Sanctions Screening System Validation Ver. 1.0

ANCTIONS CREENING AND YSTEM VALIDATION

A Point of ViewS

M. Babar Shameem

222

§ Managing Partner, TruPoint, LLC§ Head of Advisory Services, AML Analytics

Limited§ Previously, Global Head, AML / Sanctions

Screening and AB&C Technology, Citi

[email protected]@aml-analytics.com

https://www.linkedin.com/in/babarshameem

2Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC

3

POINTS FOR DISCUSSION

01

02

03

04

05

06

OVERVIEW OF SANCTIONS AND KEY REGULATORY REQUIREMENTS

OVERVIEW OF SCREENING

KEY ELEMENTS OF A SANCTIONS SCREENING SOLUTION

TOP 5 CHALLENGES

RE-CAP AND CONCLUSIONS

OPEN DISCUSSION

Proprietary and Confidential to M. Babar Shameem and TruPoint, LLC

§ U.S. Sanctions are administered by the US Treasury Department’s Office of Foreign Assets Control (OFAC)

§ Intended to• support US foreign policy and national security objectives (e.g., f ight

terrorist financing)• change the behavior of a particular individual, group, country or regime

§ Applicable to all US individuals and businesses

§ Outside of the US, countries may maintain their own sanctions

§ Reinforced by other Federal and State agencies

4

SANCTIONS OVERVIEW


Strict Liability Standard / Risk-Based Nature

Blocking Property / Rejecting Prohibited Transactions

Reporting Obligations, including Licensing

Avoid Facilitation

Record Keeping

5

Key Sanctions Requirements and Characteristics


§ OFAC enforcement guidelines (31 CFR Part 501)https://www.treasury.gov/resource-center/sanctions/Documents/fr74_57593.pdf

§ FFIEC BSA/AML Examination Manualhttps://www.ffiec.gov/bsa_aml_infobase/pages_manual/manual_online.htm

§ New York State Department of Financial Serviceshttp://www.dfs.ny.gov/legal/regulations/adoptions/dfsp504t.pdf

13

Where to Find Key Expectations?


A. Willful or Reckless Violation of Law

E. Compliance Program

G. Cooperation with OFAC

H. Timing of Apparent Violation(s)

I. Other Enforcement Action(s)

J. Future Compliance/Deterrence Effect

K. Other Relevant Factors

B. Management Awareness of Conduct

C. Harm to Sanctions Program Objectives

D. Individual Characteristics

F. Remedial Response

General Factors

31 C.F.R. part 501, Appendix A 74 Fed. Reg. 57,593 (Nov. 9, 2009)

Economic Sanctions

Enforcement Guidelines

Box 1 and Box 2 penalties are capped at $32,500 and $65,000 per Trading With the Enemy Act (TWEA) violation, respectively .

Base Penalty Matrix

Types of OFAC Responses

7

Overview of OFAC Enforcement Guidelines


§ Since 2009, financial institutions have paid over USD $16 billion in penalties and settlements on OFAC-related matters.

§ These cases relate to apparent sanctions violations and generally involve settlements with other U.S. authorities, in addition to OFAC.

Non-compliance with U.S. sanctions laws and regulations can result in very large civil monetary penalties and criminal prosecution. OFAC penalties and settlements are made public and, therefore, entail a level of reputational harm. OFAC-related enforcement may include actions by the Department of Justice (DOJ), Federal Reserve Bank (FRB), Office of the Comptroller of the Currency (OCC) and the New Your Department of Financial Services (NYDFS), among others.

*As of June 20168

Enforcement Actions Against Fis: 2009 – 2016*


§ Documented Sanctions Risk Assessment / Program• Business lines, Products offered, Clients base and Geographic footprint

§ Sanctions Policy and Risk Appetite Statements• Supported by the institution’s senior management and Board• Defined roles and responsibilities• Policy statements• Standards, procedures and guidance documents• Awareness, Training, Communication and Oversight

§ System of Internal Controls§ Internal Audit, Compliance Monitoring and Testing

9

Key Elements of a Sanctions Program


§ High risk, high speed, high volume transactions• Cross Border Funds Transfers, Trade Financing/Services, Securities

§ Real-time interdiction as opposed to look-back• Before processing a transaction or opening an account or client

relationship

§ Effective Blocking, Rejecting and Reporting

§ Re-submitted transaction monitoring

§ Audit trails and Record keeping

10

Sanctions Screening and Risk Management


11


01

02

03

04

05

06




TOP 5 CHALLENGES


OPEN DISCUSSION


§ Prioritize client screening results for review: Sanctions deals with “strict liability” whereas AML relates more to “reasonability”

§ Sanctions compliance programs are costly due to requirements that are shifting

§ Even when sanctions technology solutions are effective, they are generally inefficient

§ Efficiency requires better automation whereby prohibited individuals and entities are identified with greater likelihood of reduced false positives

§ Needs efficient case management / workflow

12

Solutions Often Used for Both AML and Sanctions


§ Stratify and segment data

§ Customer records and financial transactions

§ Based on your business’s profile and risk appetite.

13

Risk Based Prioritization


§ Assess data using robust sampling

§ Gauge quality of watch-list sources

§ Remediate where feasible and, in any event, record findings that remediation is planned, whether now or later

§ Track data related issues and items

14

Data Profiling / Preparation


§ For sanctions screening, OFAC, UK-HMT, EU, and UN lists provide fairly universal coverage.

