Video: The Convergence of Sanctions & Financial Crimes Compliance | Duration: 4036s | Summary: The Convergence of Sanctions & Financial Crimes Compliance | Chapters: Webinar Introduction (4.7999997s), Introducing the Panelists (88.450005s), Convergence of Compliance (333.045s), Sanctions and AML Convergence (550.06s), Sanctions Evasion Detection (1240.6799s), Industry Implementation Challenges (2149.815s), Holistic Compliance Approach (2350.8352s), Compliance Program Advice (3058.82s), Future of Sanctions (3392.4402s), Global Security Challenges (3460.1301s), Closing Remarks (3607.02s), Middle East Outlook (3671s)

Transcript for "The Convergence of Sanctions & Financial Crimes Compliance": Hi, everyone. Thank you for joining us for today's webinar. Today, we'll be discussing how sanctions and anti money laundering regimes have been converging and how financial crime risk management professionals can better understand this new landscape and manage regulatory risks. Today's webinar is hosted by the Institute for Financial Integrity, or IFI, which works to empower the professional community to protect the global financial system through cutting edge research, education, and training. It's very encouraging to see we have so many of you joining from all around the world, and we appreciate that you're all taking time out of your day to join us, and we hope you gain value from today's discussion. Before we begin, I'd like to cover a few housekeeping items. Please note today's webinar is being recorded. We'll be sure to share the link with you to revisit or share with colleagues after the event is complete. This webinar is close to the press and will follow the Chatham House rule, so you'll be allowed to share information discussed during the webinar, but neither the identity nor the affiliation of the speaker or participants may be revealed. We also encourage your comments and questions. You'll see a Q and A tab on screen in the console on the right hand side, So please feel free to submit your questions throughout the webinar for us to address collectively during today's session. After the conclusion of today's event, you'll receive a follow-up email, including the link to the webinar recording as well as other information for further reading, if you'd like. And I'd now like to introduce our panelists for today. First, we have Brian Grant. Brian is the global head of sanctions compliance and financial crimes compliance operations for MUFG Bank, which is the largest bank in Japan and the ninth largest bank in the world by total assets. At MUFG, he oversees sanctions compliance, financial crimes investigations, data analytics and governance, and offshore support functions. His prior industry experience includes positions at Citigroup and Ernst and Young. Before joining industry, Brian held a number of positions in the US Department of the Treasury, including compliance officer at OFAC, officer director in the Office of Intelligence and Analysis, Treasury Attache in Jordan, and Director of Global Affairs in the Office of Terrorism and Financial Intelligence. Next, we have Chip Ponce. Chip is the Global Head of Financial Integrity and a board member at K2 Integrity. He also serves on the board of Inclusive and Atomic forty seven, two financial security and technology companies dedicated to financial inclusion and is a senior advisor for the Foundation of Defensive Democracy's Center on Economic and Financial Power. Chip advises various financial institutions on financial crimes compliance and risk management remediation, transformation, and enhancement. Prior to K2 Integrity, Chip spent more than a decade as a senior advisor at the U. S. Department of the Treasury and was the inaugural director of the Office of Strategic Policy for Terrorist Financing and Financial Crimes. Chip also led The US delegation to the Financial Action Task Force or FADF, co chaired the policy working group of the FADF, and managed U. S. Participation in various G7, G8, and G20 illicit finance expert groups. Also joining us today is Lawrence Schiner. Lawrence currently serves as the Acting Deputy Director at the U. S. Department of Treasury's Office of Foreign Assets Control or OFAC. Since September 2019, he has been the associate director for enforcement, compliance, and analysis at OFAC, where he's overseen OFAC's enforcement, compliance, and private sector outreach programs. Mister Scheiner previously served as a senior advisor to the Treasury Department's Undersecretary for Terrorism and Financial Intelligence and before that as a director of the Office of Special Measures at the US Financial Crimes Enforcement Network. Mr. Scheinert also previously worked as a corporate and securities associate at the international law firm of White and Case LLP. Next, we have Brian O'Toole. Brian is the Global Head of Sanctions at Wells Fargo, where he oversees sanctions compliance and list based screening efforts across the enterprise. He's an expert on economic sanctions and foreign policy with experience across public and private sectors. Previously, O'Toole is a Senior Vice President and Director of Sanction, Screening, and Models at Truist Financial Corporation. O'Toole worked at