The financial industry has always been subject to regulations, and therefore, has always had to have systems in place to mitigate risk. Recent advisories from the U.S. and U.K. have set a new standard of expectations and increased the maritime sanctions risk financial institutions are exposed to.
The expectations outlined by the OFAC and OFSI advisories forced financial institutions connected to maritime to rethink the way they use manual and automated risk management controls. Ultimately, changing perspective and viewing technology as an enabler can optimize operations and make risk management more efficient.
To discuss the role of technology along the customer journey to mitigate risk and balance the regulatory implications on the financial industry, Windward joined forces with the Association of Certified Sanctions Specialist (ACSS) to host a webinar for banking and finance professionals to share and demonstrate best practices.
Maritime compliance post – OFAC
The OFAC advisory shook the maritime industry and signaled a shift in the U.S.’s approach to maritime risk. The document detailed deceptive practices and sanction evasion tactics used by countries such as Iran, North Korea, and Syria and specified how deceptive shipping practices are commonly used, such as changing ship names and ownership structures.
Bethany Milton, Danske Bank’s Sanctions Compliance Officer, and former U.S. Foreign Service Officer asked participants how their company has changed their approach to maritime sanctions since the 2020 OFAC Advisory on deceptive shipping practices went into effect, and the result was surprising.
The majority of participants, over 34%, did not think the sanctions were relevant to them. Only 9% of participants were in the process of changing their approach.
Association of Certified Sanctions Specialist (ACSS) webinar moderator Natasha Bright reminded participants that everyone in the shipping ecosystem, no matter how remote, is “on the hook” when it comes to sanctions. The advisories impact all aspects connected to maritime and place the responsibility and consequences in a broader net.
According to the advisory, organizations’ accountability for sanctions violations is measured by the preventive steps, policies, and processes implemented to mitigate them. In the event that two companies are found violating sanctions in the exact same way, we can expect differing fines and punitive measures based on the comprehensiveness of their compliance programs. In layman’s terms, if one company has a comprehensive CDD policy and process, and the other only does simple list matching, they will not be judged in the same light.
Managing sanctions from a banking perspective
To understand the risk a financial institution is exposed to, organizations must evaluate the entire customer lifecycle and onboarding process, including CDD cycle and screening processes, and build the proper controls and policies to assess the risk in any customer or transaction and how they will react if a problem arises must be taken into consideration. This requires institutions to have a combination of controls, or “consequence management,” to assess how they will react if a problem arises.
Banks require in-depth due diligence and risk management solutions to evaluate the impact events will have on their risk exposure level and effectively manage them in real-time. Because of the vast amount of information involved and the impossibility for human resources to manage it all, financial institutions must rely on technology to mitigate risk and abide by advisories.
Andrew Fierman, Head of Sanctions Americas at Barclays and former V.P. at Societe Generale, discussed the importance of developing the guidance, training, and policies internally to identify risks and mitigate their impact as best as possible. Fierman emphasized the significance of understanding contextual information about vessel behavior and the ability of technology to help determine risk level exposure and optimize internal processes.
The maritime industry’s unique lifecycle requires specific maritime sanction controls to meet advisory requirements and mitigate risk. Almost half (49%) of the webinar participants said they have dedicated maritime controls in place. These maritime compliance controls should be viewed as different layers of the risk management framework, ultimately reducing the likelihood of risk materializing.
Financial institutions need to combine manual and automated controls to manage risk and meet the new standard of expectations effectively. This will enable optimization of technological solutions with human experts monitoring, influencing, or modifying the process when needed.
Bridging the gap between manual and automated controls
Relying solely on manual controls will leave an opening for human error and cannot be built into processes. Automated controls, on the other hand, can be built into due-diligence processes and can be calibrated based on performance, risk appetite, and changes in regulations. The most effective way to mitigate and manage risk is by having a balanced multimodal approach that uses human expertise to serve as the base and leverage technological capabilities.
Yael Regev, Sales Director at Windward emphasized that organizations need customizable controls that can be adapted based on their unique risk appetite and organizational structure. This is a critical element to consider when examining potential technological partners and establishing risk management controls.
The most important thing to take from the new advisories is the fact that they require shifting from static data to insights; Organizations that have ties to the maritime ecosystem must examine how ships and the legal entities behind them actually behave, and this is something a rule-based algorithm cannot do.
The dynamic nature of maritime and sophistication of deceptive shipping practices require a new level of technological tools with customization capabilities that will effectively help organizations reduce false positives, optimize operations and mitigate risk based on their unique risk appetite.
A need for data redundancy
The global commercial fleet includes over 100K ships that make over 7 million port calls a year. Between port calls, over 400 million containers carrying 11 billion tons of cargo are transferred, creating 1.2 million STS meetings. This results in vast quantities of data that need to be sorted through and validated and then put into context to provide decision-ready insights.
Connecting the dots in order to identify deceptive behavior among the sea of data manually is like finding a needle in a haystack. Yet, with redundancy tools in place, it is possible to quickly and accurately pinpoint behavioral anomalies. These anomalies are contextually irrelevant unless advanced artificial intelligence (A.I.) is integrated.
With AIS, for example, Windward relies on six unique data vendors to validate AIS data and make sure the insight yielded by the system is accurate. However, as noted by Yael, knowing if the data is accurate is not enough – what organizations need today is context. Windward can provide context by examining and analyzing historical data, behavioral data, ownership information, and more, creating a complete picture of risk.
Yael showcased this by referencing the case of the MV Karar; Last year, the service vessel MV Karar deviated from its regular area of operation for the first time in eight years. This was a behavioral anomaly that was able to be identified thanks to the redundancy Windward has built into the system. Soon after the deviation, the MV Karar was intercepted with over 4 tons of cocaine. An organization that had triggers in place for abnormal behavior could have recognized the risk the vessel posed and avoided engagement even before it was found to be violating sanctions.
Maritime intelligence solutions, backed by advanced A.I., enable organizations to look at the knowns and unknowns, thereby helping them mitigate not only todays’ risks but also tomorrow’s.
The cost of false positives
One of the main issues organizations have with risk management is the prevalence of costly false positives. Without A.I. solutions in place, compliance teams will have to sort through 12.5% of false positives manually – a task that is costly, time-consuming, and ineffective. When looking at this from a portfolio perspective, the numbers become too large to handle.
Therefore, a hybrid approach to risk management that uses human expertise with A.I. and data redundancy is the best way to build an effective and scalable maritime compliance solution. Thinking of these controls as a decision support platform will help organizations know how to manage risk with their particular risk appetite in mind.
The case studies presented by Louis Vargas, Principal Sanctions Compliance Officer from Danske Bank, further strengthened the need to incorporate advanced A.I. into a compliance solution suite. Using the previously sanctioned Voyager 1 as an example and the Windward system to dive deep into data, Louis showed that the Voyager was still flagged high risk. Even though it was delisted, the management company changed its policies to abide by U.S. advisories. However, diving deeper into why the vessel was still high risk revealed that many vessels within the company’s fleet engaged in Dark Activity and were voyaging in questionable areas.
Without technology and A.I., it would be difficult to identify the anomalies and predict the risk the vessels posed. However, with the right tools in place, financial institutions can make decisions that suit their risk appetite.
As the global fleet continues to grow in size, sifting through the data and understanding the true risk vessels pose will become harder. If an institution’s reliance on AI-backed technology increases, its ability to reduce false positives and overall risk will increase, creating safer transactions for all.