All firms, regardless of their size, are required to comply with sanctions. With the potential of significant fines, business restrictions and reputational damage, getting sanctions wrong can have significant consequences, and it is important that firms ensure the controls put in place on day one are still fit for purpose as the business grows, or when regulatory requirements change.
In this rapid fire Q&A with FINTRAIL Senior Consultant & Sanctions Lead Emil Dall, we will explore how sanctions compliance programmes can and should adapt over time.
Q1 - Why is it important to adapt sanctions compliance over time?
There is no one size fits all when it comes to sanctions compliance. For example, a FinTech operating only in the UK may initially find their sanctions risk sufficiently covered by deploying a simple name screening solution, and focusing exclusively on the UK sanctions list. However, as the company grows over time, their sanctions profile will change as well. This could include:
An expanded product offering, which may be impacted by sectoral sanctions.
A growth in customer base, leading to potentially more sanctions alerts and possible matches.
Expanding to new markets, and introducing cross-border payments to and from jurisdictions that are at higher risk for sanctions.
FinTechs have unique product features and selling points to distinguish themselves from their competition, however this can also create novel sanctions risks. Firms should carefully consider what controls adequately address their sanctions risk. For example, while OFAC does not prescribe what specific controls firms must use, the agency expects firms “to employ a risk-based approach to sanctions compliance by developing, implementing, and routinely updating a sanctions compliance programme”.
Q2 - If my products or customers remain the same, can our sanctions compliance programme also stay the same?
No. Even if a firm’s products or customers do not change significantly over time, sanctions compliance cannot be left to its own devices. Sanctions risk is ever-changing, particularly since Russia’s invasion of Ukraine in 2022. The number of designated individuals and entities has increased exponentially, with the networks of those designated extending far beyond just Russia, and novel sectoral sanctions have been imposed prohibiting certain services, trades or activities connected with Russia.
Staying up to date with regulatory requirements and how your products may be affected by specific prohibitions is key. In September 2023 the Financial Conduct Authority in the UK highlighted that when it comes to Russia sanctions, “firms that had taken advanced planning for possible sanctions before February 2022 were in a better position to implement [them]”. Staying on top of regulatory requirements and being prepared for what might come next is now expected by regulators.
Q3 - What are the key components of an effective sanctions compliance programme?
A sanctions compliance programme will look different in every firm, depending on its size and operations. Some components may be present from day one, and become more sophisticated over time, while other components will only be introduced as the firm grows. This includes:
A sanctions risk assessment, perhaps initially conducted as part of a wider enterprise wide risk assessment, or later as a standalone sanctions risk assessment.
Sanctions screening systems, which should be tested to ensure they work as intended and calibrated over time in line with the firm’s customer portfolio and sanctions risk.
Governance and oversight, including maintaining up-to-date policies, operating procedures, reporting obligations across all jurisdictions where the firm operates, and management information on sanctions trends.
Q4 - How can FINTRAIL help?
FINTRAIL can assist businesses that do not yet have a built-out sanctions compliance function, as well as those who are looking to enhance their existing sanctions policies and procedures.
Regardless of where you are in your sanctions compliance journey, we assist clients of all sizes build and maintain an effective sanctions compliance programme that meets regulatory expectations - this includes development or enhancement of sanctions policies and procedures, sanctions risk assessments, sanctions screening and controls, and carrying out audits of sanctions compliance programmes.
In addition, we are sanctions policy experts with experience working with governments across North America, Europe and Asia on sanctions design and implementation, and we can help firms be tuned into relevant changes in the fast-moving sanctions regulatory landscape.