the US Department of Treasury from 02/2009 to 2017. As Senior Advisor to the Director of OFAC, he helped manage the implementation of all OFAC administered economic and financial sanctions programs. Prior to joining OFAC, O'Toole served as an illicit finance analyst for both the Treasury Department's Office of Intelligence and Analysis and at the Central Intelligence Agency and was an anti corruption specialist in the forensic service practice at PwC. And last but not least, we have my colleague, Danny McGlynn. Danny is president and chief integrity officer of IFI. Danny works with the IFI team to provide training and resources to financial integrity professionals to help them meet high end regulatory expectations in the areas of anti money laundering, sanctions compliance, and other financial integrity topics. Prior to IFI, Danny was a senior managing director at K2 Integrity for nearly four years and also served more than twenty years with the US Treasury Department where he held a variety of positions including leading a team responsible for gathering and analyzing intelligence related to the Treasury's mission to safeguard the international financial system for abuse and to combat threats to U. S. National security. And Danny will be getting us started with today's discussion. So over to you, Danny. Thank you, Rama, for that wonderful introduction, and welcome to everyone. It's so great to be here with such, esteemed such an esteemed panel of, my former treasury colleagues and friends. So Brian and Brian and Chip and Lawrence, thank you so much for taking the time. I'm really looking forward to comparing notes and discussing this important issue on the convergence of financial crimes compliance and sanctions compliance. Our agenda, as you could see on the screen, will which will follow I'm gonna start by giving a really quick overview, and scene setter of today's topic, and then we'll get right into panel discussions, on the topics, that that you see there on the agenda. So the first first I asked, to put these two slides up, which I think are really telling on our topic today about the convergence of of of AML, and sanctions. As you can see here, this is what the landscape looked like when I first well, the year after I started my career at OFAC compliance. On the left there, you have a list of AML predicate crimes, and as you can see, there were very few sanctions programs that targeted that same illicit conduct. We had sort of a narcotics trafficking sanctions program that but, as part of the OFAC package that was really focused on Colombia. The terrorism program back then, it was pre 09/11, so focused on terrorists who threaten the Middle East peace process. But there was a a a UN AQ and Taliban sanctions program that I think started in 1999. And so fast forward to today, twenty five years later, and as you can see, we have US, EU, UK, and UN sanctions programs on almost all of these illicit activities, whether it's corruption, human rights violation, transnational organized crime, narcotics trafficking, WMD proliferation, and of course terrorism. And so you could see over time, this convergence of the targeting of of of this type of conduct by both AMLCFT regimes or AML regimes, and sanctions programs. And then we've got one more slide here just to back up the lens, Rama. The next slide, this kinda gives you a 50,000 foot level snapshot of of of what we think of when we look at AMLCFT regimes on the right, sanctions regimes on the left, and the convergence in the center. And so, if you look at the top right, AMLCFT regimes in general target, and combat financial crimes. You have your standard setters, the FATF, the Basel Committee, the Wolfsburg group, certain jurisdictional leaders, and they're all, most jurisdictions require implementation by FIs, DNFBPs, and BASPs. On the left, you've got sanctions regimes with their in general, mission objective to combat security threats. You see the standard centers there, and of course everyone's required to implement sanctions including financial institutions, DNFVPs, and BAS. And at the bottom represents what we see as some of the key convergence in the middle of both of these regimes. The bottom left, sort of the charts I just covered, the targeted actors that they have in common, but we added there and read sanctions evaders, which is which is a huge topic on on this, convergence landscape. And then they both have certain, common compliance pillars, common red flags, and certain preconditions that are necessary for the effectiveness of both types of regimes. And we'll get into all of this in today's, panel discussion. And we're gonna start that panel discussion with this quote from our former colleague, Liz Rosenberg, who led, who she was the assistant secretary for terrorist financing and financial crimes at Treasury, and prior to her departure for the private sector, this was, one of her remarks during one of her speeches. She said the two areas of highest priority for my office, sanctions to advance the foreign policy goals of The US and the strengthening of The US's own AMLCFT regime are deeply linked. And she went on to say that the continued siloing of AMLCFT and sanctions departments