October 13, 2017
Whether you work at a financial institution or corporation, sanctions compliance comes with a host of risks that require well-developed processes to address them. Such risks were the subject of the inaugural SanctionsAlert.com Sanctions Risk Management Symposium, co-hosted with Compliance Week and Financial Research Associates,which took place in New York last month. Sanctions compliance professionals and experts from companies representing different industries– such as Uber, Standard Chartered Bank, ZTE, AXA Group, Google, and others – gathered in NYC to exchange ideas and discuss their favored processes for mitigating the risks associated with sanctions and export controls.
Proliferation Finance Detection Remains a Challenge
The conference opened with a panel on WMD Proliferation Finance – Choking Off the Grave New World Threat That Everyone is Nervous About. The panel featured experts such as Stephanie T. Kleine-Ahlbrandt from the United Nations, Jonathan Brewer from King’s College London, Bob Walsh of AXA Group and, Richard Nephew, a former State Department Official and lead sanctions expert for the U.S. team that negotiated the groundbreaking Joint Comprehensive Plan of Action (JCPOA) with Iran. Speakers covered such practical topics as the red flags when trying to detect proliferation finance as well as the recent U.N. and U.S. rounds of sanctions against North Korea.
When the session moderator, Jonathan Brewer, asked the audience whether they had implemented a “Financing of Proliferation risk assessment” at their institution, only a few participants raised their hands. It appears that, compared to risks assessment for money laundering and terrorist financing, the high stakes topic of proliferation financing detection and mitigation is still in its early stages and remains uncharted territory for many in the private sector.
The Important Similarities and Differences between OFAC and BIS
The next panel – OFAC and BIS: How they Work Together and How their Regulatory and Criminal Powers Are Applied,-included speakers Pete Jeydel from Steptoe & Johnson LLP, Jeanette Chu of PWC, and Matthew Bell of ZTE Corporation, the Chinese Telecom giant that earlier this year paid a record penalty of $1.19 B for conspiring to violate U.S. sanctions and export controls.
The session covered differences and similarities between two important players in the sanctions arena: The U.S Treasury’s Office of Foreign Assets Control (OFAC) and the slightly less-commonly known–at least among the participants from the financial sector – Department of Commerce’s Bureau of Industry and Security(BIS). Among the similarities, the speakers mentioned technical issues such as comparable length of tolling agreements (or decisions to delay the count of time so that litigation is not automatically dismissed due to the expiration)and the focus on select transactions to include as charges in settlement .
Mr. Bell from ZTE covered practicalities, namely explaining his company’s first-hand experiences with the agencies working in parallel to push through resolutions. Mr. Bell explained to the audience that when an institution is under investigation for sanctions violations by both OFAC and BIS, it is of utmost importance to keep lines of communication open with each agency as they coordinate during the investigation.
With regard to the differences between the two agencies, Jeanette Chu from PWC explained that BIS – where she used to work prior to joining PWC – has a focus on developing cases for criminal prosecution, whereas OFAC does not have criminal enforcement authority itself.
Iran October 15 Certification Woes and Complex Russian Due Diligence
In the session on Navigating Increasingly Complex Sanctions Regimes against Iran and Russia, Richard Nephew,Adjunct Professor & Senior Research Scholar at the School of International and Public Affairs at Columbia University, covered the JCPOA Certification due under the Iran Nuclear Agreement Review Act of 2015 (INARA), a requirement that must be completed every 90 days.Mr Nephew explained to the audience that if the JCPOA is not ‘certified’by the President on October 15, 2017, orhe advises Congress that Iran has materially breached its obligations,then the statute provides for expedited Congressional consideration of legislation re-imposing sanctions.
Andy Gelinas, Executive Director, Global Financial Crimes Legal Advisory Group at Morgan Stanley covered the complex sanctions against Russia. Among other things, Mr Gelinas provided tips on dealing with the Russia/Ukraine-related sanctions program, a regime that is highly complex and evolving and poses unique due diligence challenges for Russia-related lending/financing transactions, asset sales, capital markets and M&A transactions.
Sanctions in Various Jurisdictions not ‘Lined Up’ but Retain a Broad Extraterritorial Reach
Sanctions compliance officers who work at global companies have to navigate complex international sanctions and export controls regimes whose rules do not always line up. At the panel – Navigating the Sanctions and Export Controls Requirements of Multiple Jurisdictions – John Boscariol of McCarthy Tétrault LLPtold the audience that Canadian sanctions measures often diverge from those of the U.S. and Europe. In some cases, “Canadian measures can even be in direct conflict with those of the US, and there can be a criminal penalty exposure of up to $1.5 million and/or five years imprisonment,” he added. Mr. Boscariol went on to explain that companies doing business in Canada need to be aware that, unlike in the U.S., there are no “FAQs”, no guidelines, no consolidated lists, and there is no established voluntary disclosure process in Canada.
David McLean, Deputy Head of the U.K. Office of Financial Sanctions Implementation (OFSI), explained what his office does, and how it forms part of the increased U.K. Government focus on financial sanctions. Mr. McLean also mentioned that, from April 2017, breaching financial sanctions has become a serious crime in the U.K., carrying a penalty of up to 7 years in prison.
The panellists also discussed how E.U. and U.K. financial sanctions can apply more broadly than expected. For example, E.U. financial sanctions (including those times when they implement U.N. sanctions) apply within the territory of the E.U., but also to all E.U. persons wherever they are in the world. As such, all individuals and legal entities who are within or undertake activities within U.K. territory, must comply with E.U. and U.K. financial sanctions that are in force.
Hera Smith, Global Sanctions Officer at Associated Foreign Exchange (AFEX), covered the extraterritorial application of U.S. sanctions and how her company implements a risk-based approach when considering sanctions regulations, reputational risk and partner bank policies.
Part 504: New York’s Stringent Compliance Rule
The interactive break-out round tables, held on both afternoons, were certainly the most practical and hands-on part of the Conference. A particularly popular round table was the session on New York’s Groundbreaking Part 504 Certification: A Practical Discussion on How to Achieve an Effective OFAC Filtering Program to Avoid Personal Liability, covering all aspects of the recently introduced rule from the New York Department of Financial Services (NYDFS).
The table was moderated by Meryl Lutsky, former Chief of the Crime Proceeds Strike Force and Money Laundering Unit for the New York State Attorney General’s Office.Participants exchanged ideas on the use of so called “sub certifications” and their role in how to comply with the New York regulator’s stringent new rule.
The Importance of Choosing the Best Risk Rating Methodology
In the last session of day-one of the conference – Designing a Sanctions/Export Controls Risk Assessment That Government Agencies (in Any Country) Will Applaud– panelists covered the best and worst practices for risk rating methodologies.
Julie Myers Woods from Guide Post Solutions mentioned some of the common deficiencies, such as:
- Incorrectly applying arisk rating methodology;
- Failing to assess topics of interest to regulators;
- Misrepresenting data or results;
- Failing to act on the results; and
- Misguided implementation of action plans.
Another common risk assessment misstep with regulators is lack of senior level ownership. “You must show involvement”, Ms. Myers Woods warned.
Karen Robertson of Uber Technologies discussed her experiences in creating a robust and solid risk assessment strategy in the corporate sector.
Effective Customer Due Diligence and OFAC’s 50% Rule
In the first general session on the 2nd day of the conference – It’s Not Just About the Lists Anymore: Using CDD to Detect Hidden UBOs and Prohibited End-Users – panelists from Uber Technologies, Crowell & Moring, Western Union, and Bureau Van Dijk covered the importance of thorough customer due diligence, namely that,in today’s sanctions compliance world, a robust compliance program is about so much more than just screening lists.
The panelists explained that one of the keys to effective customer due diligence and avoiding a multitude of financial crime and sanctions risks is digging down to find the ultimate beneficial owner of a corporate entity.The panel went on to explain that this means digging deeper into those customers exhibiting strange purchases or payment behaviors to create cases for fraud, illicit activities, lack of oversight, violations of terms of service, and general misbehavior.
