What are Sanctions Lists and PEP Screenings?
Sanctions lists are maintained by regulators, law enforcement agencies, and organizations like the UN to prevent and detect illegal activity. These activities include terror financing, the proliferation of weapons of mass destruction, and other activities considered a threat to national security. Sanctions screening is an essential process for businesses - especially given the hefty penalties for committing sanctions violations.
For example, Office of Foreign Assets Control (OFAC) publishes a list with traffickers, terrorists, and other individuals that are forbidden from conducting business in the US. Firms must perform a sanctions screening against this list when onboarding a new customer to ensure that a customer is not prohibited from certain activities or industries.
PEPs, or politically exposed persons, are individuals who hold or have held a government position, military officials, senior executives of government-owned corporations, and senior politicians or high-ranking political party officials.
A PEP screening is a required step in the Know your Customer process because it gives a business insight into the risk of a potential customer. Public figures may have influence and oversight of government contracts, so there are additional due diligence requirements to ensure they are not engaging in corrupt activities.
The US Patriot Act prohibits any organization from working with someone on a sanctions list such as the one published by OFAC. The European Union also has stringent know your customer requirements and requires additional due diligence for individuals from high-risk countries.
A financial institution must file a suspicious Activity Report (SAR) within 30 days of becoming aware of any suspected insider abuse or money laundering. Federal laws also require that a currency transaction report (CTR) be filed for any transaction over $10,000 that is conducted by one person, as well as multiple transactions that add up to $10,000 in one day.
If a business fails to identify PEPs or breaches rules regarding individuals on sanctions lists, they can be subject to substantial fines and penalties. Below are five recent examples of businesses that have had costly penalties due to non-compliance.
BNP Paribas was recently fined $15 million by the Financial Industry Regulatory Authority (FINRA) for failure to develop a sufficient anti-money laundering program. They did not have procedures in place to detect suspicious wire transfer or penny stock activity.
FINRA’s investigation found that from February 2013 to March 2017, BNP had no written AML program that could reasonably be able to detect suspicious or illegal activities occurring within the penny stock deposit and wire transfer space.
Similarly, FINRA found that their oversight of AML and know your customer was significantly insufficient and those departments were understaffed. For example, BNP Paribas processed over 70,000 wire transfers in two years but only had one investigator available to review alerts. They also did not include any oversight or surveillance of suspicious penny stock activity until after 2016.
In 2015, Barclays PLC was fined over $2.8 billion by the Financial Conduct Authority for failing to have appropriate anti-money laundering controls when dealing with high net worth clients.
British authorities found that not only did they fail to minimize risk around their structured banking products, but also promised to keep their clients' identities hidden. Documents that were related to these deals were locked in a secret safe that most employees did not even know existed.
They intentionally applied a lower level of due diligence than would normally be required, especially since many of these customers were PEPs and should have had more stringent screening requirements. Barclays only relied on an internet search to check the clients’ sources of wealth and did not complete the appropriate screenings.
The individuals involved with this noncompliance went to extreme lengths to accommodate these clients. Many of the compliance staff named on the approval forms claimed to have never given their approval or signed documents.
Just last year, UBS in Switzerland was fined $5.1 billion for failing to comply with AML requirements. The French criminal court ordered this fine after discovering that UBS was breaching AML regulations and helping wealthy clients evade tax authorities.
This is one of the largest fines on record that has been a result of failing to comply with anti-money laundering regulations, and the court went on to convict the bank with charges of aggravated money laundering from the proceeds of tax fraud. There were also claims of illegal bank soliciting.
UniCredit, a German bank operating in New York, was ordered to pay $1.3 billion in penalties and fines for laundering almost $7 billion through the US financial system. UniCredit pleaded guilty to charges that they allowed Iranian customers to conduct businesses that violated sanctions against them.
They rigged their computer systems to get around US regulations and had their compliance officers change systems so that customers from sanctioned countries like Iran, Libya, and Cuba would not be reported to government regulators.
Bank employees were even instructed not to use any names that could be found on a sanction list, as well as to strip the name of Iranian vessels from internal documents.
In 2016, Raymond James was fined $17 million for widespread AML compliance failures. FINRA found that their AML processes did not match the growth seen in the business, and only relied on a “patchwork” of systems to detect suspicious and illegal activity.
This lack of know your customer processes caused them to miss important red flags, including suspicious wire transfers to Panamanian bank accounts for a supposed banana shipment. They also failed to perform mandatory due diligence reviews on the foreign financial firms they provided services to.