at some financial institutions could lead to financial institutions unwittingly or inadvertently processing payments involving designated entities. So with that as a jumping off point, I'll go to Brian. And, Brian, first, given your perspective as leaders at financial institutions on sanctions, and and financial crimes, what's your perspective on this? Do you do you agree with assistant secretary Rosenberg? And can you talk about what you've seen in the industry in terms of silos between AML, and sanctions teams? And more importantly, any progress made in breaking down those silos, and if that's been beneficial, to financial crime and sanctions compliance risk management efforts. Whichever Brian would like to start first. Danny, I'm I'm happy to jump in. I was having a little bit of, Internet connectivity connectivity, challenges, but hopefully, you all can hear me. So I would say, yes. I agree with, Liz's comment. And, you know, I would say that the convergence of sanctions and AMLCFT has always been there. It's only a question of the extent to which financial institutions, compliance programs, regulators recognize that convergence. It's always been a thing. The subjects of sanctions, typically aren't doing business in their own names, at least sort of after the path you know, after the designation. Bad guys are moving their money in the same way, whether they're a a a subject of IEPAS sanctions or UN sanctions or they're, a a a money laundering network. And so the way you identify this sort of illicit activity is fundamentally the same. I mean, there is, a a difference at a certain level between sanctions and AML in terms of the tools you use. But after the initial imposition of the sanctions where you would catch sanctionable activity through a screening filter, what you're seeing is, sanctions targets using the same tools that a money laundering network would would use. So the best way that you sort of get at this convergence is by parallel conversions of your own programs in a financial institution. Right? I think the best practice is to approach financial crimes holistically, and have your AML and sanctions programs leverage shared services when it comes to investigations, looking the way you look at financial crimes activity, having your investigative components, whether it's your FIU, your cross border investigations team, being a shared service that reaches out and provide service to your sanctions function, your AML function so that when you're doing investigations, you're looking across sort of the landscape. You're making sure that you're looking at sanctions targets. Also, this carries through to KYC as well. Right? It's not just an AML thing. You wanna be capturing information, from your customers about sanctions exposure, increasingly things like export control programs. So you wanna have, like, a holistic approach embedded at at every level in your program. But I'll I'll turn it over to you, Brian, and see what you think. Thanks, Brian. Yeah. I I I agree. I mean, I think the the way that I've always framed it is, you know, when the government is looking at solving a problem, they don't care that sanctions screening in financial institutions is typically thought as real time interdiction, and that AML is thought of as, post post settlement reviews of transaction and customer risk. They just wanna stop the activity. Right? And so I think we all have to make sure we have the a similar mindset and then figure out how to operationalize it. And as Brian was kind of getting at, you know, some of the ways you can do that at a financial institution or to make sure that you've got linkages between your more traditional AML teams and your sanctions teams that may not have had those those, you know, kind of governance and oversight routines together, historically. Right? Like, if you're going to file a SAR on a sanctions target, you probably ought to be talking to your head of sanctions, or the head of sanctions intel, depending on how you you kind of structured your team. If you are working on customer risk remediation, from a sanctions perspective, you should be talking to your financial crimes intelligence team. They'll typically live outside of the sanction space. And so those are the types of things that that I think are important to kind of get in place. And then, you know, it sounds a little trite, I think, from time to time, but, you know, like, committee structures and making sure you have the proper, like, governance models and routines, you know, getting together on a monthly basis to talk about emerging risks, right, whether it's in sanctions, anti money laundering, you're gonna find areas of overlap. And you're gonna find things that somebody's working on in one corner of your company that maybe you didn't know know about that you wanna you wanna harness and try to to research further to solve the problem. So, yeah, I mean, I think the the tools are very different in a lot of ways. And given all the model kind of components that go around the majority of these tools, it can be a little difficult sometimes to to try to play in sandboxes, especially with, you know, the amount of data that a really large financial institution