Sanctions — targeted sanctions, sectoral sanctions, secondary sanctions, US sanctions, UN sanctions, and so on — are complicated, can be far-reaching, and have the potential to trigger massive fines. Concern with this kind of exposure isn’t unique to one sector, nor does it affect only one stage of business, arising at any point from the onboarding of a new client to the investigation into a potential new supplier.
However, this doesn’t mean that any whiff of sanctions exposure spells an end to the business at issue: the complicated nature of sanctions means that enhanced due diligence is necessary to fully understand which red flags to look for and how to mitigate exposure while still conducting business. Indeed, as opposed to technological solutions like commercial databases that frequently over-simplify sanctions risk, enhanced due diligence provides the content and information necessary to help enable, not inhibit business.
What are sanctions?
Sanctions are typically enacted by governments or governing bodies to apply pressure on a country or leader to modify or end certain policies – whether domestic or international, military or humanitarian, economic or political – on which there is disagreement or even outright conflict. The most common sanctions will impose blocks on economic activity, and usually focus on individuals, groups, or specific sectors within the targeted country. The main types we are concerned with include:
- Targeted Sanctions – Meant to pressure or punish a particular individual rather than an entire nation or industry (e.g. Special Designated Nationals or SDNs). These individuals are often politicians and military figures, but can also be business people, especially those linked to the government in question.
- Sectoral Sanctions – Targeting entire sectors within a country OR selected businesses operating in the targeted sector (e.g. the oil industry in Venezuela), such sanctions are powerful tools given that the targeted sectors are frequently vital to the nation’s economy.
- Secondary Sanctions – Although these are relatively rare and complex, they place further pressure on a government by forcing other countries or third parties to abide by them (e.g. the US sanctions individuals or entities doing business with those who are conducting sanctioned business with Iran).
Who enforces sanctions?
While individual countries can levy and enforce sanctions of their own, , the most relevant sanctioning parties are the United Nations (UN), the European Union (EU), and the US. This is because the ability of sanctions to effect change is only as powerful as (1) the willingness to enforce them, and (2) the ability of this enforcement to so negatively impact the target that change is considered.
The US, for example, which imposes sanctions through the Office of Foreign Assets Control (OFAC), can be considered the strongest sanctioning body due to the global reliance on the US Dollar, their willingness to enforce these measures, and the scope of its coverage. Indeed, OFAC sanctions guidelines extend to any and every ‘U.S element’, which includes all US citizens overseas, all residents of the US regardless of citizenship, and all companies based, domiciled, or operating in the US. This includes, of course, overseas branches of US banks. The US doesn’t just threaten sanctions; they enforce them. In 2019 alone, OFAC issued USD 1.3 billion in sanctions over 82 different actions. In that year, OFAC also added 792 entities to their sanctions list. Fines can also range in severity, with Standard Chartered, for example, penalized USD 1 billion, one of the highest amounts ever levied, for ignoring red flags linked to sanctioned Iranian entities.
To take another example, UN Security Council (UNSC) sanctions are hard-hitting in the breadth of their support as the successful passage of UNSC sanctions usually means implementation by the vast majority of the major global players. That said, given the contradictory interests within the UNSC, sanctions are inevitably levied against “weaker” countries with less power and influence and never the veto-bearing members themselves — or their allies. As a result, the countries sanctioned by the UN are often limited to weaker ones.
What are the red flags in sanctions exposure?
Firstly, it’s crucial to understand that a red flag is just that: they indicate a potential risk issue that requires a more thorough investigation. However, by themselves they do not necessarily represent a deal breaker.
Secondly, it’s important to understand an individual’s country exposure and the particular sanctions imposed on those countries or even specific entities therein.
Indeed, certain countries are accurately considered high risk and exposure to specific sectors within those jurisdictions may present even higher risks. For example, the exposure of a Florida-based export business would increase significantly if they were engaged in trade with Venezuela, as that state tends to be a popular hub for wealthy Venezuelans connected to sanctioned individuals in the government. Likewise, when looking at a Russian subject, it’s important to evaluate his or her exposure to Putin’s “inner-circle”. In order to do so, you need to understand who’s in it. It is also important to understand the sectors that are sanctioned in a given country so that you can spot red flags in a prospect or client’s business profile.
