Redefining Effective Sanctions Screening and Compliance Pt. 1

Written By MGI Consulting & Advisory

In an increasingly interconnected world, regulated entities are exposed to heightened risks associated with sanctions evasion, which can come from indirect ties to sanctioned entities, opaque ownership structures, or hidden links within supply chains. To address these complex challenges, it is essential to redefine what an effective sanctions compliance programme and sanctions screening should look like by incorporating emerging technologies, enhanced sanctions due diligence, and a more nuanced understanding of global regulatory expectations. This article examines how traditional sanctions screening can fail to detect sanctions risks, the rise of sanctions evasion tactics, and the steps that organizations can take to strengthen their sanctions compliance frameworks.

The Limitations of Traditional Sanctions Screening

1. Reliance on Static Lists

Traditional sanctions screening programs typically rely on static sanctions lists issued by regulatory bodies such as the United States Office of Foreign Assets Control (OFAC), the United Nations (UN), and the European Union (EU). These lists include individuals, entities, and countries subject to sanctions, often referred to as sanctioned or designated persons. Screening against these lists is a crucial first step in an effective sanctions compliance framework, but it has several limitations.

  • Static Data vs. Real-Time Changes: Sanctions lists are updated periodically, but they do not capture real-time changes in ownership, control, or corporate structures that may arise from mergers, acquisitions, or other complex financial arrangements. As a result, sanctioned entities may attempt to evade detection by altering their corporate identity or using intermediaries not on these sanctions lists. This means that a purely list-based screening approach may fail to identify sanctioned or potentially bad actors who are one step removed from direct ownership or control.

  • Complex Corporate Structures: Many companies operate through multiple subsidiaries and affiliated entities, some of which may not be explicitly listed on sanctions lists but could still pose a sanctions risk. Without the ability to detect indirect connections to sanctioned parties, traditional screening tools may overlook these risks, exposing firms to regulatory penalties and reputational damage.

2. Difficulty in Detecting Secondary or Hidden Risks

Sanctions screening focuses on identifying individuals or entities explicitly named on sanctions lists, but it often misses more subtle indicators of risk that lie within customer relationships, supply chains, and ownership networks. These hidden risks can manifest in various ways:

  • Beneficial Ownership: Sanctioned individuals may hide their involvement in businesses by using nominees, front or shell companies to obscure their ownership. Screening based solely on legal ownership of the entity or applicant for business may fail to capture the true beneficial owners behind a corporate entity.

  • Supply Chain Risks: Companies may unknowingly engage with suppliers, vendors, or other third parties that have indirect links to sanctioned entities. These indirect connections can go undetected if sanctions screening is limited to direct counterparties.

  • Geopolitical Risks: As sanctions are often imposed based on geopolitical events, firms must be aware of shifting political dynamics that may lead to future sanctions. Traditional screening tools are typically backward-looking and do not offer predictive insights into emerging sanctions risks.

3. The Evolution of Sanctions Evasion Tactics

As sanctions compliance has become more sophisticated, so have the tactics used by sanctioned entities to evade detection. These tactics often exploit gaps in traditional screening processes. Some of the most common evasion techniques include:

  • Use of Intermediaries: Sanctioned entities may conduct business through intermediaries who are not listed on sanctions lists but act on their behalf. These intermediaries can include family members, business associates, or entities in jurisdictions with weak regulatory oversight.

  • Shell Companies: Sanctioned actors often create shell companies with no physical operations to mask their involvement in transactions. These companies are designed to evade detection by obscuring the true ownership and control structures.

  • Jurisdictional Arbitrage: Sanctioned entities may move their operations to jurisdictions that have less stringent sanctions enforcement or are outside the jurisdiction of major regulatory bodies. These jurisdictions serve as havens for sanctions evasion, making it harder for firms to detect and mitigate risks.

Given these evolving threats, it is essential for organizations to go beyond traditional sanctions screening and adopt more comprehensive and dynamic approaches to sanctions compliance. Within the current regulatory environment, mitigating sanctions risk begins with gaining a deep understanding of your customers and their networks, including related counterparties, supply chain activities, and relationships. This involves integrating internal and external data into a robust data foundation to obtain a comprehensive view of direct and indirect risks.

Case Study: Innovative Solutions Group (ISG)

Disclaimer: This graphic is for illustrative purposes only, and is not intended to represent actual data, events, or circumstances. It should not be relied upon for decision-making, and any resemblance to real-world figures or situations is purely coincidental. 

To illustrate the importance of enhanced sanctions screening beyond simple list-based checks, let's consider the case of a fictional company called Innovative Solutions Group (ISG)”, based in the United Arab Emirates. ISG itself is not on any sanctions list, but it has several indirect connections to sanctioned parties.

  1. Ownership structure: 40% of ISG is owned by a holding company registered in Cyprus. This holding company, in turn, is 30% owned by a Russian oligarch who is on US, UK and EU sanctions list.

  2. Board of Directors: One of ISG's board members previously held a senior position at a Russian state-owned enterprise that is subject to sanctions.

  3. Supply chain: ISG sources some of its hardware components from a manufacturer in China that has been flagged due to its connections to entitles on the U.S. Bureau of Industry and Security’s Entity List. There are credible reports indicating that these entities routinely supply US-origin goods to the People’s Liberation Army and pose a national security to the United States.

  4. Financial connections: ISG uses a small bank in Cyprus to process its transactions. This bank has historical ties to other companies owned by sanctioned Russian individuals.

In this scenario, a traditional list-based screening tool would not flag ISG as a sanctions risk. However, a more comprehensive due diligence approach that incorporates network analysis, open-source information, beneficial ownership investigations, and examination of business relationships would reveal the ISG’s connections to sanctioned entities and high-risk jurisdictions for sanctions evasion. This example underscores the need for enhanced sanctions due diligence and sophisticated screening processes. Compliance officers must look beyond the surface to uncover these hidden risks by:

  1. Investigating complex ownership structures, including those involving family members or close associates of sanctioned individuals. As demonstrated with ISG's 40% ownership by a Cyprus-based holding company linked to a sanctioned Russian oligarch, complex ownership structures can obscure sanctions risks.

  2. Scrutinizing the backgrounds of directors, senior managers and officers. The presence of a board member with ties to a sanctioned Russian state-owned enterprise highlights the need to carefully examine the backgrounds of key personnel involved in client’s operations.

  3. Examining business relationships and supply chains for potential indirect links to sanctioned parties. ISG's business relationship with a Chinese manufacturer that in turn has business relationships with parties on the Entity List demonstrates the importance of evaluating the entire network of business relationships and supply chains for potential sanctions risks.

  4. Scrutinizing financial relationships, including banking partners and sources of funding. ISG's use of a Cyprus bank with ties to sanctioned Russian individuals shows that financial relationships can also be a source of indirect sanctions risk.

  5. Considering geographic risk factors. The example touches on high-risk countries like Russia and China, and high-risk sanctions evasion jurisdictions like Cyprus and the UAE, emphasizing the need for heightened due diligence in certain geographic regions.

To fully address the challenges outlined in this case, it is clear that traditional sanctions screening approaches are no longer sufficient on their own. As we have seen, relying on static lists and surface-level data can leave significant gaps in detecting hidden risks.

In Part 2 of this discussion, we will explore how organizations can enhance their sanctions screening efforts by implementing a more comprehensive and multi-dimensional risk–based approach, and better protect themselves from evolving sanctions risks.

 .

 
MGI Consulting & Advisory
Previous

Redefining Effective Sanctions Screening and Compliance Pt. 2
Next

Enhancing AML/CFT/CPF and Sanctions Compliance with OSINT