Skip to content
Compliance & Risk

ACAMS: Banks scrambling to comply with Russia sanctions must track changes in beneficial ownership

Brett Wolf  Regulatory Intelligence

· 5 minute read

Brett Wolf  Regulatory Intelligence

· 5 minute read

A panel at the recent ACAMS conference discussed how well financial institutions were able to comply with global sanctions against Russia

HOLLYWOOD, Fla. — The complex, multijurisdictional sanctions imposed by the United States, many European countries, and their allies on Russia over its invasion of Ukraine have proved challenging for financial institutions all over the world, and much work remains, according to bank regulators. Indeed, a vital element for financial services firms in staying ahead of sanctions evaders is remaining updated on changes in beneficial ownership, they said.

The remarks, made recently at the Association of Certified Anti-Money Laundering Specialists (ACAMS) conference, are far from surprising, given the flood of targeted sanctions imposed by governments worldwide since Russia’s February 2022 invasion. And the fact that Russian oligarchs have sought to shield their assets and evade sanctions by assigning family members, associates, and others as nominee owners only has added to the work banks must do.

During early examinations, regulators found that banks were struggling to comply with “regional-focused sanctions” imposed by the United States Treasury’s Office of Foreign Assets Control (OFAC), said Lisa Arquette, associate director, anti-money laundering (AML) and cyber fraud branch with the Federal Deposit Insurance Corporation, and speaker at the ACAMS conference. “Those became a little bit more difficult for institutions to implement at the beginning,” Arquette noted. “But I think they’ve worked through that, and OFAC as a partner to financial institutions has done a lot of outreach.”

Arquette explained that it was vital that when there is a change in beneficial ownership of a legal entity customer, banks should “make sure you have a process to identify that person or those people so that they can also be scanned” against sanctions lists. “There are lots of moving parts related to a lot of commercial entities and legal entities — intentionally — and it’s difficult to know who to add to the scanning process to make sure that you’re not processing transactions that should be blocked or rejected.” she said.

“Malicious actors, threat actors, intentionally may change that information, which is why your diligence is so critically important.”

Stretching ‘finite resources’

As the deluge of Russia sanctions came in wave after wave, banks with “finite resources” needed to devote “an incredible amount of time and energy [to] sanctions compliance,” said speaker Koko Ives, manager, Bank Secrecy Act AML compliance section in the Division of Supervision and Regulation at the Federal Reserve Board. “The pace, the number, the complexity, of Russia sanctions was really unprecedented,” Ives said.

“The global response with E.U., U.S. and U.K. coordination but not identical sanctions, made it particularly difficult for globally operated institutions to navigate all those sanctions, and that was done well,” Ives said. “I guess their existing sanctions programs were pretty strong because that was surprisingly well done in an incredibly time-intensive and difficult [environment].”

The Fed is examining “with the same frequency as before” and “nothing has changed with our examination process,” she added. “Any sort of [bank compliance] issues are garden variety… related to not being able to update software for [sanctions lists] timely enough so there might be something that slips through, or misunderstanding of [OFAC] general licenses, that kind of thing that causes compliance issues.”

Most banks have done ‘really good job’

Another speaker, Donna Murphy, deputy comptroller for compliance risk with the Office of the Comptroller of the Currency (OCC), said she “would echo” what Arquette and Ives said and added that “institutions spent a tremendous amount of resources dealing with those very fast-moving and complex sanctions programs, and in general did a really good job.

“Where we’ve seen issues is where the sanctions programs were not dynamic enough and sometimes maybe didn’t have the capability — at least initially, and it had to be built — to deal with targeted, regional sanctions as opposed to country sanctions, or the complex and evolving structures of some of the sanctioned entities,” Murphy said.

Changes in beneficial ownership or control of legal entities “are very difficult to keep up with as sanctions are evolving and the entities are evolving,” she explained. “It is challenging and needs a lot of focus. I think in general the institutions have done a very good job of implementing these really critical programs for our national security.”

Murphy said the OCC has “spent a lot of time focusing on providing as many resources as possible to our examiners.”

She noted that sanctions have not always been a major focus of OCC supervision, but “we’ve really tried to make sure that our examiners understand these evolving and changing sanctions, and [that] we can provide the support for the exams and the institutions.”

Ives added that some Fed supervised institutions have taken “a forward-looking view of the next geopolitical target.

“Some of the institutions are already developing potential strategies if there are going to be new sanctions in a new part of the world, how might that affect the supply chain, assets that could get hung-up, parties you can no longer transact with, and how that may impact their operations,” Ives noted.

Using interagency regulatory guidance

On the topic of third-party risk management, both Arquette and Ives noted that updated interagency regulatory guidance is imminent and could be released any day. Use of third parties by financial institutions is increasing, Ives added. “It can be incredibly beneficial, especially in the fintech area where [banks] may need the expertise,” she said. “But how is [suspicious activity report] information going to be shared? Do you have what you need to be on the right side of sanctions compliance?”

The intent of the updated interagency guidance is to make consistent federal banking agency guidance on third-party risk management “to make it manageable and holistic” for financial institutions, Ives said.