We are proud and happy to have won Sentinence as a new partner in our sanctions.io ecosystem. Sentinence is a global AML and Sanctions compliance boutique advisory firm based in Canada and headed by Angela Chartrand, an AML, and Sanctions professional for more than 30 years.
We sat down with Angela and learned about her extensive experience, her views on the challenges and pitfalls of sanctions compliance, the latest developments, and the future of sanctions compliance.
Q: Hi Angela, please tell us a little about your background and how you started Sentinence.
A: Hello Thorsten, I am so excited to have established a partnership with Sanctions.io. I am a huge fan of your technology and the solutions you provide.
To answer your question, I have been in regulatory compliance with an emphasis on AML for over 30 years.
For the first half of my 30+ years, I operated as a consultant to small and mid-size independent mutual fund dealers in Canada. I consulted on such things as; building out AML Programs, Risk Management and Mitigation Policies and Procedures, AML training of investment sales representatives, volunteering on industry working groups with the objective of eliminating as much paper as possible and automating the transmission of buy and sell orders from the distributor to the manufacturer in real-time, as well as real-time money settlement. I have a unique skill set in that as much as I know and understand the regulations and how to apply them in day-to-day operations, I also know and understand how technology can be used and should be used both from a risk mitigation perspective, but also as a better use of human resources.
With the second half of my career, I moved out of the Canada only, investment and securities verticals, and now provide regulatory consultancy and advisory services, with a focus on AML across multiple jurisdictions within the Payments, FINTECH, MSB, Crypto, and Gaming space.
Q: What is Sentinence’s offering, and who are your customers?
A: Sentinence is a Regulatory Compliance Consultancy and Advisory Service Provider. We build out AML Programs, which includes the writing of custom AML Policies, the accompanying procedures, we offer introductions to third-party technology solutions who provide such things as identity verification and confirmation services, sanctions, and pep watchlist screening, transaction monitoring, and compliance case management. We are also engaged in conducting risk assessments and risk assessment reviews, create and/or conduct AML Training, perform compliance and AML audits and effectiveness reviews, as well as provide outsourced compliance support services.
Our clients come from a variety of business models and typically are within the FINTECH, Payments, MSB, Gaming, Cannabis, and of course all things Crypto, verticals. Jurisdictionally, my clients are primarily US based, although I do provide services to both Canada and the UK and even other jurisdictions when requested.
Q: From your perspective, how has Sanctions Compliance developed over the last 30 years?
A: Oh, good question, Thorsten. As I have said, I have been doing this for a long time. I would say that Sanctions Compliance and the technology used to screen against the variety of watchlists available to us was almost kind of ‘quiet’ for many years. Yes of course, if you are a Chief Compliance Officer, you always ensure that you have implemented a Sanctions and PEP watchlist screening program. However, I feel that significant changes to our world within technology and how we conduct business and specifically how we conduct transactions has evolved so significantly in the last 5-10 years that the world of Sanctions Regulations have had to realign and adapt to those changes, not without growing pains for sure
Q: What has changed in the last 5-10 years?
A: I believe so many things have changed. For instance, there aren’t many left in the industry that have the years of experience I do. The interest in Financial Services (old school terminology, I am dating myself) or FINTECH as a career choice is much more than it was when I first entered the industry. For one, there are so many more women in the FINTECH space than there used to be, which of course, is awesome.
When speaking about the changes within Sanctions compliance, I guess I would say a few things stick out for me.
It could be said that Sanctions Regulations and Sanctions Compliance stagnated for many years. We saw some increase in the application of Sanction compliance about 10 years ago but fines related to non-compliance of Sanctions Regulations has been much more a hot topic in the last 5 years, I would say even more so in the last two years.
Additionally, the FINTECH space is growing exponentially. Compliance as a whole has had to think outside the box in order to adapt to all of the new and exciting business models while still meeting the regulatory regulations and obligations. With new verticals of business under the banner of FINTECH comes some very different cultural, risk and operational characteristics. To address those differences requires the ability to create AML policies and procedures, and Sanctions Screening Programs that can effectively and efficiently meet new demands and risks these new business models can cause.
I also believe that where technology is today has also played a big role in the changes we have seen in Sanctions Compliance. With technological innovation such as the creation and use of AI and machine learning as well as other cutting-edge tools as it relates to algorithms and predictive analysis, we are just so much more capable of extracting the right information as well as the ability to lower the false positive rates we use to see in the Sanctions Screening process. Technology innovation has allowed us to be more efficient in our Sanctions Screening Programs.
