Managing sanctions risk, e-money and payments firms
Amidst the current new round of Russian sanctions in reaction to the terrible events unfolding in Ukraine, the UK Office of Financial Sanctions Implementation (OFSI) announced on 21 February 2022 that it had issued Clear Junction, an FCA authorised electronic money institution (EMI) with a £36,393.45 fine for contravention of EU Ukraine related sanctions. The penalty relates to 15 transactions Clear Junction made to accounts at the Russian National Commercial Bank (RNCB) between March and June 2018.
The fine for Clear Junction, coupled with the new round of Russian sanctions being introduced should put sanctions controls at the forefront of MLROs minds at e-money and payments firms.
In our experience there are five common mistakes e-money and payments firms make managing sanctions risk:
Remember to screen banks not just counterparties
Review the screening coverage model to ensure counterparty banks are screened for all types of transactions processed.
If it transpires that counterparty banks aren’t captured firms should identify whether a look back exercise is needed.
Failure to get assurance on the lists screened against
Ensure the lists screened against are within the scope of assurance activities to identify gaps in coverage. Firms should work with their vendor on an ongoing basis to understand changes lists and screening logic applied.
Carry out periodic manual checks of updates to list changes to ensure they are live in the system.
Look for red flags not just name matches
There is a tendency for firms to be over-reliant on the output of screening systems to identify potential / genuine sanctions name matches. Firms should utilise transaction monitoring systems to help identify transactions which are consistent with the sanctions evasion typologies identified in their risk assessment.
At onboarding and periodic review firms have information which, when pieced together, can demonstrate sanctions related red flags. Firms should ensure staff are sufficiently trained to think critically and have the resources to identify relevant red flags such as shell companies and proximity to sanctioned regions.
Mistakenly placing reliance on other FIs
Clear Junction received payments from its customer, Transfer Go (also fined £50,000), a UK authorised Payment Institution, who had instructed it to send the payments onto its customer, RNCB, the sanctioned bank. In the case of sanctions, irrespective of whether your customer is regulated you remain bound to screen the payment(s).
Where EMIs operate a programme manager (PM) model, the EMI must ensure all transactions executed by the programme managers are screened by the EMI and that they have the ability to block or suspend payments.
Not considering account takeover sanctions risk
The sector is perceived to be something of a softer touch when it comes to getting an account. This naturally attracts bad actors, including those who will open accounts on behalf of SDNs. Firms should be wise to this possibility and train their staff on red flags which indicate an account is not being used by the account holder.
Firms should use social media screening tools and name screening tools to establish whether its customers are close links to SDNs and then based on their risk appetite decide whether they can appropriately mitigate the inherent sanctions risk.
If you would like help with your sanctions control framework or more information on how to approach the changes to Russian sanctions, please get in touch.