A post by VegaMx
With the U.S.’s change in sanctions strategy requiring precise and targeted sanctions, there is urgency to improve due diligence and KYC protocols and to know their customers on a much more granular level, to conform to the expectations of the Treasury. Many financial institutions only do the bare minimum required by law for sanctions screening.
A majority of banks, exposed to the maritime sector, conduct risk assessment as part of their compliance practices utilizing specific, industry related, KYC questions for onboarding customers plus enhanced screening for the duration of the relationship. The KYC team works closely with the anti-bribery and fraud units, and usually provides a prospective client with a sanctions’ specific questionnaire for maritime related risk for evaluation. There could be restricted customer categories in place based on questions asked by the KYC team from a specific trade finance perspective, with certain triggers and qualifiers determining the risk status of the client. A specialized customer oriented solution which is finely graded may be the norm but may not be broadly applicable across the customer base.
Banks have significant gaps in terms of conducting rigorous due diligence and KYC screening of all aspects of a vessel’s ownership and management, and therefore, the need for sanction screening on the vessel crew. Published guidelines from regulatory authorities covering recommendations to screen vessel names, vessel types, and ownership structures are not fully included by the bank. If the risk evaluation from the initial compliance check is high, then the bank proceeds to drill deeper, looking at vessel routes, regions, and areas where vessel business activity takes place. Risk assessment in these cases usually employs a grading system for their customers wherein these scores are periodically reviewed.
Only In a limited number of banks, there exists an enterprise-wide risk assessment encompassing sanctions and shipping. The checking and screening of vessels against sanctions lists is a key element across with the watch-lists ranging from OFAC, United Nations, EU, G7 etc. In majority of the cases, no risk profiling is conducted separately for shipping or any maritime related aspect for compliance purposes. The risk assessments are conducted based only on OFAC reviews and SDN lists only, by utilizing a scoring system which enables risk assessment based on the nature of their business and the countries in which they engage. Majority of the banks appear to also lack robust maritime intelligence for vessel tracking. Industry is heavily reliant on AIS detection through satellites, which has its own shortcomings. Thus a first level due diligence check on potential suspicious activity is employed but lack a set threshold in place for dark activity, AIS issues or potential cargo transfers between vessels.
Likewise, addressing a combination of deceptive practices simultaneously is a huge challenge for which the current systems and processes in place remain highly inadequate. Rules based expert systems addressing a subset of the problem are in vogue but a real time decision support system integrating state of the art maritime intelligence solutions with AI based compliance and regulatory monitoring is still lacking. The description of the maritime risk management practices is not exhaustive but it's clear that there are significant gaps in being compliant with OFAC requirements for the financial institutions. These are listed below for reference.
OFAC Recommendations
Financial institutions
Financial institutions should rely on their internal risk assessments for customers in the maritime industry, in order to employ appropriate risk mitigation measures consistent with applicable existing U.S. laws and regulations designed to combat money laundering and terrorist and proliferation financing.
While the Advisory primarily addresses sanctions risks, U.S. financial institutions should also be aware that, consistent with suspicious activity reporting requirements in 31 CFR Chapter X, if a financial institution knows, suspects, or has reason to suspect that a transaction has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the financial institution knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction, the financial institution should file a Suspicious Activity Report (“SAR”).
Risk factors that financial institutions may wish to consider as part of their assessment include:
Identifying commodities and trade corridors susceptible to transshipment and ship-to-ship transfers and the extent of their use by an institution’s maritime industry customer.
Results from an assessment of the nature of each client’s business, including the type of service(s) offered and geographical presence.
Client activity for transactions inconsistent with the client’s typical business practices, to include when clients acquire new vessels.
Client acquisition or sale of vessels to determine that the client’s assets do not include blocked property.
Written by CEO of VegaMx, Vivek Mital.
Comments