The frontline of payments compliance: sanctions and terror financing

Sanctions and counter-terror finance (CTF) screening have become a more demanding area of compliance. Sanctions lists used to be relatively static. Following the Russian invasion of Ukraine, they are now perpetually changing.

Unsurprisingly, it’s becoming challenging for regulated firms to maintain adequate sanctions compliance based on existing in-house expertise and systems. Firms are now turning to external parties and, increasingly, technology to keep up to date with the pace of change, and put in place compliance systems that operate interactively, in real-time and 24/7.

While using new technology and/or service providers is proving vital to remain compliant with sanctions, “outsourcing performance” of such regulatory tasks requires careful management. What, therefore, are the requirements around sanctions and CTF screening and how can firms best use technology solutions to adequately discharge these responsibilities?

Outline of required processes

Firms need to check clients, customers and counterparties against lists of sanctioned persons (both natural and corporate) based on various official lists (UN, USA, UK, EU, etc.) at:

• Onboarding;
• Regular intervals to ensure the status of an existing client, customer or counterparty hasn’t changed; and
• In advance of processing transactions.

Although Anti-Money Laundering (AML) and CTF are referenced together as if they are the exact same thing, they differ quite markedly:

• AML is performed after a transaction has been processed. Money laundering often requires a pattern of behaviour to be discerned. And materiality limits apply; so low value money laundering is often not identified.
• But CTF is more akin to sanctions screening: it must take place before the transaction is processed, has no lower limit (terrorism is cheap) and suspected sanctions funds need to be seized. For example, some entities viewed by some parties as charities or legitimate political actors are viewed as terrorist fronts by sanctions designating authorities (e.g. Hezbollah).

Technology systems

To cope with today’s global risks, CTF / sanctions screening requires dedicated, sophisticated systems to perform checks and monitoring. Core features of systems include:

• Fuzzy logic: Screening software is tuned to identify close matches using fuzzy logic. But if the sensitivity is too high, the matches become unmanageable. Too low, and actual matches are missed. So, this requires continuous fine-tuning.
• White lists: List of entities/persons that have been screened and identified as false positives, so they don’t need to be re-screened each time. This frees up resources to focus on high risk cases..
• Black-lists: Lists of persons/entities that firms may specifically want to screen even though they are not on a designated list. For example, some Russian oligarchs have started running their assets via proxies (e.g. their super-yachts). If a firm becomes aware of such things it should add the proxies to its blacklists and screen against them.

Given the complexity of sanctions screening solutions, they often lead to a large increase in workload if a firm implements a new system until the firm staffs up and learns to tune the fuzzy logic and whitelisting. The temptation is sometimes to switch the system off, though this is not a good idea.

Wire transfer regulations (WTR)

A related issue for payments compliance is the wire transfer regulations, also known as the travel rule. Under these rules, firms are obliged to:

• Identify the ultimate originator / payor and beneficiary / payee of each transaction. This sounds easy but often times, the intermediary may try to disguise or even ‘strip’ the ultimate payor or payee information.
• Screen these details for CTF / sanctions purposes before processing.
• This may give rise to a need to seize the funds and segregate them both from customer safeguarded funds and the firm’s own funds.

In any event, a hit that cannot be adequately confirmed to be a false positive needs reporting to the appropriate authorities. This can be less simple than it sounds given the jurisdictions of the clients, customers and counterparties, the currencies, and the matters involved.

Cryptos

An added complexity is that from September 2023, UK regulated entities are required to screen transactions involving cryptos. A firm may say, we don’t process cryptos and so this is of no concern to us. But if the firm is on notice that an inflow has come from the proceeds of cryptos and the intermediary declines to provide details of the ultimate payor, this can lead to a WTR / travel rule non-compliance which may require reporting.

A new way forward

With this increasing complexity in sanctions/CTF screening, which shows no signs of abating, better solutions are needed to make sense of this complexity and deliver clarity and contextual insight when it truly matters.

It is increasingly necessary to accept that it is not worth seeking to build the capability internally, but rather to buy-in the solution from a best of breed provider. Furthermore, we need to recognise that the activity is becoming increasingly sophisticated and therefore requires sophisticated tools to screen appropriately (e.g. tuning of fuzzy logic, white and black lists).

Finally, the need to audit the process referenced above is a new a growing complexity, especially since regulators are starting to require it, which further underscores the importance of systems precision to organise information and deliver clarity and transparency.

Ultimately, technology will play a pivotal role in realising such a solution. This is an area where Lucra can help.