New sanctions require banks to up their games

‘For regional banks, the ultimate question may be whether they want to deal with this or simply de-risk.’

By John Hintze

Sectoral sanctions on China already challenged banks and their clients heading into 2022, but the much broader and more complicated sanctions imposed on Russia following its second invasion of Ukraine have increased those challenges many times over.

“The last year has been all about Russia,” said Will Schisa, counsel at the law firm Davis Polk and an alumni of the Office of Foreign Assets Control’s legal office, speaking at the December ABA/ABA Financial Crimes Enforcement Conference. “It’s really been an unprecedented sanctions effort in terms of its scale applied to a major world economy.”

Ironically, OFAC, a division of the Treasury Department, introduced the notion of sectoral sanctions for the first time after Russia invaded Ukraine’s Crimean peninsula in 2014. Those sanctions were levied against Russia’s weapons-manufacturing and energy sectors and debt and equity investments in organizations linked to the invasion.

Under President Donald Trump, the regulator levied sectoral sanctions against China’s defense and surveillance sectors. Prior to launching sectoral sanctions, OFAC primarily relied on Specially Designated Nationals and Blocked Persons lists and jurisdictional sanctions imposed on countries such as Cuba and Iran.

Updating software and compliance resources

In late February 2022, the Treasury Department announced “unprecedented and expansive sanctions against Russia” to impose “swift and severe economic costs.” They included sanctions against individuals and individual organizations as well as sectors including finance and energy. In the months ahead new sanctions kept coming, not just against Russia but individuals, organizations and sectors in countries enabling Russian aggression, including Belarus and Iran. The latest round of sanctions, announced in January, targets Iran’s drone and ballistic missile industries.

Keeping track of the ever-growing list of SDN and sectoral sanctions requires updating software and bolstering compliance resources, but most challenging is understanding how they all interact. That’s especially true given that the European Union and the United Kingdom have also launched their own similar if distinct sets of sanctions.

Historically, most U.S. banks may have put the U.K. and E.U. sanction lists in their filters but did not focus on them with the same intensity as U.S. sanctions.

“That’s very different now because the U.K. and E.U. have put forth complex sanctions that take a lot to understand and don’t always overlap directly with U.S. sanctions,” Schisa said.

A common complication, Schisa said, stems from the three jurisdictions not being aligned on the Russian oligarchs they have designated and applying different approaches with respect to how sanctions flow down to undesignated entities owned or controlled by those listed persons. In one instance, he added, a U.S. client was lending to an oligarch-controlled company sanctioned by the U.K. but not the U.S., and the client questioned whether it could exit the loan based on the U.K. sanction.

“Working through issues like that can be very complicated,” Schisa said, adding that all three jurisdictions also have varying prohibitions on various professional services provided to Russians. “That’s an area where we’ve been fielding a lot of questions recently because the U.K. and E.U. beefed up theirs in early December and prohibit things like advertising, which the U.S. hasn’t done yet.”

Adding to the complexity, while OFAC is generally well understood and an industry of resources aids banks in understanding and applying its sanctions, the U.K. and E.U. applying such a broad array of sanctions is relatively new, and there simply is not the same level of available expertise. In the E.U., for example, European regulatory bodies issue sanctions but the enforcement by each member state may vary.

“As the regulators learn to implement sanctions on this scale, they may port that over to other contexts,” Schisa said, adding that banks must invest in hiring people with the right expertise to deal with sanctions outside the U.S. “For regional banks, the ultimate question may be whether they want to deal with this or simply de-risk” and exit the relationship, he said.

Increased operational risk

With proper expertise in place, banks must assess their sanctions risk enterprise-wide and increase due diligence of their entities’ transactions and customers that expose them to Russian entities and sectors. Complicating matters, said Bea Young, senior manager in Crowe’s financial services group, banks must also navigate a significant number of exceptions to the U.S. sanctions, or “licenses” in OFAC terminology.

“We don’t see any of these sanctions being changed in the near future, and in fact, the G-7 finance ministers implemented a price cap on the purchase price of Russian oil which started in December,” Young said.

She emphasized the increased operational risk banks face now, since they must screen OFAC’s SDN lists as well as key words which may be red flags for sectoral sanctions breaches.

“In some cases, that information may be in a letter of credit associated with a wire transfer, but that’s complex from an operational standpoint because the bank may not be able to automatically screen the letter of credit,” Young said.

Similarly, she said, SWIFT messages supporting wire transfers contain limited information. While initial know-your-customer due diligence mitigates that risk, banks may have to reach out to the intermediary correspondent banks to understand the origins of the transaction.

Software can aid banks’ due diligence, but banks must keep track of those tools as well, Schisa said. He noted OFAC’s enforcement action in 2022 against MidFirst Bank for violating weapons of mass destruction proliferators sanctions regulations. In that case, the bank processed payments on behalf of two individuals recently added to OFAC’s SDN list.

“The violations stemmed from MidFirst’s misunderstanding of the frequency of its vendor’s screening of new names added to the SDN List against its existing customer base,” OFAC said in its July 21 enforcement release, adding that screening tools must be “consistent with the financial institution’s assessment of its exposure to sanctions risk.”

OFAC has yet to pursue any public enforcement actions related to the new Russia sanctions. And except for clearly willful misconduct or the complete breakdown in a compliance program, Schisa said, the agency is unlikely to “play gotcha’,” recognizing it was a difficult year for banks and regulators alike.

As the Russia situation stabilizes, banks will be expected to improve their sanctions-compliance effort, he said, “So the standard for compliance probably does become somewhat higher.”

Also to look out for, Schisa said, is OFAC revamping its enforcement guidelines, which the agency has mentioned in recent forums. Those guidelines have not changed in more than a decade, he said, “So OFAC wants to be sure they reflect current practice and they’re responsive to the public’s concerns—I think a good-government type of thing.”

John Hintze is a frequent contributor to ABA Banking Journal.