Sanctions Risk Management – Dealing With the New Reality
The US is tightening sanctions on Russia, implicating new risks for the companies on the other side of the Atlantic. Just before the summer, the Financial Times reported on how vulnerable banks are to risks around economic sanctions and export controls. The US has now imposed sanctions on at least 3,500 people, businesses and entities. This should mean a full stop for Russian banks to make transactions in US-dollars or with US-organisations.
In the EU, things are also heating up. With the 14th EU sanctions package coming into force, breaching sanctions regulations is becoming criminalised and work is underway for the application into national law around the EU. The EU furthermore recently signed off sanctions against the eastern Belarus, including a ban on exports to and via Belarus of technologies that can be used for military purposes, liquefied natural gas and luxury items.
What are the short- and medium-term consequences for companies? Are we waking up to a new reality of sanctions risks any time soon?
Let´s start with the EU perspective. The 13th EU sanctions package focused on enhancing existing sanctions, preventing circumvention, and introducing new maritime restrictions. With the 14th package new export restrictions are introduced, financial sanctions are expanded, and the focus on individuals and entities is increased. There is also a stronger emphasis on enforcement and cooperation with third countries. Moreover, breaching sanctions becomes a criminal offence.
Taking a brief look in the rear-view window, this direction might not come as a surprise. We have recently seen some record fines in the sanctions space, suggesting that both large heavyweights and smaller niche businesses are subject to tough supervisory action. Few have forgotten BNP Paribas’ historical fine of 8,9 billion USD including the five-year probation which sent shivers down the spine of senior executives across markets.
To refer to more recent developments, in 2023 alone, settlements and enforcements over US sanction breaches measured up to USD 1, billion. New US sanctions are reportedly targeting entities in eleven other countries, including China, Liechtenstein and the United Arab Emirates.
In May, the Swedish Financial Supervisory Authority announced an in-depth review of sanctions screening in 20 banks. The outcomes are pending any time soon. How the Swedish FSA will address the results from individual banks is something that more than a few should keep a watching brief on.
In July, Lithuania fined crypto company UAB Payeer a record EUR 9,3 million for sanctions and money laundering violations involving Russian clients. According to a statement from the Lithuanian Financial Crimes Investigations Service, Payeer had given Russian individuals and legal entities the opportunity to receive cryptocurrency wallet, account management or storage services and carry out transactions in Russian roubles by transferring them from European Union-sanctioned Russian banks*1.
Third Parties and Third Countries
New ways to transfer money and goods are constantly explored. The more sanctions there are, the more complex and innovative circumvention becomes. And, the more bankers are being used as intermediaries to implement them in the financial system, according to recent reports in the FT.
Companies are increasingly becoming aware of the need to ensure a reasonable approach to managing the potential risk and liabilities linked to third parties and third countries.
Lars von Ehrenheim is a Director and sanctions expert at Advisense. His view on the remits of responsibility is to focus on when it is reasonably obvious that an entity through the acts of its employees or through the acts of a contracted third party has facilitated a sanctions breach. The critical aspect to consider is if and when an entity can be deemed to have wilfully put itself in a position of ignorance. von Ehrenheim points to cases where the US Office of Foreign Assets Control (OFAC) has levied fines to foreign companies because of how their subsidiaries have acted, specifically involving sales to Iran via Lebanon.
Exports from the EU to markets adjacent to Russia has increased since Russia’s invasion of Ukraine as noted by several national and international media. New routes are explored and new statistics have their own stories to tell to those seeking to assure transparency.
New transit hubs gain ground through China, Hong Kong, the UAE etc. von Ehrenheim tells the story of sudden increases in the export of birch pulp from China to European markets. Birch wood, typically used in paper production or other industrial processes, has until recently been a top export product from Russia.
Sanctions Risk Management
While all this is happening, companies must ramp up very quickly to meet requirements. Just like the scramble for AML resources in the market some ten years ago, there is now a run on expertise and experience from working with sanctions screening and sanctions risk management.
Moreover, there is a range of sanctions screening systems available on the market. Key is to very carefully consider what a system is supposed to deliver given your actual risks, based on what transactions and payments that should be subject to screening.
Larger financial institutes are working on (or have) integrating sanctions into their AML programs, while many medium-sized or smaller companies may to a larger extent be struggling or fumbling. At this point, most companies regardless of size, do have a screening solution in place. What many do not have is a management system around it. This is especially important considering the criminalisation of sanctions breach and circumvention via a third country. Review your exposure frequently, considering exposure to the US-market etc.
A sanctions screening solution is only one part of a program. Based on what we see happening now, a lot of companies have had training in sanction risks and sanctions screening just one or two years ago. Now, it is getting real, it is getting tangible. New operational issues emerge, like how to deal when you get a true positive in your system.
Lars von Ehrenheim
As often is the case, the fundamental recommendation says von Ehrenheim is to start with a gap analysis. It is not uncommon that both design and screening settings are not adequate at all. Lars von Ehrenheim advises to benchmark against OFAC and the EBA guidelines and to make sure to establish a complete and holistic perspective.
Look at what actual controls that are carried out. Are they exposure/risk-based, do they consider the whole management system? It is also of advantage to look at what´s available from the Wolfsberg Group for more specific guidance on screening
Lars von Ehrenheim
Don´t miss the opportunity to listen in to Advisense webinar series with an exclusive focus on sanctions risk management this autumn. Check out the program here and save the dates.