With recent international news surrounding extensive political instability, civil unrest, and domestic military confrontations in the Middle East — particularly concerning long-running conflicts in countries such as Syria, Sudan, and Egypt — it's worth taking a look at the issue of sanctions compliance and considering how to conduct a general reassessment of the effectiveness of sanctions compliance programs for financial institutions. Although based upon a United States sanctions perspective, the framework and ultimate intent of nations' economic sanction initiatives can be derived from the discussion to follow. Syria is the country of particular focus as the conflict there continues to develop and may serve as a regional case study should United States policies shift toward more aggressive economic and political strategies against the country in months to come. As recent cases indicate, for example, Standard Chartered Bank, HSBC, and RBS, sanctions compliance remains a challenge for both financial institutions and regulatory authorities alike.1
History of United States economic sanctions
The United States Department of the Treasury (Treasury), under the direction of the Secretary of the Treasury and ultimately the President of the United States, through use of Executive Orders, maintains a variety of economic "weapons" at its disposal in efforts to target money laundering and terrorist financing threats, which may also serve to further the United States government's international economic policy as a factor in efforts such as embargoes and sanctions as added pressure against foreign governments and regimes considered hostile to United States interests. The Office of Foreign Assets Control (OFAC) was formally created in December 1950 following the entry of China into the Korean War resulting in President Harry Truman declaring a national emergency and blocking all Chinese and North Korean assets subject to United States jurisdiction.2 United States policy makers have since realized the effectiveness of economic sanctions as a tool to keep handy in the foreign policy tool kit. Other key targeted measures and programs affiliated with OFAC include those against Specially Designated Terrorists (SDTs) and Foreign Terrorist Organizations (FTOs), Specially Designated Global Terrorists (SDGTs), and the Palestinian Legislative Council (PLC), all of which were implemented in effort to specifically restrict the capabilities of non-state persons and entities to facilitate financial transactions through the United States financial services sector.3
The USA PATRIOT Act Section 311 (Section 311) was implemented in 2001 immediately following the attacks on the New York World Trade financial buildings as part of United States efforts to strengthen capabilities to more effectively identify, monitor, and suspend possible terrorist and financial crime activities by tracking and blocking the flow of financial transactions that may occur through the United States financial services sector. Featured within the framework of Section 311 are five special measures that range from requiring additional due diligence and special attention concerning particular account transactions among United States financial institutions to prohibiting the opening or maintenance of any correspondent or payable-through accounts. Since 2002, Treasury has utilized its authority under Section 311 against three jurisdictions and eight financial institutions and, when applicable, their affiliates, based upon various types of conduct it deems illicit.4
Syria is a country of 22.45 million people of which 90.3 percent are Arab. The country has a diversified economy and is described as "a middle-income, developing country with an economy based on agriculture, oil, industry, and tourism" by the CIA World Factbook.5 Following the death of Hafiz al-Asad, who ruled Syria since 1970, power was officially passed to his son Bashar al-Asad by popular referendum in July 2000. Syria has been an intermittent United States ally since diplomatic relations were first established in 1944. In recent years ties have become more strained between the countries in large part due to Syria's position regarding United States foreign policy concerns in the region, particularly with Iraq, Lebanon, and the Palestinian-Israeli conflict.6 According to the most recent World Economic Outlook published by the International Monetary Fund (IMF), data for Syria "…are excluded for 2011 onward due to the uncertain political situation," the country faces negligible GDP growth projections in the foreseeable future, and its civil conflict has affected economic growth projections throughout the Middle East.7 With the current civil crisis facing Syria, the United States may find itself unable to continue to remain neutral regarding financial and military support against al-Asad, particularly as civilian casualties continue to escalate in what is now a two-year old conflict.
United States sanctions
What do these international events have to do with banking? Plenty, when considering the legal and regulatory obligations that institutions face in supporting United States government policies for OFAC sanctions and Section 311 special measures, particularly when countries such as Syria, Sudan, and Egypt find themselves in the crosshairs of United States "economic warfare" during early stages of foreign policy leverage. Syria is one of many countries that face civil and economic instability that ultimately has a direct impact on United States economic interests and productivity, especially where United States financial institutions are concerned. In recent years, OFAC list updates have gone from averaging several changes per month several years ago to as many as several changes per week on some occasions during 2012 and 2013. In the years since Section 311 was established, 21 Notices of Proposed Rulemaking (NPRs) have been issued against a host of countries and entities by Treasury because they were deemed hostile to the international political and/or economic interests of the United States, including countries such as Syria, Burma (Myanmar), and Iran. In the case of Syria, Treasury first issued a NPR against the Commercial Bank of Syria (which includes the Syrian Lebanese Commercial Bank) on May 18, 2004, which was later followed by the issuance of a Final Rule on March 9, 2006. Some NPRs have since been rescinded, but their intent was clear. The goal of such projections of power and influence is to seek to directly impact countries' ability to propagate their leaders' influence both domestically, with respect to escalating civil conflicts, and internationally, with respect to a country's ability to conduct trade and commerce and project a sphere of economic influence, whether in the Middle East as in the case of Syria, or beyond. Financial institutions have proven to be reliable allies to the United States government in this effort.
In consideration for the aforementioned history of sanctions and the current political and regulatory climate surrounding United States sanctions compliance, the following measures can be considered for institutions to make an assessment of the conditions of their compliance programs and adopt a robust approach to sanctions management.