has. But those are the, you know, those are the things you've gotta try to work through to get to that end goal of how do we protect the company from conducting transactions? The company doesn't wanna transact it. Right? You know, somewhat in parallel, but, you know, a little bit different than than what the government goals are, which are the the foreign policy goals. Banks have invested interest and and other financial institutions do as well and making sure that you know what you're actually doing, on behalf of your customers and and getting on for the things you don't wanna do. Yep. That's a great perspective and, some practical advice there. Thank you, Brian and Brian. Really, really useful. And I know, Chip, I know you you have a lot of experience in this area too working with different clients, both on the sanction screening and the transactions monitoring side. I don't know if you have anything to add, and then we'll segue into the next topic as well. Thanks, Danny. Can you hear me okay? Yes, sir. Perfect. Well, let me just start by saying thanks to you and to Rama and Lauren and the IFI for putting this together. It is, always great to reconnect with, the Treasury Mafia as as we call ourselves and, to be back with, with you and Brian and Brian and and Lawrence on, on a on a great topic and a very timely one. I I the only I would add, and great explanations from Brian and Brian on this, is from a conceptual perspective, you know, this convergence was this was the big takeaway from the lesson of nine eleven is that, from a threat perspective, from a vulnerability perspective, and from a a control or tool perspective, this convergence is absolutely necessary if we're gonna be effective in combating whether it's financial crime or threats to collective security or the integrity of of the financial system in protecting that. This convergence is essential. And so from a threat perspective, you know, your slides really break this down with the different predicate offenses to money laundering that are now subject to different types of sanctions programs. When you think about the target sets, drug trafficking, which is where AML really started, was the first targeted financial sanctions program by The United States. It continues to be a flagship program. And when we talk about the administration, which I think is gonna be hard not to talk about, in this call, it's difficult to go after drug trafficking organizations, whether in Mexico or coming through Mexico from fentanyl precursors out of China and not talk about, the convergence of AML and and and, and sanctions. When you think about, from a vulnerability perspective, it's difficult to imagine how you're gonna stop drug trafficking organizations if you're not gonna go after shell companies that are the number one way to launder money and the number one way to evade sanctions. And when you talk about, the tools and the controls that are that are essential to implementing this, you know, over the years, the evolution of sanctions has blurred so much with AML controls that sometimes it's hard to tell the difference. You guys all remember when we were together at Treasury, and we were first implementing section three eleven of The USA Patriot Act, and half the conversation with domestic and foreign audiences was, is this a sanction, or is this an AML? And it was kind of like a dessert topping floor wax conversation with, with Dan Aykroyd because it's both. Right? And and when you think about sectoral sanctions and the evolution of, the Russia sanctions program that has moved on to Venezuela and other applications, it's no longer, okay. We're not allowed to do this or we have to, if we see this, freeze it. It's if I see this, I have to do more due diligence and dig and determine whether I'm allowed to do this or do that, which starts to sound a lot more like an AML enhanced due diligence process. So, you know, the the convergence has been there conceptually by by by necessity for as long as we've been in this mission together, all of us on the call. It's just become more complicated and more apparent, as the mission has moved forward. So, it's a great way to think about it, with Brian and Brian's, experience, but I come back to threats, vulnerabilities, and tools and controls. You you can't do one without the other. Right. No. Great points. And, great segue. Speaking of of, section three eleven of the Patriot, I almost forgot that in in addition to everything else Lawrence has done in his career, he was also the head of special special measures at FinCEN. And, Lawrence, maybe with that I could I could turn it over to you to talk a little bit about from your perspective, and I know, you know, both from a sanctions and an AML perspective, what are the key elements of an effective sanctions compliance program? And how do you see those overlapping with the key pillars of an AML program that Chip just alluded to? Yeah. Great question. And, you know, just to pick up on on what Chip was talking about about the convergence being a necessity. I think it's also by, design. Right? I mean, there's good historical reason for the convergence. And I think as this group is uniquely positioned to know and, many