelevant hits’ may cost millions per month in working hours to financial institutions with the problem being even more profound with ‘relevant hits’ that have not been detected and passed under the Sanctions Screening radar. These two major issues: False Positives and False Negatives require both a deep technical IT experience and a full understanding of the matching techniques. Return On Investment studies have proven that proper optimization of the matching techniques will save a precious amount of money to the bank or even the worse regulatory nightmares.

Client Monitoring

Ongoing client monitoring, specific to sanctions and embargoes monitoring (including DP/SDN), 50% rule, investigation, analysis and analytics. Periodic review and, where appropriate, update of end-user agreements to ensure that customers are aware of, and comply with, U.S. and local regulators’ sanctions requirements

The sanctions client monitoring is defined as an internal control of an effective Sanctions Compliance Program involving internal policies and procedures. This periodical screening process is related to the customer risk rating, the core banking system, the sanctions lists, name matching algorithms and an investigation methodology that will finally decide on suspicious hits. The service aims to help organizations assess the client monitoring process, review individually all aspects of the client monitoring process, identify gaps and check that the purpose of the screening meets expectations and minimizes the risks identified by the organization’s risk assessment and propose tangible and measurable improvements, focusing on regulators’ requirements and industry best practices. Finally, the investigation process and the final decision methodology will be greatly improved and allow a qualitative report.

Sanctions Training & Awareness

Training and awareness for all employees. Awareness of key risks, the board level expectation for employees to adhere to policy. Periodic and event triggered (role change, risk profile change, new sanctions regime, etc.) training relevant to individual roles with evidence of attendance and attainment being retained.

The sanctions training often underestimated, should be integral part of the Sanctions Compliance Program but not generic as provided usually but customized to the organization’s specifics and provide job-specific knowledge, communicate sanctions responsibilities for each employee role, accountability and training through assessment as required by regulators. Discover our Self-Certification courses taking advantage of the latest learning tools, allowing the users to adapt the courses to their pace without compromising on quality. The courses drop users into immersive scenarios and practical cases to test their knowledge, understanding and ability to comply with sanctions laws and interactive quizzes to certify knowledge.

Sanctions List Management

List management procedures that ensure lists are consistent with policy, correctly updated (segregation), distributed enterprise-wide, implemented and tested. Periodic testing of screening tool configuration criteria and efficiency.

Sanctions list management, if not outsourced, can present a challenge. Starting with the choice of the adequate sanctions lists, maintenance and integration with internal systems, requires a wide knowledge of regulators’ requirements, change management, IT configuration knowledge and strict process alignment to internal processes and procedures. OFAC has demonstrated in multiple occasions that breaches in sanctions list management and absolute trust to external list management and ‘black box’ approach, may cost millions. Regulators require that you have an absolute knowledge of every single part of the management of your sanctions lists and prove that they are properly  implemented, configured and updated. 

Sanctions License Administration

Licence administration processes to verify the terms and conditions of licensed activity, maintaining evidence of adherence to licence considerations.

 

Advisory Whistle-blowing

Transaction advisory services that include employee guidance, recusal policy and ethical wall arrangements for potentially conflicted nationals. Mechanism for employees and others to raise concerns in respect of the sanctions risk and controls.

 

Record Keeping

Record keeping procedures for all financial records and documentation related to sanctions compliance efforts and alignment to regulators’ recommendations. Case management and timeline tools and archiving of proofing evidences.

 
.