GRC Professional - February 2015 Edition | Page 17

tain country when they should not have been. Corporate business is having to do more sanctions screens for their agents and joint venture partners to make sure they are covered. Reputational risk is increasingly important. “ Companies need to get this right because the costs of getting it wrong are simply too great. “If you look back over the past five years, the penalties for getting it wrong are unbelievable. You are looking at billion dollar penalties. It is a very serious process.” Sanctions compliance When establishing a sanctions compliance program, the first step should be to establish which sanctions apply to you. You need to comply with both the local and global regime. The local regime will be established by the Government of the country in which you are operating, while the global sanctions list is operated by the UN. Dunn says you need to make sure you are aware of the changing nature of the sanctions and to be seen to be complying with the various sanctions. “A lot of these sanctions are fast-moving. If you look at the Ukraine and Russia, sanctions are being published monthly. The list changes and the individual companies and individuals who are being targeted changes also. As an institution, you have to be very close to that and act very quickly,” says Dunn. “The other big challenge, from an operational point of view, is dealing with the sheer volume. You are literally talking about screening every single customer and, in addition, because of the increased risk, you are also screening shareholders and directors, as well as subsidiary companies. The other big challenge, from an operational point of view, is dealing with the sheer volume. “The databases have literally millions of names, changing daily.” One of the biggest issues is managing the false positives that these systems generate. A false positive is a person with the same name as those on sanctions’ watch lists. These often have to be manually taken out of the system, creating a compliance nightmare. Dunn says that many companies are still grappling with this. “You can never eliminate them completely, but more advanced software can reduce them.” Where do organisations go wrong? Dunn says, in some cases, it just a case of institutions getting so big that they have lost sight of the way these issues need to be dealt with. “They were not proactively trying to avoid the sanctions regime, they were just not managing the process adequately.” There are, however, a number of cases where the US Government alleges institutions were taking measures to wilfully avoid the regime, because of the impact of sanctions on their business. The fines that followed in these cases will ensure that few businesses will run that risk again. ••• Quick Tips: Establishing a Program A firm should develop its approach in the context of how it might most likely be involved in breaching economic and country-related sanctions. A firm may take into account a range of factors when conducting its assessment, including: • • • • • • • • Its customer, product and activity profiles Its distribution channels The complexity and volume of its transactions Its processes and systems Its operating environment The screening processes of other parties The geographic risk of where it does business The sanctions regulations of relevant countries. Source: The Joint Money Laundering Steering Group 15