Fighting financial crime through sanctions screening

Compliance with national and international sanctions regime is an obligation which all persons have in order to ensure that that the measures which have been imposed by national and international bodies on individuals, companies and territories remain effective.

In order to ensure that this is the case, the National Interest (Enabling Powers) Act (“National Interest Act”) imposes an obligation on persons undertaking a ‘relevant activity’ or a ‘relevant financial business’ in terms of the Prevention of Money Laundering and Funding of Terrorism Regulations, 2018 (“PMLFTR”) to implement adequate and effective screening procedures to ensure compliance with the obligations arising from the National Interest Act and any relevant United Nations or European Union resolutions or regulations.

What is sanction screening?

Sanction screening procedures form an integral part of an anti-financial crime programme. Simply put, sanction screening is a control mechanism employed by an organisation to detect, prevent and manage sanctions risk. Undoubtedly, sanction screening forms part of the first line of defence, and is crucial in protecting an organisation from potentially engaging with sanctioned individuals/designated persons or territories.

Organisations are expected to take a proportionate response to compliance with their sanction screening obligations and must therefore assess where, when and how their business is most likely to encounter designated persons.

Sanctions

A sanction, also known as a restrictive measure, is a punitive measure imposed by a jurisdiction or a regulatory body. Generally, a sanction would be issued against an individual, an entity or even against an entire country. Sanctions may be issued for various reasons and the purpose for which these sanctions are issued may vary. Whereas some sanctions are designed to force a country, regime, organisation or individual to comply with international law, others are intended to change the behaviour of, or impede, high-risk entities.

Sanctions would typically include, inter alia, (i) restrictions on trade which may affect the purchase and supply of specified goods, products and materials (ii) restrictions on travel (iii) restrictions on the provision of financial services (iv) the requirement to freeze funds, assets and other economic resources (v) embargoes etc.

The Sanctions Monitoring Board (“SMB”)

The SMB is the national authority responsible to monitor the implementation of, and ensure compliance with, targeted financial sanctions. Under Maltese law sanctions are implemented in terms of the National Interest Act. As a matter of law, sanctions issued by the United Nations Security Council (the “UNSC”), by the European Union (the “EU”) and any other national sanction issued under the Act are directly applicable. An organisation may however resolve to abide by and carry out sanction screening against additional sanction lists; possibly to further protect their reputation in the event that one of its customers (or related entities) is subject to sanctions imposed by other regulatory bodies.

Sanctions lists

Essentially, a sanctions list is a “name and shame” database that details those individuals, groups, entities and countries against whom a sanction has been issued. Whereas, in the past, sanctions were generally levied against either states or organisations, today, sanctions are also imposed on individuals themselves.  Conceptually, this is straight-forward, in practice however, navigating through sanctions lists (which are being updated daily) can prove to be somewhat of a complex process.

The National Interest Act requires subject persons to undertake mandatory screening against the lists issued in terms of UNSC Resolutions, EU Council Regulations, and the National Interest Act. In addition, depending on their jurisdictional exposure and the type of activities undertaken, subject persons may also deem it appropriate to screen against other sanctions lists, including the list issued by the Office of Foreign Assets Control in the US (OFAC) or the Office of Financial Sanctions Implementation (OFSI) in the UK or any other list which may be issued by national authorities in various jurisdictions. Such determination would typically need to be made depending on, inter alia, the type of exposure which the organisation has with such jurisdiction also considering any reputational damage which a breach of sanction can bring with it.

A lack of sophisticated compliance solutions or lack of training and awareness could result in an organisations inability to properly conduct its sanction screening.

Sanction screening in practice

Establishing and implementing a Sanctions Policy

Persons undertaking a relevant activity or a relevant financial business in terms of the PMLFTR should establish a sanctions policy. A sanctions policy is principally aimed at ensuring that an organisation has thorough measures in place to assist with the identification of sanctioned individuals and organisations, and consequently identify the illegal activity to which the organisation may be exposed.

As is the case with other policies forming part of an organisations financial crime framework, for such a policy to be effective, it needs to be read in conjunction with other relevant documents forming part thereof.

Sanction screening mechanisms

To achieve their AML/CFT obligations, an organisation would commonly implement transaction screening and customer screening. Whereas the former allows an organisation to monitor customer transactions and focuses on identifying transactions involving targeted individuals, the latter is designed to identify targeted individuals or entities. Needless to say, the type of screening required would naturally depend on the type of services being offered by the relevant organisation.

When is sanction screening carried out?

Sanction screening should be carried out prior to onboarding a client and in those instances, in which a business relationship has been established, the organisation is duty bound to carry out ongoing screening, the frequency of which  is to be established by the said organisation based on a risk assessment which the organisation would have undertaken depending on the nature of the services or products offered and the sanctions risk to which it is exposed to. A change in any of the sanction lists will also trigger the need to re-screen clients and any associated persons.

Matching: True Match or False Match?

An organisation must clearly detail the manner in which a potential match is to be assessed and/or reported internally. Depending on the size of the organisation, the first line of defence or the second line of defence might be responsible for assessing the potential matches. In either case the persons assessing the potential matches should be knowledgeable on being able to assess whether the hit is a true match or a false positive. False positives, including the rationale as to why the employee has determined that such hit is a false positive should be duly documented and retained in the organisation’s records.

The sanctions policy should also indicate the person to whom any true matches are to be reported to and the time within which such reporting should take place. This will ensure that any matches are duly dealt with in a timely manner and any external reporting could take place with immediate effect in accordance with the applicable laws.

What happens if a client has been subject to a sanction?

Whenever a client has been subject to a sanction, the person nominated within the sanctions policy as responsible for the implementation of the sanctions framework within the organisation should immediately act in accordance with the order issued (whether such order was issued by the national authorities, the UNSC or the EU). In the majority of cases financial sanctions will impose the duty to freeze funds, financial assets and economic resources belonging to, owned, held or controlled by (i) sanctioned/designated persons (ii) by individuals or entities acting on their behalf or at their direction (iii) by entities owned or controlled by them. A freezing order would generally prohibit the making available of funds, financial assets or economic resources to or for the benefit of designated individuals and entities.

Training

In order to ensure effective implementation of the organisation’s internal sanctions policies and procedures, persons responsible for the sanctions framework within the organisation should be knowledgeable on the subject matter and the manner in which sanctions risks can manifest themselves. In addition, it is important that the first line of defence is duly trained in order to be able to firstly, input the correct data in the sanctions software and more importantly, be able to analyse any possible hits. Without such knowledge, the effective implementation of a sanctions regime is prejudiced.

Conclusion

Compliance with sanction regimes has become a growing challenge within the financial services sector. Undoubtedly, sanctions represent a significant regulatory risk that cannot be disregarded. An organisation risks being in breach of its sanctions obligations whenever any new individual or entity is designated and listed under the relevant sanctions list; however, the implementation of a well-though-out sanctions screening policy will help in minimising an organisation’s exposure to sanction risks.