Financial crime continues to be a global threat and is expected to rise due to the economic downturn led by post-COVID inflationary pressures that are resulting in a recession intensified by layoffs and rising prices. The geopolitical tension caused by wars and conflicts around the world is seeing a surge in fraud using advanced social engineering techniques. Cybercriminals are using the digital payment channels that grew in popularity during the pandemic to launder money and finance terrorism.

Sanction screening is a key measure for AML/CFT (Anti-Money Laundering/Countering the Financing of Terrorism). It is an integral part of Financial Crime Compliance that all financial institutions (FI) must adhere to, including incumbents, new age fintech, and neobanks. It is a process that helps them manage risks from individuals, organizations, and whole countries that are on international sanction lists. Prominent public figures holding influential positions within a country or internationally, and their close associates and family members who may use their titles and influence to take bribes and launder money are considered to be Politically Exposed Persons (PEP). PEP screening is therefore an important part of sanction screening. FIs must also be careful to screen entities that are not on sanction lists but are owned by sanctioned individuals who are ultimate beneficiaries.

Sanctions screening involves cross-referencing an FI’s customers, suppliers, partners, and transactions against sanction lists maintained and updated by central governments and international organizations such as the United Nations, the U.S. Treasury Department, HM Treasury, the EU, the Office of Foreign Assets Control (OFAC), the Financial Action Task Force (FATF), and the Financial Conduct Authority (FCA).  Sanction screening tools developed by software companies help organizations comply with the mandates set out by these bodies. Fiserv, NICE Actimize, Lexis Nexis, Accuity, EastNets, and Experian are some of the leading providers of sanction screening software.

The objective of sanction screening is to block transactions with high-risk entities. Non-compliance could lead to financial losses, criminal proceedings, considerable fines, and irreparable damage to an FI’s brand reputation. OFAC breaches have cost banks and financial services groups such as Standard Chartered, BNP Paribas, Société Générale, and Crédit Agricole, substantial fines of several million dollars and up to 30 years of prison time. To date, BNP Paribas SA financial group holds the record for the highest sanctions violation with a ~$8.9 billion settlement in 2014 for conducting business with U.S.-sanctioned countries Cuba, Sudan, and Iran. Prior to that HSBC had to pay ~$1.3 billion for conducting transactions on behalf of customers in Cuba, Iran, Libya, Sudan, and Burma. In 2009, Credit Suisse paid $536 million for transactions with Iran and Sudan, and Lloyds TSB was imposed with $350 million for dealings with Iran. More recently in March 2023, the U.S. fined Wells Fargo ~$100 million for sanctions violations. Such breaches can impact bottom lines, stock prices, and future growth prospects, tarnishing a reputation built up over decades.

Although PSPs are not as regulated as banks in some jurisdictions, banks are increasingly expecting PSPs they work with to have strong financial crime measures in place. PSPs should use their technical prowess and incorporate the lessons learned by banks to build solutions to counter threats and comply with sanctions screening requirements so as not to inadvertently put banks at further risk.

A serious challenge in Sanctions Screening is the frequency at which sanctions lists are changed. According to SWIFT, the OFAC, EU, UN, and HM Treasury have updated sanction lists more than 300 times in 2022 alone. Real-time payments, emerging crypto platforms, and stringent regulation are some important issues that FIs need to be aware of. FIs need to be careful in identifying AML transactions so that they do not mark legitimate transactions as fraudulent transactions resulting in false positives. This makes it important to maintain and comply with risk assessment guidelines, procedures for matching data with sanctions lists, conducting due diligence on customers, and continuous monitoring of the screening process.   

A major challenge faced by FIs is the lack of a universal standard in the format and structure of sanction lists, as they are prepared by different organizations. This makes it difficult for them to accurately screen individuals and entities. The ISO 20022 standard, however, has the potential to make the screening of payment messages easier due to its richer and more structured data.  In view of this, in 2021, SWIFT in collaboration with 14 global and regional banks, published “Guiding principles for screening ISO 20022 payments” that specify the ISO 20022 elements that should be screened, how to best match these elements against sanction lists, and the data quality principles that should be observed for effective screening. It is important to note that SWIFT does not monitor the messages sent through it; the onus is on FIs (especially correspondent banks) to regulate illegal activity through AML/CFT.

Sanction screening is especially critical for cross-border transactions because the transacting FIs are in separate jurisdictions, and failure to comply can have massive impacts on trade, remittances, and tourism. In this context, SWIFT, which is used by more than 11,000 banks around the world, has played a key role in sanction screening.  In 2012, SWIFT disconnected EU-sanctioned Iranian banks, in 2017 it disconnected North Korean banks, and more recently in 2022, disconnected all designated Russian entities from its network.

Until recently, SWIFT had very few alternatives for transmitting financial messages between FIs. However, sanction screening and other factors have led countries like Russia, China, and many others to develop alternative channels to move money across borders. Russia’s SPFS financial messaging system and China’s CIPS messaging and clearing & settlement system were developed to bypass SWIFT and support the Yuan in international trade respectively. Although neither of these systems can compare with the massive volumes handled by SWIFT, they allow these countries to bypass the SWIFT network to some extent. Other examples of alternative payment channels are the linking of domestic payment systems and the development of alternative real-time payment systems using decentralized ledger technology.  The point to note is that countries can utilize these channels to bypass sanctions. Russia’s largest commercial bank Sberbank. After being removed from the SWIFT network, has partnered with Brics Pay, a real-time blockchain-based financial settlement system being developed by BRICS (Brazil, China, India, Russia, and South Africa) to integrate their payment systems. These alternatives to SWIFT may currently be starting off on a small scale, but a time may come when they scale up significantly (Argentina, Egypt, Ethiopia, Iran, Saudi Arabia, and the UAE are likely to join Brics Pay), changing the way financial sanctions are implemented the world over, as financial crime remains unabated.

Summary

Global economic uncertainties are resulting in frequent changes in multiple, non-standard sanction lists. Meanwhile, innovation in payment technology is leading most countries to race towards providing real-time frictionless payments both within and beyond borders. With new regulatory regimes driving governments to mandate stringent sanction screening, FIs are having to invest heavily in resources to comply. Fortunately, technology and tools are at hand to help them overcome these challenges, and FIs can learn from each other to adopt best practices and transform their systems and processes to combat financial crime while continuing to provide superior customer experience.