Economic sanctions are piling up and compelling firms to formulate complex organizational and IT system strategies to steer clear of situations that could harm their futures.
World events are hitting home for financial services firms as the Obama and Trump administrations have been steadily issuing a growing list of complex economic sanctions against countries that have been hotspots across the globe, including Venezuela, North Korea, Cuba, Iran, Ukraine, Russia, and Syria.
These sanctions are compelling firms to formulate multi-disciplinary responses and to seek out IT systems and services that will help them stay ahead of increasingly complex situations.
“Economic sanctions are nothing new,” says Adrian Hutzli, senior product manager in charge of sanctioned securities services via SIX Financial Information. “However, in the last two years, sanctions are much higher up the agenda of many financial institutions.”
[Join FTF for our upcoming complimentary event, Reputation at Risk: Steer Clear of Sanctions Hazards, on Nov. 6th in NYC. We will be discussing hotspots for sanctions and identify how firms can respond to sanctions compliance issues for their multiple securities transactions and operations. Click here to register!]
Firms have been paying greater attention to sanctions particularly as “authorities began to fine companies that were in breach of sanctions, especially anti-money laundering [AML] rules and in the area of securities trading in equities and bonds,” Hutzli says. “More recently, highly publicized sanctions against Russia and Venezuela may have put this issue at the top of the boardroom agenda. Never before have senior management been more alert to the reputational and financial risk of non-compliance.”
A Multi-Disciplinary Response
Unlike some other compliance efforts, keeping an eye on sanctions draws in many groups within a firm such as IT managers, risk management staff, operational risk groups, and legal counsel that leads to a multi-disciplinary response, points out Neil Katkov, research director for Celent, a market research division of Oliver Wyman.
However, at the start of a sanctions event, the front office has “perhaps the most crucial role” in compliance, Katkov adds.
“Front office personnel are responsible for notifying compliance departments of potentially suspicious actors or transactions,” Katkov says. “The conduct of front office personnel is also important: the front office was the weak link in several of the most high-profile sanctions fines by regulators; these cases were essentially an issue of the line of business intentionally working around technology and operations controls in order to execute wires involving sanctioned countries.”
Kerry Scarlott, partner, Baker & Hostetler LLP
Once the front office knows, it’s likely that operational risk staff and risk managers will have to take action, says lawyer and sanctions expert Kerry Scarlott, a partner with the firm Baker & Hostetler LLP.
“I would say risk managers and operational risk staff are key groups that should be involved in the compliance effort, along with inside legal counsel,” Scarlott says. “IT has an important role to play in developing and implementing internal compliance protocols, but don’t need to be part of the ongoing effort to keep current on the changing regulatory landscape. Basic training of all staff that might possibly have a compliance role or be able to identify signs of potential non-compliance is also important.”
Ultimately, though, all banks and financial services firms organize their internal affairs differently, Hutzli notes.
“The sanctions topic concerns the front, middle and back-offices alike, and affects everything from data management to risk departments and trading desks. A key challenge may be communication between them, and establishing a common view of risk across the organization,” Hutzli says. “For example, for compliance teams to be able to offer a rationale of why a trade is at risk of non-compliance so that it’s easily understood by front-office trading desks. Risk departments are also concerned since they must calculate the potential financial risks of the banks’ deposits. This role is particularly significant when it comes to holding securities that may turn toxic if a corporate action or a change to the ownership structure takes place.”
In addition, the current situation is changing is the expertise needed by sanctions compliance teams, Hutzli adds.
“Due to the way that economic sanctions have developed in recent decades, some banks may have a dedicated sanctions team that has developed core expertise in AML but has less experience with sanctions that target financial instruments. So, this is something institutions increasingly need to consider when staffing their compliance teams,” he says.
Thus financial services need to make compliance to become “a crucial aspect of an employee’s daily role” by putting the correct people, processes, policies, technology and data in place, Hutzli says. “This structure needs to span from the front-to-back office of every firm. Recognition of the complexity of this task has led to the market offering new services to help financial institutions to better manage the risks, and protect their reputation, by helping them put more robust compliance programs in place. However, these offerings don’t outsource the responsibility for a bank to ensure compliance.”
Beyond the Scope of Manual Systems
While the involvement of staff has gotten complicated, so has the content of the actual sanctions.
