French bank Société Générale expects to pay penalties of nearly $1.3 billion to settle allegations of breaching U.S.sanctions. It made dollar transfers on behalf of entities based in countries which were subject to U.S.sanctions. The fine is just the latest evidence of the heavy cost of sanctions violations and the reason that regulators increasingly recommend ongoing risk monitoring as part of a robust compliance process.

A monster fine

Société Générale expects the settlement will be completed “within the coming weeks”. The investigation into its transfers of money on behalf of entities based in sanctioned countries has involved the U.S. Treasury, federal and New York state attorneys’ offices, the Federal Reserve and the New York Department of Financial Services. It will be one of the largest ever fines for a U.S. Sanctions violation. In comparison, the U.S. Office of Foreign Assets Control (OFAC) issued 16 companies with penalties amounting to $120 million in 2017. But Societe Generale’s penalty will be short of the record payment made by the French bank BNP Paribas in 2014. It agreed to pay $9 billion to settle allegations of breaking U.S. sanctions against trade with Sudan, Iran and Cuba.

Financial services at risk

As the large fines for Société Générale and BNP Paribas show, the banking and financial services industries face a heightened risk of sanctions violations. This is because firms need to check a wide range of customer information against long lists of sanctioned individuals and organisations. Société Générale has 31 million customers in 67 countries, so the bank must ensure none of these customers are dealing with sanctioned entities or operating in sanctioned jurisdictions. The risk to companies has been further heightened because regulators around the world are proving more willing to enforce sanctions regimes.

Financial services firms appear to be giving more attention to Sanctions Compliance, in part because of cautionary tales like the BNP Paribas fine. The Economist Intelligence Unit surveyed 388 executives in the sector and found that 63 percent have invested more time, money and personnel in sanctions compliance in the last three years. But many firms are still not doing enough to manage the risk of sanctions. 45 percent of C-Suite executives worry the industry is not sufficiently aware of the implication of sanctions compliance requirements, and only 44 percent of companies said they have a clear, well-defined sanctions policy. The fate of Société Générale should show these companies that failure to change their approach to sanctions compliance will result in financial, legal and reputational damage.

Not just financial services

But financial services firms are not alone in facing a risk from sanctions. In fact, 11 of the 16 penalties and settlements levied by OFAC in 2017 involved companies outside of banking and financial services. Last year’s biggest fine was paid by Chinese telecommunications firm ZTE. It was found to have bought U.S. components, used them in its equipment, then evaded U.S. embargoes by illegally shipping this equipment to Iran. It also shipped equipment to North Korea, which is also a sanctioned jurisdiction. ZTE has since paid more than $1 billion in fines, replaced its board and embedded a compliance team selected by the U.S..

What should companies do?

With increased compliance focus on companies in all industries, it is crucial that they implement a robust framework to screen, monitor and protect against costly sanctions violations. Because sanctions laws change frequently, all internal procedures and controls need to be regularly assessed to identify potential gaps. In such a dynamic environment, companies need tools to automate screening processes for in-the moment insights that are unavailable with slower, manual processes.

A recent white paper from LexisNexis identifies the best practices for sanctions compliance, and breaks down the latest changes in global sanctions policy. It includes a sanctions risk assessment checklist which companies can use to assess their sanctions compliance programs. It also recommends ten steps companies should take to support sanctions compliance, including a riskbased sanctions screening process and independent auditing. Download the white paper, “Better Safe than Sorry: The Case for Building a Robust Sanctions Compliance Program.”

Next steps

1. Learn how our due diligence and risk monitoring solutions help you spot sanctions risk sooner.
2. Share this post with your colleagues on LinkedIn to keep the conversation going.