Increasing Automation in Screening for Sanctioned Parties
The war in Ukraine required companies to think fast to find solutions for business continuity and to minimize business disruption by replacing or diversifying their current service providers, suppliers, and vendors that have Russia, Belarus, or Ukraine ties. It also forced them to re-examine and determine the adequacy of measures they have in place to vet the third parties they have been and will be using.
Employees and companies needed to capture information that had never been a priority. For example, how many third parties do we have with ties to Russia? What does their ownership structure look like? Can we still work with these companies? New requirements meant new data sets to interact with. Tackling this problem requires the use of intelligent and efficient systems and platforms that provide numerous customization options.
We can minimize risks related to third parties by screening a third party comprehensively. There are systems and platforms which can detect the risk, preferably before work begins, and allow the business to understand what mitigations are required. This means that a former best practice is now even more important – conducting a careful review of upcoming business relationships, especially where an international component is present, and vetting the relevant parties, even when we have worked with them before.
Due to the sheer volume of these screening requests and to minimize the manual level of effort, there are five main considerations in choosing the platform:
• How easily can your platform capture requests, enter information about third parties, run various levels of screening and collate third parties and related data in a single source.
• How flexibly can the platform adapt to changes in adjudication standards.
• How easily can the platform integrate with other systems in the business
• How many gaps exist between the platform and the compliance requirements
• How much can the process be automated and how much manual input will it require
Your platform should optimally have the capacity to register third parties working with the company, and the ability to perform screening evaluations of varying intensities with automatic flagging of potential and actual risks. The platform should ideally include a central document collation platform where Procurement or Ethics and Compliance can receive and send out documents during the vetting process to everyone involved.
Employees and companies needed to capture information that had never been a priority
The flexibility of the chosen platform matters. When Russia invaded Ukraine and sanctions on Russian entities expanded, it became even more critical to find out who the Ultimate Beneficial Owners were of the related third parties in the organization’s ecosystem. The platform should have the capability to record the ownership of a third-party with percentages and names. It is immensely beneficial if the same platform can generate details of the third-party’s subsidiaries and branches, and also dynamically flag sanctioned countries, sanctioned persons, and unusual or state ownership.
User adoption is improved when these platforms are integrated with the company’s existing business platforms to the maximum extent. The best-case scenario in choosing a platform is that it is intuitive to the users because it conforms or connects to the company’s existing systems. Effectiveness is maximized when the provider understands the company’s use of the platform and provides excellent technical support when errors surface or customization is needed.
Working out gaps in the platforms and the processes is a symbiotic effort between Information Technology, Procurement, and the platform provider. Well-defined, updated compliance policies regarding the due diligence of providers should ideally give clarity regarding essential features of the platform and evaluate costs for the ‘nice to have’ features.
The process for screening the third party can be automated and in a best-case scenario, intelligent platforms can make an initial call about risk level. The adjudication process will inevitably need manual work to develop and update criteria, look through uncertain or ambiguous results, make judgment calls regarding particular diligence findings, and recommend suitable risk mitigations.
In summary, the key takeaways when it comes to third party screening and system capabilities are:
• Expect to adapt fast to various geo-political situations, from minor to severe.
• Plan for rapid screening of third parties in response to those situations.
• Proactively consider deploying flexible, intelligent platforms that can be a single tool for data capture, data production, review, vetting, and (ideally) data visualization.
• For effective implementation, require tight integration of the Information Technology and Procurement functions as well as the underlying ethics and compliance requirements.