What do HSBC, Huawei, and Amazon have in common? All got fined for international sanction breaches. Thereof HSBC is leading the list with a hefty fine of USD 1.9 bn. Sanction breaches are not uncommon and most of them happen unwittingly. Every company that does not set up a proof compliance mechanism risks substantial fines and prosecution. If you have not heard about it, it’s high time.
Sanction breaches have severe knock-down potential.
The legal enforcement of sanction measures happens via national law. Still, consequences can have an international scale. The severity of the case determines legal consequences for companies that may include:
In case a sanction breach happens, loss of reputation can do additional damage to a company. German Forfait AG experienced such a public relations disaster in 2014. The US OFAC listed the company due to trade relations with Iran. Afterward, the company reported severe losses in reputation and an 85 % drop in share value. Later the company even filed for insolvency.
Resolutions of the United Nations Security Council are the legal basis of sanction list prosecution. The UN passed many resolutions after the attacks on the 11th of September 2001 to combat terrorist activities. On this legal basis, UN members including the EU states and the US enacted a regulation to adopt the resolutions. Those regulations prohibit any trade with persons, companies, or entities associated with terrorist activities. To comply, any company must check sanction lists of governments and international organizations.
Sanction lists are publicly available registers listing designated persons, entities, or nations. Governments and financial authorities issue sanction lists to facilitate compliance. With these lists, businesses can determine if trade partners are subject to sanctions. Authorities continuously update their sanction lists. They often consolidate many sanction programs, covering different illegal activities such as drug trafficking, arms trade, or money laundering.
Many governments and financial authorities around the world keep a variety of sanction lists. The most important national and international sanction lists are:
Generally speaking, every business must check every trading partner against the sanction list issued by the country where it is carrying out economic activities. This includes customers, suppliers, employees, or partners. The obligation applies to all companies, no matter what the business is or how small the regional reach of the activities may be. The only exception is over-the-counter businesses.
So far so good. But you have not reached save haven by only checking the sanction lists issued by the country where you are active. Now it’s getting tricky.
Some sanction lists, like the SDN-List, have extra-territorial effect. This means that they also apply outside the US territory. Extra-territorial sanctions are a legal grey area and the EU even considers them as illegal.
They still post a severe threat to non-US companies. An employee legitimately doing business under national and EU law may get listed on the OFAC SDN-List. As a result, an SDN-listing of an employee can trigger American suppliers and customers to cancel all relations with your business. This means that your company can lose access to a complete market or core technology.
Of course, manual navigation through the global sanction lists is impossible. Given the high volumes of business clients and daily transactions, this is a major administrative challenge. But sanction list screenings can also be fully automated. API based programs enable verification of vast amounts of data in seconds. They secure access to always up-to-date lists (e.g. cubemos API updates its database every 15 minutes).
Companies can decide how comprehensive and how often to use the APIs. They can integrate automated sanction list checks into online shops, as well as CRM, ERP, or HR databases. The sanction list API should include fuzzy search logic to avoid missing a hit due to spelling mistakes or phonetic translations. Also, there should be several search options beyond the names (e.g. nationality or address) to avoid false-positive results.
With the implementation of automatic sanction list checks via API, companies can de-risk their business. They can ensure compliance and save valuable time and money to focus on their core business.
Find out more at www.cubemos.com/sanction-list-api
Don’t take too much advice. Most people who have a lot of advice to give — with a few exceptions — generalize whatever they did. Don’t over-analyze everything. I myself have been guilty of over-thinking problems. Just build things and find out if they work.