The level at which global organisations are failing to flag sanction breaches or are being fined for sanctions violations says a lot about the understanding of due diligence and screening in compliance. There appears to be a misunderstanding between the two processes used to monitor and track compliance in third parties against sanction breaches or risks associated with sanctions.
Although most organisations no longer view third party due diligence as a check-the-box requirement for the business, many assume that screening against multiple databases equates to due diligence on a target. Understanding how screening differs from enhanced due diligence provides a baseline on which organisations can choose the right compliance tools to identify, track, monitor and manage sanctions-related risks.
Compliance and integrity risk management is no longer check-the-box, or one size fits all process because every risk presents itself differently based among other things, business size, industry, business activities, product lines and markets.
Risks associated with sanctioned countries, entities and individuals
There are numerous risks associated with doing business with sanctioned countries, entities and individuals. Apart from the heavy fines that regulators may impose on erring organisations, transacting with sanctioned parties may ruin brand names and reputation, as well as result in lost revenue should authorities impose trade restrictions on transgressors. It’s therefore vitally important to understand some of the common risks associated with sanctions, as well as being aware of what constitutes sanctions.
Generally, international sanctions that organisations may encounter during business activities are a result of political or economic reasons: to protect national security interests, protect international law, or to defend international peace and security.
Recent high-profile prosecutions involved organisations who violated regulations involving: Export Controls, Fraud and Money Laundering, and Terrorism Financing. In some cases, the transgressor was not directly responsible and in one case, the organisation even conducted screening on their business partner but was not able to identify it as a sanctioned entity.
It’s very likely that during your risk assessment review process, you will encounter sanctioned Politically Exposed Persons or State-Owned Entities trading in restricted products under Export Controls or are scrupulously channelling their financial proceeds to fund terrorism activities or groups. This is inherently common in countries like Iran, North Korea and Venezuela. Thus, you need to be aware of such issues especially in certain regions to ensure that you don’t get penalised for knowingly or unknowingly engaging in business dealings with sanctioned parties.
5 Things to consider when checking sanctioned partners
Identifying sanctioned parties can be challenging especially for organisations with business interests spread across different global locations and industries. For this reason, you need to have a strong global partner monitoring and review mechanism to ensure you are not doing business with sanctioned parties. Official lists of sanctioned parties are often updated irregularly, meaning that screening is simply a snapshot in time of a database, while enhanced due diligence contains research and analysis for a period of time up to the day of submission.
To ascertain and validate the status of your partners especially in high risk regions, there are key items to consider when checking whether your partner is sanctioned or may be engaging in business dealings with sanctioned parties:
- Implement a risk-based approach: Different partners present different risks thus it is advantageous to build and implement a risk-based screening process depending on the work that the target is doing for you. For instance, certain products and industries like defence, shipping and technology hardware, present a higher risk of sanction breaches. Understanding your risk exposure to sanctions will help you identify and mitigate the risks early. Undertake regular risk assessments to identify areas where you could be open to sanction-related risks, including whether any of your partners may increase your risk exposure.
- Enrol partners in high risk regions to ongoing monitoring and screening: Regular screening of your partners against a database will help you to flag partners that may have been recently added to international sanctions lists, blacklists or watchlists. Screening your partners against a database is just one of the several ways you can have oversight on your partners’ activities as databases are regularly updated. For instance, The Red Flag Group® IntegraWatch® | Compliance Screening has the most up-to-date information regarding heightened-risk individuals, countries and entities in a unified database that is constantly updated to ensure that users minimise costly legal, financial, and reputational damage.
- Perform regular renewal due diligence: Many organisations currently opt for a three- or four-year renewal cycle on third party due diligence to balance costs and risk exposure. Regular renewal due diligence can be performed at different levels: from simple screening and media research to enhanced due diligence for in-depth research and analysis depending on the potential risks your partners present to you. A third party may not present any risks during onboarding but ownership changes or operational changes over time may result in their involvement with sanctioned entities or trading in restricted products. Whether you perform renewal due diligence at a prescribed time or conduct ongoing monitoring, it should be proportionate to the risks presented. Your third-party compliance programme should be agile enough to upgrade or downgrade the scope of work as needed to effectively manage risks.
- Certify your partners and audit their compliance programmes: Conduct periodic on-site compliance audits on your key partners to ensure that they fully adhere to your policies and procedures. Your partners should certify that they have a compliance programme that aligns to yours and meets internationally recommended requirements. On-site compliance audits may include a review of your partner’s compliance programme, training modules, risk handling and escalation processes and any changes to business activities or ownership. Such audits could be outsourced to The Red Flag Group® to make the best use of your time and cost down on low-end administrative tasks.
- Use multiple platforms to monitor and track your third parties: Identifying sanctions requires more than a single risk management solution. It’s highly recommended that you consider a combination of multiple platforms to ensure effective and thorough screening and background checks on partners that may expose you to risks. For instance, you can run regular database screening and trigger due diligence on partners that get flagged during screening.
IntegraWatch® | Compliance Screening
We can help
Visit our website www.redflaggroup.com to learn more about due diligence products and solutions or email us at: firstname.lastname@example.org for a full range of our IntegraCheck® | Integrity Due Diligence suite.