“OFAC’s 50% rule has changed sanctions compliance radically,” said Anders Rodenberg from Bureau van Dijk, while he walked through a graph displaying acomplex web of corporate entities on screen. Mr. Van Dijk explained that sanctioned Gazprom bank has more than 667 shadow entities that are also sanctioned, which constantly change their names and ownership percentages.
Bank Examiners and OFAC
The panel discussion on What U.S. Federal Bank Examiners Look For in Their OFAC Compliance Examinations covered key trends in federal bank examinations related to OFAC compliance. Panelists included: Michaela Arndt of Standard Chartered Bank and Salvatorre Scotto of Bank of China.
Among the trends mentioned by the panelists were:
- Examiners who are now more specialized in BSA/AML and sanctions matters;
- A bigger focus on the governance and oversight of a firm’s sanctions compliance program, including metrics and escalation of significant issues, risks and concerns;
- A more holistic, firm-wide approach to client due diligence, risk-rating and monitoring;
- Sanctions screening expectations:
- universal coverage and high data quality; and
- more sophisticated tools.
The panel also highlighted the importance of process oversight, clearly defined procedures to supplement a risk-based approach, and well-documented and meaningful decision logs for risk-based decisions.
The Dos and Don’ts of Sanctions Investigations
The general panel discussion on Disclosures, Investigations and Enforcement: How to Reduce Criminal and Regulatory Sanctions Problems,included such panellists as Matthew Bell, of ZTE Corporation USA, Victoria Fimea of Artex Risk Solutions, Edward Starishevksy of American Express, Jennifer Ambuehl of the Department of Justice (DOJ), who covered the dos and don’ts of a sanctions investigation.
Matt Bell from Chinese Telecom giant ZTE covered, among other things, what not do when your institution is involved in a sanctions investigation. Among the missteps to avoid are:
- Lack of management commitment;
- Inadequate internal investigations;
- Inaccurate, incomplete, or misleading reporting to enforcement authorities;
- Failure to promptly implement or improve compliance procedures and other remedial actions, including wind down activities;
- Concealment, circumvention or other willful conduct; and
- New violations during the investigation.
Jennifer Ambuehl of the DOJ provided the perspective of the prosecutor and highlighted the importance of always being forthright and upfront with the investigator. Ms Ambuehl said cooperation was key in mitigating the impact of any criminal investigation.
The Most Appropriate Compliance Testing Methodology
Panelists such as from Marie Judith McCormack of AIG and Michaela Ardnt of Standard Chartered Bank covered the important topic of Conducting Sound Audits of Sanctions Compliance Programs.
In this practical session, the panelists talked through the most appropriate practices for testing and validation of sanctions risk appetite, such as ring fencing of client business activities, transaction monitoring and periodic and trigger-based reviews.
The panelists also provided an overview of export controls compliance testing methodology.
The Seven Deadly Sanctions Sinsin Recent Enforcement Cases
The conference closed with a discussion between Kevin Wolf, Partner at Akin Gump Strauss Hauer & Feld, Peter Jeydel of Steptoe & Johnson, and Andy Gelinas of Morgan Stanley on the Seven Deadly Sanctions/Export Controls Sins Unveiled in Recent OFAC and BIS Cases – And Their Lessons, covering several major cases in the last few years such as the ZTE case, Weather ford, Halliburton and B Whale?
Among the enforcement trends to watch were:
- Introduction of the Department of Justice’s voluntary self-disclosure program for export control and sanction violation (October 2016). DOJ states that the intention of the guidance is to “deter individuals and companies from violating export controls and sanctions laws and to provide greater transparency about what is required from companies seeking credit for self-reporting”;
- Continuing effect of the Yates Memo (September 2015) on sanctions and export control investigations. The guidance outlines the requirement that a self-reporting company seeking cooperation credit must make a full disclosure to the DOJ;
- Growing intersection of cyber security and export control and sanctions violations;
- The severe consequences of mismanaging an internal investigation and interactions without government agencies; and
- Promises of enforcement decreasing under the new Administration does not match reality at this point.
Like any conference, the most important aspect was the connections formed between colleagues both old and new as well as the exposure to new perspectives from fellow sanctions compliance professionals working in financial institutions and corporations.