Navigating the Convergence of Sanctions & AML Regimes

In a recent webinar, leading professionals in sanctions and financial crime risk management convened to discuss the convergence of sanctions and anti-money laundering regimes. The panelists offered insights into how these two sectors have been merging and provided practical advice for professionals to navigate this complex landscape.

Among the distinguished speakers were:

• Lawrence Scheinert, the Acting Deputy Director of the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC)
• Chip Poncy, Global Head of Financial Integrity at K2 Integrity
• Brian Grant, Managing Director and Global Head of Financial Crimes Compliance Operations & Global Head of Sanctions Compliance at MUFG Bank
• Brian O’Toole, Global Head of Sanctions at Wells Fargo, also participated in the discussion.

The event was moderated by Danny McGlynn, the President and Chief Integrity Officer of IFI.

The webinar aimed to demonstrate the convergence of sanctions and anti-money laundering regimes and the importance of breaking departmental silos in jurisdictions and financial institutions and the necessity for a comprehensive, holistic approach to compliance and risk management associated with sanctions and financial crimes.

Convergence Overview

Danny McGlynn began with an overview of the evolution of the convergence of sanctions and financial crimes compliance over the years, which underscored the need for institutions to adapt to the changing landscape. He highlighted how the convergence has been multifaceted and can be broken down into four main areas: targeting of common conduct, reliance on common preconditions, evolution of common compliance program pillars, and emergence of common red flags.

With respect to the targeting of common conduct, McGlynn highlighted how over the past 25 years six criminal activities that are considered money laundering predicate offenses targeted by AML/CFT regimes—terrorism, WMD proliferation, corruption, human rights violations, organized crime, and narcotics trafficking—have increasingly also become conduct targeted by sanctions regimes imposed by the U.S., EU, UK, and UN.

Importance of Breaking Down Silos 

The panelists agreed on the deep link between sanctions and AML/CFT regimes and the importance of breaking down the silos between sanctions and AML/CFT departments in both the public and private sector. This was the key takeaway from the lesson of 9/11. From a threat, vulnerability, and control perspective, convergence of sanctions and AML/CFT is necessary if we’re going to be effective in combating financial crime, advancing collective security, and protecting the integrity of the financial system.

The panelists offered the following specific insights and best practices on breaking down silos:

• ✅ Take a holistic approach: Illicit actors move money in the same ways whether they are the subject of sanctions or part of a money laundering network, and the best way to get at this convergence is through parallel convergence of your own programs in a financial institution. The best practice is to approach financial crimes and sanctions holistically and have your AML and sanctions programs leverage shared services when it comes to investigations.
• ✅ Ensure linkages between AML teams and sanctions teams: For example, if the AML team is going to file a SAR on a sanctions target they should coordinate with the sanctions team, and if the sanctions team is working on customer risk remediation they should coordinate with the financial crimes intelligence team, which typically lives outside the sanctions space. Second, ensure the proper governance models and routines are in place like getting AML and sanctions teams together monthly to talk about emerging risks.
• ✅ Use traditional AML tools to investigate sanctions targets: When OFAC sanctions someone, in addition to banks blocking transactions going forward, it is helpful also to look for any past transactional activity involving the target and identify who else they were transacting with and to identify whether they share common addresses with other companies that haven’t been sanctioned. This kind of diligence can be very helpful to OFAC and other government agencies.

Common Preconditions for Effective Measures

Panelists discussed the common preconditions for effective sanctions and AML/CFT measures, pointing out that protecting the international financial system from criminal abuse by identifying and closing systemic vulnerabilities through heightened transparency measures and accountability has long been an overarching objective of the global AML framework.

At the same time, effective implementation of sanctions policy also requires a transparent and accountable international financial system to enable the identification of sanctioned activities and interests of sanctioned individuals and entities. Achieving such financial transparency and accountability requires effective jurisdictional and institutional implementation of preventive measures—backed by sound supervision and enforcement—as called for by AML/CFT regimes.

With respect to institutional implementation, the panelists cited guidance published by OFAC in 2019—A Framework for OFAC Compliance Commitments—and highlighted that the essential elements of a sanctions compliance program are very similar to the AML program requirements: management commitment, risk assessment, customer due diligence / know your customer (CDD/KYC), internal controls, testing and auditing, and training.

Common Red Flags 

Turning to common red flags that banks and others should be on the lookout for regarding money laundering and sanctions evasion activities, the panel discussed several advisories and alerts that OFAC and FinCEN have issued over the past few years. These alerts have provided examples of red flags that can signal when and how third parties and intermediaries may be engaged in efforts to evade sanctions or export controls. Many of these red flags are the same or similar to longstanding AML-related red flags, demonstrating that AML controls and investigations can be helpful in detecting sanctions evasion and uncovering assets and transactions of designated parties.

