Sanctions have been dominating headlines.
Nithai Barzam, COO of nsKnox, a corporate payment security company, told PYMNTS’ Karen Webster that beyond the sanctions that have been designed to rock Russia to its economic foundations lie some fundamental hard truths for enterprises around the globe.
Namely, that it’s hard to find out who’s on sanctions lists, and who’s not.
False positives? Well, they mean that an enterprise shuns a legitimate business relationship. Miss a sanctioned entity, and that spells trouble down the line, in the form of hefty fines and certainly some negative headlines.
“Everybody realizes that while AML and anti-terror financing are the main reasons for sanctions, they are being used as political, military and even social tools,” Barzam said.
Those sanctions are there to make life hard for the bad guys and cyberthieves, and for aggressive countries that are waging war on others.
The war in Ukraine — and the ramped-up scrutiny of Russian banks and trade with firms outside Russian borders — has put a finer point on the need to make sure that financial institutions and their reliant parties know who’s on the other side of a transaction.
Simply put, sanction screening needs to be part of any firm’s know your customer (KYC), or supplier, processes.
“When you are onboarding a counterparty, you want to make sure that in addition to all the other things, you are looking into whether or not they are appearing on sanctions lists,” Barzam said.
No Easy Task
That’s no easy task, he said, considering the fact that there are multiple issuing bodies that are tied to the actual creation and maintenance of sanctions lists. For companies operating cross border, Barzam noted, running afoul of sanctions becomes harder to avoid. It’s no longer a case of checking in with the Office of Foreign Asset Control (OFAC).
But U.S.-based multinational companies have to scrutinize the sanctions lists, for example, of the U.K. and the European Union. Conversely, a European firm would be wise to scan the OFAC list.
It all depends on if they’re transacting in U.S. dollars, or if they have servers that are storing data in the U.S. that may be accessed elsewhere.
“So you do need to scan globally,” he said, “and all of these countries have their own formats, their own lists — and none of it is aligned or synchronized. And these lists are frequently updated.”
That creates frictions, he said, where companies might be onboarding another enterprise, only to suddenly find out later the onboarded firm is on the sanctions list (and had not been before).
Simply put, merely scanning names, addresses and other basic details can give false reassurances, since those details can be faked. Typos are rampant, which can lead down a blind alleyway of trying to find out who’s legit and who’s not. One might be screening for names, but screening for identity is something else entirely.
Moreover, sanctions screenings are not just the province of the banks — all manner of enterprises need to do it now, he said.
Get it wrong, and the fines accrue.
And many companies are going to get it wrong. Barzam noted that a lot of companies may be screening OFAC, but not much beyond that — “and there’s a lot of gaps to cover,” he said. “Some companies onboard tens of thousands of customers or suppliers, and the sheer volume of having to search for all these is laborious to start with.”
The effort can be error prone if you’re doing it manually, too.
To improve things and make sure that the “hits” on the sanctions lists are not a false positive — or that things are missed entirely — automation is critical, Barzam said.
Automation, he noted, can scan the latest versions of all the lists and centralize them, saving time and effort.
Barzam said that companies such as nsKnox can “bundle” sanctions screening that are related to the everyday onboarding of counterparties and suppliers, in a bid to verify bank account ownership. Dig a bit deeper, and advanced tech can help establish an ID of the entity that owns a bank account.
“You can make sure that it’s not only that you’ve validated the ownership, but that you are not going to pay a ‘sanctioned’ account in the future,” said Barzam.
Take it a step further, he said, and “reverse screening” means that enterprises can go back to the lists, in an automated fashion, if anything has changed, giving insight into whether those relationships should be maintained.
Beneficial ownership is murky, Barzam said. The analysis of all this information is not something that’s readily available in a database, which is where companies like nsKnox come in. Account verification, bundled together with verification processes and sanction screening, can offer robust layers of defense. Collaborative efforts mean that customer controls and other processes are more vigorous than any one entity could hope to achieve.
There are some organizations that are relatively better prepared than others to tackle the challenge. Financial institutions run up huge operational costs tied to screening, but businesses in other verticals are more limited in their technologies and staffing, so partnerships are critical, Barzam said.
Looking ahead, the COO said more organizations are going to have to make sure they have the right teams and technologies in place geared toward handling sanctions.
If there’s anything we’ve seen so far, it’s that the Russia/Ukraine situation indicates that regulation will continue to evolve more quickly and list updates are going to come together quickly, too, he said.
“There’s going to be an evolution, and everybody is going to make sure they know who they are transacting with — because they want to comply and they don’t want to get defrauded,” said Barzam.
We’re always on the lookout for opportunities to partner with innovators and disruptors.
Learn More