Sanctions are a key component of government foreign policy, used to influence outcomes and further political objectives. More and more, we’ve seen sanctions extend beyond the traditional uses of national security, to act as leverage in addressing human rights violations, corruption and the ever-increasing threat of cyber-attacks.
As a result, designation lists are being updated at a rapid pace and regulators are serious about enforcement – OFAC levied $20.8M in penalties in 2021 and is on track to exceed that for 2022!
Sandwiched between a complex, evolving set of rules and the threat of crippling fines, new entrants in the digital payments and cryptocurrency space are particularly vulnerable to sanctions violations; primarily due to their growth status and the pace of change related to clarifying regulations for crypto products.
Leading Causes of Enforcement Action
OFAC’s Framework for Compliance includes a list of the most common weaknesses that lead to enforcement action. When we meet with our customers, three of these themes consistently emerge:
Lack of trained and available resources to properly review alerts, leading to risk exposure and investigation backlogs.
Process and procedural gaps that don’t fully reflect the organizations risk appetite or the regulations, including the need to review existing customers when lists change.
Completeness and accuracy issues caused by outdated or inflexible technology leading to alerting gaps when lists change and risk of sanctions exposure.
Often our clients are in a position where they need to address these gaps in their program quickly due to regulator pressure and impending examination, or they are working toward securing their business license and need to demonstrate that a strong AML/Sanctions program is in place.
Focus on Priorities
There’s a lot going on when a new business starts-up or when dealing with growth volumes. Setting up or strengthening an existing program that addresses these weaknesses can feel daunting.
By focusing on these critical elements of your program as a priority, you can weed through the noise and make meaningful progress:
Strong policies and procedures that consider the inherent risks of your business (such as geographies where you do business) and the full requirements of the regulations. Many businesses seek the services of independent firms to either create or review policies and procedures to remove the risk of gaps. Seek out help if you don’t have the skills on your team, it’s a worthwhile investment.
Define your data and resolve your data gaps. Your policies and procedures will point to the data that’s critical to raise the right flags and allow you to complete quality investigations. Capturing full customer names, alias/nicknames/preferred names, complete date of birth, nationality and residency along with other mandatory KYC data, will allow you to provide your sanctions screening tools with sufficient information to generate the best alerts. Don’t be afraid of data and take an active role in defining what you need and ensuring that data has integrity.
Implement a flexible, scalable screening tool. As the backbone of your compliance program, your tool needs to be up and running quickly with little ongoing intervention to ensure lists are accurate and your team can alert on daily onboarding and transactional traffic. Your tool must be scalable enough to grow with your organization in addition to being robust enough to handle the volumes of a customer “look-back” when sanctions lists change.
Having these pillars in place can set you up for success and help to address some of the resource issues that plague compliance units.
What to Look for in a Screening Tool
MinervaAI was built by AML executives facing the same challenges as your organization and has evolved through addressing the needs of our customers. We’ve worked closely with our customers to pinpoint problem areas and we focus our implementations to help solve those problems.
When shopping for a new tool, it’s important to consider the following:
Many of our customers have had to wait for cumbersome technology changes to make sure their lists are up to date, or feel key information isn’t searched properly due to the naming complexities found in sanctions lists.
How often are sanctions lists being updated, are they ingested daily, or do you have to wait for your vendor to prioritize your request or deal with a costly internal tech change?
Is your tool using the most current analytical methods to look for and assess the litany of name permutations found on sanctions lists or does it use “old school” methods such as binary name matching which can miss key information or create “false positives”?
Jurisdictional Coverage and List Currency:
Our customer, a leader in the prepaid gift card market, came to us as their current provider was unable to provide information on global customers. When no information was found, the screening process was not even started, leaving them with a population of unscreened customers.
Given regulations apply to jurisdictions that you do business in and with it is critical for your scanning tool to have broad coverage and the most up to date information. Does your tool include all your required jurisdictions, and does it screen information regardless of status so that you have evidence?
Solution Flexibility, Scalability and Interoperability:
Another customer, in the fast-paced crypto exchange market leveraged MinervaAI’s intuitive UI to get started on day one while integrating the API for automated screening at onboarding.
It’s important to select a tool that’s easy to implement and easy to use while giving you the benefit of API’s and cloud infrastructure to allow you to scale as your volumes grow and effectively integrate with your onboarding and backend systems.
Audit-ability and Reporting:
A digital bank customer was having issues with their current provider. They were unable to secure the resource information they needed to ensure the lists were accurate and up to date in anticipation of a regulator visit, something MinervaAI readily provided.
It’s important to have transparency with your vendor; to understand how lists are being updated and when, and how often your vendor conducts internal integrity testing to make sure those lists are accurate.
Accurate and automated outcome reporting that is time-stamped and auditable, demonstrating that you’ve screened your customers against all mandatory lists is critical to prepare for successful internal audits and regulator visits.
We Can Help
MinervaAI consumes over 25 sanctions lists covering Europe, North America and Asia, in addition to countless watchlists such as FATF, FBI’s most wanted, and Interpol, along with 50,000 additional sources in 55 different languages. Sanctions lists are updated on a 24-hour refresh schedule and tested regularly.
MinervaAI goes beyond sanctions screening to allow you to perform full customer due diligence including screening for political exposure, adverse media and other red flags like criminal involvement and social media exposure. Our data is pulled in real-time so that you can rest assured that your team has the most current information and the full view of your customer risk.
Built in the cloud, MinervaAI offers the flexibility of an intuitive UI and a robust API to handle your volumes and get you started right away.
There’s a lot to consider as sanctions programs evolve. Solid policies and procedures, robust data sets and an accurate, flexible, scalable tool are key to success.
MinervaAI’s implementation team has decades of experience transforming AML programs and setting teams up for success. We’d love the opportunity to discuss your organizational needs and your vision for the future.