COUNTING THE COST OF SANCTIONS
By Rob Stavrou, Director, Integrated Solutions, Northdoor
The financial services sector has gone through unprecedented change in the last few years. Regulators have reacted to the credit crunch with significant changes to regulation with more intrusive and granular supervision. Consequently the industry is under pressure from both regulators and customers to improve transparency, with the consequence of non-compliance ranging from increased capital charges to being barred from certain lines of business.
Financial sanctions, in particular, have been in the spotlight in recent months and usually for the wrong reasons. Like other advanced economies, the UK operates a range of financial sanctions. These may follow action at the United Nations, European or domestic (UK) level, because of human rights abuses or other violations of international norms of behaviour, or to minimise the risk of terrorism within the UK. Financial sanctions prohibit an organisation from carrying out transactions (or financial services) with a listed person or organisation – and the penalties for non-compliance can stretch into millions of pounds.
All financial institutions should have adequate systems and controls in place to perform searches against the lists applicable to their business to ensure clients, be they individuals or companies, are not on any government or international lists. Deficiencies in the screening process can lead to sizeable fines. Two relatively recent high profile cases involved two of the leading high street banks – Barclays and RBS – both of which received fines related to sanctions breaches. And in RBS’ case, it was fined simply for not having a system in place.
In January 2013 Lloyd’s of London began the development of a review programme for use by the Lloyd’s market. It included a requirement for all Managing Agents to undertake a one-off comprehensive review of their anti-financial crime and international sanctions systems and control, and report the results to Lloyd’s. The results should enable Lloyd’s to ensure a consistent approach to sanctions and crime compliance across the market.
Easier said than done
However, for many organisations, reviewing existing processes to ensure new regulations can be met is easier said than done. In order to demonstrate true compliance and adhere to these updated regulations, organisations need an IT system that provides the right balance of compliance versus lists. In addition the IT system needs to provide an audit trail and give better quality data.
The demand for data accuracy is clearly visible in the growing references to integrity of data in new regulatory requirements. For example, Solvency II requires insurers to have “internal processes and procedures in place to ensure the appropriateness, completeness and accuracy of the data”. And as the world’s data is doubling every two years the challenge for the industry is how to use the breadth and depth of data available to satisfy these ever increasing demanding regulators. The challenge for many organisations is that their existing legacy systems are simply not up to the job. And that is a problem.
Context is everything
Managing Agencies are, for the most part, running the required reports, but due to the sheer volume of data available, and a real disparity in the lists, the results are flagging up a great number of false positives. In other words, data that requires more in-depth investigation before a decision can be made – and that means a lot of time and resource is being spent on additional search and verification. For example, the results of one report could show that the Board of Directors of Company A yields a positive result. However, on closer inspection, one of the members of that Board is a non-executive director of Company B which is on a sanctions list. Suddenly your decision to work with Company A could be in doubt.
What’s needed is the ability to put that data in context. Data is at the heart of every organisation and is vital for all aspects of operations, analysis, decision-making, reporting and planning. Increasingly data analytics, traditionally the domain of sales and marketing, is beginning to migrate into the realm of audit, compliance and regulatory requirements. Financial organisations are beginning to realise how the power of data analytics can help mitigate risk and increase efficiencies for businesses operating in a complex regulatory environment like theirs.
Shifting technology sands
Technology is evolving fast to help meet the challenges financial institutions face in meeting these new regulations. However, choosing the right provider can be a potential minefield and it’s important to conduct due diligence on your preferred provider. Here are some key questions to consider:
- How much experience does the provider have in this area?
- Are there existing customers I can talk to?
- Will the sanctions system integrate with my current IT system?
- Does it create reports for every search?
- Does it manage false positives?
- Does it have the capability to demonstrate compliance with audit trails?
- Does it create hard evidence of all compliance for the necessary authorities?
Ultimately the need for better sanctions checking is being driven by a desire by those in financial institutions to do things better and the number of organisations that would want to put their business in an undesirable position with regulators is few and far between. Whether implementing a standalone technology solution or integrating an offering with your current IT infrastructure, choose wisely and you can rest assured in 2014 that you are doing all you can to keep up with new financial guidelines.