Few areas have seen regulatory penalties grow larger and faster in the past few years than the enforcement of financial sanctions. Penalties for breaching sanctions or failing to put proper compliance procedures in place have reached into the billions, making sanctions compliance a key concern for both national regulators and operational risk managers.
Belgium-based financial messaging provider Swift, the winner of this year's Operational Risk financial crime product award, is at the heart of the sanctions issue due to its central position in international finance and fund transfer. The threat of disconnection from Swift services has been used against sanctioned entities in Iran, Russia and elsewhere, and providing sanctions services is seen as a natural step when it comes to enhancing its messaging services. There are two specific services Swift provides: a screening service to filter out transactions or customers that could involve an institution in a breach of sanctions, and a testing service firms can use to check that their own screening procedures are working correctly.
"We launched the sanctions screening service for smaller Swift institutions that wanted the reliability of a strong hosted product," says Tony Wicks, head of sanctions testing initiatives at Swift.
Initially, the testing tool was developed to test and validate Swift's own screening tool, but Swift's larger members soon started to show interest in using it to validate their own internally developed screening processes as well. "The testing service itself is targeted at those larger firms, and if you took the top 30 ... over 50% of the largest firms on the Swift network would now be using sanctions testing," Wicks says.
Regulatory pressure is one important reason for the product's growth, says Wicks. Ever since the first introduction of validation requirements in the US in 2010, regulators around the world have grown less tolerant of control failures, both in the sanctions arena and elsewhere. That has forced market participants to improve their game. "Institutions are maturing and doing a significantly better job in terms of the way they approach and ensure sanctions compliance – and in fact, compliance across the board," he says. "In terms of regulation, institutions have a responsibility for independent testing of compliance functions, and also increasing requirements related to model risk management, understanding how the controls that you have in place in relation to compliance actually work."
But the sanctions testing product offers other benefits beyond mere compliance. A regular testing of sanctions screens allows users to fine-tune their procedures, in order to reduce the number of false matches generated and the operational cost of checking each red flag. An important feature of the product is end-to-end automation, and many users set up the testing service to run every time the various lists of sanctioned entities change – something that can happen every four days on average, says Wicks. That provides a high degree of assurance and a detailed audit trail on the company's sanctions compliance status, with minimal effort required from the user's own operational risk teams.
Swift's product automatically scrapes sanctions list data from various regulatory websites, or directly from New York-based information provider Dow Jones, to use in the screening process. It also generates reports comparing those sanctions lists with each other.
The testing function was originally centred on transaction screening procedures, but has since been extended to cover the screening of individual customers. It does this in relation to both sanctions lists and lists of 'politically exposed persons' (PEPs), who represent a higher risk of involving the client in bribery, tax evasion or other financial crimes. "PEP screening is an additional dimension; the size of PEP lists means that the issue is significantly more complex," says Wicks. "Also, the approaches that you would take between sanctions and PEP screening are quite distinct."
The latest development for Swift's sanctions testing product is the peer assessment function, which provides its users with reports on the performance of their sanctions filters relative to others in the industry, as well as information on common screening practices. Introduced in March 2015 after two years of development, the service generates assessment reports that compare sanctions screening performance with equivalent peers, as well as supporting third-party testing and evaluation.
In time, Wicks believes this peer assessment function can and will be expanded to cover PEP screening too. "That is something that we will see expanding over time," he says. "What we have been providing within the services has continually grown based on consumer feedback – the developments they want to see of those tools and how the tools are used. So it's not something that we offer now but it's highly likely for the future."
The week on Risk.net, December 2–8, 2017Receive this by email