The modern challenge of sanctions compliance

The increasing difficulty of sanctions compliance is highlighted by the growing fines that have been levied against financial institutions in recent years for failing to comply with anti-money laundering (AML) laws and other regulations. Banks have been fined hundreds of millions and even billions of dollars for alleged dealings with black-listed nations and drug kingpins, as well as for helping them launder money and evade sanctions. These banks have seen their net value suffer along with their reputations, while individual corporate executives have been subject to prosecution. As the global fight against money laundering and terrorist funding expands, the obligation to monitor transactions is also falling to large corporations, insurance companies, money services, and other types of businesses. Given the huge reputational risk and penalties faced by these businesses, why do so many still struggle to put in place effective compliance programs?

Several interrelated factors have converged to make sanctions compliance more complex and costly. First, the rapid pace of globalization exposes organizations to increasingly greater sanctions risk. Meanwhile, the number of individuals and entities on global watch lists continues to grow. In addition, sectoral sanctions, such as those targeting Russia’s financial and energy sectors and prohibiting certain types of transactions, complicate the task of distinguishing between approved and not-approved transactions. Screening for Politically Exposed Persons (PEPs) also presents financial institutions with subjective decisions about who constitutes a PEP and whether domestic as well as foreign PEPs should be flagged.

AML regulations require companies to screen not just their customers, but also related third parties, such as suppliers and the entities with whom their customers are sending or receiving funds. Enhanced due diligence is also required, depending on the perceived risk of the third party. And all of this is occurring in exploding volumes of global transactions where terrorists and criminals are constantly changing their tactics and identities to avoid detection.

In short, the data haystack is getting larger, while the needles are increasing in number but are getting harder to find.

Sanctions compliance—the task of finding the needles—imposes a variety of costs on financial institutions. Organizations must invest in sophisticated technology that can automatically screen large volumes of transaction data and accurately identify watch-list violators. This is no easy task, given that individuals and entities are often identified (and misidentified) in a multitude of languages, spellings, and formats, each unique to the database or payment instruction where the information resides. Another cost is for the personnel who operate the technology and evaluate flagged transactions to determine whether to approve them.

At the same time, the evaluation process can slow and even disrupt legitimate transactions, causing customer dissatisfaction and loss of business. Organizations can speed decision making by increasing the resources devoted to resolving watch-list alerts, but this is a cost few companies can afford. Some companies have sought to keep transactions and revenue flowing by easing their screening controls at times of operational stress, but this approach has led to severe fines and
penalties for non-compliance.