On October 20th, the US Treasury’s Financial Crimes Enforcement Network (FinCEN) issued a stark warning to financial institutions “to be vigilant in identifying suspicious activity relating to financing Hamas.” The alert listed red flags, such as suspect customer transactions, geographic risk factors, and questionable nonprofit activity, among others that financial institutions could use to identify and report Hamas’s illegal financing efforts.
Two days before the FinCEN warning, the US Treasury’s Office of Foreign Asset Control (OFAC) published an advisory on Iran’s ballistic missile activities. The document laid out a series of techniques used by the Iranian government to evade international sanctions, identified sanctioned companies and individuals, and cataloged the materials and equipment Iran is seeking for its ballistic missile program.
For most finance professionals not working at financial institutions—or defense companies—the arcane world of terrorist financing and ballistic-missile building might seem a world removed from their everyday business.
However, to mitigate risk and ensure compliance, finance professionals of all stripes need to pay close attention to sanctions, terrorist financing, and anti-money laundering (AML) regulations, experts told CFO Brew.
“For any of us, doing any kind of business, we want to be alert because nobody wants to be helping terrorists,” said Annemarie McAvoy, CEO and founder of Clovis Quantum Solutions LLC, a consulting firm specializing in financial crimes issues and investigations, and a former federal prosecutor. “You want to be watching what’s going on and be aware.”
Deeper look. It’s not just Hamas and Iran under sanctions and AML warnings. The US government recently sanctioned Russian “elites” and Russian companies over the ongoing war in Ukraine, a Sudanese rebel leader, and Chinese military companies. And as sanctions evaders and money launderers become increasingly sophisticated, and the global supply chain becomes more complex, it can be easier for companies to inadvertently become entangled in illegal or prohibited activity.
The recent government warnings on AML and sanctions serve as a good opportunity for organizations to revisit their risk-management assessments and compliance policies. With CFOs dealing with a wide range of pressing problems—interest-rate uncertainty, war, talent struggles—it can be challenging to find the time and budget to pursue AML and sanctions risk. However, not facing the risk can be quite costly for organizations.
Where to start? First, you have to understand what your business does, and who it does business with, McAvoy told CFO Brew. Examine the business processes and customers to identify potential areas of the business at risk of running afoul of AML regulations and sanctions.
“Then you can figure out how you can then mitigate those risks,” she said. “And make sure that you have a strong compliance program to mitigate those risks.”
News built for finance pros
CFO Brew helps finance pros navigate their roles with insights into risk management, compliance, and strategy through our newsletter, virtual events, and digital guides.
And even if firms aren’t legally required to report suspicious activity, like financial institutions are, there is still a significant reputational risk for organizations if they are found to be contributing to terrorist financing or breaking sanctions, even inadvertently, according to Elizabeth Callan, AML, financial crime risk, and compliance expert with SymphonyAI Sensa-NetReveal, told CFO Brew.
“Again, it’s all based on your risk appetite,” she said. “Are they willing to potentially be exposed to that reputational risk—wittingly or unwittingly—potentially, by somehow facilitating some kind of business for these types of entities and individuals that the government is interested in?”
Show us the money. But compliance and risk mitigation isn’t free. Once a company starts to understand the risk environment, finance professionals should help recognize what the organization needs and match those needs to the company’s skills and budget, according to Eric Young, senior managing director at Guidepost Solutions, a global monitoring, compliance and investigative firm.
“Because CFOs are… keepers of the budget, they should acknowledge the importance of investing in compliance tools and resources,” he said. “Because the downside—which is an important point of noncompliance—is much greater than the cost to invest.”
There are options for smaller organizations, without the budget or manpower for comprehensive AML and sanctions risk mitigation policies and procedures, to keep costs down and manage the workload, according to McAvoy.
“Certainly a very good first step is to hire an outside consultant who can come in and take a look with fresh eyes at your program and determine whether it is workable or not,” she said. “They don’t have to do everything all at once. They can start out with just looking at a portion of their products or a portion of the type of business that they do, and then expand upon it.”
There are also technological solutions that finance departments can access, such as sanctions screening software that helps identify potentially risky partners and customers, or transaction monitoring software that flags suspicious financial activity, according to Callan.
No matter what tools organizations use, they need to do something to get ahead of potential risk because the bad actors and scams are getting more sophisticated and prevalent, according to McAvoy.
“There are so many things out there that I would say most companies will come across this,” she said. “Whether they catch it or not is another question.”