taking sanctions seriously - bovill briefing jan 15
TRANSCRIPT
Taking sanctions seriously Managing sanctions risks
Briefing
Thursday 15th January 2015
Mark Spiers
• Breaches are criminal offences
• But it is different to AML and CTF
• They change
• It is not always clear how to implement them
• They are here to stay
2
Why take sanctions seriously?
3
The JMLSG guidance – risk based
“To reduce the risk of breaching obligations under financial
sanctions regimes, firms are likely to focus their resources on
areas of their business that carry a greater likelihood of
involvement with targets or their agents.”
“Within this approach, firms are likely to focus their prevention
and detection procedures on direct customer relationships, and
then have appropriate regard to other parties involved.”
JMLSG – 5.3.48
4
The JMLSG guidance
“Firms need to have some means of monitoring payment
instructions to ensure that proposed payments to targets or
their agents are not made….”
JMLSG – 5.3.49
• Decidedly not risk based!
• Strict liability in some cases.
5
The sanctions regimes
7.12 I have carried out a transaction that is subject to financial
sanctions; what should I do?
If you find that you have carried out an economic transaction that was
prohibited by sanctions (for example by dealing with a designated
person’s funds without a licence), you should contact Financial
Sanctions at HM Treasury to regularise the position.
You might also need to contact your regulator, such as the Financial
Conduct Authority (FCA), if you are separately regulated by them.
You may also wish to take independent legal advice.
7.13 What if I did not know I was breaching a prohibition?
A person does not commit an offence if they did not know and had no
reasonable cause to suspect that the funds, economic resources or
financial services were being made available, directly or indirectly, to or
for the benefit of a designated person.
(HMT – Financial Sanctions FAQs – August 2013)
6
The sanctions regimes – ‘helpful’ HMT advice
7
Specific sanctions programmes
Issuers of sanctions
• Generically 2 types:
• List based – named individuals or organisations and
connected parties; and
• “Comprehensive” or general – applying to a class of person
or goods.
• Anti-circumvention is a key concern in drafting.
8
Relevant regimes
UN EU
UK US
• Items designated by the Council and
administered by countries participating.
• Mainly related to terrorism and weapons of mass destruction.
Currently have:
9
UN
arms embargoes travel sanctions restrictions on
the provision of financial services
import/export bans on certain
commodities
civil aviation restrictions
• Designated by the EU and administered by participating
countries.
• Mainly based on name lists with some more general
elements.
EU
10
• Foreign and Commonwealth Office
(FCO) – responsible for overall policy.
• HM Treasury – responsible for:
• implementation/administration of international financial
sanctions
• domestic designation
• licensing exemptions to financial sanctions
• maintaining lists of sanctioned parties.
• Mainly name list based, but with some country / industry /
comprehensive elements.
• FCA is supervisory authority for most financial firms* re: controls
But has no enforcement power for specific breaches.
*HMRC for payment institutions
11
UK
12
UK – Current Regimes Country Type Country Type
Afghanistan Names Lebanon and
Syria
General (no targets)
Al-Qaida Names Liberia Names
Belarus Names Libya Names
CAR Names North Korea Names, general elements
DRC Names Somalia Names
Egypt Names South Sudan Names
Eritrea Trade (No targets) Sudan Names, general
FRY Names Syria Names and “associates”
Guinea Names Tunisia Names
Guinea Bissau Names Ukraine Names
Iran Names / General Yemen Names
Iraq Names Zimbabwe Names
Ivory Coast Names Terrorists Names!!
• The Office of Foreign Assets Control
• (OFAC) administers and enforces economic and trade
sanctions
• Set up 1950
• Fines per breach
• Extra-territorial
• Specially Designated Nationals (SDN) List and
comprehensive elements.
13
US
• Compliance with OFAC is required by:
• all US persons, including all US citizens and permanent;
resident aliens no matter where they are located„
• all persons and entities physically present in the US
• all US incorporated entities and their foreign branches
• all US origin goods „and trans-shipments.
• Use of the USD automatically engages OFAC regulations.
US – compliance with OFAC
14
EU amends and extends “Russia” sanctions
• As a result of the Ukrainian incursion.
• Effects are unlike previous regimes due to the economic links
with Russia.
EU amends Central African Republic sanctions
• Three designated individuals subject to an asset freeze.
EU extends Al Qaeda sanctions
• Two further individuals designated as a result of UN sanctions
against them.
Recent changes – increases
15
UK law extended as a result of ECJ case
• Any monies arriving in the UK, or in a UK bank anywhere in the
world
• That have come from or via a designated person based outside
the EU
• Must be frozen in a suspense account, or other separate
account, on arrival in the UK bank
• A licence needed from HMT to release the funds to the intended
recipient.
Recent changes – increases
16
US to ease certain aspects of Cuba sanctions
• Including those involving financial services, exports, travel and
remittances.
EU extends Iran sanctions suspensions
• The Joint Plan of Action (JPA) entered into between Iran and the
E3+3 countries China, France, Germany, Russia, UK and USA
has been extended until 30.06.16 as negotiations over Iran’s
nuclear programme continue.
