INSIGHT: The key flaw with modern sanctions screening systems

It is rare, these days, for a week to pass without a sanctions-related email landing in my inbox.

And, over the past year, I have been invited to speak on sanctions and proliferation financing more frequently than in all the years preceding it combined. The questions from industry and regulators alike have been strikingly consistent.

Which parties, precisely, should we be screening? Is a sanctioned individual holding 5% of a client a concern? At what point does the obligation to probe ownership and control become disproportionate? And perhaps most candidly: where do we find the skills to navigate this properly?

There is a feature, however, in our collective approach that worries me. Firms and regulators seem to equate the effectiveness of a sanctions framework to the correctness of the calibration of sanctions systems. That is wrong and blind.

Sanctions screening systems

There was, perhaps, a time when sanctions frameworks were largely synonymous with screening and effectiveness could be reduced, at least superficially, to the accuracy of a screening engine and the efficiency of its review team. That is no longer the case.

I hear frequently (those speaking events, again…) the mantra that “modern sanctions regimes extend beyond designated individuals and entities to sectors, technologies, vessels, trade restrictions and end-use prohibitions”. Even ChatGPT tells me that is the case, if I ask of it what we should worry about when it comes to sanctions. Yet, collectively, it seems to me that we fail to take this statement to its logical conclusion. 

Well, let me take you through the type of problems that sanctions are, that are not solved by a screening system.

The sanctions problem is one of beneficial ownership and control. 

Evidence tells us sanctioned entities control their business interests not by direct controls. Rather, they do so through minority shareholdings combined with voting agreements, trust arrangements (often discretionary), debt leverage and informal influence.

Indirect control

This identification of indirect control is, however, one with which firms struggle the most. I have the joy of looking at client files every day and I cannot emphasise enough how disappointed I am at our collective failure in this space. So, back to the screening system. If a perfectly calibrated screening system is screening the name of nominee directors (or CEOs, Managing Directors or other, clean, associates) rather than that of the person who truly controls a business, what are we screening?

The sanctions problem is one of goods, services and routes. 

There is an entire domain of sanctions attached to goods, services, and even knowledge. A software update, the provision of consultancy services or an engine part are all things that could be equally benign or sanctioned, depending on the context in which they are provided. Yet the probing what underlies a transaction remains an area of consistent weakness amongst firms.

Similarly, re-export through certain routes is a well-documented device for circumvention. But institutions remain widespread lacking in this space.

One of the main reasons for the under-resourcing and reprioritisation of these areas is that firms are encouraged to believe that a sanctions screening system is the answer to their sanctions problems.

The sanctions problem is one of transaction monitoring. 

Transaction monitoring impact

It is absolutely possible to detect sanctions breaches through transaction monitoring, yet I see incredibly few organisations deploy sanction-specific rule sets. And I see even fewer regulators probe them. Once again, this is, largely, because we have been consistently sold a line that sanctioned entities are on a list. While true, that is a simplistic view. The reality is that those sanctioned entities know too well not to associate their name to a transaction. Yet, certain hallmarks in a transaction, and its position withing a network of transactions, can reveal associations not visible to the naked eye. Again, not a screening system matter. 

The sanctions problem is one of siloed teams. 

In many institutions, sanctions, AML, trade finance, and client onboarding functions operate in silos, each performing its role competently, but in isolation.

The trade team reviews bills of lading. The AML function monitors transaction patterns. The Sanctions team reviewing screening hits and the onboarding team dealing with the identification of ownership and controls.

Rarely is there a fully integrated view of purpose, goods, ownership and geopolitical context. And, in the gaps created by those silos, I see things being missed pretty much every day.

The sanctions problem is one of multiplicity of industries. 

Money laundering impact

As for, and even more than for, money laundering the issue of sanction is one that touches upon manufacturers, logistics providers, professional service firms and technology companies as well as financial services institutions.

Firms across this multitude of industries are frequently not regulated in the same way.

While financial institutions have obligations for having in place reasonable controls relating to sanctions (not always, it depends on the regulatory and legal framework and that is another problem for another rant…), non-financial institutions have no such obligations.

And many are unfamiliar with the depth of due diligence now expected of clients and third parties, often assuming that their banking partners will absorb the risk or perform controls on their behalf. Do I need to say it again? Sanctions screening systems, not the full solution here.

The sanctions problem is one of supervisory fragmentation and lacking skills. 

Fragmented approach

Because it is an issue that encompasses trade, manufacturing, financial services, energy, sanctions is a topic area supervised by a variety of regulators. The reality is, however, that problematic transactions and behaviours are often only evident when events are looked at in combination.

An anomalous transaction is often too little an indicator.

But compounded with customs information and a report from a manufacturer as to an anomalous order can provide meaningful intelligence.

Yet jurisdictions often lack the coordination and even the legal framework to make this happen. This is a problem that needs intelligence capacity and coordination.

Furthermore, supervising sanctions compliance requires a blend of legal interpretation, geopolitical awareness, trade expertise, financial services knowledge and forensic analysis that are difficult to source and retain for firms and institutions alike.

Proliferation financing

And while I have spoken of sanctions generically, proliferation financing sharpens these dynamic. It is a subset of sanctions, but not a single typology. This manifests itself through a spectrum of activities ranging from procurement networks, through to human trafficking, sales of eyelashes, technology diversion and trade-based evasion.

It overlaps with terrorist financing, organised crime and state-sponsored activity. It is adaptive and often embedded within legitimate commercial flows. Certainly, nearly impossible to detect with a sanctions screening system along. A lot more suited to due diligence and transaction monitoring.

If it looks like we are leaving a lot of stones unturned, it is because we are. There is a way forward. We must push for an interpretation of sanctions control implementation beyond the screening systems.

Regulators must extend their thematic visits and assessments relating to sanctions to cover all arrangements. This will allow sanctions to receive the full framework of controls that they deserve. Firms must be guided to understand the implementation and calibration of a sanctions screening system as a starting point, not the entirety of their efforts.

We need investigatory taskforces, training of sectoral supervisors, risk assessments, monitoring rules and proper due diligence. And, of course, the skills to make this all work. A tall order…