“Some aspects of sanctions rules have increased the complexity of compliance,” Hutzli says. “Sectoral sanctions that target specific industries is one aspect as is a nuanced patchwork of exceptions — for example, structured instruments are not in-scope for Russian sanctions but are for Venezuelan ones. Not all sanctioning regimes are aligned — in some instances, OFAC [Office of Foreign Assets Control] and the EU [European Union] have separate definitions of the permissible beneficial ownership threshold and the allowable lifetime of bonds before they become sanctioned. This means that the current sanctions landscape is characterized by complexity, an increasingly granular focus on financial instruments and higher risks for firms that do non-compliant business.”
The more granular, tighter focus on sanctions will require firms to seek out solutions that are more effective than manual, ad hoc approaches.
[Join FTF for our upcoming complimentary event, Reputation at Risk: Steer Clear of Sanctions Hazards, on Nov. 6th in NYC. We will be discussing hotspots for sanctions and identify how firms can respond to sanctions compliance issues for their multiple securities transactions and operations. Click here to register!]
“There are compliance services, both traditional providers and RegTech startups, which give updates on regulatory changes and events,” Katkov says. “But ultimately the financial institution holds responsibility for being aware of and in compliance with new regulation and sanctions.”
While there are many offerings for lawyers and the compliance team, there are also options for non-lawyers, Scarlott says. “There are a variety of services that can be utilized to keep abreast, but for a non-lawyer they can be opaque and time-consuming to use,” he says. “The best option is to use a listserv that OFAC has set up to provide updates on sanction programs. There is also an OFAC practitioners’ group based in D.C. that can be helpful and provide a discussion forum. Finally, use of outside counsel to advise on changes impacting particular companies can be useful and cost-effective given the personnel time savings.”
Whatever mix of solutions that a firm ultimately uses, the consequences for inadequate systems can be severe especially if firms are lax in their surveillance of new sanctions or in their self-inventory efforts.
“To stay compliant, firms need to identify if they are at risk of holding toxic securities in their portfolios,” Hutzli says. “One of the key areas of risk lies in the degree to which a firm relies on manual processes to compile their ‘do not trade, hold or service’ lists. Manually matching lists from OFAC and other regulators against their investment universe, not to mention working out if sanctioned individuals are controlling owners of the entities issuing these instruments, is highly complex and resource-intensive.”
The right sanctions information is “difficult to find and requires compliance teams to navigate a complex and sometimes opaque web of beneficial ownership rules and relationships,” Hutzli adds. “The lists are continually updated and many sanctions take almost immediate effect. The recent sanctions against Venezuela are a classic case in point. Sectoral sanctions require compliance teams to have a transparent view all the way down the chain from the sanctioned parent companies to their associated subsidiaries and down to the granular detail of securities issued by all those entities.”
The Venezuelan sanctions only identified a few companies via the OFAC lists yet “this translated to around 250 legal entities and an estimated 600 to 700 securities being affected,” Hutzli says. “Even once it’s identified, corporate actions like M&As [mergers and acquisitions] may change ownership structure, leaving a firm potentially holding a toxic security that was previously clean.”
A manual system would be overwhelmed by these complexities, and would raise the likelihood of “risk creeping into the system,” Hutzli says.
Another advantage to having an IT system in place to bolster a sanctions compliance strategy is that it will help a financial services firm if the authorities come knocking, Katkov says.
“Actions and fines by regulators suggest that their focus is on ensuring financial institutions have appropriate operational and technology programs in place for sanctions,” Katkov says. “If a firm’s sanctions program is solid, regulators tend not to penalize financial institutions for being the unwitting host of a sanctioned entity. So, the best thing for a firm to do is have a thoroughgoing program in place to begin with, including conduct training for line of business personnel.”
If a firm finds itself in a position where the authorities are knocking on the door, there are some initial steps to take, Scarlott says.
“If the authorities have a warrant, review it and ensure that the authorities stay within its confines,” Scarlott says. “Immediately call counsel (inside or outside) and seek advice. Treat the authorities with respect but don’t volunteer information. The authorities should not be allowed to interview rank and file, again unless they have a warrant that provides for such interviews. If the authorities have a series of questions or requests, ask that they be put in writing. In all events, be truthful!”
