The Financial Times headline is damaging enough by itself: “Iran used Lloyds and Santander accounts to evade sanctions”.
This is exactly the sort of high-profile publicity nightmare financial institutions are desperate to avoid. The reputational risk from such revelations – especially when they’re disseminated by a globally-renowned publication like the Financial Times – can have large, long and unforeseen consequences on a firm’s standing and prospect/client relationships. And coming at a time of extreme geopolitical sensitivity in the Middle East, when Iran’s backing for various forces across the region is even more under the spotlight, adds to the potential reputational damage.
The price of sanctions enforcement failures
Then there are the direct financial costs.
By the afternoon of the FT exposé, Reuters reported that shares in Santander’s Madrid-based parent “were down 4.9% at 1503 GMT, wiping off around 3 billion euros in value from the euro zone’s second biggest lender by market capitalisation, according to data from LSEG, while shares in Lloyds declined 0.5%.”
Fines may be in the offing too. The Reuters article noted that European banks found to have breached US sanctions on Iran have been hit with large penalties in the past. Standard Chartered paid “$1.1 billion in 2019 to US and British authorities over financial transactions that violated sanctions against Iran and other countries.” UniCredit paid $1.3 billion to US authorities to settle probes.
Santander and Lloyds said in separate statements that, based on their own investigations, they believed they had not breached any sanctions requirements. Whether that’s proven true or not, significant harm has already been done.
Do you really know your customers?
The issue for financial institutions, as in so many anti-money laundering, sanctions and tax evasion cases, lies in fully knowing your customers – including all the underlying beneficial owners – and screening out red-flagged entities.
At the heart of this latest case is the Iranian state-controlled Petrochemical Commercial Company (PCC), which has been under US sanctions since 2018, and is accused of being part of a network raising hundreds of millions of dollars for the Iranian Revolutionary Guards Quds Force and Iran’s proxy militias.
The FT report claimed PCC’s also-sanctioned British subsidiary PCC UK continued to operate out of an office in London by using a complex web of front entities in Britain and elsewhere to evade those sanctions, with Lloyds and Santander UK providing accounts to the British front companies.
“Documents analysed by the FT show that since being placed under US sanctions PCC has used companies in the UK to receive funds from Iranian front entities in China while concealing their real ownership through “trustee agreements” and nominee directors,” the report said.
Fit-for-purpose beneficial owner screening
Monitoring numerous corporations with complex entity structures, a legion of directors and payments across multiple vehicles in multiple jurisdictions is no easy task. Firms need to dig into the details of every UBO behind the complex structures employed by sanctions evaders and money launderers. But many institutions still rely on manual compliance checks and legacy technologies that lack rigour and sophistication, and eat up significant time and resources.
Experienced staff trained to watch for warning signs are part of the solution. But they can’t do it alone.
Delivering beneficial owner transparency demands an integrated technology platform able to capture and track complex, multi-level ownership structures. It needs to accurately identify and verify customer and beneficial owner identities, and flag high-risk relationships, both during client onboarding and throughout the lifetime of the relationship.
Collating and weighting data on each party’s occupation, country of domicile or industry an organisation belongs to helps firms build up a risk-based picture of prospective clients during the initial due diligence. Screening for sanctions and politically exposed persons (PEPs) should be automated and ongoing, as should source of funds checks.
Document checklists ensure all the appropriate supporting information for the companies and relevant individuals has been captured. Systems that can monitor for data updates, such as a change of circumstance, and flag actionable items that require resolution will also boost automation and the screening capability’s integrity.
Real-time activity monitoring to spot suspicious transactions and catch any trigger events that breach pre-set parameters is similarly vital. Real-time monitoring tools can identify risky behaviours, trigger automated alerts of suspicious activity and block accounts or transactions when suspicious events occur. By producing comprehensive reports of all the suspicious activity that’s taken place at a given point in time, firms will also have an audit trail for extra compliance assurance.
Unless financial institutions adopt this kind of end-to-end automated framework the threat of damaging news revelations will always loom large.
ABOUT DEEP POOL
Deep Pool is the #1 investor servicing and compliance solutions supplier, providing cutting-edge software and consulting services to the world’s leading fund administrators and asset managers. Our flexible solution suite, developed by an experienced team of accountants, business analysts and software engineers, supports offshore and onshore hedge funds, partnerships, private equity vehicles, retail funds and regulated financial firms. Deep Pool is a global organisation with offices in Dublin, Ireland, the United States, the Cayman Islands and Slovakia. For more information, visit: www.deep-pool.com.