Step one: "Level-set" the sanctions program
A review of written sanctions policies and procedures should be conducted to ensure they are current and accurately reflect ongoing processes, and an assessment processes should also be completed, for example a review of customer information screening, or "scrubs," name match disposition, and documentary retention steps. Many institutions leverage Information Technology (IT) solutions to conduct screening/scrubbing of customer records and transactions against OFAC, PLC, Special Measures, and other lists like Interpol, European Union, and PEPs. Evaluation of general solution system efficacy should also be completed, which may include:
- Independent validation of IT solution software.
- Confirmation of the means by which lists are updated by the vendors as they are changed and published by OFAC, Treasury (Section 311) and other List sources.
- Verification of how the solution is actually updated at the institution on a regular basis. Are the vendor updates "pushed" to the institution automatically, or is the institution responsible for "pulling" the file onto its systems to update them through a series of manual steps?
- If manual steps are required for list updates, what area and/or who is responsible for ensuring the process is completed. Is this done by a BSA/AML/OFAC compliance analyst or by dedicated IT support?
Step two: Identify program and process gaps
A gap assessment of procedural and process weaknesses should be conducted to identify internal control "soft spots" that increase compliance risk and could result in sanctions violations. As recent cases of violations with major global institutions have demonstrated, fines for violations can amount to millions of dollars, not to mention extensive legal costs and reputational risk. The assessment should cover each aspect of the institution's sanctions compliance program including:
- Governance — are the board of directors and leadership aware of their roles and responsibilities for OFAC and sanctions compliance?
- Program oversight — is management's role and responsibility for the sanctions program clearly defined in policies and procedures including communication with and reporting to OFAC/Treasury, account blocking and maintenance, and communication with affected customers?
- Management — Are processes and controls related to management's responsibilities executed on an ongoing basis? Are information systems (automated or manual) in place to keep management aware of OFAC and sanctions compliance matters?
- Recordkeeping — Are recordkeeping policies, procedures, and process up to date and in compliance with regulatory requirements?
- Auditability — Are comments for waived name matches clearly worded, accurate, and consistently applied to all manually researched cases? Is the sanctions program auditable for internal and external auditors and the regulators?
If, however, an institution is reliant upon manual processes to conduct screening, the process controls related to the review, analysis, clearance, and documentation of possible name matches should be analyzed. Special focus should also be placed on ensuring that the most recent lists are in use at all times and that the institution maximizes its use of OFAC tools such as automatic e-mail alerts for list changes and OFAC's new online SDN search tool.8 Additional key controls could include: the methodology by which names are reviewed; the comments used to describe rationale for waiving possible matches; and the format and effectiveness of logs, reports, and records created in support of the screening program.
Step three: Assess the worst case scenario
Most institutions' compliance officers would be the first to state that they would never want to have an incident where a true name match results from their OFAC and sanctions screening programs — but they can and do occur. The question that management should ask is what they would do if such an incident came to pass, as there is little-to-no tolerance from regulatory authorities for excuses such as the institutions "didn't know what to do." Policies, procedures, and processes should be reviewed to ensure that escalation of true matches are expediently reviewed, account(s) are blocked, notifications are provided to OFAC and Treasury in the case of Section 311, and customer notifications and contacts are managed, all in order to remain compliant with OFAC and sanctions laws and regulations.
The rapid pace of changes of the current geopolitical landscape worldwide, their effect on United States hegemony, and the resulting influence of United States economic policies on financial institutions cannot be understated in the current foreign policy climate and comprise some of the most significant historic events in recent decades. It is essential that financial institutions maintain an acute awareness of these geopolitical factors and use ongoing real-world examples as opportunities to evaluate their sanctions compliance program's efficacy, understand their roles as "partners" in government economic policymaking, and take proactive steps to mitigate sanctions compliance regulatory risk exposure to continue to fortify their BSA/AML and OFAC compliance programs.
Brian Arrington, MBA, CAMS, communications director of the ACAMS Chicago Chapter, examiner with the Federal Reserve Bank of Chicago, Chicago, IL, USA, email@example.com.
The views and opinions expressed are those of the author and do not necessarily represent the views and directives of the Federal Reserve Bank of Chicago or the Federal Reserve System.
- New York Times (Standard Chartered), http://www.nytimes.com/2012/08/15/business/standard-chartered-settles-with-new-york-for-340-million.html?_r=1&pagewanted=all; CNN (HSBC), http://money.cnn.com/2012/07/16/news/companies/hsbc-money-laundering/index.htm; BBC (RBS), http://www.bbc.co.uk/news/uk-scotland-scotland-business-14317658
- OFAC FAQs, http://www.treasury.gov/resource-center/faqs/Sanctions/Pages/answer.aspx
- United States Treasury Terrorist Assets Report 2012, http://www.treasury.gov/resource-center/sanctions/Programs/Documents/tar2012.pdf; also Code of Federal Regulations, 31 C.F.R. 594, http://www.treasury.gov/resource-center/sanctions/Pages/CFR-links.aspx
- NUnites States Treasury overview of Section 311, http://www.treasury.gov/press-center/press-releases/Pages/tg1056.aspx
- CIA World Factbook, https://www.cia.gov/library/publications/the-world-factbook/geos/sy.html; also US Embassy web page, Damascus, Syria, http://damascus.usembassy.gov/syr-bknote.html
- US Department of State, http://www.state.gov/r/pa/ei/bgn/3580.htm
- International Monetary Fund, http://www.imf.org/external/pubs/ft/weo/2013/02/pdf/text.pdf
- OFAC online SDN Search, http://www.treasury.gov/resource-center/sanctions/SDN-List/Pages/fuzzy_logic.aspx