Over the past decade the requirements for sanction screening and anti-money laundering (AML) control have increased dramatically, and regulators have stepped up enforcement. Estimates indicate that fines of over $25 billion dollars have been issued in the last ten years for AML and sanctions violations by regulators across North America, Europe and Asia Pacific.
The growing scale of the problem is also recognised by the EBA – with the banking watchdog warning recently on a wave of dirty money across Europe. This of course raises questions for both national and European regulators in combatting the problem. But banks must also take a proactive approach in financial crime prevention. The question is, are they handling sanction screening and AML controls in the most secure and efficient way?
Some banks only check incoming and outgoing SWIFT MT103 messages, for example by connecting using the sanction screening software on SWIFT Alliance. They pass the SWIFT messages through the sanctions screening system and only those messages that don’t show a violation continue. Similar solutions are implemented to check outgoing SWIFT messages, after they are produced by the relevant production solutions.
In my view this approach is short-sighted for a number of reasons. Firstly, it’s not exhaustive as some transactions are handled outside of SWIFT, e.g. using XML messages towards other payment platforms. Secondly, if you think about SWIFT MT103 messages, the information included is very limited and there isn’t enough data available to fully support sanction screening and AML control. Thirdly, many banks are unable to run these checks in real-time. This means certain business events may already have been processed and a new set of SWIFT messages created, before anyone realises there has been a violation. All related messages and accounting entries must subsequently be cancelled after the fact – a costly and time-consuming process for all involved. And that’s before we touch on the risk of sanctions and AML violations not being caught in time – with the potential for costly fines and reputational damage.
I advocate a different approach – one that ensures the relevant controls are carried out on the business events themselves in any product solution – not just on incoming and outgoing SWIFT messages. All checks should take place in real-time before any new outgoing messages are generated. Just as you check if the funds are available in an account before authorising a payment, so the sanction screening and AML controls should take place at the same time.
It sounds straightforward, but not all systems are set up to mange the controls in this way. With new ISO 20022 requirements for payments and master data management on the horizon for 2021 and the requirements for sanctions screening and AML only likely to increase, it’s essential banks start taking steps to prepare now.