Swedish Financial Supervisory Authority to analyse banks’ systems for sanction screening
The Swedish Financial Supervisory Authority (SFSA) communicated on the 6th of May it will conduct an in-depth analysis of the sanctions screening systems in banks in Sweden.
The analysis which will involve twenty banks, will measure the accuracy of banks' technical systems in conducting checks against international sanctions lists. It will also analyse to what extent the systems generate matches against the sanctions lists based on the parameters set by the banks.
What lessons have already been learnt from comparable analyses abroad and what are the current key risks and opportunities?
According to the Swedish FSA, the purpose of the analysis of banks’ systems for sanction screening is not to assess how individual companies comply with various rules, and the analysis does not form the basis for decisions on sanctions or interventions. However, based on the findings of an in-depth analysis, the Swedish FSA can choose to initiate an investigation.
Insights from across the border
Advisense has previously published a brief analysis of the results from a comparable analysis recently conducted by the Norwegian FSA, with a thematic review on sanctions screening in 20 banks including subsidiaries of foreign banks operating in Norway. The review involved testing of the accuracy of screening tools used by the banks against actual as well as manipulated data, to compare results. Comparable tests have also been carried out on global level, where screening tests result in an accuracy rate of 97% on actual (unmanipulated) data and 90% accuracy on manipulated data.
The results show that a majority of the Norwegian banks demonstrated relatively low or unsatisfactory customer screening accuracy and even less with regards to transaction screening, which constitutes a risk of breaching sanctions regulations according to the NFSA.
According to Lars von Ehrenheim, Director and sanctions risk expert at Advisense, a common issue in Sweden is that sanctions risk management measures often are not conducted based on risk and exposure, but rather as an add-on to PEP/RCA screening. Since there’s a lack of guidance from Swedish regulatory authorities, financial institutions need to look abroad.
In addition to an increased attention on the efficacy of screening systems, it is clear that the EU and OFAC are now focusing increasingly on sanctions circumvention including criminal liability.
Sanctions evasion
Both financial and non-financial companies need to stay vigilant not only considering new sanctions regimes, but also evasion techniques and changes in geopolitical dynamics. This is crucial for effective sanctions risk management. Sweden is neighbouring the Baltics, where there is a different focus, including reporting to their FIU and training from authorities for manufacturing and import and export companies. Within a short time, by way of example the number of suspected sanctions evasion cases in Latvia has increased from ten to five hundred.
The Financial Times and other international media have reported on the increased trading via third countries to circumvent sanctions, often involving countries in Central Asia. Managing sanctions risk becomes more complicated when dealing with cross-border transactions involving multiple jurisdictions with differing sanctions regimes. In particular, third-party risks. Managing sanctions risks associated with third-party relationships, including suppliers, customers, and business partners, requires thorough due diligence and ongoing monitoring.
Mitigating third-party risks
According to Lars von Ehrenheim, screening against sanctions lists is key, but by the same token, there needs to be assurance around data accuracy and adequacy. Incomplete or outdated data can result in false positives or negatives. There is added acknowledgment of the need to better utilize KYC processes and UBO idenification as well as SARS reporting, where the accuracy of the transaction monitoring system is crucial to detect and investigate suspicious activities related to sanctions circumvemtion violations, especially in large financial institutions with high transaction volumes.
To ensure robust and effective sanctions risk management programs, over and above implementing and maintaining tech solutions for screening and monitoring, companies also need to look into how to ensure sufficient and adequately competent resources. This means staffing, expertise, training and awareness-raising, and budget.
