How to overcome sanctions screening challenges

Sanctions screening - identifying entities that appear on sanctions lists - is a high stakes part of anti-money laundering compliance programs. Ensuring sanctions compliance is an important legal obligation for banks and other financial institutions. The regulatory pressure around sanctions has been mounting, and some of the largest compliance penalties in recent years have been in response to sanctions violations.  

On top of the increasing pressure financial institutions face, managing sanctions risk has also become more and more complex. This article explores both why managing risk can be so complicated and how new technology can help solve those challenges.

Sanctions are penalties or other measures used by governments or international bodies as a means to influence behavior or stop illicit activity. They may be comprehensive, or target certain industries. Sanctions can also target individuals, political groups, or terrorist organizations.

It’s illegal for any organization to do business with a sanctioned entity. No matter the industry, businesses need to ensure they have adequate controls in place. Historically, financial institutions have suffered the biggest consequences and the largest fines for sanctions violations. 

The preventive controls around sanctions matter, too. Organizations can be fined for failing to put in place effective safeguards around sanctions, hence the importance of robust and ongoing screening processes.

Sanction screening is a high stakes activity that can be both challenging and time consuming to manage. Here are some of the major difficulties banks and other organizations face.

Sanctions lists are constantly evolving. Sanctioned entities - which may include state institutions, organizations, or individuals - are frequently added or removed from lists, and globally the number of sanctions is increasing. Sanction screening procedures need to be ongoing and highly reactive for an organization to remain compliant.

In theory, data on sanctions is available to everyone. Anyone can take a look at OFAC’s sanctions list, for example. The reality, though, is that there are hundreds of different data sources available, often with their own formats and variations - in the way names are spelled, addresses are listed, etc - that can make screening difficult. Obtaining definitive data, and making sure it’s in the right format, can be challenging.

Banks and other businesses need to keep up to date on many different lists. Some of the major sanctioning bodies include the US Office of Foreign Assets Control (OFAC), the European Union, the United Nations, and HM Treasury in the UK. Depending on where your organization does business, other sanctions lists may also be relevant. Organizations then need to combine or cross-check this information with internal data sources, like customer databases. Without the right solution to manage that data, organizations can end up with too many false positives or false negatives, creating friction for customers or exposing the bank to excessive risk.

Sanctioned entities aren’t the only risk. Financial institutions and other organizations also have to pay attention to who is doing business with sanctioned entities, since those individuals or businesses carry significant risk. PEP screening - monitoring for politically exposed persons - also needs to be part of the process to minimize risk. It adds up to a lot of information and connections to monitor.

“There’s a constant difficulty in organizations doing sanctions screening in good faith,” says Friedrich Lindenberg, founder of OpenSanctions, which combines sanctions lists, databases of politically exposed persons, and other information into an open and free dataset. “It’s easy to do the bare minimum, but to comply with the intent of the law, screening gets trickier. It requires looking at beneficial ownership chains.”

A dramatic example of how quickly sanctions can change came in February 2022 as Russia invaded Ukraine, and in the days leading up to the invasion. Russia was already the target of sanctions following its 2014 annexation of Crimea. But in a matter of days, OFAC, the EU, the UK, and others expanded their Russia sanctions. They sanctioned not only Russia’s largest financial institutions, hundreds of members of the Duma, many Russian elites closely linked to the Kremlin, and others, but also many organizations and individuals in Belarus, a close Russian ally. 

Bank compliance teams have had to make sure they understand the full extent of new restrictions and scramble to comply with any new sanctions in a matter of days or even hours. Part of the challenge is that sanctions rules aren’t always the same from one jurisdiction to another. According to OFAC, for example, a property or interest owned at 50% or higher by a sanctioned entity is automatically sanctioned. The EU, on the other hand, defines ownership differently. These variations can create a real puzzle for financial institutions that have to comply with sanctions in multiple jurisdictions. 

Banks also have to be sure they aren’t accidentally doing business with Russian sanctioned entities through shell companies - a common tactic to hide one’s connections and evade sanction screening.

Organizations like OpenSanctions are aiming to change how organizations access sanctions data. Assembling data from many different sources, they integrate that data into a common and coherent format. The result is data that is cleaner than it was in the source formats, and data on different entities is brought together from different sources. They also offer straightforward information on how the data is compiled. “OpenSanctions is making PEP and sanctions data into more of an open resource. We’re transparent as to how our datasets are created,” says Friedrich Lindenberg. The result is a clean and coherent data structure that’s easy to work with. 

That data can then be imported into a graph analytics tool and combined with internal data.

The graph analytics approach is a model in which data is structured as a network. Information is stored as nodes, which are connected to each other by edges that represent the relationships between them.

An investigation software solution natively powered by graph analytics like Linkurious Enterprise can facilitate sanction screening and other risk assessment. With graph technology, the relationships between entities are as important as the individual data points themselves. You can integrate multiple data sources to see and explore everything in one place. Querying your data is also lightning fast. And a graph solution easily adapts to the needs of your organization. 

Graph analytics can help you identify indirect relationships across multiple types of entities and relationships (addresses, co-owned companies, IP addresses, phone numbers, transactions, etc.). Here’s an example of how it can flag a hidden risky relationship:

In this graph visualization, we see Benson is indirectly connected to Guanghua Zheng (an individual listed on OFAC’s Counter Narcotics Trafficking Sanctions list). If we were to look only at Jaime Benson and his direct connections, nothing suspicious would appear. Understanding that Jaime Benson is associated with a high risk individual requires following his relationships with 2 companies and 2 addresses.

Experience a new way to search, visualize and analyze millions of open data records in one single interface to uncover hidden relationships around sanctions targets, PEPs and their networks in just a few clicks. See OpenScreening for yourself - our free interactive screening tool.