The invasion of Ukraine has resulted in a flurry of tough sanctions on Russia by the United States, the European Union, and the G7 nations over the past several weeks. The ambit of these punitive measures, spanning expansive crackdowns on state-owned and private banks, corporations, political elites, and the like, has been swelling up rapidly since Ukraine was invaded and the US and NATO moved rapidly to impose an increasing cadence of sanctions.
While these emergent directives target malicious actors supporting the war, they also place a significant regulatory onus on US financial institutions doing business with the sanctioned entities and individuals related to these actions globally.
It is obvious that the ecosystem of smaller and mid-sized financial institutions finds itself in a tight spot, scrambling to comply with the “shapeshifting” landscape of sanctions. More than their larger counterparts having robust process frameworks, people capital, and technology, small and mid-sized financial institutions need to scale up their “capacity and capability” to deal with these heightened obligations.
And, they do face distinct challenges in staying compliant…
Keeping abreast of the fluid mandates, timely screening of blocked entities, deciphering executive orders and licenses, reporting suspicious transactions, and navigating locale-specific banking relations are some of the prominent challenges.
Russian sanctions in a nutshell
To begin with, the U.S. Department of Treasury’s Office of Foreign Assets (OFAC) announced a slew of unprecedented measures, clamping down Russia’s largest financial institutions, including state and private entities, from raising capital.
These sanctions targeted about 80% of Russia’s banking assets and imposed a blanket ban on transacting with VTB Bank (VTB), Bank Otkritie, Sovcombank OJSC, Novikombank, and their 54 subsidiaries. Of late, these measures have been escalated to impose a “full blocking” embargo on Sberbank and Alfa-Bank, Russia’s largest state-owned and private banks, respectively.
The sanctions have been growing exceedingly nuanced and granular as they continue to evolve. Expanding beyond financial institutions in Russia, these restrictions now bring defense firms, oil and gas companies, technology firms, regime-connected officials, and oligarchs (including several family members) into the expanding ambit of sanctions.
Key compliance challenges for financial institutions
Broadly, the compliance mandate boils down to “not doing business with the sanctioned entities and individuals in Russia and Belarus, and indeed anywhere in the world that those entities and individuals have assets or conduct business.”
Additionally, reporting suspicious transactions that indicate potential evasion is critical for financial institutions to toe the line.
For these financial institutions, the challenges are:
1. Near real-time screening of blocked entities
The foremost challenge is staying on top of the growing list of sanctioned entities and individuals, including banks and subsidiaries, oil and gas companies, technology firms, Duma officials, political elites, and others.
Near real-time tracking of these blocked entities is crucial for financial institutions to action the applicable mandates and meet compliance. However, the number is large and growing fast, hindering objective surveillance, crucial to avoid violating the executive orders.
CNBC had earlier reported, on 24th Mar, of the US government sanctioning more than 400 Russian individuals, including over 300 Duma lawmakers. As of 16th May, BBC reported that over 1000 Russian individuals and businesses have been sanctioned by the US, EU, UK and other countries.
A silver lining is OFAC’s Sanctions List Search application that provides a way to find out the latest details of Specially Designated Nationals (SDNs), blocked persons, and other sanctioned entities. However, it would still require due diligence and careful parsing of the list on part of the banks in purview to ensure they follow the applicable directives at all times.
2. Understanding executive orders and general licenses
Another challenge is comprehending the fine print in the sanction packages, considering the directives target vast entities and individuals in different territories in Russia and Belarus. The “nature” and “extent” of restrictions also vary based on their economic impact, global implications, and timelines.
For example, OFAC’s Directive 2 under E.O. 14024 “prohibits U.S. financial institutions from opening or maintaining of a correspondent account on payable-through account for or on behalf of any entity determined to be subject to the prohibitions of the Russia-related CAPTA Directive, or their property or interests in property.”
Directive 2 further states, “The prohibitions of this Directive shall take effect: (i) with respect to any foreign financial institution listed in Annex 1, beginning at 12:01 a.m. eastern daylight time on March 26, 2022; or (ii) with respect to a foreign financial institution otherwise determined to be subject to the prohibitions of this Directive, beginning at 12:01 a.m. eastern time on the date that is 30 days after the date of such determination.”
