FCC Essentials

Explore our latest FCC (Financial Crime Compliance) Essential article as Christopher Stringham, Global Account Manager at Neterium, delves into his fervor for Financial Crime Compliance (FCC).

In this edition, we’re looking into the proactive steps taken by the Financial Intelligence Unit of the Netherlands (FIU) in response to Russia's invasion of Ukraine. By promptly alerting regulated entities to potential risks, the FIU, in this specific context, successfully thwarted the exportation of dual-use goods. Join us as we dig deeper into this unprecedented measure.

Following the invasion of the Ukraine by uniformed troops from the Russian Federation and the imposition of new sanctions on Russia in February and March of 2022, the Financial Intelligence Unit of the Netherlands took steps to inform obliged entities of potential risks. Information sharing between the private and public sectors proved beneficial for both sides as significant reports of unusual and suspicious transactions were submitted. In the FIU’s Annual Review for 2022, they outlined the measures taken and highlighted some specific successes. Based on information gathered by the FIU, authorities in another country were able to prevent the exportation of dual use goods, millions of Euros connected to a sanctioned person were seized, and a person connected with evading sanctions relating to microchips was arrested.

That final point is particularly interesting since the person was recently convicted and the court judgement provides very interesting insights into his schemes. The issue was the shipment of various circuits in violation of Annex VII of Regulation 833/2014 and the court kindly provides details about the specific chips that were sold and exported. For example, they mention an invoice for a “Monolithic Inertial Sensor Digital Output of the brand/type ADIS16445BMLZ”. A quick internet search shows online traders who offer this product and helps find the relevant TARIC codes (8542399000). After converting the number to the CN code format, the first 6 digits, (8542 39), then it is easy to search for the number in the list of goods which may not be sold to any entity in Russia. By converting the number to the ECCN code format, it is also possible to confirm that this type of chip, it is also on the US’s Commerce Control List.

This exercise really highlights the difficulty of identifying restricted goods including dual-use goods. Invoices may provide part numbers or product names, but manual work is necessary to connect those product descriptions with the necessary codes used in official lists.

The court decision also provides an interesting insight into the approach of the defense in this case. The defense claimed that it wasn’t sufficient to consider just invoices and other documentation; they insisted that the goods themselves should have been investigated. The court rejected this on the basis that there was no indication that the goods delivered were different than those specified on the invoice. From a practical perspective, it is hard to say how Dutch prosecutors could have obtained the goods to inspect them as they had already been exported. Had the court agreed to this logic, it would have made prosecutions an impossibility.

One of the biggest topics in financial crime compliance circles is the usefulness of Suspicious Transaction Reports. Millions of reports are filed every year, but feedback is very rare. In this case, however, we have an example where the FIU was able to take the information received from an obligated entity, initiate an investigation, and obtain a conviction.

Netherlands FIU report 2022 Annual review of FIU-the Netherlands (fiu-nederland.nl)

Press Release about arrest Aanhouding in onderzoek naar overtreding sanctiewetgeving | FIOD

Court Decision: ECLI:NL:RBROT:2023:10072, Rechtbank Rotterdam, 83-235373-22 (rechtspraak.nl)

Council Regulation (EU) No 833/2014 of 31 July 2014 EUR-Lex - 02014R0833-20231001 - EN - EUR-Lex (europa.eu)

Discover our first FCC Essential article, where Christopher Stringham, Global Account Manager at Neterium, shares his passion for Financial Crime Compliance (FCC).

Today, we deep dive into a report from the UK's Financial Conduct Authority (FCA) on their assessment of regulated firm's sanctions compliance processes.

The UK's Financial Conduct Authority says firms are over-reliant on third party sanctions screening tools! The FCA has recently conducted assessments of firms’ sanction systems and controls based on the guidance in the FCG and other sources. The report of the key findings was released on 6th September.

The FCA based their assessment on previously issued guidance such as their Financial Crime Guide. For example, section 7.2.3 of the FCG states that, "A firm should have effective, up-to-date screening systems." The FCG offers numerous examples of good practice and also provides very informative examples of poor practice. Such as: "Where a firm uses automated systems, it does not understand how to calibrate them and does not check whether the number of hits is unexpectedly high or low."

Despite the guidance, the FCA still found, "poorly calibrated or tailored screening tools, with some firms also too reliant on third party providers with ineffective oversight over them." Additionally, "there were instances where calibration had not been adequately tailored. This resulted in it either being too sensitive, causing a high number of false positive names (…), or not sensitive enough, meaning that even minor variations in names led to sanctioned individuals not being detected. This delicate balancing act shows the importance of firms understanding how their systems work and how they are calibrated." 

De Nederlandsche Bank issued a similar report a few months ago and had similar findings. They also found that:"(M)any institutions trust that their (external) screening systems function adequately, and that they do not carry out their own periodic assessments, such as spot checks."

Interestingly, while the FCA raises the risks associated with third-party solutions, the most recent fine in the UK relating to sanctions screening involved the use of an in-house screening system. In this case, the firm’s third-party data provider quickly delivered the updates to the sanctions lists and the in-house screening system correctly generated a possible match. Unfortunately, the system generated so many false hits that analysts were not able to process the alerts in a timely manner. This led to a company policy where accounts were ‘suspended’, transfers were prohibited, but debit cards associated with the account were not blocked. And in this particular case, the debit card of a designated national was only blocked five days after listing and a withdrawal was made.

Legacy screening systems have typically functioned as black boxes. It is difficult to know what the system is doing and why. This limits the ability to conduct testing and tuning. Also legacy systems are often very inflexible. Even with significant testing, tuning is often just not possible or very limited.

Development of 'name matching algorithms' and ‘sanctions screening systems’ is not the primary business of financial service firms. The use of third-party solutions is therefore very natural. These are normally better than in-house systems due to the ability of the providers to specialise and receive feedback from a number of customers. Still, not all solutions are equal. Regulators justifiably require transparency, so it is critical to look for a provider that offers a glass box to understand in detail the results that you are getting and also provides the flexibility to actually tune the results effectively.