By Jennifer McEntire
January 29, 2022
As 2021 comes to a close, I’ve been reflecting on the last 24 months and looking forward to 2022.
Almost overnight the pandemic stopped business as we knew it and, in some cases, brought entire industries to a stand-still. Most companies were forced to re-evaluate strategic priorities and transform the way they conduct business. It seemed everything was put on the back burner to make way for digital transformation initiatives; in other words, new projects tend to focus on innovating and optimizing the online customer experience and finding ways to mitigate risk and fraud.
So, what does any of this have to do with sanctions innovation and technology? Short answer: everything. Efforts to improve the sanctions screening process have been underway for years and that will continue into the foreseeable future. But perhaps most importantly, I’ve observed trends in enforcement actions that will challenge many companies to reassess their sanctions risk and controls. Below are three sanctions technology trends that I believe will continue throughout 2022.
Machine Learning and Automation Will Become Efficient
Machine learning (ML), robotic process automation (RPA) and artificial intelligence (AI) have been compliance buzzwords for years now and compliance teams everywhere are becoming adept at leveraging some of these powerful tools to improve high-volume and inefficient workflows. Simply stated: Implementing new technology can optimize and automate identity verification, transaction monitoring, suspicious activity reporting (SAR) and other processes.
Traditionally, sanctions screening has been slow to adopt these technologies due to the risk of non-compliance with regulations and the consequences of violations. However, regulators, financial institutions, corporations and watchlist screening providers are determining how to best incorporate these tools. Ecommerce and technology companies have driven this change since they have extremely high volumes of payments but little to no infrastructure to support traditional screening processes.
The ability to review and close alerts utilizing ML and RPA generates substantial cost savings and provides more consistent and accurate outcomes. Organizations stand to benefit as a result.
ISO 20022 Will Improve Data Quality and Screening Effectiveness
Adoption of the ISO 20022 payment format will be one of the most impactful data enhancements to improve sanctions screening outcomes in 2022. ISO 20022 will significantly improve the quality of data across the payments ecosystem, in turn improving sanctions screening.
ISO 20022 messages are structured, contain more granular information and include additional format fields throughout the payment structure. Sanctions screening during the payment process has been known to cause friction; however, if mapped and screened correctly in this new payment format, there is potential to reduce the overall number of false positives and identify more risk.
SWIFT announced it will enable ISO 20022 messages in November 2022, making it the new standard for payment formats and cross-border payments. Financial institutions will have until 2025 to adopt the new payment format so we can expect this to be an ongoing initiative over the next several years.
Data quality has been and will continue to be a top priority for financial institutions. We all know that bad data in equals bad data out when it comes to sanctions list screening and that complete, accurate and properly formatted data is necessary to produce meaningful results.
Location-Based Sanctions Risk Will Remain a Priority
A review of OFAC’s Civil Penalties & Enforcement Actions in 2020 and 2021 shows location-based controls are becoming just as important as watchlist screening tools. Companies are now expected to leverage the IP address and digital data available to them to identify possible sanctions violations.
Digital data can show us where someone is physically located in the world regardless of who they are. This shifts the focus away from name screening to the tangible risk and certain violations of location-based sanctions.
It is not uncommon for organizations to have location data in house already. Often, other internal systems, teams or processes collect location data, physical addresses or IP addresses for workflows such as fraud prevention. Updating risk assessments, enhancing sanctions controls and utilizing technology to identify and block location-based sanctions violations will not only strengthen any sanctions compliance program, but will be necessary to avoid fines.
This trend has been demonstrated over the last two years by multiple OFAC enforcement actions where there were no verifiable names but only locations that caused the violations. The OFAC narratives of these violations cited failure to monitor and block IP addresses and/or physical addresses in sanctioned locations. The five enforcement actions totaled more than $4.25 million and were levied against corporations, rather than financial institutions.
As the adage goes – the more things change, the more they stay the same. The trends we see in sanctions technology are not new but ever evolving. Sanctions compliance professionals continue to improve processes, reduce false positives and optimize outcomes by implementing new technologies and approaches. I would encourage everyone working in this field to continue to think outside the box, break down organizational silos and, if in doubt, do what makes sense!
Jennifer McEntire is senior strategic alliance manager, LexisNexis® Risk Solutions. Jennifer is a member of ACSS and serves on the ACSS Sanctions Innovation and Technology Taskforce (SITT)