of you were around in 02/2004 when FinCEN and OFAC began reporting to the same undersecretary for the new office of terrorism financial intelligence, which I think is is important context to understand that this was by design to combine not just AML and sanctions, but also private sector engagement, enforcement actions, intelligence analysis, foreign engagement, all of those things. The idea being to deploy these tools in complimentary ways where sanctions and AML tools really are mutually reinforcing where it's banks the success of sanctions programs is not just banks screening and blocking transactions. It's using their AML tools to, to identify risk and report that through suspicious activity reports that allows us to then identify, front companies and facilitators and intermediaries underlying sanctions of Asian networks, then we can then further our sanctions objectives by by disrupting. So very much agree with that premise, about the complimentary mutually reinforcing ways that sanctions and AML come together. Now with respect to, the overlap on an effective compliance program, the starting point for a sanctions compliance program, really goes back to the 2019 framework document where we make very clear that it has to be risk based. It's not one size fits all. But there are certain elements or pillars that we would expect to see in any effective sanctions compliance program. First is management commitment. Right? Ensuring that an organization has sufficient resources and authority and autonomy to promote a culture of compliance. The second is conducting a risk assessment to understand what your risks are. Make again, emphasizing it's not one size fits all. You have to look at the particular customer base, geographic location, product services offered, things like that. The third is internal controls so that the controls are then tailored to the specific risk, that you've identified for your institution. Fourth is testing and auditing to identify and correct weaknesses. And then the fifth, of course, is training, ensuring that that staff understand the obligations and not just compliance staff, but also the business line. And when you look at the sanctions, compliance pillars and then compare them to the AML program requirements, they're very similar. Right? A lot of the same themes and elements. And, fundamentally, an AML program requirement is designed to take a risk based approach to understand who your customers are, what their expected activity is so that you can identify and report risks. And that's effectively what's what is helpful from a sanctions perspective is when banks use those AML tools to to then identify sanctions of Asian networks, report that back, and allow to that positive feedback loop, where OFAC can then expand, network to understand it and provide more information to the private sector. We've issued some additional guidance over the years specific to certain scenarios that while they may be tailored to a particular issue like Russia, for example, or a certain industry, there are best practices that we include in there that we would encourage institutions to to look at. So for example, last year, we issued, guidance in the Russia context that I think is broadly applicable that talks about using open source information and past transactional activity to further inform due diligence efforts and do proactive investigations. So if we sanction somebody, of course, a blank a bank is gonna block transactions going forward, but a bank could also look at the past transactional activity for whoever we just sanctioned and see who else they were transacting with. Are they sharing common addresses with other companies that we haven't sanctioned? Right? That's the kind of of diligence that can be very helpful when banks do that using their AML tools to support sanctions objectives. So I'll pause there, Danny. Great. No. Thank you, Lawrence. Really, really helpful, and and and thanks for the reminder on the on the recent guidance. We'll definitely check that out, or folks should check that out if you haven't already. And, thanks for walking through the compliance pillars. And Chip, I wanted to turn it back to you for a second, to talk a little bit more, at even a broader level about sort of the common preconditions in addition to those pillars, to set up for an effective sanctions programs, also effective AMLCFT measures. Can you talk for a couple minutes about those? Yeah. Thanks, Dan. Of course. So we got about maybe forty minutes for this intervention. How how does this work? How about four? I'll try. Yeah. I'll try to keep it brief. It it's a great question. I mean, look, the common preconditions, I I think have been now pretty well codified in the global framework through the financial action task force and the, FAFSA regional bodies that globally cover every country in the world outside of Iran and North Korea and, and the IMF, the World Bank, the UN, the other global setters that you had on that slide. Now there's an institution institutionalization architecture very deliberately set up on starting in really the the criminalization of of money laundering in 1986 by by The US, the launch by the g seven of FATF in 1989, and