For these reasons, sanctions screening requires you to scale the exposure to the risk. It would be pointless to profile an ultra-high-net-worth-Individual (UHNWI) without uncovering their network of associates. Even if they are not themselves under sanctions, there is a real risk that their connections could reveal links to sanctioned individuals or entities and understanding the scale and scope of this exposure is key.
Thus, the most important red flags to look out for are in the connections – business or other – of the subject of investigation and understand the context of the country or countries he/she operates in.
Gray areas and mitigating factors in sanctions
Sanctions exposure is not black and white – maybe someone is marked as exposed, but the reach of the sanctions at issue are questionable, such as when a Russian individual is under Ukrainian sanctions and vice versa. In other words, not all sanctions have equal impact, especially when they are imposed by a country with limited influence.
In addition, there are various other mitigating factors to take into consideration when conducting KYC research. As a starting point, the following should be taken into consideration:
- Sectoral sanctions vs SDN sanctions – Is it a blanket sanction levied against a risky sector within a country or is an individual or associated entity that were targeted directly? The latter implies a much higher risk of exposure and wrongdoing and leaves limited opportunity for mitigating factors.
- Timeline of affiliation – Did involvement with the entity occur before or after sanctions? We’ve seen multiple instances in which individuals were flagged for sanctions exposure, yet ceased working for the sanctioned entity years prior to the imposition.
- Family ties – Are they only linked to the sanctioned entity by familial association? If you can prove that the only link is a family relation, this increases the chances that you can work with that individual.
- Level of involvement – Is the prospect or client’s main source of income derived from a company linked to sanctioned individuals or other entities, or does it represent a minor source of revenue?
- OFAC’s 50% rule – How much of the entity is owned by sanctioned parties? OFAC’s “50% rule” states that any entity more than 50% controlled by sanctioned parties, it is a sanctioned entity. Less than 50% ownership would increase the chances that you could work with the individual at hand.
Going beyond the tick-the-box approach to mitigate your exposure
As you can tell, properly identifying sanctions exposure is not always straight forward. That said, customer due diligence often involves the use of technological solutions, such as commercial databases that try to simplify things. These solutions perform automated screening or sometimes utilize a combination of AI and human verification. While they certainly can be useful and support due diligence work, there is also significant room for error and are insufficient for higher risk individuals and other situations in which there is a need for enhanced due diligence.
These platforms typically utilize natural language processing (NLP) tools, which detect negative keywords in search results, run names against various sanctions and other watch lists, and check for an individual’s political exposure. Despite advances in technology, there are still significant shortcomings that make NLP unreliable. Just imagine an anti-fraud company being negatively impacted because the database detected the words ‘corruption’ and ‘attack’ in their media profile! This is a simple example, but illustrative of the types of gaps that we see.
In addition, websites make mistakes or simply may not be updated, so even a human doing a cursory check without cross-referencing a given subject’s profile can miss nuance in exposure, sanctions or otherwise. In the case of sanctions, we’ve seen many instances in which such tools miss exposure to other sanctioned individuals and entities, something that is essential for more accurately understanding risk. In other cases, they miss important factors that actually mitigate exposure.
Overall, due diligence that is over-dependent on these technologies run the risk of:
- overlooking exposure
- producing superficial analyses
- failing to take context into account
- including false positives
The bottom line here is that being flagged in a commercial database doesn’t mean your research is complete. Indeed, given the complex nature of sanctions the various methods of exposure also means that unflagged individuals may not be free from exposure.
Commercial databases should instead be seen as a starting point in the compliance process. Rather, enhanced due diligence that investigates beneficial owners, subsidiaries, clients, business partners, and more is far more capable of drawing the complete picture. This includes thorough checks of corporate records, official company documents, and local and international media sources in a variety of relevant languages, all of which are standard practice for Sqope.
Indeed, our enhanced due diligence reports include a dedicated section for sanctions exposure in which the nature and context for any links to sanctioned individuals or entities are clearly evaluated.
To conclude, a nuanced and informed approach to sanctions exposure is key to a successful KYC and AML process. We’ve demonstrated how red flags that arise during the due diligence process represent indications that more context is required, not an immediate shut down of business with the individual or company at hand. Successful compliance professionals who understand the complexity of sanctions are more capable of conducting due diligence without hindering business opportunities.
Did you miss our sanctions webinar? You can view it here.
Do you want to receive information about upcoming webinars and new analysis? Click here to sign up for our mailing list.