I recently attended an event on sanctions compliance put on by Quantifind—a leading provider of financial crime intelligence solutions for KYC, sanctions compliance, transaction intelligence and investigations—together with the Rock Center for Corporate Governance at Stanford University. The on- and off-stage discussions—by compliance experts from financial institutions, law firms, tech and e-commerce businesses and the public sector—were wide ranging and very relevant to the current tense geopolitical environment. The keystone of the day was a panel on sanctions compliance featuring speakers from TD Bank, the American Bankers Association, Orrick and Quantifind.

Some of the many themes covered included challenges around responding to regulation, public/private partnerships for AML, and innovations in AML technology.

Challenges in responding to regulation

Several panellists pointed to the proliferation of regulation as a challenge in itself. There are multiple government agencies with jurisdiction over aspects of sanctions compliance—including FincCEN, OFAC and OCC—with supervisory and regulatory approaches that do not always align. For example, FinCEN’s CDD Rule has a beneficial ownership threshold of 25% and above, whereas OFAC has an analogous threshold of 50% and above for assigning blocked status. And of course banks need help from technology in complying with both of these rules.

There is also a gap between the risk-based approach to sanctions condoned by regulators—where FIs and other regulated organizations are allowed to monitor low-risk customers more lightly—and the heavy actions or fines that firms might face if this approach leads them to miss a bad apple. Banks need to be careful not to fall into this gap, and technology can help.

Panellists also pointed to a looming gap that is likely to emerge between sanctions placed by the US and by other jurisdictions. There has been a general harmonization between the sanctions applied by the US and the EU. Under Trump 2.0, there is a distinct possibly that sanctions will start to diverge. E.g., the US is now looking at providing some sanctions relief to Russia; the EU is unlikely to follow suit. For banks operating internationally, this means that sanctions are likely to become yet more complex. Many big banks use highly manual means to manage increasingly complex sanctions lists and again technology can help automate this effort.

Public/private partnerships

Banks would like more feedback from government agencies to improve the accuracy of their AML operations and some optimism was expressed that public private collaboration is increasing. At the same time, more can be done. E.g., the government could analyze the data submitted by FIs to derive risk attributes that would then be shared with the industry. This approach could be used to improve entity risk assessment, as well as to enhance models for AML transaction monitoring and transaction fraud detection. And combining the two—sanctions and transaction monitoring—could help with sanctions evasion.

Unfortunately, the leading initiative in public/private partnering for AML, TMNL (Transaction Monitoring Netherlands), was shut down due to GDPR concerns, illustrating how difficult it has been to get effective data sharing initiatives rolling.

Innovations in AML technology

A key theme of the day was what banks and other regulated entities can do with technology to cope with the challenges posed by increasing regulatory complexity as well as increasing transaction volumes. Digital financial services are leading to rapid growth in transactions, requiring more scale as well as more decision automation—leveraging machine learning—from fraud and AML solutions. As to sanctions specifically, legacy systems are “designed for a simpler time,” as one panellist put it and are not equipped to apply complex predictive analytics to large transaction volumes in real time.

To cope with the expanding demands of today’s transaction environment, banks are turning to scalable, machine learning-enabled software, enriched with features and routines specific to the sanctions screening use case and that can get the balance between false positives and false negatives right.

Getting this balance right is of course needed to help contain costs. But ending on a positive note, Graham Bailey of Quantifind pointed out that a bank that achieves a high degree of accuracy in assessing customer risk can take more customers out of the risky/suspicious pile and thereby increase their volumes of good customers, creating value. This can help risk departments develop a business case that demonstrates the ROI of modernizing sanctions with more scalable, smarter technology.