In October 2024, the Financial Conduct Authority (FCA) imposed a staggering £29 million fine on Starling Bank for significant lapses in its financial sanctions screening processes. This landmark case serves as a critical reminder of the importance of robust sanctions compliance for financial institutions worldwide.
At ZIGRAM, we recognize the complexities and challenges associated with sanctions screening. As a leading provider of compliance solutions, we believe it’s essential to dissect this case to understand the pitfalls and reinforce best practices in sanctions compliance.
The FCA’s Increasing Focus On Sanctions Screening
Since 2022, the FCA has intensified its scrutiny of financial institutions’ sanctions compliance frameworks. The regulator’s thematic review outlined clear expectations, distinguishing between effective and inadequate sanctions programs. While a risk-based approach to sanctions screening is acceptable, the FCA has made it clear that this does not absolve firms from their fundamental compliance obligations. The Starling Bank fine underscores the FCA’s commitment to enforcing these standards. It highlights the regulator’s zero-tolerance policy for institutions that fail to meet their legal obligations, regardless of size or market position.
Key Findings And Failures In Starling’s Screening Processes
The FCA’s investigation into Starling Bank revealed several critical deficiencies
1. Partial Screening Of Sanctions Lists
Issue: Starling Bank limited its screening to a subset of the UK sanctions list, focusing only on individuals with known UK connections. Out of 3,088 individuals on the list, the bank screened against just 39. Between July 2022 and January 2023—a period marked by increased sanctions due to geopolitical tensions—the bank generated zero alerts. A subsequent rescreening in February 2023 produced 48,000 alerts and revealed that at least one designated person had opened an account.
Actionable Lesson: Financial institutions must screen against the entire sanctions list, not just a subset. Limiting screening parameters exposes institutions to significant risks. Implementing comprehensive screening mechanisms ensures that no sanctioned individuals slip through the cracks. Moreover, leveraging advanced technology can help minimize false positives without compromising on thoroughness.
2. Failure To Screen Against Non-UK Sanctions Lists
Issue: Despite processing transactions in US dollars, Starling Bank did not screen against non-UK sanctions lists, such as the Office of Foreign Assets Control (OFAC) list maintained by the U.S. Treasury. This oversight ignored the inherent exposure to U.S. sanctions that comes with dealing in USD.
Actionable Lesson: Institutions dealing with foreign currencies, especially the U.S. dollar, must incorporate non-UK sanctions lists into their screening processes. The extraterritorial reach of U.S. sanctions laws means that neglecting OFAC lists can have severe repercussions. A comprehensive approach to sanctions screening should include all relevant international lists.
3. Inadequate Documentation Of Risk-Based Decisions
Issue: Starling Bank acknowledged that it might have opened accounts for sanctioned individuals who moved to the UK after being listed. However, the bank failed to document the rationale behind these risk-based decisions.
Actionable Lesson:
Thorough documentation of all risk-based decisions is crucial. Firms must provide clear justifications for their actions, especially when deviating from standard procedures. Proper documentation not only aids internal governance but also provides transparency during regulatory reviews.
4. Gaps In Screening Frequency
Issue: The bank screened customers every 14 days, a frequency that might have been acceptable when the institution was smaller but became insufficient as it grew. Additionally, new customers were only screened after onboarding, meaning services were provided before sanctions checks were completed.
Actionable Lesson:
Implement real-time and continuous screening processes. As institutions expand, screening mechanisms must scale accordingly. Integrating sanctions screening into the onboarding process ensures that potential risks are identified before services are rendered.
5. Incomplete Sanctions Risk Assessment
Issue: Starling's sanctions risk assessment lacked depth and failed to consider high-risk factors such as crypto-related transactions and multi-currency accounts. This oversight resulted in senior management not fully understanding the bank's exposure to sanctions risks.
Actionable Lesson: Conduct comprehensive and dynamic risk assessments. Regularly updating risk profiles to include new products, services, and market developments is essential. Senior management should be fully informed to make strategic decisions that align with compliance obligations.