then, you know, everything that's happened since then to continue to build an international framework of of basic rules and norms to combat what are global threats with global standards. And, the preconditions, I think, have to start there with a global approach because, if there's any lesson that, anyone who's been involved in this space, that they would take away is that, the folks who are worth chasing are the ones that, are operating cross border more often than not. You know, we've got a global economy, a global financial system, and, it's very clear that in that global economy and financial system, if you don't have a global approach, you're gonna have a very hard time being effective. I'm gonna pause for a second because there's things happening on my screen. Can you guys still hear me? Yep. We got you. Good. Cool. Okay. So so that's that's the starting point. It's a global framework. Moving from a global framework to what the substantive preconditions look like, I I think you have to start with the concepts of transparency and accountability. You know, what do those standards actually require, and and how are those standards then implemented into practice? They're they're fundamentally about achieving financial transparency across an evolving financial system and about demanding accountability in that financial system for producing information that can help competent authorities identify and address bad guys. Right? And then protecting the integrity of the system so that, it's harder, costly, or riskier, as we used to always say, for bad guys to do what they wanna do, and that the confidence of the market and legitimate economy continues to be maintained, against, the threats of corruption that ultimately really harm the legitimate economic interests of playing in the financial system, which is a problem that we see in different markets all the time. So, you know, conceptually, the the preconditions of transparency and accountability are are crucial. And then, you know, how this is done, at a practical level, there there's always a starting point of you have to have the right legal authorities. You have to have what we call technical compliance, laws, regulations, guidance that creates, consequences around expectations and performance to understand who's in your and whether understanding, customer due diligence and AML programs and sanctions programs and suspicious transaction reporting and record keeping and all the rest is now very well, established as preventive measures across the global regime and certainly in our own Bank Secrecy Act. And then you have to have what the world has moved towards in the last decade or so, effective implementation of that, which is a little bit different. And that's really talking about operationally, how do you give life to those expectations? And and and in doing that, trying to balance on the one hand, you know, a risk based approach around, spending of resources where you see risks that are greatest, and at the same time, establishing very clear floor, a floor of expectations to play in the financial system, as a financial institution and to, as a US person subject to sanctions, that are issued by US authorities or assistance of the EU. What are the expectations on you managing the rest of your business? Right? Those are the substantive challenges of operationalizing, a legal structure into, what might be an effective demonstration of compliance for, the private sector and an effective demonstration of implementation of global standards for countries around the world. Finally, I'll end with on the on the assumptions and the preconditions that often there is a, a tendency to overlook why we do it. Because as as you move forward with what I'm trying to describe, it should become pretty obvious pretty quickly if you're in this space, whether in the government or in the private sector. It gets pretty hard pretty fast. And so you end up having to take a step back and and and question, I think, constructively, why are we doing this? Not just are we doing this the right way, but do we need to do this, which is a question that we're gonna come back to, I think, probably about what's going on these days. And and the short answer is, because we've learned the hard way that if you don't do this, it's our our literally, our collective security is at stake. And so that doesn't mean that everybody needs to be doing everything all the time. But the why in this in this convergence question of AML sanctions has moved from, producing information that's useful for law enforcement to catch money launderers to convergence with national and collective security to have information available to intelligence services, to counterterrorism services, to a much more systemic approach of protecting the integrity of the financial system. Words that we all use all the time, right? But on 09/12/2001, no one had used those words. And the point is that the importance of this has grown with the complexity of the world that we live in, and the challenges that our, governments and our our competent authorities have in keeping us safe and in keeping markets, ones that we feel comfortable operating in. And to do that, we've gotta