In UAE Six exchange houses were fined a total of Dh17.311 million for “failures to achieve appropriate levels of compliance regarding their AML & Sanctions Compliance Frameworks by the deadline at the end of 2019. All financial institutions have a duty to ensure that they comply with applicable sanctions and embargo regimes. Failing to do so could lead to significant regulatory enforcement action, fines, criminal charges in the UAE or elsewhere, and serious reputational damage.
As per UAE law, non - compliance with the targeted financial sanctions for any natural or legal person will be subject to imprisonment or a fine of no less than AED 50,000 (fifty thousand dirhams) and no more than AED 5,000,000 (five million dirhams).
1. Understand the Types of Sanction:
International Sanctions are foreign policy instruments employed by States to protect their national interests by targeting certain individuals, companies, or countries. Economic sanctions impose certain restrictions against countries, such as trade embargoes or restrictions to the export of certain goods (e.g. aviation, military, nuclear technologies). On the other hand, financial sanctions target individuals or companies and entail the freezing and blocking of all property or interest in property of the sanctioned targets. On top of national regulations, the major sanctions regimes are the US, the European Union, and the United Nations Sanctions.
2. Jurisdiction issue:
The first challenge in Sanctions compliance is to delimitate the scope of applicable regulations: to comply with a law, you first need to know which law to apply. This depends on the following:
a. Are operations spanning across various countries? This will condition the different international regimes or national regulations to comply with. Compliance should be studied not only on the level of countries where activities are carried out but also at an international level as the EU and UN also manage their own sanctions lists.
b. Which currencies is business conducted in? For example, American regulators claim compliance with US Sanctions whenever a transaction is denominated in USD. Practically, this means that almost any financial institution conducting international business will need to keep an eye open on US Sanctions compliance.
c. What is the nature of operations conducted? The more complex financial operations are, the more intricate compliance scenarios should be considered. For example, A larger international institution will need to search through the financing of import-export transactions to detect if any sanctioned countries, ships, or restricted goods are involved.
d. De-Risking Business Sectors: Institutions tend to reduce their exposure to risked business sectors or countries to avoid potential sanctions violations. They, therefore, fix stricter compliance standards, often beyond the regulator’s requirements, and can even refuse to enter a legal business if it presents a considerable risk of sanctions violations.
3. Best Practices to ensure the Compliance of Financial Sanctions:
- Top and middle management should embrace the mindset that compliance efforts can be turned into an asset.
- Compliance should be integrated into the company’s strategy to reinforce commercial efforts. The better an institution knows its clients, their needs, and habits, the more personalized services it will be able to propose.
- A decentralized compliance setup is crucial to account for the particularities of different departments or branches. The nature of activities and their associated risks may vary significantly, and since compliance is gaining the power to limit or discontinue business, it should be in close contact with operational teams. Institutions with international branches should also appoint dedicated staff to monitor and enforce the respective regulatory requirements in each jurisdiction.
- Overall risk monitoring must ensure that all entities commit to equivalent compliance standards and that procedures are applied throughout all business branches and Reporting to regulators should ideally be centralized to ensure coherence of all documentation communicated to the authorities
- There should include regular training sessions for front- and back-office staff and targeted sessions for staff of certain business branches. All employees should understand compliance challenges and how their contribution to compliance matters to the whole setup rather than a separate watchdog function that harnesses business.
4. Industrialization and optimization of legacy compliance processes
- Depending on the size of the institution and the volume of clients and transactions, a certain level of automation and industrialization will be necessary. As a rule, incoming transactions should be filtered before entering, and outgoing transactions before leaving the internal systems.
- The identities of new customers must be checked before the opening of any service entailing payments or trades. Such compliance verifications at onboarding and throughout the customer relationship must be orchestrated in order not to interrupt the client experience, where any unjustified delay or request for unnecessary documents will result in customer dissatisfaction.
- Indeed, most alerts generated by such systems are homonyms or obvious false positives without any risk from a sanctions perspective. This can be reduced in the following ways:
i. By adopting Machine learning. For Example, if you have considered blocking the customer named Mr. ABC and again in the future, you come across a similar or same transaction, the decision made in previous time will be accepted by the system i.e. block of funds and the same will be reflected in the screen to avoid re-due diligence.
ii. You can avoid false positives by using the Country and Date of Birth, removing the countries not applicable, removing the sanction list not applicable, use of different languages as Inputs. Periodic screening of the system is required. Also, include Bio recognition i.e. characteristics of the person.
If the sanction screening is not effective then there will be an enormous quantity of alerts will be generated and this must be sorted out to enable an in-depth analysis of the most complicated cases which will be a daunting task.
- As larger institutions rely on legacy systems to perform such checks, there is an immense potential for optimization. Introducing some layers of artificial intelligence into the process of filtering and analyzing transactions will significantly improve the system’s performance. A robotized semantical analysis can reduce the number of false alerts, while those generated can be classified according to the risk they present or their priority for immediate analysis. A risk-based generation and prioritization of sanctions alerts is today crucial for financial institutions to efficiently handle the changing regulatory constraints.
5. UAE Central Bank Guidelines
GUIDANCE FOR LICENSED FINANCIAL INSTITUTIONS ON TRANSACTION MONITORING AND SANCTIONS SCREENING
Sanctions screening systems and processes are essential but are also effective as the quality and completeness of customer and transactional information databases are used when comparing against applicable sanctions lists. Therefore, effectiveness depends critically on the completeness and accuracy of information obtained through the application of CDD/KYC measures and contained in payment instructions and other transactional data fields.
- Risk-Based: The risks LFIs face are dynamic and the transactions they carry out may be varied and high in volume. LFIs should therefore review and enhance their sanctions screening frameworks regularly and upon the occurrence of specified “trigger events,” such as material changes in the LFI’s business or risk profile or its legal and regulatory environment, to ensure that they remain tailored to the institution’s financial crime risks.
The outcomes of sanctions screening should include the application of enhanced scrutiny or additional controls to higher-risk customers or transactions, as warranted.
- Testing: LFIs should have in place adequate processes to ensure that aforesaid data feeding into their sanctions screening program meets established data quality standards, that data is subject to testing and validation at risk-based intervals, and that identified data quality issues are remediated in a timely manner. Further Data validation should occur at minimum every 12 to 18 months, as per the risk profile
- Review: LFIs should document and track sanctions screening outputs in order to identify and address any technical or operational issues and understand key risks or trends over time. Irregularities in sanctions screening system performance, including significant changes in the volume of apparent matches to sanctions lists over time, maybe indicative of underlying data quality or data integrity issues.
- Training: LFIs should ensure that personnel with sanctions screening responsibilities have adequate experience and expertise and receive role-specific training
- Tone From Top: The board and senior management should also communicate clear risk appetites within their institutions and set a strong tone from the top that the implementation of targeted financial sanctions is a priority
Examples of automated Tools: Automated name screening tools that compare customer databases against applicable sanctions lists live payment, and other transaction filtering tools that screen payment message and transaction data against applicable sanctions lists prior to execution, including text analytics tools
Examples of manual tools: manual reporting and escalations of potentially sanctions-related activity by LFI employees manual reviews of document-based transactions (such as documentary trade finance transactions or loans), and periodic or event-based CDD reviews.