6. Weak Governance And Management Information
Issue: The FCA found deficiencies in Starling's governance structures, including:
• Lack of Management Information (MI) on alert volumes and trends.
• No second-line assurance reviews for sanctions screening.
• Absence of a formal methodology for testing and calibrating screening systems.
Actionable Lesson: Establish robust governance frameworks with clear oversight and accountability. Regular MI reporting, independent reviews, and system testing are vital components of an effective sanctions compliance program.
7. Reliance On Inadequate Screening Tools For Payments
Issue: Starling Bank used a tool designed for customer screening to screen payments, neglecting the unique requirements of payment screening, such as different data fields and indicators like IP addresses and geolocation data.
Actionable Lesson: Utilize specialized tools for different screening needs. Payment screening and customer screening serve different purposes and require tailored solutions. Implementing appropriate technology ensures that all aspects of transactions are scrutinized effectively.
ZIGRAM’s Commitment To Sanctions Screening Excellence
At ZIGRAM, we are dedicated to helping financial institutions navigate the complexities of sanctions compliance. Our PreScreening.io solution is designed to address the very challenges highlighted by the Starling Bank case.
•Comprehensive Coverage: Our platform screens against all major global sanctions lists, including OFAC, the UK, the EU, and others, ensuring no gaps in coverage.
•Real-Time Screening: We offer real-time, continuous screening, integrating seamlessly into onboarding and transaction processes.
•Advanced Technology: Leveraging AI and machine learning, our system reduces false positives while maintaining high accuracy.
•Risk Assessment Tools: We provide dynamic risk assessment capabilities that adapt to new products, services, and emerging threats.
•Robust Governance Features: Our solution includes comprehensive reporting and audit trails, facilitating better governance and oversight.
By partnering with ZIGRAM, institutions can enhance their sanctions compliance frameworks, mitigate risks, and focus on their core business operations with confidence.
Key Recommendations For Effective Sanctions Screening
Based on the lessons from the FCA’s fine on Starling Bank, we recommend the following best practices:
1. Screen Against All Relevant Sanctions Lists
Do not limit screening to domestic lists. Include all international sanctions lists relevant to your operations.
2. Integrate Screening Into Onboarding And Transactions
Implement screening processes at every critical touchpoint to ensure potential risks are identified promptly.
3. Document All Risk-Based Decisions
Maintain detailed records of any decisions that involve accepting higher risks, along with the rationale and approvals.
4. Enhance Screening Frequency
Move towards real-time or daily screening to keep up with rapidly changing sanctions lists.
5. Conduct Comprehensive Risk Assessments
Regularly update risk assessments to include new services, markets, and emerging threats.
6. Strengthen Governance And Oversight
Establish clear roles, responsibilities, and reporting structures for sanctions compliance.
7. Use Specialized Tools For Different Screening Needs
Employ appropriate technologies for customer screening, payment screening, and other specific requirements.
Conclusion
The FCA’s action against Starling Bank is a cautionary tale for all financial institutions. In an era of increasing regulatory scrutiny and evolving global risks, robust sanctions compliance is non-negotiable.
At ZIGRAM, we are committed to empowering organizations with the tools and expertise they need to stay ahead of compliance challenges. Our advanced solutions are designed to be flexible, scalable, and tailored to your specific needs.
Protect your institution from sanctions risks. Contact us today to learn how ZIGRAM can enhance your sanctions screening processes and help you achieve compliance excellence.
- #SanctionsCompliance
- #FCARegulations
- #AML
- #RiskManagement
- #FinancialCompliance
- #SanctionsScreening
- #OFACCompliance
- #UKRegulations
- #FCAFines
- #ComplianceRisk
- #BankingRegulations
- #RiskAssessment
- #StarlingBank
- Sanctions
- Compliance
- #PreScreening
- #ZIGRAM
16 Oct 2024