§ Consolidate results into a single review item.

§ Matched name appears alongside lists it is found on.

§ For client screening, other lists can be included such as PEPs and special interest persons, internal watch lists and white lists.

§ Configurability to determine which lists a transaction or event needs to screen against based on source and other descriptors.

15

Watch-List Diversity, Quality and Completeness


§ Most major sanctions lists are scripted in Roman characters.

§ Data to be screened against them may be in non-Roman alphabets such as Cyrillic.

§ Screening solution ought to handle multi-language, cultural diversity, phonetics requirements, as required.

16

Language Handling


§ Data to be screened may be misspelled, incomplete, or contain variations.

§ Fuzzy matching capability is essential for screening system to catch mistakes or deliberate inaccuracies.

§ For instance, Escobar should match against Esdobar or Ecsobar with the system flagging accuracy level to alert those reviewing matches.

17

Fuzzy Logic


§ Transactional Screening: • Real-time Payment Screening: The screening or filtering of relevant payments

instructions prior to their execution in order to prevent making funds available in breach of sanctions, embargoes or other measures*.

• Financial transactions such as wire transfers, trade finance and securities is necessary.

§ Client Screening: • Client Screening: The screening of client names and associated details against lists

provided by relevant competent authorities both at initial on-boarding and at other points during the client relationship*.

• When establishing new relationships with individuals and entities and on an ongoing basis since a party may not be on a sanctions list when relationship was formed but may appear later.

18

Systematic and Recurring Screening

*the Wolfsberg group


19


01

02

03

04

05

06




TOP 5 CHALLENGES


OPEN DISCUSSION


§ What is detection

§ Fuzzy logic, what it is and what it’s not

§ Fine tuning to improve precision and enable optimal risk-based allocation of resources

20

Detection


§ Aggregation of lists with common entries

§ Replication and reconciliation

§ Search Rules

§ Record keeping

21

List Management


§ Logic that is consistent with the institution’s risk profile, its risk appetite and the nature and volume of transactions

§ Periodic assessment of the results

22

Periodic Assessment of Detection Capabilities


Creation of conditional rules – Sectoral Sanctions

Ability to deal with multiple languages (depending on the institution’s geographic footprint)

Creation of metrics / key indicator report

Connectivity to different case managements and other sanctions risk management systems.

23

Other System Functionalities


24


01

02

03

04

05

06




TOP 5 CHALLENGES


OPEN DISCUSSION


1. Data Quality and Privacy (Input text, Lists, Matches, jurisdictional restrictions and approvals)

2. Operational Readiness

3. List Management and Maintenance

4. Change Management • Upstream systems with downstream effect; • Other Changes with unintended consequences;• Poor UAT

5. Early Warning of … system inadequacies, changing sanctions landscape, backlogs …

25

Top 5 Challenges


26


01

02

03

04

05

06




TOP 5 CHALLENGES


OPEN DISCUSSION


§ Document data flows and pre-processing that may occur in upstream systems to avoid unintended massaging of data resulting in potential processing of a sanctioned individual or entity

§ An effective client screening system must be able to connect to multiple sources and automatically integrate different types of data from different systems.

27

Multisource Data Integration


§ The system should allow for easy creation of multiple workflows and sets of match rules to accommodate a range of risk profiles.

§ Past decisions need to be leveraged by the system based on business created rules.

28

Customized Workflows and Match Rules


§ Practically all effective screening systems produce a high volume of false positives

§ Combination of capabilities in both screening and case management systems to reduce “noise” is desirable

§ Results to “self-learn” and highlight alerts previously reviewed and closed out as false, provided the parties screened are the same as before, both on the list and the input.

29

Noise Reduction


§ Comprehensive audit trails, automated escalations, and extensive reporting tools with a built-in case management system.

§ Generally, business defined prioritization capability ought to be configurable by power users.

30

Enhanced Due Diligence


§ System needs to process data volumes from very small to hundreds of millions of records with the same performance and accuracy.

§ It should be scalable that the business may grow the infrastructure as volumes increase; ideally, from desktop to data center.

31

Modular and Scalable Architecture


§ Non-compliance is not an option. State agencies are helping drive OFAC compliance (e.g., NYDFS).

§ Client and transactional screening are critical enablers to the success of an institution’s sanctions programs.

§ Integrity of data to be screened and of watch-lists is critical.

§ Right-sized processes and systems are essential to balance effectiveness and risk based resource allocation. Meaningful metrics that drive process refinements are also key.

§ Change management controls of the ecosystem must be robust.

§ Independent validation of end-to-end screening capabilities is a must for self-assurance and is also looked upon favorably by regulatory agencies.

32

Conclusions


33


01

02

03

04

05

06




TOP 5 CHALLENGES


OPEN DISCUSSION / Q & A


34

UK fines Merrill Lynch £

13 million for

35 million compliance l

apses

Barclays fined $108 million for

kowtowing to rich PEPs

BNP admits guilt, fined $8.9 billionfor U.S. sanctions violations

OFAC fines Cal

ifornia telecoms

firm

for Sudan, Iran t

rade

“Our life is frittered away by detail. Simplify,

simplify.”

― Henry David Thoreau

Sanctions Screening System Validation Ver. 1.0

Documents

Transcript of Sanctions Screening System Validation Ver. 1.0