Case Studies
FCC controls testing
Making sure customers behave
Circumvention of sanctions prohibitions is a criminal offence but, this does not always deter designated persons from attempting to hide or retain their assets. As sanctioned entities use the financial system to fund their operations or to receive proceeds, they are getting better at finding different ways to bypass existing sanctions compliance programmes.
To combat this, financial institutions must be able to detect and prevent sanctions circumvention by flagging up and preventing potential attempts for resubmitted rejected payments.
The client
In recent years, our client paid a record-breaking fine to US authorities for a range of failings, including money laundering and doing business with countries subject to economic sanctions. As part of their settlement, they agreed to improve their internal controls. Since then, our client has implemented global standards for money laundering and sanctions, upgraded IT systems to better monitor transactions and strengthened their Financial Crime Compliance (FCC) function.
The problem
Our client needed to screen and block payments linked to sanctioned individuals, entities and countries. Automated software is used to screen payments against sanctions lists and to identify potential stripping activity where payments have been purposefully altered.
Customers may intentionally remove information - such as customer names, bank names, vessels and addresses - to prevent sanctions screening filters from stopping the payments. A resubmitted payment will not be stopped by sanctions screening software if the information removed was the information that originally matched against the sanctions lists.
With the risk of large financial penalties and the bank’s reputation at stake, it is crucial that our client has in place a solution that can detect and block these resubmitted payments before they can be processed. Facilitating or turning a blind eye to resubmitted payments may subject our client and its most senior executives to regulatory actions and criminal proceedings.
Simply having the correct systems, however, is not enough to prove compliance with sanctions regulation. Our client also needed to provide clear and documented evidence of regular monitoring and testing of its resubmitted payments processes.
Financial intelligence sources have identified sanctioned Russian individuals using a range of methods to evade sanctions imposed following the invasion of Ukraine.
2022 Red Alert, NECC, NCA, OFSI & JMLIT
​[The 2022 Red Alert] outlines the significant exposure that many sections of industry have to sanctions evasion and, given the nature of the risks identified, is something we will all need to be increasingly vigilant to.
Giles Thompson, OFSI
What we did
Our client wanted an independent assessment of the current processes in place for identifying and stopping resubmitted payments in order identify potential areas of concern. They also wanted to implement a new monitoring framework in this area. This process needed to sit as an independent function in the second line of defence.
Our first step was to review the current policies and procedures in place for identifying and stopping resubmitted payments. We then conducted interviews and process walk-throughs with the global payment teams to understand how the policies and procedures were actually used by staff ‘on the ground’. Once we had this information, we could develop the compliance testing process.
The testing process was designed to periodically select and review a sample of resubmitted payments and to report on the operating effectiveness of controls and/or adherence to the client’s policies and procedures. A key part of the process was to develop a test plan and build repeatable test scripts for use by the compliance team. We also needed to ‘test the tests’. This involved testing the operational effectiveness of the procedures and controls implemented by our client for identifying and stopping resubmitted payments.
Once the testing process had been agreed, we turned to the design of the monitoring process. This involved reviewing and analysing key performance and risk indicators related to resubmitted payments so allowing our client to identify potential compliance violations. Key performance and risk indicators were translated into monthly management information reports covering both the compliance monitoring function itself, along with the results of resubmissions payment testing.
Outcome for the client
Our client now has a robust monitoring process over its resubmitted payment process which acts as an early warning system to allow senior management to identify - sooner rather than later - potential compliance issues. They can also demonstrate to regulators that they take the improvement of their compliance monitoring function seriously and regard it as an ongoing process.