The war in Ukraine has underscored how quickly sanction and PEPs lists can change. Since 2022, the US, UK, EU, Australia, Japan and Canada have imposed over 16,500 sanctions on Russia, according to the BBC. The current turbulent geopolitical scene means financial services firms need to be ready for regular, and often sudden, changes to PEPs and sanction lists. FinTech Global recently spoke to several industry players to ask whether financial institutions are keeping up with the modern sanction/PEPs landscape.
A recent study from IFA Magazine paints a worrying picture of the current state of sanction/PEPs screening. It found a drastic reduction in sanctions screening, with only 25% of firms consistently checking new customers against sanctions or politically exposed person (PEPs) lists. This figure represents a significant decline from last year’s 73%, highlighting a worrying trend of complacency in compliance practices.
Remonda Kirketerp-Møller, founder and CEO at client onboarding technology developer Muinmos, said, “Financial institutions often struggle to keep up with sanctions and PEPs lists due to their dynamic nature. The frequent updates, the broad scope of jurisdictions involved, and the complexity of interpreting the listings make it challenging for institutions to ensure compliance consistently. The rapid pace at which these lists can change, often in response to geopolitical events, requires institutions to have agile and responsive compliance processes in place.”
This is not to say that the capability to keep pace is not there. Holly Sais Phillippi, the CEO of AML compliance and fraud management platform Alessa, believes that firms have the potential to keep up with the quick pace of sanction/PEPs, but they just don’t have the budget for it. She said, “With the right resources compliance professionals are more than capable of keeping up with changes to sanction and PEP lists. But what we are finding when we talk with teams of almost any size is that they simply do not have the resources. This is not surprising given the budget cuts taking place across the board, couple that with the always evolving sanctions. It’s simply become too much to try and tackle with limited resources.”
The response of the financial services space in relation to the current state of sanction/PEPs lists could show that firms are lacking the resources to adapt. A report from SmartSearch found that just 36% of challenger banks have updated their procedures for PEPs and sanctions screening post the Ukraine conflict. Incumbent banks fared a little better at 40%.
Given the lack of change in strategies, it is no surprise that firms are failing to effectively comply with related regulations. Ted Datta – Senior Director and Head of Financial Crime Compliance Practice, Europe, Africa & Americas at global integrated risk assessment firm Moody’s Analytics, said, “We’ve seen major banks fall afoul of sanctions regulation already in 2024. Banks are constantly looking to keep pace with new sanction regimes, but unfortunately so are the bad actors. The methods the latter use for overcoming sanctions present more of a threat to banks than the sanctions themselves. Indeed, Sanctions alerts for Moody’s clients rose from about 3 million in 2017 to more than 58 million in 2023, emphasising the scale of the issue.”
Bradley Elliot, CEO at single view AML compliance platform RelyComply, felt a little differently about the current situation. He believes firms are much better placed to handle sanctions lists, but they are much less capable when it comes to identifying PEPs.
Elliot said, “While sanctions data is relatively universal and standardised, PEP data is far more complex, given that identifying PEPs requires a combination of public, third-party, and first-hand research data. Financial institutions rely on their watchlist providers to ensure this data is thorough and robust.”
What makes identifying a PEP so much harder than someone on a sanction list is the wider net that is cast for a PEP. To be classed as a PEP, according to the Law Society, someone has to be appointed by a community institution, an international body or a state to a high-profile position within the last 12 months. But someone could also be a PEP by association, through marriage or relation. Making it even tougher, each country has their own classification of what constitutes as a PEP, leaving a tough landscape for compliance teams to navigate through.
The UK recently made a notable change to its PEPs regulation. Its change means that individuals in the UK, who hold prominent public roles within the UK government, are now distinguished from their foreign counterparts. Through this domestic PEPs will have a presumption of lower risk associated with domestic PEPs. The move was made after some Members of Parliament highlighted the overly stringent requirements that occasionally led to UK politicians and their relatives being denied essential financial services.
As sanction/PEPs lists continue to become more complex, it seems technology will be the only real option to keep pace. Ben Lachenal, Enterprise Account Manager at FullCircl, noted that the post-COVID world has seen an increased eagerness from financial institutions to bolster their flexibility to keep pace with the changing sanction/PEPs lists through technology. He said, “Whilst manual interaction still plays a key part in monitoring changes to these lists, there has been increased use of technology to assist FI’s in responding to changes. The difficulty that many FI’s still have, in particular global organisations who rely on legacy systems, is ensuring that all parts of the business are trained to effectively use technology to their advantage.”
