personal responsibility in a dynamic environment
Embargo and sanction lists contain persons and organizations with whom no business relations may be entered into for various reasons. The potential risk of disregarding these lists and the resulting penalties and reputational risks are often underestimated or even ignored, despite the fact that the responsibility to prevent such crimes lies entirely with the companies.
Individual companies must not only screen master data against daily updated lists, but also take financial transactions in Treasury into account. The resulting challenges are becoming increasingly complex. Not only are the relevant regulations extensive and numerous, but the relevant laws are also subject to constant changes and new sanctions are added frequently.
In order to get a better grip on these challenges, in a first step, a distinction should be made between embargoes and sanctions. Sanctions are generally defined as reactive; they are punitive measures threatened by law aimed at either punishing or enforcing a particular conduct. The primary goal of financial sanctions is the prevention of economic activities that finance terrorism.Sanctions in turn form the basis for embargoes, which constitute a form of sanction exercise. Embargoes for instance restrict foreign trade with certain countries through import and export bans, thus also restricting the execution of financial transactions.
Companies have to comply with the requirements of several regulators in order to rule out possible violations of embargoes or sanctions.European Union regulations (EU Regulation 2580/2001; 881/2002) clearly state that companies must monitor their payment transactions and will be held accountable for any violations.In addition, in the Federal Republic of Germany, BaFin imposes special requirements on payment factories and shared service centers (SSCs) as a result of the German Payment Services Supervision Act (Zahlungsdienstaufsichtsgesetz; ZAG). These requirements are subject to constant change and affect the payment processing of all transactions. Accordingly, a BaFin announcement on the ZAG bulletin now obliges all payment factories and SSCs to set up additional processes and systems to prevent money laundering, sanction violations and terrorist financing.
In addition to these requirements, there are numerous other national and international regulations that companies must observe. New sanctions are constantly added to the already extensive compliance requirements. For instance, the Office of Foreign Assets Control (OFAC) has just published in November 2018 new sanctions against nine Russian companies and three individuals for their activities on the Crimean peninsula and in Eastern Ukraine. This resulted in their inclusion on the US SDN list (SDN List = OFAC's list of Specially Designated Nationals and Blocked Persons). From the point of view of the US government, no transactions may be carried out with the sanctioned persons and organizations nor with companies in which these hold an interest of 50% or more. These sanctions are also relevant for non-US companies as they are designed as “secondary sanctions”. This means that from the point of view of the US government, foreign companies must also ensure that they do not enter into business relationships with these listed Russian individuals/companies.
This development is only one current example of the increasing complexity that will continue to increase in the future. It turns out that even banks cannot entirely avoid getting fined. The French bank Société Générale, for example, had to pay a record fine of 1.2 billion US dollars for handling dollar transfers for companies located in US-sanctioned countries. The problem of money laundering is also on the rise in Europe. This was exemplified by the case of ING, which had to pay a fine of 775 million euros in September this year due to a lack of controls.
As a result, it is essential for companies in all industries to implement and integrate processes and systems that successfully prevent non-compliance with sanctions. As a first step, companies should analyze and review their existing screening mechanisms and extend them to financial transaction monitoring in Treasury. In the second step, the most important aspects such as the assessment criteria, the database, the workflow, etc. must be defined. In this context, it is necessary to analyze which fields are being screened. In which system does the assessment take place and at what time? Before creating the payment file or before releasing it to the external bank? How are payments screened outside a payment factory? Are whitelists used to override false positives? By implementing the appropriate measures and introducing a system-based, regular sanctions screening, the risk of executing illegal payments to listed individuals/organizations can be minimized.
Source: KPMG Corporate Treasury News, Edition 87, December 2018
© 2019 KPMG AG Wirtschaftsprüfungsgesellschaft, ein Mitglied des KPMG-Netzwerks unabhängiger Mitgliedsfirmen, die KPMG International Cooperative (“KPMG International”), einer juristischen Person schweizerischen Rechts, angeschlossen sind. Alle Rechte vorbehalten.