Shifts in the geopolitical landscape and evolving regulations across the globe mean that organisations operating across multiple jurisdictions need to constantly review and assess the impact of new sanctions legislation and regulation.
The UK government committed to introducing a global corruption sanctions framework in March 2021, with the aim of “preventing those involved in corruption from freely entering the UK or channelling money through our financial system”. As well as new legislation, the global situation relating to sanctions control is perpetually changing.
Sanctions are moving higher up the mainstream news agenda. Events which have unfolded very recently almost makes reality seems stranger than fiction. Just a few weeks ago, it would be implausible that a plane could be grounded illegally by another nation to remove dissidents and yet, the EU has imposed new economic sanctions on Belarus over the interception of Ryanair flight FR4978 and the arrest of opposition blogger Roman Protasevich, with other countries with their own autonomous frameworks following suit.
This example illustrates the challenges of addressing ever evolving and complex situations. C-suite executives now need to be fully aware of such legislation and also become keen students of geopolitics and worldwide events as they transpire, to assess how new incidents (and measures) will impact on their business, their supply chains and the required sanctions controls in affected regions.
Understanding the supply chain
Part of the challenge is that different jurisdictions have different regulations. For example, now the UK has exited from the EU, it will develop its own autonomous framework. By the time this article is published, the UK government will also likely be targeting those behind the recent Belarusian aggression with new sanction controls.
To remain compliant, business leaders need to understand the nature of the entirety of their supply chain, at a granular level. Clients, customers and suppliers domiciled in any jurisdiction subject to sanctions need to be identified. Suppliers for example, may have an EU base but acquire elements of a product derived from a province subject to restrictions due to forced labour or human rights abuses.
It may even be that a particular jurisdiction is not actually under sanctions control, but that is likely to become the direction of travel very soon. Here, those responsible need to take a pragmatic view on the future, developing a strong awareness of the changing landscape in order to identify potential threats in advance, taking a risk-based approach on continuing business in that area and employing suitable mitigation measures to address the risks. It is important not to wait until sanctions are put in place and end up on the wrong side of the regulations.
Horizon scanning in this way to calculate points of exposure, means it is possible to use “trigger events” to respond proactively and appropriately to protect the business ahead of time. This not only reduces the potential impact on processes and profitability, but helps to maintain continuous compliance.
The danger for businesses when it comes to sanctions and their controls is that there are many “grey” areas. The changing environment can even be influenced by secondary sanctions. A European firm with no US exposure, operating under the protection of the EU can still run into problems if their supply chain involves Iran, for example. US regulations are aggressive and the result is a real-world impact on firms well outside its jurisdiction.
Sanctions legislation: who is responsible?
As we watch the Financial Conduct Authority’s criminal case against NatWest unfold, we are seeing the first criminal prosecution under anti-money-laundering (AML) regulations in the UK. It is clear regulators are increasingly taking a more stringent approach, where corporate fines are no longer deemed sufficient.
Senior directors are accountable for the behaviour of their staff and can be prosecuted to deter malpractice. It is, therefore, essential that the board and senior team are aware of how best to mitigate risk in relation to their respective organisations.
Staying ahead of the curve through horizon scanning and keeping up to date on live events as they occur is critical. As well as discussing profitability at board meetings, AML and sanctions risk needs to be part of the debate. Discussion allows suitable strategies to be developed to assist in protecting the supply chain, while meeting minutes ensure there is an audit trail for regulators.
Many firms use screening software which can be helpful. However, do be aware of its limitations. Situations can sometimes evolve faster than the software can be updated and there are instances where it may therefore be necessary to intervene sooner.
Advances in artificial intelligence and machine learning will progress further in the future but currently there is no replacement for experienced individuals who are aware of the entirety of the supply chain, where the higher levels of risk exposure might be, are able to map these against concerning developing geopolitical developments and advise the business on appropriate risk mitigation strategies accordingly.
Self-disclosure without delay
Training and education of staff in the key skills necessary to protect the organisation is also vital. At the ICA we also need to respond to evolving situations, and we run a range of sanctions courses which are frequently updated.
On a positive note, the regulators acknowledge this is a particularly challenging area and even with the best training, comprehensive processes, software and suitably qualified individuals, occasionally mistakes will be made.
However, in these scenarios, regulators expect self-disclosure without delay, in addition to details of how the control framework will be addressed to ensure the problems don’t recur. These actions will be taken into consideration but if a more systemic problem is revealed through a local of focus in this area they will certainly take a different view.
Putting sanctions legislation into perspective, framework controls are now a matter for the whole senior management team and board members to ensure compliance with regulations and ultimately protect the firm across increasingly diverse supply chains and an ever-evolving geopolitical landscape.
Ross Savage is course director and global lead, sanctions compliance, at the International Compliance Association.
The International Compliance Association is hosting a three-hour live virtual workshop on managing sanctions risk on 19 July 2021.