we've gotta implement what is a difficult task of of AML sanctions convergence. But if we don't remember the why, then it's hard it's hard to remember, it's it's hard to maintain the investments that are needed to be effective in in the mission. So I'll pause there. No. That's always great to have Chip reminding us of the why and the purpose of all this, and, thank you for for pointing that out. And, also, you know, you mentioned the increased importance and increased complexity, which kind of segues kind of into the next topic as we've seen over the few last few years, especially, in response to Russia's aggression in in in Ukraine and the resulting sanctions program, that has been put in place, around the world, which which I believe is is the most, in my mind, complex set of sanctions measures that I've ever seen. But also, the the closest that I've ever seen nations and agencies and public private sectors work together on something. And and the the the one key area I think that's all that's also seems to be at the center of convergence when I talk to both folks in the public and private sector is sanctions evasion. And there's been a real focus, on this topic over the last few years. There's been a lot of guidance issued by OFAC and by FinCEN and by BIS, so not just sanctions but on strategic trade controls or export controls, as well as non US Regulators in this space along with a slew of designations, and prosecutions targeting sanctions of Asian networks. So I wanna come back to to to the group to to to get the your take on this and how industry has responded. But I wanna start, with Lawrence again, talking about some of the red flags, that banks should be on the lookout for regarding sort of sanctions of Asian activities. Yeah. I think I think you make some excellent points about not just convergence between AML and sanctions, but also export controls over the last couple of years. I think that's an important piece of this too, as it all all gets folded in. And I think highlighting the the advisories and alerts we've issued over the past years is exactly right. OFAC has issued a bunch, but also FinCEN, I think, has issued, some very helpful guidance documents that gets specifically at red flags focused on sanctions evasion. And obviously, we work very closely with them on on those. But those types of documents highlight some specific red flags that I think are useful. If you take Iran, for example, if Vincen last year issued, an a very good advisory focused on Iran backed terrorist organizations like Hamas and Hezbollah, walks through how they raise and move funds, specific cases and and typologies. It includes some specific red flags like front companies disguised as general trading companies, with unclear business purposes, high risk jurisdictions, shared addresses with with other, suspicious, actors. And that build off that builds off, several additional guidance documents in the Iran space. In 2018, for example, FinCEN put out a very comprehensive document highlighting how Iran can access the international financial system, providing additional red flags and best practices, for financial institutions to look at. So I would definitely look at those documents as I think, as as you noted earlier, while specific to Iran, the general red flags for sanctions evasion are really very similar to sanctions evasion of any program and are very similar to the to just general money laundering red flags. It's no surprise that what you see as red flags for sanctions evasion are gonna be very similar to just general suspicious activity. Shell companies. Right? Payments going to third parties in the high risk jurisdictions. Unclear business purposes. So a lot of a lot of crossover there. And another thing that could be helpful is not just the advisories and alerts we've issued to financial institutions, while that's obviously the most overlap with between AML and sanctions. We've issued a series of advisories focused on shipping, for example, including some red flags there such as falsifying cargo and vessel documents, turning off the, the AIS responders, ship to ship transfers, changing vessel names, things like that. And while those could be specific for shipping, it's still helpful for financial institutions that may have exposure in that space to understand what some of those red flags are. One thing I would just note too is a lot of these advisories alerts are really informed by our engagement with the private sector. And, Danny, you mentioned this too about how that's a key piece of it. I think it is very much a key piece for to to highlight the importance of public private partnership here for us to hear from the private sector as to what red flags are useful, what are you seeing, what additional red flags should we be including in these advisories and alerts. That type of back and forth and feedback has been very, informative and instructive and helpful for us to put out these advisories and alerts. Awesome. No. That's, that's that's great to hear. And I know it's, in talking to to to Brian and Brian, they've they've they've both taken part in different public private partnerships and have been providing feedback, to to government on red