How the ‘War on Terror’ exposed compliance gaps in Swiss companies

Whether it was turning a blind eye or doing business with blacklisted entities, Swiss firms’ due diligence practices were put to the test amid the crackdown on terrorism that followed the September 11 terrorist attacks.

Almost two decades after planes brought down New York’s World Trade Center towers, a Swiss company that provided IT-related services to the aviation industry had a reckoning with the United States government. In February 2020, Geneva-based telecom firm Société Internationale de Télécommunications Aéronautiques (SITA) agreed to pay around $7.8 million (CHF7.1 million) for providing services to airlines the US classified as specially designated global terrorists (SDGTs) between 2013 and 2018.

The US Office of Foreign Assets Control (OFAC) pursued SITAExternal link for providing flight planning, reservation and messaging services to five airlines sanctioned for supporting terrorism: Syrian Arab Airlines, Iraq’s Al-Naser Airlines and Iran’s Mahan Air, Caspian Air and Meraj Air.

OFAC argued that the Swiss aeronautics communications company should have taken more measures to identify the risks involved when doing business with certain carriers. Thanks to its cooperation with the US authorities, SITA got away lightly considering that the maximum penalty for a violation of the Global Terrorism Sanctions Regulations (GTSR) was $2.45 billion. It was nevertheless a big shake-up for the company, which had to keep abreast of the latest guidelines.

“We have witnessed that global trade policies and sanctions continue to change at an ever-faster pace, and it has become more challenging to be, and to remain, compliant,” SITA spokesperson Julius Baumann told SWI

To keep up, the company has strengthened its compliance team in the last few years and has hired numerous legal experts. It also invests in regular training of personnel on compliance issues, even those in senior positions.

“We have also put in place compliance measures at the executive and board levels to mitigate the risk of non-compliance,” said Baumann.

SITA is not alone in being sanctioned for providing such services to blacklisted entities. So far this year, the OFAC has reached a settlement with American companies Alliance Steel and UniControl, Italian firm Nordgas, and Dubai-based Alfa Laval for using services provided by Iranian firms or exporting material that ended up in Iran.


Terror financing 

Another vulnerable sector for links to terrorism is finance and payments.

“Terrorism financing is sometimes difficult to detect because it is a kind of reverse money laundering. From the sender’s side it is often clean money but the purpose is not legitimate and the recipient has to be analysed, which is difficult because you don’t normally have KYC [Know Your Customer] information about the recipient,” Mario Michel, an expert for the Global Initiative Against Transnational Organized Crime, told

This year the OFAC sanctioned American payment service providers Payoneer, MoneyGram and Bitpay, as well as banks First Bank of Romania, Union de Banques Arabes et Françaises of France and Bank of China for processing payments involving entities in Syria and Iran, as well as other regions under US sanctions like Sudan, Crimea region of Ukraine, Cuba and North Korea. The Swiss financial sector has also dropped the ball on a few occasions.

In 2008, the private banking world was turned upside down when revelations by whistleblower Hervé Falciani regarding HSBC private bank’s Geneva branch exposed a weakness for turning a blind eye to rules on financing of terrorists. According to the International Consortium of Investigative Journalists (ICIJ), clients suspected of being early financial sponsors of Al Qaeda prior to 9-11 were found to have accounts with the bank. They were on a list of 20 names referred to as the Golden Chain in a cache of Al Qaeda documents seized by US agents from Bosnia in 2002. Following revelations of the Gold Chain by the media in 2003, a US Senate sub-committee warned HSBC that it should have paid special attention to these high-risk clients. But they remained on HSBC’s books.  “Though the significance of the Golden Chain list has since been questioned, the ICIJ found what appear to be three Golden Chain names with HSBC Swiss accounts that existed after that date [2003],” stated ICIJ in its reporting.

In the end, HSBC had to pay the US a fine of $192 million for holding $1.26 billion in undeclared assets of wealthy Americans. While they were not punished for servicing suspected terrorism sympathisers, they were required to provide information on closed accounts that were of interest to the US officials.

Switzerland’s largest bank UBS did not escape US authorities’ notice either. In 2015 the bank reached a settlement External linkto pay $1.7 million for dealing with a client facing terrorism-related sanctions. A month after the 9-11 attacks, the UBS client had been put on a sanctions list following an executive orderExternal link made by US President George W. Bush which prohibited transactions with people “who commit, threaten to commit or support terrorism”. Even though UBS had blocked both transfers to and withdrawals from the account, it continued to process investments and returns on investments in the US.

