5 key steps for an effective sanctions screening policy
Sanctions breaches are among the most serious of offences under regulations such as the EU’s Sixth Anti-Money Laundering Directive (6AMLD). It’s critical that banks, financial institutions, and any other entity that’s subject to the requirements of AML and anti-terror financing regulations to act by checking their customers against relevant sanctions lists.
Consequences of an inadequate sanctions screening policy
Although most regulated firms do actively carry out sanctions screening, many fail to regularly review their sanctions screening policies and processes to ensure that they’re keeping pace with the current regulatory and risk landscapes. Even worse still, fewer take proactive steps to improve and strengthen their compliance procedures—even where shortcomings are identified.
Unfortunately, the consequences for inadequate screening are invariably serious. Regulatory scrutiny surrounding sanctions is stricter today than ever before, and the financial and, in some cases, criminal penalties for noncompliance can be devastating for businesses.
5 steps for building a sanctions screening policy
If you’re looking to get ahead of your compliance obligations by putting together your own sanctions screening policy, here are five key steps in no particular order:
1. Figure out where your risks are
It’s important to know which sanctions risks you need to detect and prevent during the screening process. This will vary depending on a company’s operations.
A company that operates globally, for example, might institute policies that prohibit the company from having dealings with any parties or countries that have been sanctioned by another country, such as the United States, or a political entity, such as the United Nations or European Union.
It's also important to consider risks that are posed by the products and services that you offer, or the relationships that you have with suppliers and other third parties.
2. Clean up and organize your data
Sanctions screening is powered by data. It’s often the case that sanctions screening processes and systems fail because they’re not getting enough data or the data that they’re getting isn’t good enough—either in terms of what that data is or how it has been handled previously.
As such, it’s important for firms to adequately compile, clean, and organize their KYC data to avoid sanctions screening inefficiencies, false positives, and failing to detect sanctioned entities during the screening process.
3. Know what you’re looking for
It’s not necessarily the case that all data elements within a company’s records will be suitable or relevant for use in sanctions screening, especially when screening against specific sanctions risks.
For instance, the names of individuals or third-party entities with whom an organization does business can easily be screened against name-based sanctions lists. However, this data cannot always be used to screen against other sanctions lists, such as geographic or environmental sanctions lists.
It’s also vital to determine whether any PEPs or RCAs are involved in the transaction that is being reviewed. These higher risk entities should be examined more closely than ordinary customers and every sanctions screening policy needs to reflect the increased likelihood for sanctions risk that they pose.
4. Keep your sanctions data current
Organizations should ideally determine which sanctions lists are relevant to them for screening purposes. This is heavily subjective and depends entirely on the nature of an organization’s overall operations, their clients, the products they offer, etcetera. This is usually achieved following a risk-based assessment. And often depends on the sanctioning bodies that exist in the countries the business is transacting with.
It’s important that sanctions data and indeed sanctions lists that are being screened against are kept up-to-date and that data is enhanced with additional information from both internal and reliable external sources wherever possible. This can be supplemented with other data points, such as previous false positives and definitions of scope—this is particularly beneficial where a sanctions screening process is supported by artificial intelligence and machine learning technologies.
5. Mandate regular sanctions screening
Organizations should carry out sanctions screening at regular, defined intervals. Ideally, this should be done via an automated process that’s guided by internal policies that are themselves kept up to date through regular review and revision.
Best practice states that screening should also take place when new relationships are being established—i.e., when onboarding a new customer—to ensure that the relationship is permissible according to current sanctions lists. Additional screening should then take place at predetermined intervals and/or when a trigger event takes place, such as when new regulations are introduced, or existing ones are modified.
Building a sanctions screening policy needn’t be difficult
Every regulated organization must have a sanctions screening policy in place that’s reviewed and updated regularly. The accuracy of this policy and your internal data is the key to ensuring that your sanctions screening is both effective and accurate.
Just as important as your sanctions screening policy is the method that you use to carry out that screening. Relying on Excel or Jira as the backbone to a time-consuming and expensive manual process is no longer a viable approach to compliance. Using a dedicated solution provides clarity, consistency, and trackability to your compliance process and proves to the regulator that your business can protect consumers. A necessary step to obtaining or maintaining license requirements.
Get real insights into how your sanctions screening policy can level up by booking a free demo with Sentinels today.