The onus often falls on FIs to uncover any links between sanctioned entities and potentially related securities, which can involve a significant data challenge.
The use of sanctions to achieve political goals has been rapidly expanding in recent years. But that is not the only way the landscape is changing. Sanctions are also being increasingly used by some nations to promote democratic ideals, human rights and conflict resolution in certain jurisdictions.
The US in particular has additionally been using its sanctions regime to act against crypto-related cybercrime, and it has become increasingly common for OFAC (Office of Foreign Assets Control) to list bitcoin addresses and email addresses in its SDN lists, adding complexity to the regime, and risks for victims of ransomware who may inadvertently breach US sanctions in making payments to unlock their frozen data.
The complexities and widespread use of modern-day sanctions regimes have raised expectations for FIs to adopt and implement a sophisticated “risk-based” approach to sanctions compliance, which now relies on a much greater use of data to identify hidden risks than was ever previously required.
This was highlighted by the Wolfsberg Group in its January 2019 guidance on sanctions screening, which was aimed at helping FIs assess the effectiveness of their sanctions screening controls.
Reference data screening
Traditionally, sanctions control frameworks have focused on name screening, which is designed to identify references to designated individuals or entities during onboarding or the lifecycle of the customer’s relationship.
Today, pure name screening may no longer be sufficient to detect sanctions risk. In its guidance, the Wolfsberg Group highlighted this shift in focus to a more data-heavy approach to sanctions compliance, discussing the process of determining sanctions-relevant attributes in ‘reference data’.
Though it is often still referred to as ‘name’ or ‘customer’ screening, the concept of ‘reference data screening’ encompasses “any data set within the FI’s operations, separate from its transactional records, that may present a relevant sanctions risk indicator and be conducive to detection through screening on a periodic basis,” the guidance says. It can even include geo-location data.
Common types of reference data relevant for sanctions screening include not only information on customers themselves, but also beneficial owners, related and connected parties, employees, and third party service providers. Notably, the guidance also includes ISINs as sanctions-relevant identifying features of assets that an FI may hold in custody.
This may seem obvious, as sanctions would typically prohibit dealing in any of the assets linked to a sanctions target, but it has grown in prominence as an issue due to recent designations of entities that have securities issued in multiple jurisdictions.
Sanctions by executive order
Earlier this month, outgoing US President Donald Trump signed an executive order prohibiting US persons from purchasing the publicly traded securities of 31 companies identified by the US Department of Defense in June and August this year as being associated with China’s military. They include firms like Huawei, China Mobile and China Telecom.
The latter two have ADRs listed on the New York Stock Exchange, which, according to some analysts, could be suspended from trading or removed from relevant equity indices when the prohibitions in the executive order take effect on 11 January 2021.
“Although the executive order does not explicitly call for de-listing, it may be impractical to continue listing securities in the United States if US persons are prohibited from buying them,” said Nick Turner, a sanctions lawyer with Steptoe & Johnson in Hong Kong.
While this in itself is significant, the executive order says US persons will also be prohibited from engaging in purchases of ”any securities that are derivative of, or are designed to provide investment exposure to” publicly traded securities of any of the 31 designated companies.
While a number of the named companies have indeed issued securities of their own, some across multiple jurisdictions, sanctions risk could also result from any issuances that are derived from such securities, for instance, warrants and CBBCs issued by global banks in Hong Kong. If the executive order were applied to subsidiaries of the companies (a detail that is pending further guidance from OFAC), the impact would be even greater.
“One of the challenges with this order is that some companies are identified by their brand names, rather than their legal entities,” Turner said. “It is not clear yet whether OFAC will apply the prohibitions to corporate groups or name specific entities that are issuers of publicly traded securities.”
Index compilers FTSE Russell and MSCI have recently openedconsultations seeking market views on how to treat index constituents impacted by executive order. While MSCI’s consultation is still ongoing, FTSE Russell has concluded that only the listed securities of the 31 named companies, and not the listed securities of their subsidiaries, should be considered as falling within the scope of the executive order, potentially limiting the impact.
Although the new executive order does not cause the 31 companies to be SDNs (Specially Designated Nationals), the impact could nonetheless be dramatic, as the full list of securities that will be affected could be lengthy. Recent reports also indicate that four more companies, including chipmaker SMIC and oil giant CNOOC, could be added to the list.
A ‘risk-based’ decision
Yet, it is not the case that every FI will have to stop purchasing these securities. The executive order defines a ‘US person’ to include any entity incorporated in the US, which does include foreign branches, but not their foreign subsidiaries, and certainly not institutions incorporated outside the US.
Still, in the name of the “risk-based” approach, it is important for FIs to first identify which securities fall into scope, and then determine where exposures may exist and whether any action is required – both from an FI’s perspective and the perspective of its clients, including US persons who may be purchasing securities or funds with exposure to the companies.
Generally speaking, sanctioned securities may be explicitly named by sanctioning bodies, but this is not always the case. In many instances, the onus falls on FIs to uncover any links between sanctioned entities and potentially related securities, which can involve a significant data challenge.
Identifying sanctioned securities is typically a job for specialist data providers. For instance, Refinitiv’s risk intelligence platform World-Check is designed to be able to screen for sanctioned securities issued globally, using multiple data sources and specialised research teams to identify each ISIN, CUSIP (US) or SEDOL (UK) which may present a sanctions risk.
This process often requires deep domain expertise in relevant jurisdictions in order to address language barriers and challenges related to ownership concealment. Refinitiv’s own sanctions team, for example, comprises dozens of specialist researchers, who often need to combine information from local media sources, tax registries, financial reports, and company registries to identify connections to sanctioned individuals and entities and uncover true risk.
Once the sanctions-relevant securities are known, individuals FIs would still need to use the data to conduct further research about the securities in question, before ultimately making a ‘risk-based’ decision on whether or not to block a transaction.
One thing is clear, screening for sanctioned securities at an individual FI is only as good as the inputted data. As such, efforts to ensure a complete and coherent data set is the first step to reducing the risk of missing a potential match during the screening process.
By Manesh Samtani, December 26, 2020, published on Regulation Asia