Sanctions screening – emerging regulatory and governance expectations 

By Susannah Hammond

Effective sanctions screening is a core competency for firms. Further it is a core competency which requires skilled resources and well-informed and active oversight from senior managers. Firms often chose to benchmark their approach to issues such as the effective screening of sanctions and the guidance published by the central bank of the United Arab Emirates is a useful addition to the codification of good and better practice.   

By and large, firms are required to perform regular searches against applicable sanctions lists of their customer databases, parties to any transactions, potential customers, beneficial owners, and persons and organizations with which the firm has a direct or indirect relationship, as well as continuous searches of their customer database before conducting any transaction or entering into a business relationship. Sanctions screening systems and processes are critical but are only as effective as the customer and transactional information available to be used to compare against applicable sanctions lists. Firms, therefore, need to focus on the completeness and accuracy of information obtained through the application of both continuing due diligence and know-your-customer measures and contained in payment instructions and other transactional data fields. 

It is good practice for sanctions compliance personnel to escalate for priority remediation any omissions or inaccuracies identified in relevant customer or beneficial ownership information, as well as gaps or data quality issues in required transaction or payment message fields. Similarly, on a risk basis, firms would be well advised to perform sample testing of payment messages to ensure proper usage of message types and compliance with payment transparency requirements. 

The hallmarks of an effective sanctions screening program are seen to include:     

  • A well-calibrated risk-based framework: The risks firms face are dynamic and the transactions they carry out may be varied and high in volume. Firms should therefore review and enhance their sanctions screening frameworks regularly and upon the occurrence of specified “trigger events,” such as material changes in the firm’s business or risk profile or its legal and regulatory environment, to ensure that they remain tailored to the institution’s financial crime risks.
  • Robust training and risk awareness: To ensure proper functioning and implementation of their sanctions screening programs, firms should ensure that personnel with sanctions screening responsibilities have adequate experience and expertise and receive role-specific training on the institution’s sanctions screening policies, procedures, and risks.
  • Meaningful integration into the sanctions program: Firms should ensure that their sanctions screening systems and frameworks reinforce, and are reinforced by, the wider sanctions control environment. An effective sanctions screening program depends on the quality and completeness of data drawn from the customer and transactional systems and databases. In tandem, the outcomes of sanctions screening should inform the firm’s understanding and management of its financial crime risks, including by prompting off-cycle customer reviews and the application of enhanced scrutiny or additional controls to higher-risk customers or transactions.
  • Active oversight: The firm’s board and senior managers should take an active role in overseeing the performance of their sanctions screening programs and driving the continuing enhancement of sanctions screening systems. Where the outcomes of sanctions screening are compromised by factors such as inappropriate calibration, process inefficiencies, staff issues, or system failures, it is necessary that the board (or a board-designated committee) and senior managers be made aware of these issues in a timely manner so they can be promptly and adequately remediated. The board and senior managers should also communicate clear risk appetites within their institutions and set a strong tone from the top that the implementation of targeted financial sanctions is a priority. A quality assurance process should also play a crucial part in the sanctions screening program, by validating the review from accuracy and detail perspective.

The detail of the UAE guidance provides useful practical expectations around good practice for sanctions screening and as such firms would be very well advised to use the guidance as the basis for a comprehensive gap analysis with which to assess the current state of a firm’s compliance with its statutory obligations. Ideally the gap analysis would be resourced and sponsored at board level to ensure sufficient skilled focus is used to undertake the work and complete any required remedial actions.

This article was originally published on Thomson Reuters Regulatory Intelligence.

Listen to the Thomson Reuters Regulatory Intelligence podcast: Compliance Clarified 

Season 3, Episode 1: Shifting sands of sanctions

This form is intended for corporate email registration 

Are you interested in Thomson Reuters compliance solutions?

Complete the form below to be contacted

By submitting this form, you acknowledge the Thomson Reuters group of companies will process your personal information as described in our Privacy Statement, which explains how we collect, use, store, and disclose your personal information, the consequences if you do not provide this information, and the way in which you can access and correct your personal information or submit a complaint. 

About the author

Senior Regulatory Intelligence Expert

Susannah Hammond is a senior regulatory intelligence expert and joined our regulatory intelligence team from GE Capital Bank where she was head of compliance. Susannah has over 25 years’ wide-ranging experience in international and UK financial services.

A qualified chartered accountant, Susannah’s compliance career includes SG Warburg, Caspian Securities and PricewaterhouseCoopers. She was head of international regulatory risk for the Halifax Group and became head of retail regulatory risk for HBOS plc upon Halifax’s merger with Bank of Scotland.