Sanctions update: What UK and EU Updates Mean for Global Companies

Many companies have deficiencies in their sanctions risk management and customer due diligence processes, according to a survey by the UK’s financial regulator. The EU has also published new expectations about companies’ third party due diligence for risks related to sanctions, particularly for companies operating in Russia and Belarus.

In this blog, we look at these latest developments in global sanctions, and explore how companies should respond by improving their management of sanctions risk–with help from Nexis® Solutions.

Compliance deficiencies identified in how companies approach sanctions

The Financial Conduct Authority (FCA), the UK’s financial regulator, has now released the results of their survey of over 90 companies to understand more about how they ensure they do not breach international sanctions. Companies’ responses revealed several common deficiencies, including:

• Inadequate resourcing: Some firms have not devoted sufficient resources to carry out effective sanctions screening. Compliance teams are advised to invest in technology to monitor and flag when a third party appears on a sanctions list.
• Ineffective screening: Sanctions screening tools can be poorly calibrated or tailored. While the regulator noted that many firms use third party systems to support their sanctions screening, they still need to understand the risks themselves and deal with any issues appropriately.
• Due diligence failures: Customer due diligence often falls short. The regulator noted that “we have continued to find instances of low quality CDD assessments and backlogs.”
• Backlogs in reporting: Many firms took too long to report suspected sanctions breaches after they have been detected. This has been a particular problem since sanctions against Russia were introduced.

MORE: The new era of due diligence

EU sets new expectations on due diligence for sanctions against Russia and Belarus

The European Commission released guidance last month to help companies operating in Europe to “identify, assess and understand the possible risks of sanctions circumvention”, as well as “how to avoid it” when doing business with third parties in non-EU countries. This publication was prompted by the recent sanctions imposed against Russia and Belarus, which the Commission says has created an “increased risk” that companies will find themselves in breach.

The guidance for companies includes:

• Apply risk-based due diligence: Companies should develop “an enhanced due diligence model” to respond to rising sanctions risks. This is particularly important for companies in high-risk sectors and with complex supply chains.
• Consider third party risk: Third parties are a vulnerability for companies, and they should monitor “contractual arrangements” with these firms to ensure sanctions risks are considered and mitigated.
• Monitor indicators of breaches: Firms should look out for “red flags” for heightened sanctions risks, including the involvement of intermediaries and shell companies in transactions which make little economic sense, or a change of ownership or ultimate beneficial owner shortly before or after sanctions are imposed. Another indicator mentioned in the guidance is the transit of goods through a country with a reputation as a “circumvention hub” for getting around sanctions, which reflects the need for a due diligence process which brings in data from across the world.

MORE: Recent regulatory enforcement shows the need for due diligence

How should companies manage sanctions risk?

These two regulatory interventions reflect that sanctions risk has increased since the conflict in Ukraine began. Boards of companies should therefore be concerned about the findings of the FCA’s survey, which suggest many firms are not adequately set up to identify and manage sanctions breaches–and exposed to financial, legal, reputational, and strategic risks as a result.

Sarah Pritchard, a director at the FCA, offered advice to firms at the Financial Crime Summit when presenting the survey results. She said companies should not simply carry out “tick box” exercises for compliance, and that “taking early action can save millions in fines down the line as well as the reputation of firms.”

Both regulators offer consistent advice in how firms should mitigate the rising risks of sanctions. The FCA said firms should take a “risk-based approach” to their compliance by understanding the level of risk they face, then managing those risks in a “proportionate” way. While the European Commission recommended that companies assess the level of sanctions risks of third parties, then carry out enhanced due diligence where the risk is elevated.

MORE: The changing roles of risk managers in the age of technology

Data and technology can power an effective risk-based sanctions model–with support from Nexis® Solutions

A risk-based model of sanctions screening requires companies to have access to authoritative, trustworthy and comprehensive data on sanctions risks. This should include:

• Lists of economic sanctions maintained at national and supranational level, including the United Nations’ sanctions.
• Data on global media coverage, which could shed light on countries and entities at higher risk of sanctions breaches.
• Lists of third parties associated with the company.

Developing a bank of this data is a near-impossible task for a compliance team to do by themselves, as it would absorb vast amounts of staff time in manually searching through databases. Instead, technology platforms can be brought in to screen names of entities against multiple large sets of data which are regularly updated to reflect any changes to sanctions risk.

Nexis® Solutions is a leading example of how technology can be leveraged to surface sanctions risks from comprehensive data. Contact us today to discuss how it might help your sanctions approach.