Sign in Subscribe
By Zahn Alimbay

How good is your sanctions compliance program?

How good is your sanctions compliance program?

On the 2nd anniversary of Russian aggression against Ukraine, the US, UK, EU and other countries have passed a new round of sanctions, including sanctioning more than 850 targets in Russia and around the world. Failure to implement a robust sanctions compliance program can open organisations to significant financial, regulatory and reputational exposure.

Is your sanctions compliance program fit for purpose?   

 Understanding Risks.

Sanctions compliance is one of the most complex regulatory areas, and it’s essential to get it right. Start with understanding your risks and regulatory exposure – the “Who”, “What”, “Why”, and “Where” of your international trade.

  • Third parties: Who are your counterparts? Screen your counterparts, their owners, directors and senior executives against sanction designations and lists of blocked persons.
  • Transaction: What are you supplying or buying? Are any of those products and services controlled or restricted? Do you need a licence or export permit? What is the transaction currency? Check end-use, end-user and end-destination.
  • Geographical footprint: Where are you based, and where are your counterparts based? Identify Jurisdictional Reach – the US, UK, and EU are all extra-territorial regimes.
  • Who is involved: Who are the persons involved, their nationalities and place of residence? They are all subject to their nations’ own sanctions regimes.
  • Know your supply chain: Do you know the source of origin of your products or raw materials? Supply chain due diligence is not only about product quality but also about who, where, and how the product in question was produced.

Due Diligence.

Third-party due diligence is critical to an organisation’s ability to prevent problems down the line. While many organisations screen their counterparts for sanctions and conduct issues, what you do with that information matters. Not all risks are equal. Effective due diligence can give organisations sufficient information to devise a control plan to manage risks throughout the lifespan of third party engagement.

These are key considerations in designing your DD process:

  • Is the scope of your due diligence driven by the risks associated with the third party, industry, nature of the transaction, and geographical footprint?
  • Know your third party. Screen third parties, their ultimate beneficial owners, directors and executives: Screening platforms, open source and public records. Understand the ownership structure.  Does the screening return any Red Flags?
  • Consider the risks associated with the Red Flags – are those relevant? What exposure can these risks represent for your organisation? Apply enhanced due diligence when appropriate. Engage business and operational teams on the ground – they can visit the location and check how the counterpart operates.
  • Devise risk mitigation: contractual safeguards, risk control plan, heightened ongoing monitoring and risk-based audits. Consider the frequency of re-screening. All these can help to manage the risks. Key principle: apply heightened scrutiny to higher-risk third parties and transactions.
  • Ensure your business monitors the performance and escalates any compliance issues as they occur. Internal controls and detection tools are essential to identify and deal with the issues in a timely manner.
  • No corporate misconduct occurs in the dark of the night. Speak Up is an essential detection mechanism. But it only works when employees feel psychologically safe to take an interpersonal risk and Speak Up. Organisations need to Listen and Follow Up.

Ongoing Monitoring

Management of third-party risks does not end with due diligence. It’s just the beginning. The key to effective management of sanctions risks is post-engagement ongoing monitoring.  

  • Use the outcomes of pre-engagement due diligence to define the level of ongoing monitoring.
  • Ensure ownership, roles and responsibilities are assigned. Relationship owners are best positioned to oversee third-party ethical practices. Train them and help them spot red flags.
  • Compliance is another business KPI. Include in the management reporting and escalation process.
  • The Plan-Do-Check-Act approach builds a sound basis for a systematic approach to problem-solving and continuous improvement. If non-conformity is identified, ensure the issue is escalated and investigated. Use root-cause analysis to drive system improvements. Remedial actions are to be tracked and completed promptly.

Ongoing monitoring allows us to close the feedback loop, which starts with pre-engagement due diligence. It gives you a 360 view of third-party relationships.

 Managing Risks in Supply Chain.

Sanctions and export control violations, money laundering and tax evasion, bribery and corruption and modern slavery and child labour risks might be hidden deep in your supply chain. With ever-increasing geopolitical risks and regulatory scrutiny, knowing your supply chain is essential.  

  • Assess risks associated with industry, transactions, third parties and geographical footprint. Look through the entire value chain.
  • Risk profile frames the scope of Due diligence.
  • Do you know all the players in your supply chain? Run third party due diligence on each of them. Map the connections.
  • Supplier workforce: Understand the risks around human rights violations, use of forced and child labour.
  • Know your original source of supply and where products and raw materials are coming from. Assess the risk of the use of conflict minerals.
  • Factor in ESG Considerations: environmental and ethical business practices.

Sanctions screening and due diligence are critical to an organisation’s ability to identify and assess third-party risks. Collected data helps frame risk control measures, enhance internal monitoring processes, and detect potential non-compliance.

 If you would like to have a further discussion on any of the above, please get in touch. I will be happy to help.

See you in two weeks!

Comhla Intelligent Compliance

At Comhla, we are driven by a mission to revolutionise the way organisations approach compliance and misconduct prevention. By leveraging our in-depth governance, compliance and internal control expertise, actionable data insights and cutting-edge applied research in organisational science, we help our customers build effective regulatory and compliance management to safeguard their license to operate, protect the bottom line and enhance reputation as responsible businesses.

Follow us on LinkedIn: https://www.linkedin.com/company/comhlaic 

Learn More https://comhla.co

We aim to publish once a fortnight.  The information provided in this newsletter is not intended to and does not render legal, accounting, tax, or other professional advice or services.

Subscribe to Breaking the Mould

Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe