The frontline of payments compliance: sanctions and terror financing

by Peter Davey, Head of Compliance, Lucra

Share this post

Sanctions and counter-terror finance (CTF) screening have become a more demanding area of compliance. Sanctions lists used to be relatively static. Following the Russian invasion of Ukraine, they are now perpetually changing.

Unsurprisingly, it’s becoming challenging for regulated firms to maintain adequate sanctions compliance based on existing in-house expertise and systems. Firms are now turning to external parties and, increasingly, technology to keep up to date with the pace of change, and put in place compliance systems that operate interactively, in real-time and 24/7.

While using new technology and/or service providers is proving vital to remain compliant with sanctions, “outsourcing performance” of such regulatory tasks requires careful management. What, therefore, are the requirements around sanctions and CTF screening and how can firms best use technology solutions to adequately discharge these responsibilities?

Outline of required processes

Firms need to check clients, customers and counterparties against lists of sanctioned persons (both natural and corporate) based on various official lists (UN, USA, UK, EU, etc.) at:

  • Onboarding;
  • Regular intervals to ensure the status of an existing client, customer or counterparty hasn’t changed; and
  • In advance of processing transactions.

Although Anti-Money Laundering (AML) and CTF are referenced together as if they are the exact same thing, they differ quite markedly:

  • AML is performed after a transaction has been processed. Money laundering often requires a pattern of behaviour to be discerned. And materiality limits apply; so low value money laundering is often not identified.
  • But CTF is more akin to sanctions screening: it must take place before the transaction is processed, has no lower limit (terrorism is cheap) and suspected sanctions funds need to be seized. For example, some entities viewed by some parties as charities or legitimate political actors are viewed as terrorist fronts by sanctions designating authorities (e.g. Hezbollah).

Technology systems

To cope with today’s global risks, CTF / sanctions screening requires dedicated, sophisticated systems to perform checks and monitoring. Core features of systems include:

  • Fuzzy logic: Screening software is tuned to identify close matches using fuzzy logic. But if the sensitivity is too high, the matches become unmanageable. Too low, and actual matches are missed. So, this requires continuous fine-tuning.
  • White lists: List of entities/persons that have been screened and identified as false positives, so they don’t need to be re-screened each time. This frees up resources to focus on high risk cases..
  • Black-lists: Lists of persons/entities that firms may specifically want to screen even though they are not on a designated list. For example, some Russian oligarchs have started running their assets via proxies (e.g. their super-yachts). If a firm becomes aware of such things it should add the proxies to its blacklists and screen against them.

Given the complexity of sanctions screening solutions, they often lead to a large increase in workload if a firm implements a new system until the firm staffs up and learns to tune the fuzzy logic and whitelisting. The temptation is sometimes to switch the system off, though this is not a good idea.

Wire transfer regulations (WTR)

A related issue for payments compliance is the wire transfer regulations, also known as the travel rule. Under these rules, firms are obliged to:

  • Identify the ultimate originator / payor and beneficiary / payee of each transaction. This sounds easy but often times, the intermediary may try to disguise or even ‘strip’ the ultimate payor or payee information.
  • Screen these details for CTF / sanctions purposes before processing.
  • This may give rise to a need to seize the funds and segregate them both from customer safeguarded funds and the firm’s own funds.

In any event, a hit that cannot be adequately confirmed to be a false positive needs reporting to the appropriate authorities. This can be less simple than it sounds given the jurisdictions of the clients, customers and counterparties, the currencies, and the matters involved.

Cryptos

An added complexity is that from September 2023, UK regulated entities are required to screen transactions involving cryptos. A firm may say, we don’t process cryptos and so this is of no concern to us. But if the firm is on notice that an inflow has come from the proceeds of cryptos and the intermediary declines to provide details of the ultimate payor, this can lead to a WTR / travel rule non-compliance which may require reporting.

A new way forward

Peter Davey, Head of Compliance, Lucra

With this increasing complexity in sanctions/CTF screening, which shows no signs of abating, better solutions are needed to make sense of this complexity and deliver clarity and contextual insight when it truly matters.

It is increasingly necessary to accept that it is not worth seeking to build the capability internally, but rather to buy-in the solution from a best of breed provider. Furthermore, we need to recognise that the activity is becoming increasingly sophisticated and therefore requires sophisticated tools to screen appropriately (e.g. tuning of fuzzy logic, white and black lists).

Finally, the need to audit the process referenced above is a new a growing complexity, especially since regulators are starting to require it, which further underscores the importance of systems precision to organise information and deliver clarity and transparency.

Ultimately, technology will play a pivotal role in realising such a solution. This is an area where Lucra can help.

Lucra-Lockup-Black-CMYK-2
Article by Lucra Technologies Ltd.

More To Explore

Membership

Merchant Community Membership

Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.

Welcome

Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?