Firms’ sanctions compliance must be tightened up

FINANCIAL regulation reform is all the rage. Last week, President Nicolas Sarkozy unveiled his programme of “action and ambition” for France’s forthcoming presidency of the G20. It puts global reform of financial markets and systems at the very top of the agenda. The US has already passed sweeping reform legislation and the coalition government has plans to shake up bank regulation.

Regulators are also taking a more proactive and intensive approach to enforcement in a number of areas. One is the policing of international sanctions, with a number of recent, high-profile investigations and settlements in the UK and US.

In the last year, Lloyds TSB, Credit Suisse and Barclays have between them paid over $1bn in the US to settle proceedings relating to financial sanctions breaches. In the UK, engineering firm Mabey & Johnson pleaded guilty to breaching sanctions in Iraq and was fined over £3.5m. Earlier this month, members of the Royal Bank of Scotland Group were fined £5.6m for failures of systems and controls preventing breaches of UK financial sanctions.

Sanctions are a tool of foreign public policy. The aim is to try and stop behaviour condemned by the international community, and increasingly they are also used to prevent the financing of terrorists and terrorist acts.

The most common approach to sanctions in the UK is to prohibit firms, corporates and individuals from providing funds (and in some cases financial services) to specified people or organisations, and to freeze any assets being held for them. Breaching a sanctions regime in the UK is treated as a criminal offence and the penalties are severe. The maximum term of imprisonment for individuals is currently seven years and organisations are liable for substantial fines.

It all sounds straightforward in theory – simply check the counterparty name to every transaction against an up-to-date list. However, in practice it can be a significant challenge. The sanctioned person may use a different name or hide behind a shell company or trust. He or she may use a business associate or agent to conduct the transaction. Even then, firms and corporates can still be liable for breaching the regime, as the regulations normally provides that no funds or economic resources shall be made available “directly or indirectly, to or for the benefit of” any sanctioned persons. The only defence to this widely-worded prohibition is to show that you “had no reasonable cause to suspect” that the funds were going to a sanctioned person.

The regulators have laid down a clear marker that firms need to tighten up and focus on the details of their sanctions compliance, or face the consequences. The latest cases show that firms need to develop specific policies and procedures to deal with sanctions compliance, rather than relying on existing money laundering processes. They also need to consider screening for indirect as well as direct customers, and also third-party payees. Finally, they need to develop systems that highlight similar names to the one being searched, including common misspellings or variations. While searches can be automated up to a point and even outsourced to a third party screening service, results need to be properly reviewed and considered by someone with relevant training.

All this suggests that compliance functions may need to expand and play an active role in sanctions screening in the future, both to minimise the risk of inadvertent breach but also to give maximum protection for all concerned.

The author is a member of Jones Day's Financial Institutions Litigation and Regulation practice and regularly advises on the application of financial sanctions in the UK.