We have also seen more Sanctions awareness and Sanctions related news showing up in our social media news feeds in the last couple of years. Whether that is in the form of advisories from regulators notifying us of additional criteria to be added to our Sanctions screening requirements or that heavy fines have been levied for Sanctions Compliance breaches. It can be said that Sanctions Compliance has become a very hot topic and we must adapt to the changes in the market and develop more robust Sanctions Screening Programs that include sophisticated Sanctions Screening Technology tools.
One of the most significant changes in the industry is that of the adoption of Crypto we have seen in the last couple of years. What once was thought to not last long, has proven to be here for the long haul.
Where there is Crypto there is Blockchain technology. Initially, neither was very well understood, dare I say, by the regulators. When the intention and the power of the blockchain was fully understood that the perceived anonymity of a Crypto transaction and, more importantly, of the wallet holder, was actually not true, we began to see that Sanctions Screening changed to include the screening of crypto wallet addresses. Why? Well, when we think about that initial incorrect thought process around crypto, that it allowed for anonymity, we think personal names or personal information being hidden and that those data points were not available to any ‘compliance program or technology solution. However, technology has provided us a means to track wallet addresses and trace their origins and activity, allowing us to apply sanctions to those wallets involved in illicit or nefarious activity.
Crypto and the corresponding technology has also taught us that the identity of an individual is not so black and white as to only consist of someone’s name, physical address, and date of birth. Each AML expert or Compliance Officer is equipped with that investigator component, part of the investigation process is where you are problem-solving, working with what you have at your disposal to solve the problem. How to solve identity requirements in a world of perceived anonymity is the problem to solve. This is where we can use unique identifiers, such as IP Address, Device ID, Device Type, MAC Address, Operating System, Crypto Wallet Address, openly and easily available through a combination of the Blockchain and other technology tools, which then allows for a profile of an individual, or a form of trackable identity which can be created with the data and information you do have. Know Your Customer and Customer Identity may have previously been defined as, and consisted of, the collection of an individual’s name, physical address, and date of birth; but now we need to identify an individual or group of individuals sometimes without those pieces of information, and we have learned, that it is, in fact, possible to do so, simply in a different way.
So how do we conduct customer due diligence when an individual’s name is unknown? As I referenced above, we can create a ‘customer’ profile based on their personal ‘unique ‘identifiers. Through the use of technology we have the ability to identify and track the IP Address of an individual’s mobile and electronic device at the very moment of transacting. We then know if the individual conducting a transaction is sitting in a coffee shop in Manhattan, New York, or are they sitting in their living room in North Korea, a sanctioned country. To go even further, with the ability to track and trace the IP address the individual is operating from, we can now also identify the actual device they are using; is it a MAC, IPHONE, ANDROID, IPAD, Tablet, etc. . Lastly, through the Blockchain, each crypto transaction and the accompanying crypto wallet address can be easily tracked and traced. With these changes to how we are able to identify someone’s activity, where they are physically located and who or how they are transacting with or through what means are they transacting, we now see that the Regulators have also gained this knowledge and have incorporated these details into their advisories of what they expect reporting entities to capture from their customers, and to maintain these unique identifiers referenced above as a means of building a customer profile, and as the customer's electronic record, even though more traditional KYC may not be available.
Q: What are the top 3 challenges you see companies facing and struggling with in Sanctions compliance?
A: I don’t know about a specific number of challenges that companies are facing or struggling with in Sanctions compliance, but here are a few that come to mind.
I think the entire industry is coming to the realization of how ‘hot’ the sanctions topic has become. Every time we scroll through our LinkedIn feed for example, we are seeing yet another company has been hit hard with a significant monetary fine for a breach in their Sanctions program or that a Sanctions program was not present at all, or if a Sanctions program did exist, that it was deficient in its methodology. I think many are struggling to adapt to this Sanctions climate change. The learning curve can be challenging to move from what we once knew to be acceptable to what is now required and expected.
I think many companies may have a Sanctions program in place and have some technology tools in place to conduct sanctions screening, but the deficiencies I have seen are the following: Companies are not monitoring the results of their Sanctions screening process to ensure, for instance, false positives are appropriately vetted to confirm they are real false positives. They are not conducting any kind of testing of the technology solution they use to ensure it is working as it is expected to work, and lastly, they often lack having the right physical human resources in place, whether that be to ensure they have sanctions specific focused staff who hold valuable and targeted Sanctions experience or that their internal or external counsel can adequately address the legalities involved in the duties and responsibilities required in the event of a positive Sanctions hit.”
