US Sanctions on Russia, Iran, and North Korea have been in the forefront of political discussions over the past few years. Changes in administration and international politics have resulted in a number of significant changes within the sanctions regulatory space, thereby creating a high demand for sanctions screening technology capable of adapting to complex and dynamic situations.
Regulatory changes in other industries, such as privacy and money laundering, provide the private sector sufficient time and notice before the government enforces the mandatory implementation of policy changes and regulatory requirements. This is not the case for sanctions.
In the sanctions world, policy changes happen overnight with little to no warning. These changes must be implemented immediately, thus necessitating adjusting your company’s policies, procedures, and systems accordingly. Any violation of these newly implemented sanctions regulations, whether deliberate or accidental, could result in substantial fines and penalties due to strict liability.
The Office of Foreign Assets Control (OFAC) is the government agency in charge of enforcing US sanctions. Since 2009, there have been 181 penalties issued and each penalty amounts to an average of $20 million per case or $300,000 per transaction.
“In the sanctions world, policy changes happen overnight with little to no warning”
Imagine if your system malfunctioned or was not updated in time and caused your company to process 100 violative transactions a day. Multiply that by how long it takes your team to discover and fix the system and you are now facing millions of dollars in potential fines.
This is on top of the reputational damage your company would suffer and the potential de-risking by your business partners, who may decide that the potential sanctions risk of doing business with your company outweighs the benefit of any revenue your business may bring.
It is important to note that OFAC sanctions apply not just to financial institutions but to other industries as well, such as but not limited to, insurance companies, import/export companies, retail companies, and tech companies. A good example would be ZTE, a telecommunications company in China, that was fined $1.2 billion for violating OFAC sanctions and other regulations.
The more alarming issue is that OFAC sanctions have extra territorial application. This means that if you are running a multinational US company with subsidiaries outside the US, they may have to comply with US sanctions or risk being fined. If you have different systems in place for each subsidiary, you will need to make sure you can control and make the necessary changes to the systems in a timely manner.
Most vendors of sanctions screening systems have adjusted to this fast-paced environment by establishing Service Level Agreements (SLAs) to update the data or watch lists in their systems within 24 hours. If the government decides to sanction any person or entity, these changes are reflected in the system within a day.
Some have even gone a step further and provide lists of entities that are owned or controlled 50 percent or more by sanctioned entities. This helps companies comply with the OFAC 50 percent rule; however, due to the number of entities on these lists and the number of false positives or noise that the system generates, most have taken a risk-based approach with regard to implementation.
Certain systems have evolved to more than just name—match screening—they take into account several parameters such as date of birth, address, and other details to alleviate the amount of false positives. Some even allow you to adjust and customize the threshold or score of each parameter or watch list so you can control when you want to be alerted to a match.
More recently, some systems have integrated machine learning into their system. This allows the system to learn behavioral patterns by looking at past decisions and adopt the same for future alerts. There are also talks about using artificial intelligence (AI) in sanctions screening systems that would result in enhanced detection and reduce false positives while being scalable and cost-efficient.
However, since AI is a new frontier for sanctions, it is imperative that the solution is transparent and explainable to the regulators. It should also be easily customizable to account for the dynamic nature of economic sanctions.
One aspect where AI is both beneficial and detrimental is in the area of targeted or smart sanctions. Here, the government targets certain industries or entities with the precision of a scalpel. For example, dealings in new debt with a maturity date that is longer than a certain number of days involving designated entities in the Russian energy sector are prohibited. We can program a system to take this into account to save companies the hundreds of manhours it takes to manually review each transaction.
However, if the regulation changes tomorrow and it is effective immediately (as is usually the case), does your company have the resources, technical know-how and legal knowledge required to reprogram the system instantly? This is one of the areas that sanctions specialists will struggle with as we move towards using AI and machine learning.
Technology is a double-edged sword. It could automate repetitive tasks and make us more efficient. It could also magnify any mistake by mindlessly repeating the same error a hundred fold, thereby exposing you to liability. This is why as we move forward, it is important to conduct periodic model and data validation to ensure that the system does exactly what you expect it to do.