Steps to Manage Sanctions Compliance Risk for Existing Customers

C

When an existing customer changes its business scope and starts dealing with new jurisdictions, the bank needs to take steps to manage sanctions compliance risk. These steps would typically include the following:

A. Perform a politically exposed persons and negative media screening: The bank should first conduct a review of the customer's new business scope and jurisdictions to determine if any new risks have arisen. This should include performing a screening for Politically Exposed Persons (PEPs) and negative media. This will help the bank identify any potential reputational, regulatory or financial risks associated with the customer and its activities.

B. Conduct further sanction screening on the customer's directors and ultimate beneficial owners: In addition to screening for PEPs and negative media, the bank should also conduct a sanction screening on the customer's directors and ultimate beneficial owners (UBOs). This is important because the directors and UBOs of a customer can significantly influence the business operations and strategies, and therefore may be involved in sanctions-related activities.

C. Deploy an independent risk-based test to ensure the screening on this customer is effective: To ensure the screening processes implemented are effective, the bank should deploy an independent risk-based test on the customer's new business scope and jurisdictions. The test should cover all aspects of the customer's relationship with the bank and evaluate the effectiveness of the bank's compliance program, including the screening processes.

D. Collect further customer reference data and determine what must be screened and at which frequency: Finally, the bank should collect further customer reference data to determine which activities or transactions the customer may be involved in, and at what frequency these should be screened. This data could include information on the customer's business partners, customers, and suppliers, as well as transactional data. Based on this information, the bank can determine the level of risk and frequency of screening required for the customer.

In summary, the bank needs to perform a thorough risk assessment and screen the customer, its directors and UBOs, as well as deploy an independent risk-based test to ensure the screening processes implemented are effective. The bank should also collect further customer reference data to determine what must be screened and at which frequency.