By Shiran Weitzman, CEO of Shield
In February, banks around the world halted transactions involving designated Russian financial institutions as global authorities enacted numerous sanctions in response to the country’s invasion of Ukraine. Since then, banks everywhere have been struggling to navigate the complexities and costs of complying with the ever-changing sanctions that have ensued these past two months as the war continues to unfold.
While it is the government and regulatory parties that designate sanctioned targets, the responsibility to implement these measures and ensure all members of their network comply with the new protocols, rests solely on a financial institution’s internal team. This means banks are obligated to systematically search and monitor all transaction flows, client databases, employee actions, etc. to detect any potential operations that could be a violation of the designated sanctions.
Where should financial firms begin?
It’s important to note that compliance is a broad term, and the current Russian sanctions effect many elements of the compliance work in financial organizations, however there are certain elements of compliance that banks will need to prioritize. In the past, most financial scandals and schemes do not come to light until after a serious crime has been committed. Banks hoping to take a more aggressive approach to security and stay in compliance with the mandated sanctions will need to begin monitoring the internal communication between their employees and all who are involved in their organization.
The first signs of a member within a financial network taking advantage of a sanction, or not complying with the new required measures, can always be traced back to communication between individuals. Conversations via email, text message, calls and even third-party applications like WhatsApp, Slack and Zoom leave breadcrumbs to more nefarious activity that is taking place internally. Banks hoping to stay ahead of any schemes or sanction workarounds will need to integrate a monitoring solution that automatically captures, archives and provides surveillance over all of an organization’s communication channels. By doing so, banks will be able to catch any potential crimes before they are committed and keep a backlog of communications to comply with regulation inspections.
How can true communication compliance be achieved?
A major obstacle banks have had to tackle to properly monitor their internal communications is having the capability to track third party messaging platforms, such as WhatsApp, because they are encrypted. And since these sanctions are taking place globally, most cross-border communication is happening via third-party messaging applications – meaning banks hoping to catch any of their employees or customers taking back-doors to these sanctions will need to deploy an advanced technology solution that replaces outdated legacy security vendors. Financial teams should look for surveillance platforms that rely on artificial intelligence, machine learning and natural language processors to efficiently record and archive internal communication across various platforms, regardless of encryption.
Turning to artificial intelligence will help firms control how their organization complies with these sanctions as it allows internal compliance teams to quickly automate all elements of their communications data management. This includes capturing data, enriching it with third party data such as CRM, normalizing it and allowing a compliance officer the ability to seamlessly investigate, archive and retain any conversations that might lead to non-compliant behavior. With artificial intelligence, banks can even combine all data sources, making the ability to perform full investigations and provide true surveillance more efficient.
Of course, while having the technical abilities to achieve surveillance on employee communications is essential to maintaining compliance, institutions should also be working towards strengthening their internal compliance culture. This can include regular training sessions for not just compliance teams, but all employees within an organization. Banks should work to provide regular updates on the latest sanction protocols and educate their employees on the current compliance challenges, along with providing a set of protocols for employees to follow should they come across a sanction violation. Having the tools to comply only works if an institution’s members are knowledgeable about how to operate them and what is needed on their end.
What happens if banks violate these sanctions?
The most obvious risk for banks who do not comply with the current sanctions is the major fines they will receive. Under U.S. law, penalties for non-compliance include a maximum of 20 years in jail and fines of up to $1 million per violation. However, new protocols are being requested by President Biden to increase the penalties for those violating these sanctions. The President has asked Congress to allow prosecutors more time to build cases against those who dodge the Russian sanctions by extending the statute of limitations on money laundering prosecutions from five years to 10. He is also working towards making it a criminal act to hold money knowingly taken from corrupt dealings with Russia. In other regions where sanctions against Russia are in abundance, such as the U.K., individuals in violation can also see fines reaching $13 million or more.
While these fines are a hefty price, financial institutions should also be cognizant of how breaking these sanctions will impact their reputation throughout the industry. Fines, no matter how big, can always be paid and put to bed. However, it takes much longer to mend a bank’s reputation if they are found to be providing workarounds for these sanctions, especially given the severity of the conflict taking place between Russia and Ukraine.
As this tightened regulatory pressure on banks continues in the coming months, institutions will need to prioritize monitoring internal employee communications and educating their members on the latest sanction developments, along with the repercussions of violating these protocols.