GRC Professional - February 2015 Edition | Page 17
tain country when they should not have been.
Corporate business is having to do more sanctions screens for their agents and joint venture
partners to make sure they are covered. Reputational risk is increasingly important. “
Companies need to get this right because
the costs of getting it wrong are simply too
great. “If you look back over the past five
years, the penalties for getting it wrong are
unbelievable. You are looking at billion dollar
penalties. It is a very serious process.”
Sanctions compliance
When establishing a sanctions compliance
program, the first step should be to establish
which sanctions apply to you. You need to
comply with both the local and global regime.
The local regime will be established by the
Government of the country in which you are
operating, while the global sanctions list is operated by the UN.
Dunn says you need to make sure you are
aware of the changing nature of the sanctions and to be seen to be complying with the
various sanctions. “A lot of these sanctions
are fast-moving. If you look at the Ukraine
and Russia, sanctions are being published
monthly. The list changes and the individual companies and individuals who are being targeted changes also. As an institution,
you have to be very close to that and act very
quickly,” says Dunn.
“The other big challenge, from an operational point of view, is dealing with the
sheer volume. You are literally talking about
screening every single customer and, in addition, because of the increased risk, you are also
screening shareholders and directors, as well
as subsidiary companies.
The other big challenge, from an
operational point of view, is dealing
with the sheer volume.
“The databases have literally millions of
names, changing daily.”
One of the biggest issues is managing the
false positives that these systems generate. A
false positive is a person with the same name
as those on sanctions’ watch lists. These often
have to be manually taken out of the system,
creating a compliance nightmare. Dunn says
that many companies are still grappling with
this. “You can never eliminate them completely, but more advanced software can reduce them.”
Where do organisations go wrong? Dunn
says, in some cases, it just a case of institutions
getting so big that they have lost sight of the
way these issues need to be dealt with. “They
were not proactively trying to avoid the sanctions regime, they were just not managing the
process adequately.”
There are, however, a number of cases
where the US Government alleges institutions were taking measures to wilfully avoid
the regime, because of the impact of sanctions
on their business. The fines that followed in
these cases will ensure that few businesses will
run that risk again.
•••
Quick Tips:
Establishing a Program
A firm should develop its approach in the
context of how it might most likely be involved
in breaching economic and country-related
sanctions. A firm may take into account a
range of factors when conducting its assessment, including:
•
•
•
•
•
•
•
•
Its customer, product and activity profiles
Its distribution channels
The complexity and volume of its
transactions
Its processes and systems
Its operating environment
The screening processes of other parties
The geographic risk of where it does
business
The sanctions regulations of relevant
countries.
Source: The Joint Money Laundering
Steering Group
15