by Robert Schneider
In an effort to ensure compliance with financial crime regulations, regulators globally are beginning to focus their attention on the corporate sector. Many companies are regarding this new responsibility with scepticism and try to assign it to their banks. However, due to the complexity of the respective regulations, this approach is neither constructive nor a free pass for the future. But by attending to the issue and acting quickly, they can avoid negative effects to their core business.
Actions against corporates by financial regulators have demonstrated that regulatory compliance is not only the concern of financial institutions. Increasingly, regulators are widening their focus and bringing corporates into the world of financial crime compliance. It is a world in which non-compliance can attract heavy fines and the risk of reputational damage.
Financial crime encompasses a variety of activities, including fraud, cyber-crime, money laundering, terrorist financing, bribery and corruption, market abuse and insider dealing, and information security. Even the very suggestion of financial crime can create big headlines. The data leak from Panamanian law firm Mossack Fonseca revealed the extent globally of tax avoidance and evasion as well as circumnavigation of sanctions regulations; this has led to a public outcry and prompted some governments to review their taxation policies.
Regulations to combat financial crime include anti-money laundering (AML) laws, financial sanctions and monitoring of high-risk individuals. Respective sanctions and embargoes are among the most challenging of the financial crime regulations for corporations. In addition to jurisdictional issues, operational decisions on matters such as sanctions list management, transaction currency, customer or employee nationality, local employment laws and transaction routing must be considered.
Multi-jurisdictional challenge
The majority of economic sanctions emanate from the US and Europe. The US Treasury Department’s Office of Foreign Assets Control (OFAC) has recently fined a number of firms – including those operating outside of the US – for sanctions violations. For example, of the four entities OFAC fined for sanctions violations between 20 January and 25 February 2016, three were corporations. The total amount of the fines imposed during the period was more than $3.5 million. Just as with financial institutions, compliance experts believe that the size and scale of fines for corporates is set to grow. OFAC administers a number of different sanctions programs, covering countries such as Syria, Iran and Russia as well as ‘specially designated nationals’ (SDNs) who are defined in almost 60 different lists. The sanctions are either comprehensive or selective, using the blocking of assets and trade restrictions to meet the foreign policy and national security goals of the US.
Other countries, such as the UK and France, have similar bodies to monitor those suspected of financial crime. At the launch of the Office of Financial Sanctions Implementation (OFSI) on 31 March 2016, UK Chancellor of the Exchequer, George Osborne, said: “Financial sanctions are a hugely important foreign policy and national security tool. Their effective implementation and enforcement are vital to their success.” OFSI will provide “a high-quality service to the private sector, working closely with law enforcement to help ensure that financial sanctions are properly understood, implemented and enforced”.
Corporates playing catch-up
With regulators clearly signalling their intention to take a closer look at corporate compliance with international sanctions, making the assumption that a bank is responsible for protecting its corporate clients against potential violations will not be a mitigating factor when it comes to regulatory action.
The risk of violating a sanctions programme increases as a business expands across borders. Moreover, sanctions cover a variety of targets and can also apply to their off-shore affiliates, so the risks are also complex. Until recently, however, many corporates may not have been fully aware of their regulatory responsibilities. As a result, their internal compliance frameworks may have been less developed than those of financial institutions.
A corporation’s approach to financial crime compliance also largely depends on the nature of the industry sector in which it operates. Some sectors will be more highly exposed to potential violations because of the countries in which they operate, others because of the individuals or institutions with whom they do business. Very global industries such as airlines, logistics, oil exploration and pharmaceuticals have been relatively proactive, while those companies that operate predominantly in perceived ‘risky’ jurisdictions have likely been sensitised to the importance of compliance.
One of the most effective ways of mitigating the risk of sanctions violations is by screening financial transactions. This has the added benefit that corporations not only assure themselves that the transaction is compliant, but they can avoid payment blockages where a query on a single transaction could hold up all the remaining payments in a batch. In this way, transaction screening by a corporate’s treasury department can expedite payments and improve straight-through processing.
Screening a continuous process
However, perhaps the most common way for corporations to address sanctions compliance is a single screening of customers and suppliers during the initial on-boarding process for a business relationship. Checks are made against lists issued by various bodies (including OFAC) to ensure that the countries, companies or individuals with whom they deal are not subject to sanctions.
But whilst screening customers and suppliers during this phase is important, such scrutiny cannot be seen as a one-off proposition. Sanctions list management is in itself a challenging task. The lists change regularly, sometimes daily, with names of entities and individuals being added and subtracted. As such, customer and supplier databases would need to be screened regularly to maintain on-going compliance.
Moreover, while best practice would dictate that sanctions filters should be updated almost immediately after list updates are published, delays can occur due to the time required to collect and reformat public lists to fit an individual company’s filters. All of which makes the job of managing sanctions lists and updating sanctions filters both very complex and time consuming.
Dealing with extraterritoriality
To find the right framework for their response to financial crime compliance, corporates will have to think beyond their own borders. The global corporate community must now face the issue of ‘extraterritoriality’.
While it is obvious that companies operating in the US must comply with US regulations in their everyday business activities, it may not have been as clear that this obligation also extends to organisations outside of the US that are buying US goods, trading in US dollars or have US staff on their payroll who are involved in payment processing. Ultimately, the onus is on corporations – in whichever jurisdiction they may be domiciled – to adapt their systems and processes to ensure they are not breaching US or other regulations. Additionally, a notably critical question is to what extent companies are obligated to watch the life cycle of their products and e.g. make sure that their business partners are not selling-on to embargoed purchasers.
Creating a framework for the future
It is clear that fighting financial crime will remain a high priority for regulators and governments across the world. And if regulators and policy makers initially focused on the financial industry, they are now widening their net to include the broader corporate community.
Just as financial institutions did before them, corporates will need to incorporate financial crime compliance into the day-today management of their business. Even if it feels intrusive, they will need to know more about their customers, and maybe their customer’s customers; the supply chain is bound to come under increasing scrutiny. As the direct and indirect cost of regulatory compliance increases, banks are less willing to take risks in unknown jurisdictions or with unproven supply chains.
This reduced risk appetite is also likely to have a knock-on impact on corporates as they expand internationally. Corporates that are not able demonstrate a sufficient level of client understanding may face reduced coverage by their traditional relationship banks. However, they may exert influence indirectly. The response to enquiring a supplier of his internal processes to comply with regulatory requirements may play a substantial role in the course of an RFP. The same applies to insurance companies which are bearing considerable risk in case their clients have not made provisions to safeguard against financial crime.
This evolving regulatory environment will have an impact on corporate plans for expansion and resourcing, as well as on IT and operations. Corporations which act now to identify how financial crime regulations will affect them and how they do business – and take appropriate steps to ensure their continued compliance – will be best prepared to prosper in this new business landscape.
The author, Robert Schneider is Head of Corporates & 3SKey, EMEA, SWIFT