According to OFAC, multiple personnel within UBS’s compliance department were aware of the client’s blacklisting, “including the most senior-level manager at UBS Switzerland responsible for sanctions compliance”. Despite this, “the bank failed to implement any steps or measures to prevent UBS from processing transactions for the Client to or through the United States”.

“We are pleased to have resolved this matter,” a UBS spokesperson told Reuters at the time. “We discovered and voluntarily brought the relevant transactions to OFAC’s attention.”


Impact on banks

In 2019, UBS Group Chief Compliance and Governance Officer Markus Ronner told Reuters that the bank expects to spend around CHF700 million a year on regulatory expenses alone. The UBS annual report for 2020 states that 10 of the 11 members of its board of directors listed “risk management, compliance and legal” as one of their core competencies compared to just five for “banking”.

The issues facing UBS extended to the whole Swiss banking sector, which had to avoid servicing any blacklisted entities or individuals in order to avoid a similar crackdown.

According to Monika Dunant, a spokesperson for the Swiss Bankers Association, the tightening of anti money-laundering laws in the wake of the 9-11 attacks as well as economic sanctions against terror groups decided at the United Nations also impacted the banking sector.

“Besides the UN, certain countries like the US published their own sanctions lists,” Dunant said. “Banks were obliged to freeze assets, prohibit provisions and report requirements for frozen assets.”

A 2018 KPMG Switzerland survey on financial crime in bankingExternal linkrevealed that 86% of 50 Swiss banks surveyed had informed the authorities of a financial crime in the last three years. Around 40% had invested in hiring additional staff and IT systems but only 18% built a specialised team to investigate financial crimes.

“You will never have a perfect compliance system. Compliance is often operating in situations where you don’t have the full picture, you have to further investigate and take decisions on a risk-based approach,” says Michel.

There are signs that measures taken by the banks are not sufficient. According to the KPMG survey, only 12% of financial crimes were identified by the existing transaction monitoring systems. Clients were the number source of alerts (15%), followed by the media (13%) with investigations by authorities in fourth place (11%).

“Banks are normally doing a good job, but the public doesn’t get to know this because their clarifications are not and cannot be communicated. And anyhow the cases detected by the banks are mostly not interesting for the public; the media focuses on big and sensitive cases, you will never read about the small cases like a shopkeeper sending $20 to a terrorist organisation,” says Michel.

According to him, a bank only has access to a small piece of the puzzle. They can see the transactions linked to the account and know the background of the client if they’ve done good due diligence. However, they still have to rely on the story the client tells them and if the story is plausible then it is unlikely that the flagged transaction will be investigated in depth.

“For example, you cannot normally know what the client is doing with accounts with other banks. If one had the full picture, then it would be easier to connecting the dots and detect wrongdoing. But this is not possible, not only because of legal restrictions, but also because it would be too huge a task for the compliance officer to cope with,” says Michel.

Instead, banks have to rely on technological advances like artificial intelligence to improve detection of suspicious transactions. Hiring more compliance officers can also help. But criminals are also learning to cover their tracks and in recent years cryptocurrency has enabled new techniques to beat the system.

“We are getting better and so are the criminals. It will always be a duel,” says Michel.



One Swiss company that has not yet been able to put the consequences of 9-11 behind it is cement giant LafargeHolcim. In 2016, a complaint was filed against French company Lafarge (which merged with Swiss firm Holcim in 2018 to become LafargeHolcim). Former employees of Lafarge’s factory in northeastern Syria accused the company of paying up to €13 million to various armed groups, including Islamic State, to keep its Jalabiya factory running from 2011-2014. The company was also charged with committing crimes against humanity.

In 2017, the results of an internal investigation by LafargeHolcim stated that the local managers believed they were “serving the best interests of the company and its employees who depended on LCS [Lafarge Cement Syria] salaries for their livelihood”. However, the company admitted that its compliance programme at the time failed to prevent breaches of the law.

In 2019, the Paris Court of Appeals cleared the company of war crimes but upheld the indictment for endangering lives, financing terrorism and violating an embargo. The groups that filed a complaint appealed and the French Supreme Court is expected to give its decision on September 7, almost exactly 20 years after 9-11 changed the world – and business practices – forever.


By Anand Chandrasekhar, September 8, 2021, published on SWI

Recent Posts