A new LexisNexis Risk Solutions report shows how an explosion in sanctions over the past few years has made compliance increasingly challenging for financial institutions. Taking the Pulse of Major Sanctions Lists analyzes data from regulators like the United Nations (UN), European Union (EU), Office of Foreign Assets Control (OFAC) and the United Kingdom’s Office for Financial Sanctions Implementation (OFSI) to identify trends and policy changes.
LexisNexis Risk Solutions financial crime compliance expert Vincent Gaudel said Russia’s invasion of Ukraine drove a net sanctions increase of 998% in 2022 over 2021.
“Businesses must not only meet compliance obligations but also demonstrate compliance,” Gaudel began. “The geopolitical context means most of the additional sanctions stemming from the Russia/Ukraine conflict come from the EU, OFAC and OFSI, increasing the burden on businesses operating in or working with partners in Europe and the U.S.”
Russian invasion drives huge net sanctions increase
In 2022, the EU added 1,935 sanctions, modified 924 and removed 73. There were 103 updates, resulting in a net change of 1,862 designations. OFAC added 2,566, modified 265 and removed 209 through 109 updates. The net designation change was 2,831.
OFSI added 1,532, modified 1,996 and removed 58 across 95 updates. The net change in designations was 1,474. The UN, hindered by vetoes, limped along with a mere six adds, 60 modifications and 25 removals. Taken together, there were 5,674 net additions across the four bodies through 329 updates, compared to 517 net added designations from 211 updates in 2021.
Four out of five sanctions changes in 2022 were associated with Russia’s invasion of Ukraine. Other contributors include North Korea for its ballistic and nuclear-related activities, Iran for its repression of protests and provision of uncrewed aerial vehicles to Russia, and Syria for recruiting mercenaries to support Russia. Myanmar was punished for the continuing military coup and ongoing repression, while Haiti received rare UN action.
Global themes saw continued action against terrorist groups. The United States aggressively pursued narcotics traffickers. Human rights and anti-corruption sanctions remain high in anticipation of the EU’s anti-corruption program. Cybercrime and chemical weapons-related activity also occurred. Domestic sanctions designed after the Magnitsky Act are an emerging trend.
And it’s probably even worse
Gaudel said that with an average of 16 net sanctions added daily, financial institutions are challenged to stay current. Each update brings new checks to be done.
“When you have a 1,000% increase in the number of sanctioned persons added to the list, imagine the operational burden these sanctions have,” Gaudel said. “I’ve had some interesting chats with financial institutions in Eastern Europe. They have many domestic customers with Russian-sounding names. And with the recent spikes in Russian sanctions…you can imagine how the hit rate goes as a result.
“You have to think of this report and those numbers as the tip of the iceberg. Sanctions apply to all entities owned or controlled by a sanctioned person… Likely, many sanctions for persons not on the sanctions list are effectively sanctioned because of ownership.”
It is up to the institutions to stay current on sanctions, which are usually posted on websites and journals. That brings challenges, as the data gets posted in a mishmash of formats that may or may not be easily exploitable and which may include errors. Regardless of how they are sent, regulators expect them to be implemented sans delay.
One fintech’s sanctions mistake
LexisNexis Risk Solutions helps firms stay compliant in many ways, beginning with absorbing and harmonizing data. Gaudel said that the process cannot begin soon enough in a company’s history and only becomes harder to implement when they are larger. One UK payment institution was dinged after allowing a single 250-pound cash withdrawal to someone on a list.
The firm’s actions provide a nice how-not-to lesson. They suspended most services for the sanctioned person but not debit card usage, which is associated with high false positivity rates. Fearing a diminished customer experience and having few staff to check correctly, they waited when they should have acted.
Increased sanctions focus on digital firms, transactions
Gaudel sees American regulators paying more attention to digital firms, who have the same duties as brick-and-mortar ones. OFAC, for one, has issued several fines to entities providing digital services to customers in Iran and Crimea.
The more one leverages all the data points at their disposal, the better their compliance efforts will be. It can be as simple as identifying email addresses with top-line domains corresponding to embargoed countries. Websites can blur that information so that additional data points can provide clear matches.
Ultimate beneficial ownership (UBO) data quality varies by region but is essential to include. Perhaps a person is not sanctioned, but a company in which they are a UBO is. Data providers can provide that information.
Institutions must also adapt to cryptocurrency data. Gaudel sees regulators including cryptocurrency addresses on sanctions lists. He cited Tornado Cash, which the United States added to sanctions lists in 2022, as a recent example.
“We also have standards that continue to build up to bring crypto transactions into the regulated world,” Gaudel said. “We have particularly particular scrutiny from the FATF, who is looking at having information about the payer and the beneficiary of a capital transaction and having that information shared between virtual asset service providers.”
Also see: