Unchartered territory: Preparing for Russian sanctions compliance scrutiny from regulators As financial institutions navigate the Russian sanctions, regulators will be watching closely. Below, Protiviti explores how institutions can prepare for the regulatory scrutiny that will inevitably follow. This article is based on the recent Protiviti webinar series Unchartered Territory: Managing the Risk of Russian Sanctions held in the US, the UK and the EU. Following Russia’s invasion of Ukraine, financial institutions have been tasked with pivoting quickly to adapt to changing sanctions requirements. Transactions that were perfectly legal one day may be prohibited the next. Under certain circumstances, this fluidity can lead to inadvertent breaches. To avoid second-guessing amid the heightened regulatory environment, institutions need to carefully consider and document their decisions regarding customers. Topics Risk Management and Regulatory Compliance ‘There is a different world view today’, says David Chenkin, managing partner and chair of the government investigations, white collar defence and anti-money laundering group at Zeichner Ellman & Krause in New York, ‘so firms may want to look at the types of customers to see if any of them could be severely criticised in the future’. An increase in sanctions enforcement activity should be expected as historically stronger enforcement patterns by regulators in the US compared to the UK are replaced with global coordination. In the US, the Office of Foreign Assets Control (OFAC) has fined financial institutions nearly $12 million in the year to date through May, while the penalties it issued in 2021 and 2020 reached $20 million and $23.5 million, respectively. Since 2019, the Office for Financial Sanctions Implementation (OFSI) in the UK has issued fines just short of £21 million. The UK seems to be “tightening the net”, according to Jeremy Willcocks, a partner in Arnold & Porter’s corporate practice in London. ‘There is a desire from the British government and the British people to make sure rogue companies are fined’, he says. Breach response and remediation It is therefore important that institutions implement policies and procedures to manage breaches. They can look beyond sanctions and review anti-money laundering (AML) programmes, according to Christine Reisman, managing director at Protiviti in St. Louis. ‘Most firms know that many controls mitigate risk for both AML and sanctions compliance’, she says. If a breach occurs, the first line of defence should collect all the relevant information required by the second line of defence and stop processing related transactions. The second line of defence can then inform senior management. In conjunction, the first and second lines of defence should liaise to investigate whether similar breaches have occurred in the past. A lookback process may reveal weak controls or processes, including name screening and transaction filtering, that require tuning or strengthening. It is important to apprise regulators of the breach and the adjustments that have been made to prevent similar breaches from reoccurring, while documenting the controls and screens. Due to the scope of the recent sanctions, institutions should anticipate receiving more customer information requests and closer scrutiny of their high-risk customers. But Chenkin highlights the risk of providing customer information absent a subpoena from a requesting entity. ‘If a firm provides customer information without process, they are creating a bigger issue’, he says. For more information on sanctions compliance, please contact Bernadine Reese, managing director at Protiviti UK at [email protected]. Leadership Bernadine Reese Bernadine is a Managing Director within our Financial Services Industry (FSI) Regulatory practice in the UK. Prior to joining Protiviti ten years ago, Bernadine was a Director in KPMG’s Regulatory Services practice. A chartered accountant by training, Bernadine has over ... Learn more