FCC ESSENTIALS

Explore our latest FCC (Financial Crime Compliance) Essential article as Christopher Stringham, Global Account Manager at Neterium, dives into his strong dedication to Financial Crime Compliance (FCC).

In this fifth edition, Christopher breaks down the key points of the recent European Banking Authority (EBA) consultation paper, offering insights into its significance for industry professionals.

On 21 December 2023, the EBA released a consultation paper on internal policies, procedures, and controls to ensure the implementation of Union and national restrictive measures. This is a welcome set of guidelines for financial institutions and complements private sector guidance from organizations such as the Wolfsberg Group, a non-governmental association of thirteen global banks.

Some interesting points are required and will hopefully receive additional clarification before the final guidelines are released.

The most jarring recommendation relates to the question of which transfers should be subject to screening and when. Section 20 of the guidelines, on page 36, states: “PSPs should screen ALL transfers of funds before their completion.” This conflicts with current industry practices, which foresee the screening of some, but not all, transfers. As stated in the Wolfsberg guidance on sanctions screening, "screening cross-border payments before completing the transaction is common practice (...). By contrast, screening domestic payments in real-time may be unnecessary (...).” The EBA guidelines also seem to conflict with the new proposed regulation regarding instant credit transfers. Article 5(d)(2) states: “during the execution of an instant credit transfer, the payer's PSP and the payee's PSP involved in the execution of such transfer SHALL NOT verify if the payer or payee (...) are listed persons or entities (...).” This regulation requires daily screening of all clients rather than screening only at the time of a transfer. The EBA should take this into account and provide additional clarification on this topic to ensure alignment with EU legislation and to ensure that institutions have policies in place to avoid over-screening.

The EBA has included numerous sections which assume the availability of information and it makes sense for financial institutions to consider reputable and reliable information as part of their sanction's compliance process. Consider section 23(e)(a)(ii), page 19, which states that financial institutions should identify and assess geographic risk to the extent to which those jurisdictions are exposed to or known to be used to circumvent restrictive measures. Direct exposure to sanctions is a well-known risk factor that is considered already in Section 21.7 of the EBA's final guidelines on customer due diligence. However, knowledge about jurisdictions used to circumvent sanctions is more challenging. As potential sources, the consultation paper mentions “information from international bodies, government, national competent authorities, etc.” in section 24b. However, there is very little on this topic from the EU or member states, and the most directly relevant documentation on this topic is a compliance note from OFAC. Hopefully, the foundation of the EU's Anti-Money Laundering Authority, which will also oversee sanctions enforcement, will see the production of relevant, quality guidance.

The EBA does mention other potential sources. Section 24c states that FIs should include information from credible and reliable open sources such as reputable newspapers. While it is great to see an EU regulator highlight the importance of newspapers and media sources, there are limitations here. The (proposed) EU Media Freedom Act offers a very restrictive definition of media sources. If the EBA applies the same definition, this would not include the use of think-tank reports, academic research, or even the work of renowned freelance journalists. It would make sense for the EBA to highlight these other sources as well. Also, the proposed Anti-SLAPP (strategic lawsuits against public participation) directive, while a step in the right direction, arguably does not do enough to prevent the misuse of liable and data protection laws to restrict the publication of information relevant to the adequate assessment of circumvention risks. Without protections in place, the subjects of restrictive measures can create a chilling effect by targeting the authors of relevant material.

Finally, the proposed guidance includes several points that should be considered when designing or evaluating a sanctions compliance program. Here are some highlights:

• 4.1.1 Choice of screening system, page 34, FIs 'should regularly review the performance of the screening system to ensure that it remains effective.' Unfortunately, this section does not refer to efficiency. Effectiveness and Efficiency are two sides of the same coin, as every false positive cost time that an analyst could be using to look at a true positive.

• 4.1.2 List Management, page 34, FIs should have a process in place for identifying relevant restrictive measures and to update reference data when new restrictive measures are adopted or altered.

• 4.1.6 Calibration, page 37: this section refers to both 'the appropriate percentage of matching' and discusses separately 'fuzzy matching techniques.' It does not mention what the difference is between these two terms. This section also does not consider that different target populations within the customer base may require different settings to achieve adequate results.

• 4.2.1 Policies and procedures, page 38, should include steps for processing alerts and different levels of review, such as a four-eye process for discarding false positives. Considering the number of false alerts generated by some systems, this could require a significant increase in resources.

• 4.2.2, alert analysis, page 39: section 35 states that policies should include procedures for 'cases where it is not possible to conclude with certainty (...) that a match is a true positive match, a false positive match or a situation of homonyms.' Everyone with experience in name screening knows the difficulty of ensuring confident matches and FIs need to provide their analysts with appropriate guidance.

** Additional Links: **

EBA Consultation Document: https://www.eba.europa.eu/sites/default/files/2023-12/55f8b825-dea4-48e9-82f4-f81a11cb4e47/Consultation%20paper%20on%20Guidelines%20restrictive%20measures.pdf

Wolfsberg Group Guidance on Sanctions Screening: https://db.wolfsberg-group.org/assets/4b6c2db6-696d-492e-bdd5-c51552708597/Wolfsberg%20Guidance%20on%20Sanctions%20Screening.pdf

Proposal for Regulation regarding instant credit transfers: https://data.consilium.europa.eu/doc/document/ST-15764-2023-REV-1/en/pdf

Proposal for a directive protecting persons who engage in public participation from manifestly unfounded or abusive court proceedings: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52022PC0177
EBA final guidelines: https://www.eba.europa.eu/sites/default/files/2024-01/a3e89f4f-fbf3-4bd6-9e07-35f3243555b3/Final%20Amending%20%20Guidelines%20on%20MLTF%20Risk%20Factors.pdf

EU Guidance on Russian Sanctions Circumvention: https://finance.ec.europa.eu/system/files/2023-12/guidance-eu-operators-russia-sanctions-circumvention_en.pdf

Proposal for a Regulation on Media Freedom: https://finance.ec.europa.eu/system/files/2023-12/guidance-eu-operators-russia-sanctions-circumvention_en.pdf

Compliance Note on Evasions of Russian Sanctions: https://ofac.treasury.gov/media/931471/download?inline