Navigating sanctions compliance

The Russian invasion of Ukraine has resulted in some of the widest-reaching international financial and economic sanctions in history. These include restrictions against Russia’s major financial institutions, key state actors, energy exports and a ban from the international financial SWIFT system. The impact, however, goes far beyond Russia’s borders. These sanctions mean that financial services businesses need to think very carefully about who they are doing business with, as the sanctions lists are growing daily.

Sanctions violations could result in hefty fines and reputational damage. If your business is subject to KYC and AML regulations, or provides services in a market that has enacted sanctions, you may need to take new action to ensure compliance. 

What are sanctions and how do they fit into KYC?

The US, UK, EU and other countries or bodies may impose sanctions on countries, businesses or individuals to prohibit doing business with them. 

In the US, the CAPTA list (which stands for Correspondent Account or Payable-Through Account) is the sanctions list created by the US Department of the Treasury’s Office of Foreign Asset Control (OFAC)

According to the US Treasury Department website: ‘Every transaction that a US financial institution engages in is subject to OFAC regulations. If a bank knows or has reason to know that a target is party to a transaction, the bank's processing of the transaction would be unlawful.’

Sanctions violations can amount to hundreds of thousands of dollars in fines per violation. Most notably, the highest sanctions violations fines in OFAC history were imposed on BNP Paribas to the tune of almost $9 billion in 2014 for violating sanctions against Sudan, Cuba and Iran. 

OFAC also maintains lists related to other sanctions, and the EU and other countries have their own regulations and rules. So, depending on what markets your business operates in, you may be subject to a range of different regulations and sanctions lists. 

As these sanctions lists keep growing and shifting, it’s not enough for businesses to do one-time or infrequent checks on their customers. They need to maintain real-time monitoring that checks existing customers against the latest lists to meet sanctions compliance and AML/KYC regulations.

In short, regulated businesses need to know who their customers are at onboarding and beyond. KYC and AML regulations exist both locally and internationally to ensure that regulated industries take the necessary steps to prevent financial crime. With the new and growing sanctions, KYC and AML compliance is more important than ever. 

What is sanctions compliance?

Sanctions compliance and screening is an essential part of KYC procedures. It’s how businesses meet regulations that prohibit them from transacting with any sanctioned individuals or entities. 

KYC/AML Procedures

KYC/AML procedures generally involve a number of steps:

  • First, businesses must perform identity verification on a customer or prospect. Depending on the market and any local rules, this can be done in a number of ways. Common examples include a database check, or a document and biometric solution, which combines identity document verification and matching that document to the person submitting it through biometric verification.

  • Once a business has established and verified a customer or prospect’s identity, they then typically need to conduct customer due diligence or enhanced due diligence, and that’s where sanctions screening comes in. 

Find out the differences between customer due diligence (CDD) and enhanced due diligence (EDD) in our dedicated blog post.

Read the blog

How to manage sanctions compliance: 

  • Assess which sanctions lists apply to your organization.

  • Check your existing customer database against these lists, and modify onboarding procedures to screen against these lists. Just because you checked a customer against lists when they were first onboarded, doesn’t mean they aren’t now sanctioned.

  • Continuously assess your customer database by using a real-time watchlist monitoring service.

Onfido’s solutions

KYC and AML regulations aren’t things to meet and forget about. Given the hefty fines and reputational damage that sanctions violations can result in, businesses need ongoing analysis built on reliable data. 

Our Watchlist solution (Watchlist Check) is built on databases that are continually refreshed and indexed, providing constant monitoring to ensure that you are notified if your relationship with existing customers is affected by sanctions. 

How can Onfido's Watchlist Check help?

  1. Stay accurate with access to up to date data

Tailor searches to your needs by choosing which sanctions lists, adverse media categories and politically exposed persons (PEP) lists to search. Our real-time model dynamically updates our risk database for Sanctions, Watchlists, and PEPs. So we never make judgments on data more than 24 hours old.

  1. Manage regulatory requirements

Global AML / KYC regulations may mean you have to continue to screen users after onboarding. Onfido’s Watchlist Ongoing Monitoring re-screens monitored users against all sources every 24 hours, and notifies you with any updates. 

  1. Don’t keep customers waiting

We supercharge our performance by using AI to index and flag articles for analyst review. This means we provide responses in near real-time, so you can make fast, accurate decisions.

Learn about Onfido’s watchlist checks and ongoing monitoring
Find out more