On Iran, for example, FinCEN last year issued an advisory focused on sanctioned Iran-backed terrorist organizations like Hamas and Hizballah. The advisory includes case studies and typologies on how they raise and move funds, as well as specific red flags like:

• front companies disguised as general trading companies with unclear business purposes, 
• payments going to third parties in high-risk jurisdictions, and
• shared addresses with other suspicious actors.

OFAC has also issued a series of advisories focused on shipping that have included red flags such as:

• falsifying cargo and vessel documents, 
• turning off the AIS responders, 
• ship-to-ship transfers, and 
• changing vessel names. 

The panel noted that many of the red flags included in these advisories and alerts have been informed by the government’s engagement with the private sector and emphasized the importance of continued cross-sector information-sharing and public-private partnerships.

Detecting Sanctions and Trade Control Evasion 

The panelists emphasized that the biggest problem faced by financial institutions is less about the identification of red flags and the theories behind them and more about having the systems to put them into practice in a repeatable manner. The ability to operationalize red flags in a way to effectively identify and mitigate risk is very difficult, especially at very large financial institutions. The governance and implementation framework is as important or more important than the actual red flags, and regulators reviewing AML and sanctions programs are going to look for consistency of implementation across the enterprise.

The panelists offered the following specific insights and best practices on how to detect potential sanctions and trade control evasion:

• ✅ Focus on AML program fundamentals and apply them robustly across the enterprise: Focus less on the latest typology around the latest threat, as they change and are prioritized differently by different administrations (for example, the new U.S. administration is prioritizing the elimination of cartels over countering Russian oligarchs), and more on understanding and applying the common approaches to sanctions evasion and money laundering shared by threat actors, including:
• the use of shell companies,
• lax or permissive jurisdictions, including those adjacent to high-risk countries, and
• unusual financial activity that doesn’t fit the profile of the customer
• ✅ Maintain your curiosity and a proactive investigative mindset: Rather than passively relying on transactions monitoring and sanctions screening to detect suspicious or sanctionable activity, you must go out and look for it. Utilize global and complex investigations units to proactively identify potential illicit activity, including by leveraging open-source information and third-party vendors (e.g. Kharon) and NGOs (e.g. C4ADS) to sharpen the focus of investigative inquiries.
• ✅ Take advantage of specialized training programs: For example, IFI’s Certified Risk Management Specialist in Russia Sanctions (CRMS-RS) Program has been designed and delivered in partnership with the U.S. State Department to jurisdictional authorities, financial institutions, and other vulnerable industries in over 30 countries. The program includes fact pattern scenarios and transaction alert exercises that allow candidates to practice identifying and mitigating sanctions and trade control risks based on real-world scenarios that participants are likely to encounter in undertaking their professional duties.

Other Key Takeaways and Advice 

• Ask “why are we doing this?” Often there’s a tendency to overlook why we do this. It’s important to take a step back and constructively question “why are we doing this?” Not just “are we doing this the right way,” but “do we need to do this?” The short answer is because we’ve learned the hard way that if we don’t do this then literally our collective security is at stake. The “why” in this question of convergence of AML and sanctions has moved from producing information that’s useful for law enforcement to catch money launderers to convergence with national and collective security to have information available to intelligence services, to counterterrorism services, to a much more systemic approach of protecting the integrity of the financial system. The importance of this has grown with the complexity of the world that we live in and the challenges our governments and competent authorities have in keeping us safe, and to do that we must implement what is a difficult task of AML/sanctions convergence.
• Develop a framework for managing risk. Don’t “wing it.” Come up with a written framework you can execute consistently to understand what your risk is and how you’re going to assess and manage risks and issues that arise. Structure your program in a way to allow you to consistently make decisions that mitigate and manage risk for your institution.
• Mitigate export control risk through a holistic compliance program. Rather than focusing primarily on screening payments in real time across export control lists, which were not designed for screening, the best way from a public and private sector perspective to get after this risk is through a holistic approach that includes incorporating red flags, utilizing open-source information to proactively look for potential channels of risk, and enhancing customer due diligence.
• Embrace innovative compliance solutions. Experiment with new and novel ways to overcome challenges and more effectively identify and mitigate financial crime and sanctions risks. Share outcomes and lessons learned across industry and sectors.
• Make financial integrity work for you. If you’re a government, don’t focus solely on how to get great scores on your next FATF assessment. Instead, focus on the things that keep your society in a position of risk, and how you can use the financial integrity regime of AML/CFT convergence with sanctions to address those risks in ways that make us safer. If you’re in the private sector, rather than viewing risk and compliance as a cost of doing business, view it as a financial integrity program designed to allow you to compete in markets you otherwise couldn’t and that can help grow your business.