On September 30, 2022, the US Department of the Treasury's Office of Foreign Assets Control (OFAC) published "Sanctions Compliance Guidance for Instant Payment Systems". The guidance highlights that organizations should adopt a risk-based approach to manage sanctions risks and use innovative enforcement compliance technologies for identified risks.
In recent years, instant payment systems that enable the transmission of payment and the ability to provide funds to creditors have increased and developed. As a result of the high speed of instant payment and the high values of these payments, questions about the best way to implement compliance measures in the financial sector have been raised.
Compliance with a Risk-Based Approach
Each instant payment system has unique payment systems, and studies are carried out to increase the efficiency of these systems. At this point, OFAC encourages financial institutions to adopt a risk-based approach to ensure that sanctions compliance controls and technology solutions remain commensurate with the enforcement risks that come with them.
The risk-based approach it rommends includes five key components of compliance:
- Management commitment
- Risk assessment
- Internal controls
- Testing and auditing
Under OFAC's recommendation, developers of instant payment systems should include sanction compliance considerations in their design and development processes. They should also have compliance features and tools that enable participants and users to maintain an effective sanctions compliance program. Features and tools may include:
- A messaging system between participating financial institutions to successfully communucate about concerns on sanctions.
- An exception to automated processing to allow investigations of possible enforcement concerns.
- Minimum sanction compliance expectations among members of instant payment systems in order to reduce the overall risk of sanctions.
OFAC develops and routinely updates its sanctions compliance program in line with the FATF's recommendations. That not all financial products or instant payment systems carry the same sanctions risks, OFAC underlines that there is no "one-size-fits-all approach" to managing sanctions risks by noting.
OFAC states that the nature of payment may be related to assessing the relevant sanction risks by emphasizing the importance of complying with the Customer Due Diligence (CDD) rule.
The objectives of the guide are:
- Reaffirm that financial institutions should take a risk-based approach to manage sanctions risks.
- Highlight key factors that may be relevant in determining that risk-based approach.
- Encourage the development and deployment of innovative sanctions compliance approaches and technologies to address identified risks.
- Encourage developers of instant payment systems to incorporate sanctions compliance considerations as they develop new payment technologies.
Risk Factors in Instant Payment Systems
Domestic and Cross-Border Payment Systems
Instant payment systems that facilitate cross-border transactions pose higher risks of being subject to sanctions compared to local systems limited to accounts held in US banks. Transactions confined to accounts within US banks have a lower likelihood of violating sanctions. To comply with US regulatory requirements and undergo audit reviews, local banks are expected to exercise due diligence by conducting risk-based assessments at regular intervals. This includes screening clients to identify any potential sanctions-related links. Banks outside the US may carry higher sanctions risks as they may not be subject to similar regulatory requirements and scrutiny.
Nature and Value of Payment
The nature and value of payments play a role in assessing sanctions risks associated with non-payments made through instant payment systems. Payments that align with previous reviews for potential enforcement implications generally carry lower risks compared to payments that appear inconsistent with a customer's past behavior. Higher-value payments or payments made to foreign entities for the first time may be considered higher risk due to their potential for sanctions-related concerns.
Emerging Sanctions Compliance Technologies and Solutions
There are various new and emerging sanctions compliance technologies and solutions that are increasingly accessible and can help financial institutions mitigate sanctions risks. OFAC encourages the use of AI tools and other innovative solutions to strengthen information sharing among financial institutions, enhance sanctions screening processes, and reduce the number of false positives. These technologies aid in improving the overall effectiveness and efficiency of sanctions compliance measures.
By understanding and addressing these risk factors in instant payment systems, financial institutions can enhance their sanctions compliance practices, mitigate potential risks, and ensure adherence to regulatory requirements in both domestic and cross-border transactions.
Integrating Compliance Features into Instant Payment Systems
For members looking to comply with enforcement regulations and prevent violations, the expectation of real-time funding to the creditor in instant payment systems can result in challenges like money laundering and fraud. Therefore, to facilitate compliance, OFAC encourages the inclusion of it in the design and development process so that system developers consider compliance controls when developing new payment technologies. Such developers are also encouraged to include sanctions compliance features, tools, and contractual clauses that allow system participants to maintain a sanctions compliance program commensurate with the risks presented by the particular instant payment system.
It is expected them to use sanction tools to provide a constant program for compliance against the risks resulting from instant payment systems.
Instant payment systems can enable communication between participating financial institutions involved in processing payments to facilitate compliance with sanctions. This type of communication is often necessary to gather information about possible enforcement alerts. Without such a communication system, financial institutions may not be able to adjudicate warnings of potential enforcement concerns effectively. This can cause to process of payments without sufficient information or block or reject large volumes of transactions that do not involve an enforcement link. Instant payment systems, which allow a transaction to be removed from the automated process to provide sufficient time for the financial institution to investigate possible sanctions concerns, also help its participants mitigate their enforcement risks. In addition, determining minimum sanction compliance expectations for members in instant payment systems can also help reduce sanction risks.