Likewise, Directive 1A, Directive 3, and Directive 4 with specific mandates prohibit participation in the primary and secondary market for bonds issued by the sanctioned entities, lending, transactions for debt or equity, and transfer of assets, forex, and more.
Understanding these tiered directives and applicable action items would need meticulous combing of the executive orders by experts. At a bare minimum, financial institutions need to rapidly increase their operational capacity for financial crime compliance efforts. “Insufficient staffing” could hamper fast and precise responses to meet the compliance standards.
3. Need for increased vigilance to check potential evasions
The Financial Crimes Enforcement Network (FinCEN) had released an advisory, alerting financial institutions in the US to ramp up their due diligence in the wake of possible attempts to dodge the sprawling sanctions on Russia and Belarus. The notice enumerates 13 red flags that banks and other financial institutions, including Convertible Virtual Currency (CVC) exchangers, need to track and file in their SAR as part of the BSA reporting obligations.
For example, flags 1-7 indicate potential evasions through corporate vehicles such as shell companies for international wire transfers, use of third parties to obfuscate the identity of blocked persons, and several other complex scenarios.
Additionally, flags 8-13 emphasize the need to track illicit CVC transactions, including ransomware attacks and other cybercrimes. For example, flag 8 alerts on transactions initiated from or sent to non-trusted sources, locations in Russia or Belarus, or a FATF-identified jurisdiction need to be flagged. Another scenario that should raise a red flag is when a customer uses a CVC or foreign MSB in a risky jurisdiction with inadequate AML/CFT/CP and KYC measures.
The critical obligation for financial institutions including CVCs is to identify suspicious transactions, including ransomware attacks, and report them immediately.
The advisory categorically states, “FinCEN also strongly encourages all financial institutions to make full use of their ability to share information consistent with Section 314(b) of the USA PATRIOT Act, and consider how the use of innovative tools and solutions may assist in identifying hidden Russian and Belarusian assets.”
Beyond the standard AML obligations, the FinCEN notification [FIN-2022-Alert001] necessitates banks to implement round-the-clock surveillance measures, including advanced tracking tools and expanding the operational capacity to meet the standards. The situation heightens the violation risks for financial institutions while adding to the staggering costs incurred on transaction monitoring and false positives.
Surmounting the challenges – a potential solution to meeting compliance
The challenges drill down to a few core aspects, namely getting clear and up-to-the-minute updates on the blocked entities, absolute understanding of the executive orders, and the ability to respond swiftly.
To tackle these, financial institutions need a “cohesive” approach considering all the facets that can impact the compliance outcomes. Optimal processes, the right technology and most importantly, the right teams are crucial to dealing with these heightened requirements with agility and scale.
Remember, time is key, error margins are razor-thin, and stakes are high.
Critically, compliance leaders in financial institutions should be asking some, if not all, of these questions to construct or enhance their programs:
- Are we reacting or responding to specific weaknesses and/or any advisories, warnings that we need to address immediately?
- Do I have the right systems in place?
- Are my parameters set correctly?
- Is my reporting accurate and timely?
- Do I need to put in a secondary review process?>
- Do I have the capacity to do this internally or should I seek outside assistance?
A potential solution and/or approach should consider the following actions:
1. Partner with a service specialist:
Seeking an expert service partner can play a strategic role in chalking out the compliance plan. A compliance solutions provider with “hands-on” experience and a talent pool can also make a demonstrable impact by working down in the trenches with the financial entity.
2. Take prompt, data-driven decisions:
Given the emergent situation and its complexity, a critical action for banks is to act swiftly in making informed decisions. This could mean taking preemptive measures and responding swiftly to curtail the impact of potentially non-conformant actions. Agility and a data-driven approach are critical factors.
3. Stay abreast of the latest updates:
Awareness of the latest developments in the present scenario would need deliberate efforts due to the sheer pace and enormity of the situation. Having a dedicated tracking or reporting desk could help banks and other financial institutions stay on top of the latest sanctions and compliance obligations.
The key to compliance begins with making proactive, well-informed decisions and minimizing retrospective actions. In tandem, executing on the executive orders is imperative to meet the regulatory norms. These broad areas can be addressed well with a consulting-led approach coupled with the right staffing, technology, and processes.
Founder & Chief Mentor