Recent changes – decreases: Cuba / Iran
17
• BNP Paribas – 2014 - agreed to pay $8.9bn in 2014 for
knowingly violating US sanctions on Iran and Sudan
• Standard Chartered – 2014 - fined $340m in 2012 for hiding
transactions with Iran and received a fresh penalty of $300m in
2014 for failing to fix the problems identified in 2012
• HSBC – 2013 - fined $1.9bn in 2012 for having poor money
laundering controls in place and violating US Sanctions
• RBS – 2013 - fined $100m for violating US sanctions against
Iran, Sudan, Burma and Cuba
• ING – 2012 – $ 619 million for intentional manipulations and
deletion of info about sanctioned parties in over 20k transactions
Enforcement & penalties – financial sector
18
• Weatherford International – $91 million settlement for export of
goods and services to Iran, Cuba and Sudan.
• New York Stock Exchange listed company – Simplified Due
Diligence?
Enforcement & penalties – non financials
19
20
Sanctions risk management
• Why?
• You are the gatekeepers.
• Identify where the risks are
• Implement appropriate tools to manage the risk
• Test
• Report and improve
21
Establishing a sanctions risk management plan
22
Managing risks
Inherent risk
(controls + education)
Residual risk
Inherent risks in your business
23
What? (Sanctions,
regimes, your business)
Who?
(Your clients, your investee companies,
service providers)
How? (Distribution)
What applies to us?
24
• Up to date knowledge of relevant regimes
• Read the FCA, HMT, FinCen and OFAC publications
• FCA notices and publications
• HMT updates
• FinCen advisory notices
• OFAC advisory OFAC
Sources
25
Inherent risk – what do we provide?
26
• What services / products do we provide?
• Asset management for pension funds vs private
equity for HNWI vs VCTs
• Where do the regulations / provisions bite on our
business?
• Clients
• Investee companies
• Service providers
• Employees and entities in relevant countries?
Inherent risk – Who?
27
• Industry / underlying goods
• High risk goods (Oil and gas)
• Potential dual use
• Geography
• Investors
• High risk countries… or those connected to
them – UK and Abacha.
• Buyers / sellers
• End user vs intermediary
• Border areas / neighbours risk
Inherent risk – how?
28
Direct customer contact – no RM
Direct customer - RMs
Internet
Branches
Intermediaries
Local banks
How might you measure risk?
29
• Do we capture data on:
• Clients
• Documents
• Transactions
• Payments?
• If so where or how?
• If that is not captured then do we really know our risk?
30
Managing the risk
Managing the risk
31
• Processes
• Systems
• People
• Clear responsibilities in first and second lines of defence
• Clear board / Exco responsibilities
• Clear ownership of systems and processes (who owns the
systems vs who owns the method of screening?)
• Clear escalation processes potential sanctions related
activity
• MI collection
• Record keeping
• Second and third line oversight
Governance processes
32
What does the compliance department own?
33
Is it better to have the first level processing
owned in Ops or compliance?
Where are the handoffs?
Processes
34
Client facing / relationship processes / controls
Onboarding due diligence
• Expected activity
• Expected counterparts
• Expected goods for trade
Periodic Review
• Client contact
• Review the transactions against known data
Processes
35
Transaction based processes
• Red Flag checklists
• Escalation of potential hits
• MI Collection
Systems
36
Manual vs automated
Depends on the size and
complexity of the business
You have to do something!
Decision drivers
Data
Volume of transactions
Inherent risk assessment
Recordkeeping – evidencing the controls
Systems
37
Data capture
• Clients – name, date of birth, nationality; UBOs
details
• Documents – Counterparty, ship, container
numbers, ports
• Payments – Payer / payee details, respondent
banks
Which systems?
38
• Screening client data – New and ongoing
• Screening / intercepting and monitoring
payments – pre or post facto.
• Vendor Selection for Screening
• Clients – data privacy and security concerns, their
servers or yours?
• Documents – imaging software or manual entry
• Payments – SWIFT Gateway integration
People – establishing a blueprint
39
Drivers
• Volume of screening hits and / or searches
• Use of checklists on transactions
• Red flags on transactions
• Second line activities
Existing capabilities
• What do we need to do to get to the blueprint?
People – self regulation
40
Culture
• To consider sanctions risk as well as credit and revenue
• To challenge internally and clients if things are wrong
Education, education, education
• First line through to third line – business and technical
skills
Systems support
• Guided checklists, research tools etc – support for thinking,
not doing the thinking for you!
Dealing with hits
41
Choices
• Do not proceed
• Freeze
• Return / reject
• Process
• Process under licence
Factors
• The regime
• The strength of your knowledge
• Your risk appetite
Dealing with the Authorities
42
HMT
• Licences by email either free text or on one of the proscribed
forms (Libya and Iran).
US OFAC
• Carry out the due diligence steps and then call the 1-800
hotline.
Taking Sanctions Seriously
43
• Know the sanctions regimes that apply
• Consider your business and the inherent risks
• Develop your plan
• Have effective interdiction tools where necessary
• Engage senior management and the whole firm.
44
Any questions?
45
Contact
Mark Spiers
Head of Wealth Management and Banks
020 7620 8444