How to stay on top of the lists
To ensure that firms are not making mistakes related to their sanction/PEPs compliance, they need to be conducting ongoing screening. This will give them the peace of mind that they are instantly capturing any change in someone’s risk profile. Traditional monitoring processes are not frequent and conducted at regular intervals, whether that is monthly or annually. However, someone can be added to a sanctions or PEPs list relatively quickly. This could lead to a scenario where a firm unwittingly engages with a high-risk individual for months before they are alerted to the change.
In Smartsearch’s latest annual survey, it found that a staggering 92% of regulated firms have been identified as not conducting daily customer due diligence (CDD). The company’s managing director, Martin Cheek, noted that a daily screening are vital to keep a firm up-to-date with PEPs/sanctions lists.
The only way to enable a daily screening system is to have a sizable team that can cope or implement technology. The cheapest and most efficient route of these options is technology.
Greg Watson, CEO of end-to-end intelligent compliance platform Napier AI, says, “While financial institutions have been investing time and effort into anti-money laundering (AML) programmes, the efforts have been focused on the wrong pillar of AML. Manual processes at initial onboarding and throughout the customer lifecycle make it nearly impossible to understand the underlying risk and how it changes over time. It is essential that banks take a leap forward in terms of their sanctions processes and technology.”
However, implementing a system that can continuously monitor for changes is not easy and will require new technology. According to Richard Quick, Product Manager at Napier AI, “NextGen Client Screening for Sanctions and PEPs lists is about overcoming all the constraints of legacy systems and processes.”
One of the technologies that has gathered a lot of excitement over the past few years is artificial intelligence. With the technology’s ability to sift through masses of data and generate meaningful insights, it could be a great tool in helping firms keep up with the need for ongoing screening.
Laura Hadfield, anti-money laundering SME at client experience and lifecycle management platform Qkvin said, “Traditional periodic checks cannot keep pace with the frequent updates to PEPs and sanction lists, making AI-driven ongoing screening a necessity for financial institutions and allowing institutions to keep up to date with geopolitical changes. A modern screening solution needs to incorporate configurable checks, thresholds and frequency, to cater to evolving requirements and streamline workflows based on low and high-risk scenarios. By utilising AI and ML-based screening solutions, institutions are better able to take appropriate action in accordance with their own risk policies and regulations.”
However, that is not to say AI is the only solution to this problem. FullyCircl’s Lachenal said, “Whilst AI is poised to become a key part in compliance, there are still limitations to artificial intelligence, meaning that FI’s shouldn’t use it solely in their due diligence efforts. Regtech in relation to sanction/PEPs lists has come on leaps and bounds in the past decade, with automated monitoring and case management systems becoming the norm for assisting businesses in keeping track of changes to lists and therefore, their customers.”
Sharing a similar sentiment, RelyComply’s Elliot doesn’t see AI as the secret solution that can save the day, instead it is part of the solution. He said, “The use of AI in watchlist data isn’t broadly applicable. However, some machine learning processes can facilitate contextualising and gathering public data on PEPs where machine learning (“AI”) can assist in the matching of customer data against watchlist data, which reduces the number of false positive alerts generated, thereby freeing up compliance personnel to focus on those alerts that are genuine and pose the highest risk.”
The notion that AI only plays a small role in monitoring of PEPs/sanctions lists was common with most of the respondents. Moody’s Analytics’ Datta noted that AI will help to streamline the compliance processes but is not the only solution for sanctions detections. Part of this is building organisational data infrastructure that would allow firms to screen sanctions and easily launch investigations.
Alessa’s Sais Phillippi shared this opinion, highlighting that impressive developments are underway in how AI can impact the workloads, but there are other pieces of technology that can also help reduce manual efforts and are easier to implement.
Sais Phillippi said, “It is not the only way and there are several aspects of technology in the market today that can be leveraged to lower manual efforts by compliance teams out of the box. I think firms should be direct with their providers and ask for ROI metrics around this specific topic as at the end of the day whether it be using progressive technology platforms or AI the end goal is to help firms reduce the manual effort while ensuring a strong compliance program to protect their organization and the ROI needs to be there for any solution. “
Finally, financial crime compliance experts at Napier AI also noted that AI on its own is not the solution. Contextual name matching, real-time screening with multi configurations, and automation powered by explainable AI, all weaved into a low-code environment will minimise false positives and negatives, while improving operational efficiency. An integrated sandbox allows users to test rule sets and configurations using real data, to ensure optimum results before deploying live, and avoiding any unanticipated customer impact.
“These best practices listed in Napier AI’s guide on Sharpening Sanctions Compliance with Next-gen Client Screening not just ensure accurate compliance, but help financial institutions generate new revenue streams and enhance customer experience.”
Keep up with all the latest FinTech news here.
Copyright © 2024 FinTech Global
Copyright © 2018 RegTech Analyst
