Stewarts partner David Savage recently spoke at the Finnish Investment Academy about the complex sanctions regimes that impact Finnish financial institutions. Below, David gives a summary of his talk.

International sanctions have become the tool of choice to respond to major geopolitical issues including terrorist activity, human rights abuses and malicious cyber activity. Russia, in particular, has experienced significant sanctions focus since its illegal annexation of Crimea and Sevastopol in 2014.

For companies with an international footprint, the key when it comes to sanctions compliance is to ensure that they are aware of the sanctions regimes to which they are exposed. While a European company will obviously be required to comply with EU sanctions, the US has increasingly “extra-territorialised” its sanctions by indicating, for example, that any transaction in US dollars or in which a US person is involved (wherever they are located in the world) will automatically bring that transaction within its jurisdiction. Even in situations where there is no US nexus to be seen, the US can provide a company that is engaging in a jurisdiction such as Russia with a simple choice: either stop the offending activity or have your US financial licence revoked.

It is a stark choice and one which many companies based in the EU are rightly anxious about. When you combine this extra-territoriality with the levels of fines imposed by US regulators, (including the Office of Foreign Asset Control), the level of concern is exacerbated. BNP Paribas was fined US$8.9bn in 2014 for breaches of US sanctions against Sudan, Cuba and Iran. More recently, Société Générale was fined US$1.4bn for similar conduct. Both of these were non-US banks. In addition to the fines, both also spent millions on legal fees and systems and controls remediation, whilst also suffering substantial reputational damage.

Attendees at the Academy included senior legal and compliance counsel from Danske Bank and Nordic Investment Bank, as well as those interested in forex and cryptocurrency. It was obvious that international sanctions were a key concern for them all. During my presentation, I gave a brief overview of the Russian sanctions landscape and then dived into what Finnish financial institutions can do to mitigate their inherent Russian sanctions exposure. That’s where having a couple of years of in-house experience in a bank came into its own. (I was previously the Group Senior Sanctions Officer at UK private bank Kleinwort Hambros.)

Management commitment, risk assessments, internal controls, testing and auditing, and training are the five key pillars when designing and implementing systems and controls effective at minimising sanctions breaches. But what does each pillar entail? It means, for example, ensuring that your banking system is able to provide data to management in a format that allows them to see the exposure the Russian desk has to specially designated nationals (who have been sanctioned by the EU or the US). Or, it means configuring your real-time transaction screening solution to allow for fuzzy matching (a way of ensuring that you capture potentially sanctions-busting transactions even when names are spelt differently). Or, knowing which are the better enhanced due diligence providers so that when you have a questionable prospect or customer, you can quickly seek further information to either confirm the risk or potentially remediate it.

What struck me when I was giving the presentation was that while I considered some of the controls outlined above as par for the course in banking, for a fair few of the delegates this was all new ground. What was equally as striking, however, was their fascination with Brexit. I do not think I had fully appreciated how much an impact Brexit would have on banks on the geographical periphery of Europe. It appears that having Russia on one side and Britain a little further afield causes no small number of headaches for Finnish financial institutions.

The other panellists presented on topics including know your client (KYC) infrastructure, terrorist financing, the impact of virtual currencies on the fight against financial crime and undertaking customer due diligence virtually. Unfortunately, as I do not speak Finnish, those sessions were a little lost on me!

You can find further information regarding our expertise, experience and team on our Financial Crime page.

If you require assistance from our team, please contact us or alternatively request a call back from one of our lawyers by submitting this form.

Subscribe – In order to receive our news straight to your inbox, subscribe here. Our newsletters are sent no more than once a month.