If you do not learn enough about your clients and business partners, your company may unwittingly be working with terrorist organizations, blacklisted persons, or money launderers. However, manual procedures make it hard for a compliance department to identify the owners of each bank account and shell business in your organization's network.
Where, therefore, is the sweet spot for comprehending the UBO of the organizations that your company transacts business with? And what tools are available to bring you there technologically?
The first question is whether your company may transact business with sanctioned businesses or people, even unwittingly. All sanctioned individuals are forbidden from doing business with U.S.-based companies, according to OFAC. According to Carlton Greene, a lawyer with the law firm Crowell & Moring, the concept of strict responsibility forms the foundation of the penalty system.
"OFAC doesn’t care if you didn’t mean it or didn’t know you were doing business with a sanctioned individual," he stated.
OFAC will want to know how much effort the business used in determining the beneficial ownership of its counterparties when looking into a potential sanction breach.
"The more reason you had to think you might be dealing with a sanctioned entity, the more diligence OFAC expects you to do," said Greene.
But choosing to do nothing is also not an option. Tornado Cash, a virtual currency mixer based on Ethereum, was recently sanctioned by OFAC on the grounds that the platform "failed to impose effective controls" to prevent the laundering of proceeds from cybercrime.
According to Greene, "OFAC is sending a message that having no due diligence of any kind is not acceptable." You can’t have zero protocols or compliance capabilities and hope to escape consequence."
OFAC also wants corporations to exchange information internally. A danger of doing business with a sanctioned person may be known by one department of a company, but that knowledge may not be shared with another, like compliance.
"Any and all reasonably available information ought to be shared, according to Greene.
According to Ted Datta, head of Moody's Analytics' financial crime compliance group for Europe and Africa, some companies keep distinct databases for know your customer (KYC) and sanctions compliance, which results in significant inefficiencies. Businesses "should consider drawing those two streams of information together," he added.
Earlier this year, Wilmington plc-affiliated International Compliance Association, a sister organization of Compliance Week, shared the following recommended practices for recognizing UBOs:
1. Recognize company structures, ownership chains, and various legal requirements across a number of nations;
2. Determine any political ties, such as those to politically exposed individuals (PEPs);
3. Determine if there is a risk of sanctions or a chance to avoid sanctions;
4. Ascertain the structures' viability from an economic and business standpoint;
5. Establish a transparent escalation procedure;
6. Create (and adhere to) a de-risking strategy, which may entail severing client ties;
7. Train employees at all levels, including senior management and the board of directors;
8. Engage senior management at all relevant stages of the client relationship (including approving high-risk relationships); and
8. Engage senior management at all relevant stages of the client relationship (including approving high-risk relationships); and 9. Encourage staff at all levels to report any suspicions promptly.
The most effective UBO investigations require the right technology to automate searches and an awareness of your company's risk appetite. Here are some tech advice:
1. Software that prevents users from using IP addresses from prohibited countries to access a company's services. Additionally, any such attempts should trigger notifications from the program.
2. Software that compiles all information on sanctioned people and things that is readily accessible in a searchable database. The database should contain information and actual documents gathered from business registrations, court records, real estate registries, and specialist company registration databases for items like intellectual property, in addition to information from UBO registries.
Additionally, information is available in the corporate register databases of China and Russia, where businesses are required to file UBO information. Some of these additional databases occasionally turn up information that was thought to be concealed in secret registers like Guernsey, the British Virgin Islands, or the Cayman Islands.
During a Compliance Week webcast on exposing the offshore holdings of Russian oligarchs using publicly available information, Jessica Abell, vice president of solutions at Sayari, said, "There is a lot we can learn about offshore companies and the people behind them using legally disclosed public data, if we know where and how to look for that." A database of more than two billion business disclosure records is kept by the information provider Sayari.
3. Only every three to five years do many financial institutions do KYC and beneficial ownership checks. Firms can watch the bad media coverage of certain people or organisations and keep track of changes as they are filed thanks to proactive and continuous monitoring software.
"Perpetual monitoring provides notification of a change in UBO without waiting for a customer to notify. That’s really important data to capture. When the UBO changes, the risk changes. It’s really going to change landscape," according to Datta.
4.Software can follow patterns associated to various assets and wallet addresses to known threat actors, including sanctioned persons, in the world of digital assets, according to Greene. This is done through blockchain analysis.
The trick, according to Greene, is to attempt to automate sanctions compliance. "You’re looking for solutions that draw connections between different pieces of information, some of which is very difficult to access, to give you a complete threat picture."
By fLEXI tEAM
Comments