Q: Can you discuss some of the best practices and standards companies should follow to comply with sanctions laws and regulations?
A: I believe in building a robust Sanctions Program that is customized to the Company’s business model, the geographical location of its customers, and how their customers are expected to use and access the Company’s products and services, in combination with hiring staff who hold valuable Sanctions knowledge and experience combined with a Sanctions Screening Technology solution that is committed to Sanctions Compliance, is paramount to success.
And, no offense, Thorsten, but no matter the technology solution, the technology solution must be audited, and regularly tested, to ensure the technology is performing as expected. You may say, yes of course, Angela, we test our solution here at sanctions.io, which is great, it is what I would hope for, expect even. However, the testing I am speaking of is that your clients should be testing your Sanctions Screening Technology as it relates uniquely and specifically to their business and their customers. Many companies miss this very important aspect of their risk assessment and their effectiveness review process. In the event of a Sanctions breach, it is not the technology provider who will necessarily be held accountable or at least not to the degree a reporting entity will be.
Q: What was the most critical case/project you have had so far? Have you ever had a Sanctions violation case?
A: I work with a variety of lawyers within the space and while specifics of a Sanctions violation case cannot be discussed, the easy answer is yes, it has occurred. Sorting through the legalities involved with a Sanctions Violation or a Sanctions Hit is both stressful and time-sensitive.
Q: How do you see the UBO issue, and what are the best practices you recommend to companies?
A: There is such a disconnect across jurisdictional regulations when it comes to UBO requirements that it is EXTREMELY challenging for reporting entities to keep on top of the requirements, let alone the differences between jurisdictions. We need more work to be done between jurisdictional regulators to streamline access to valid and up-to-date UBO information so reporting entities can meet their regulatory obligations.
I believe ascertaining UBO still requires a lot of manual research, querying the internet, looking for government business registries, cross-checking that information etc. I know there is some technology solutions available, but the conducting of manual investigations is still very much part of the procedure for ascertaining UBO information for many reporting entities. Whenever manual processes exist, it is both time-consuming, cost-deficient, and open to human error, which raises the risk to the entire process and yet it is it is a regulatory requirement, and an extremely important component to a Company’s AML program.
Q: What is the future of sanctions compliance, and what developments can we expect to see in this field?
A: I, unfortunately, am not a fortune teller, although I wish I was (lol). But if what we have seen in the last few months with the US Department of Treasury levying hundreds of thousands of dollars in fines on reporting entities, we know well, like Kraken, and Bittrex for example, I think it is safe to say that now is the time to review your Sanctions Program and take the steps to revise or enhance it.
Your readers can find more information about the dollar values of some of the most recent fines in the US here:
Q: Angela, how do you see the screening software vendors adapt to the upcoming challenges, and what would be your top 3 items you recommend vendors improve on?
A: I think there are some very good Sanctions Screening Technology tools available. I also think the climate change we have seen with Sanctions compliance has raised the bar in an attempt to meet the demand for better tools, to do better in our commitment to doing sanctions screening right. I think Sanctions Screening Software vendors must have their ear to the ground and to ensure they read all of the violations reports from the Department of Treasury because you can learn what is expected from the regulator, what the failures were, and how they could have been avoided and then communicate those details in the discussions you have with your clients. Your clients expect you to be ‘in the know’ as you are providing a service intended to address regulatory obligations, if not you then who?
For compliance in a general sense not solely for Sanctions Screening solutions, I also think software vendors should either have in-house regulatory expertise or engage with someone like myself to provide the much-needed regulatory knowledge and experience necessary to assist you in maintaining your compliance commitment with your clients.
Q: At the end, a more personal question: Can you share some of your hobbies or interests - what do you enjoy other than AML and Sanctions stuff?
A: I love to cook, and I have a love for black-and-white photography. I am a grandmother of one beautiful granddaughter who is the light in my life and keeps me grounded in what sometimes feels like a crazy world of compliance.
Q: Thank you very much, Angela, for your time and for sharing your rich experience. Where can people learn more about Sentinence and your services?
Sentinence and Sanctions.io see great benefit in working together and especially see the benefit for our clients. Sentinence and Sanctions.io have entered into a referral partnership agreement which will provide any client referred to either of our businesses a special discount on the cost of their services.