Insights - Pythagoras Solutions

The Ultimate Compliance Check for Companies

Written by Christine Winkler | Jun 19, 2023 7:59:00 AM

In our fast-paced and globalized world, companies must always stay up-to-date to avoid legal troubles. This includes monitoring sanctions lists and anti-terrorism lists. These lists are created by government agencies and contain names of individuals or organizations associated with specific criminal activities. The control of sanctions and anti-terrorism lists has become essential for companies.

Here are some tips on how to effectively manage this task:

 

The importance of sanctions lists and anti-terrorism lists

Government agencies create these lists, which include names of individuals or organizations associated with crimes such as terrorism, money laundering, arms trafficking, human rights violations, and other legal violations, such as trade agreements, embargoes, export controls, sanctions regimes, and financial regulations.

Sanctions lists and anti-terrorism lists are undoubtedly of great importance for companies. While it can be challenging to comply with all regulations, it is essential to engage intensively with these lists and stay updated. Strict compliance with these lists is crucial to avoid legal consequences and ensure the security and integrity of business practices.

Global counterterrorism through sanctions

Sanctions lists are published by government agencies to identify individuals, companies, and organizations involved in illegal activities or whose behavior threatens national security. As a result, anti-terrorism lists aim to capture individuals, companies, and organizations associated with terrorism.

Some of the most well-known sanctions lists include the “Specially Designated Nationals and Blocked Persons List” (SDN List) by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), the “United Nations Security Council Consolidated List” (UNSCCL) by the UN Security Council, and the “European Union Sanctions List” (EUSL) by the EU.

There are two types of lists. On the one hand, there are “pure” anti-terrorism lists, such as the European Union Terrorism Sanctions List. This list focuses exclusively on the identification and sanctioning of individuals and organizations associated with terrorist activities.

On the other hand, there are lists like the SDN list, which cover both terrorism-related sanctions measures and other sanctioned activities. The SDN List functions as a hybrid list, acting as both a sanctions and anti-terrorism list. It is maintained by the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) and includes both UN-sanctioned measures and Presidential authorization orders.

The main objectives of OFAC’s sanctioning policy are counterterrorism, combating drug trafficking, preventing the proliferation of weapons of mass destruction, and compliance with international embargoes. The OFAC website provides an up-to-date version of the sanctions list, which currently includes tens of thousands of records.

 

Dynamic Sanctions Policy of the European Union

The EU also pursues a comprehensive sanctions policy and maintains its own sanctions lists. These lists contain names of individuals and organizations associated with specific crimes, such as involvement or planning of terrorist acts, direct commission of terrorist acts, human rights violations, non-state actors acting against the internationally recognized monopoly on the use of force in the Syrian civil war, or militant groups maintaining operations in the Yemen conflict.

An essential feature of EU sanctions is that the objectives of the sanctions and the steps the recipient must take to lift the EU sanctions are clearly defined in the specific measures. In contrast, U.S. sanctions are indefinite and remain in effect until a decision is made to lift them.

The regular reviews conducted by the EU mean that companies must monitor the EU sanctions system more frequently than the U.S. system. This makes the EU’s sanctions policy more dynamic but also requires closer and more frequent monitoring by companies to respond to the regular reviews.

Which companies in Switzerland must comply with the rules?

Many companies such as banks, insurance companies, asset managers and other financial intermediaries wishing to operate in Switzerland must obtain a FINMA licence. FINMA is the supervisory authority for the Swiss financial market and its authorisation is effectively the entry ticket to the financial market.

Obtaining and maintaining a FINMA licence requires strict compliance with sanctions lists and anti-terrorism lists. Financial institutions must demonstrate full compliance with applicable sanctions and counter-terrorism regulations. This includes identifying and monitoring individuals, entities and organisations on these lists and implementing appropriate control and monitoring measures to ensure that no business is conducted with sanctioned parties.

FINMA monitors licensed financial institutions on an ongoing basis and attaches great importance to adherence to these compliance requirements. A breach of the sanctions lists and anti-terrorism lists can have serious consequences, including the withdrawal of the FINMA licence and possibly even legal consequences. Therefore, this comprehensive compliance with these requirements is of utmost importance in order to obtain and retain the FINMA authorisation.

FINMA authorisation ensures that financial institutions meet certain minimum standards and requirements to ensure the stability and integrity of the Swiss financial system. Comprehensive compliance with sanctions lists, anti-terrorism lists and Know Your Customer (KYC), Anti-Money Laundering (AML) and Prevention of Terrorist Financing (AMS) regulations is an essential part of these requirements. This comprehensive compliance framework is designed to minimise the risk of money laundering, terrorist financing and other illegal activities.

Who in the company has to audit?

First of all – the management is always in focus and bears the responsibility. However, other departments such as purchasing, finance, human resources, marketing and sales are also involved in the compliance process and can be held accountable.

