On Friday, 7 August 2020, the Office of Foreign Assets Control (‘OFAC’) of the US Department of the Treasury updated its Specially Designated Nationals and Blocked Persons List (‘SDN’), imposing economic sanctions on 11 current and former Chinese officials.
In response to these events, FTI Consulting’s Financial Crime Compliance (‘FCC’) practice highlights some of the advice and discussions we are having with our financial institution (‘FI’) clients, particularly surrounding:
Managing evolving sanctions risk from a programme standpoint; and
Undertaking specific review and investigations work that might be prompted by internal programme requirements.
Response of Hong Kong’s regulators In response to these “unprecedented circumstances”, the Hong Kong Monetary Authority (‘HKMA’) issued a formal communication on 8 August 2020, setting out its expectations on the management of economic sanctions risk by FIs under its purview. The HKMA stated unilateral sanctions imposed by foreign governments, in this case US OFAC-administered sanctions, have no legal status and, therefore, “no obligation is created for AIs (“Authorised Institutions”) under Hong Kong law”.1 The circular reminded FIs of the need to establish and implement policies, taking a balanced approach, and based on thorough assessment of applicable risks. The circular concluded: In assessing whether to continue to provide banking services to an individual or entity designated under a unilateral sanction which does not create an obligation under Hong Kong law, boards and senior management of AIs should have particular regard to the treat customers fairly principles. The Securities & Futures Commission (‘SFC’) of Hong Kong stated it continues “monitoring closely the impact”2 of these recent developments, and highlighted the need to ensure the response applied by market intermediaries remains fair. For the large number of FIs in Hong Kong that fall within the definition of ‘US Persons’, or ‘Non-US Persons’, who otherwise have dealings involving a ‘US element’ (US financial system, US person or US-origin goods or technology), the available guidance makes things no more clear. Also, it should be noted, that potential sanctions exposure is not limited only to customer relationships. Rather, FI’s might undertake ‘significant transactions’ with other third parties such as suppliers, subcontractors etc., or counterparties in the context of episodic transactions. Sanctions risk management Recent events highlight the importance to FIs of:
Knowing their customers (and other third-party relationships, including suppliers and counterparties); and
Having a dynamic and flexible sanctions programme that is able to respond rapidly to changes in the risk environment.
Based on the experience of our experts in designing, implementing and managing sanctions programmes, FTI Consulting sets out below some areas FIs ought to consider in order effectively to assess and manage their potential and evolving sanctions risk exposure. List Management – Develop criteria against which an evolving list of individuals and entities with potential sanctions exposure (in addition to those individuals already designated) should be created. — Customer Portfolio Review – Undertake, if not already underway, a formal, risk-based review of the entire customer population, across all lines of business, prioritising the newly identified names on the list. — Network Analysis – Utilise technology, such as entity resolution and network analysis/analytics to bring together all customer relationship information and data, centralising it into a single view, mapping out the connections between relevant entities and resulting in a clear understanding of real-world relationships — Periodic Review – Perform an immediate periodic review on the evolving list of customers in relation to whom there is potential sanctions exposure. If not already classified as high risk and flagged for accelerated periodic review, these customers should be risk-adjusted and the decision to do so documented. — Relationship Strategy - Define and document scenario- based retention or exit strategies, for example, if a customer is designated, or is not officially designated but for some other reason poses potential reputational or sanctions risk based on the FI’s documented risk appetite. Amongst other things, FIs will need to consider relationship strategies in the context of: i) treating customers fairly; and ii) the types of product or service in question, for example, loan or investment products, etc. — Risk Decisions and Governance - Establish appropriate reputational or sanctions-specific risk committees and forums, where questions related to retention or exit decisions are assessed, determined and documented by senior management, as well as appropriately communicated. — Training & Communication - Ensure there is an appropriate internal and external communication strategy. Critically, all relevant staff should receive and acknowledge having received refreshed sanctions training. — Feedback Loop – Ensure the ownership for implementation of mitigating controls is clearly assigned, tracked and reported for completion. This may include actions ranging from sanctions or watchlist screening list updates; enterprise sanctions risk assessment update/adjustment; enhanced transaction monitoring; adjustments to customer risk ratings; frequency of periodic reviews; and appropriate customer-, account- or transaction-level restrictions. — Correspondent Banking - Initiate a review of correspondent banking relationships, particularly in context of the provision of US Dollar clearing services. FIs should also assess their contractual ability to access information on their customers’ customers. — Episodic Transactions/Deals – Undertake pre- transaction due diligence in the context of investment banking deals and capital markets transactions, focusing on counterparties and their senior management (i.e. Board of Directors, Chairman, CEO etc.), beneficial owners and any additional parties involved (e.g. intermediaries, advisors). — Suppliers – Review and, as appropriate, refresh any counterparty due diligence in relation to existing or contemplated third party relationships. How FTI Consulting can help FTI Consulting’s FCC offering provides comprehensive and customised services to meet each and every challenge facing FIs. We offer end-to-end anti-money laundering, economic sanctions and anti-bribery and corruption consulting services. The FCC practice is led, managed and staffed predominantly by FCC practitioners. Our senior professionals have designed, implemented and managed complex FCC programmes at “tier one” banks and other organisations, often under direct regulatory scrutiny. We are uniquely qualified to offer our clients, as a trusted advisor with deep subject matter expertise, practical, tailored FCC solutions. Our professionals have the expertise needed to accurately assess problems, understand clients’ and regulators’ requirements, and design the appropriate solutions. We blend our expertise and investigative experience with our specialised technology and data services to develop cost- effective solutions for our clients.
For further information, please contact:
Footnotes: 1 https://www.hkma.gov.hk/media/eng/doc/key-information/guidelines-and-circular/2020/20200808e1.pdf 2 https://www.sfc.hk/edistributionWeb/gateway/EN/news-and-announcements/news/doc?refNo=20PR70