In view of this, most companies above a certain size have a compliance officer or manager who centrally manages the compliance processes. This compliance officer is responsible for developing, implementing and monitoring policies and procedures to comply with legal requirements and internal company rules.

By centrally coordinating compliance efforts, the compliance officer can ensure that all relevant departments are adequately trained, compliance risks are identified and reported, and appropriate measures are taken to ensure compliance when needed. In this way, the compliance culture in the company is promoted and the risk of violations and sanctions is minimised.

How can you protect your company from penalties?

In order to avoid serious fines and devastating consequences such as the withdrawal of FINMA authorisation or investigations by national and international authorities, and to keep business standards appropriately high, it is essential to check sanctions lists and anti-terror lists.

To perform this review at a sufficiently high level, you need to regularly reconcile your entire customer and supplier database with the constantly changing sanctions and anti-terror lists.

However, this constant reconciliation is not an easy task. It is extremely difficult to do manually, as the lists range from hundreds of thousands to millions of names and are updated regularly. In addition, companies often have to search in several languages and spellings, as the lists are not always available in the respective native language. The larger one’s own customer and partner database is, the more difficult it becomes to match the reference data in order to identify the dreaded “hits” and document them in compliance with the rules, as well as to report them to the authorities if necessary.

Therefore, the only safe and efficient option is a compliance software solution. This solution is more accurate and scalable as it is specifically designed to check and match data against sanctions lists. Such software facilitates reconciliation, reduces human error and allows for timely and complete verification of large amounts of data.

Using a compliance software solution ensures an effective and legally compliant review of sanctions and anti-terrorism lists, minimises the risk of violations and enables companies to meet regulatory requirements.

Here are some tips on how to manage this task effectively:

  1. Regularly keep up to date with the current version of various lists and carry out thorough checks. Pay particular attention to personal names and possible variant spellings such as aliases.
  2. Compare your client data with the lists of names. A phonetic search can be helpful in identifying potential risks.
  3. Inform your staff that non-compliance with regulations is strictly prohibited and subject to severe sanctions.
  4. Establish response plans in the event of a hit. Define clear courses of action and responsibilities.
  5. Document the decisions made in an audit-proof manner and in compliance with data protection. Ensure that all relevant information is recorded.
  6. Define review and decision-making processes and clear procedures. Determine who is responsible for the review and how decisions are to be made.

Which lists are authoritative references?

1 OFAC Sanctions

 The Office of Foreign Assets Control (OFAC) is an agency of the US Department of the Treasury responsible for imposing sanctions under US law. OFAC sanctions serve the national security and foreign policy of the United States. They aim to curb certain activities that threaten national security, such as terrorism, proliferation of weapons of mass destruction, drug trafficking and human rights abuses. The sanctions target specific countries, individuals, companies and organisations involved in these activities.

There are a variety of OFAC sanctions programmes, including the Specially Designated Nationals (SDN) list and the Sectoral Sanctions Identifications (SSI) list. It is estimated that there are thousands of entries on the OFAC sanctions lists.

A distinctive feature of OFAC sanctions is their extraterritorial application, meaning that they can apply to non-US persons and entities if their activities adversely affect the interests of the United States.

2 EU Sanctions

The European Union has the power to impose sanctions under the Common Foreign and Security Policy (CFSP). EU sanctions are designed to achieve specific objectives, such as the promotion of peace, stability and human rights. Sanctions can be imposed on countries, individuals, companies or organisations that violate international standards or pose a threat to security.

There are various EU sanctions programmes that focus on different areas, such as terrorism, arms trafficking, human rights violations or non-proliferation of weapons of mass destruction. The number of EU sanctions varies depending on the situation, but there are hundreds of entries on the EU sanctions lists.

A unique feature of EU sanctions is their application within member states, which means that all EU members are obliged to implement and enforce the sanctions.

3 UN sanctions

UN sanctions derive from UN Security Council resolutions, which member states must implement by enacting appropriate national legislation. It is the responsibility of states to comply with UN Security Council resolutions. However, they are not directly binding on individuals or companies.

As the UN has limited possibilities to force states to comply with sanctions according to UN Security Council resolutions, some states do not always fully or partially implement these relevant resolutions.

Protect yourself against legal consequences

In summary, sanctions lists and counterterrorism lists are critical for companies to meet compliance requirements and avoid legal consequences.

OFAC sanctions, imposed by the US Treasury Department’s Office of Foreign Assets Control (OFAC), aim to combat activities that threaten US national security.

EU sanctions, imposed under the Common Foreign and Security Policy (CFSP), are aimed at promoting peace, stability and human rights.

UN sanctions derive from UN Security Council resolutions and require implementation by member states.

Monitoring and complying with these and other lists is an essential part of doing business, especially for companies that require a FINMA licence in Switzerland. Given the constant updating of sanctions lists and the need to efficiently reconcile large amounts of data, manual processes are reaching their limits. Companies therefore need a compliance software solution specifically designed to check and reconcile data against the sanctions and anti-terror lists.