flags. So speaking of Brian and Brian, I'd like to turn it back to to to you guys on how I mean, that that certainly, that's a lot. Right? I mean, what Lawrence just laid out is is incredibly helpful, but that's probably the tip of the iceberg in terms of the guidance that financial institutions are facing, in this area, especially on sanctions evasion. So was hoping that you you all could talk about how how industry has responded. Have you all changed your approach at all? Has it put additional stress on your AML systems and controls? Be interested in all that. Right? Maybe I'll go first this time, mister Grant. If that works. Thank you. Yeah. I think in in all honesty, I think the biggest problem that a lot of us face is is less around the identification of red flags and, like, the theories around them. Right? Like, it's more around how do you actually put it into practice in a repeatable manner. And I think that that ability to drive down how to do the risk mitigation work, or risk identification work is really difficult, especially at a very large financial institution. Right? Like, where I'm at, we have a quarter million employees or thereabouts across the globe. We've got all sorts of different lines of business, people doing different things on different platforms that all have to have connectivity. And so the the kind of command and control infrastructure you need, if you'll forgive the the military terminology, is is probably as important, if not more important, than what the actual red flags are. And and I think, you know, I I see that a lot in my kind of, like, day to day work. Right? I I don't honestly do as much work myself focused on, okay. Do we have the right red flags? Do we have additional ones that we need to worry about? More of what I focus on from from kind of running the program at at my institution is, well, how do we how do we push that out to the business? How do we execute consistently? How do we make sure that if we're doing it this way in this part of the company, we're doing it the same way in another part? Because when we get graded on this, right, by our regulators or by, by Lawrence and team, if if there is, you know, an enforcement kind of action, they're gonna look for that consistency of implementation. And so I think that's really the for me, in a lot of ways, the the bigger focus here is less on the kind of specific red flags, although they're important. I don't wanna diminish that at all. And more on how do you create systems that don't depend on individuals. Right? How do you how do you make sure that, you know, to a certain degree, like, being an OFAC expert isn't the barrier to entry to being able to combat this activity, identify it, mitigate it, take action against it. Right? You've gotta have those systems that are set up and repeatable so that you can push them across, you know, multitrillion dollar institutions. Yeah. I agree with everything that's been said. Lawrence's point that the sanctions evasion typologies that you'll see out there look very similar to the classic AML typologies and also Brian's point about the importance of program consistently and robustly applied across the global enterprise. Those two things are absolutely the case. You know, UCLA basketball coach John wouldn't, you know, famously would not scout opponents, of his basketball team, arguing that if you focus on the fundamentals of basketball, you can manage whatever whatever opponent comes your way. In that sort of same vein, I think that, what you really need to focus is less on the latest typology around the latest threat you're facing. In those threats, they change with administrations. Now we're looking at total elimination of cartels, perhaps more than Russia. But all of these threat actors share common approaches. Right? Bad guys are bad guys. They use shell companies. They're using lax or permissive jurisdictions that are perhaps geographically adjacent to, high risk geographies. They're using, you know, oftentimes, you're gonna see unusual or suspicious financial activity that doesn't fit the profile of of a customer that you have. So just sort of blocking and tackling of your program, consistently and robustly applying it across your enterprise in a way that will, sort of audit and examination proof your program. I think that's also key. But you have to maintain even as you focus on that on that that programmatic dimension, you've gotta maintain your your curiosity, your, your sort of investigative mindset. And that's where this convergence is holistic approach to financial crimes compliance. You gotta use the leverage, weaponize, go on offense, not merely defense. Right? Passively relying on t you know, transaction monitoring, scenarios or sanctions screening to detect to detect things. You gotta go out and look. Right? You gotta have your, you know, your global investigations units, complex investigations units proactively going out there and looking. You know, there are new things you can do too. Right? There are, a lot of when you look at export controls and sanctions evasion, There's some great vendors out there, Caron, for example, that are producing lists that you can use of, to feed in your filter to go out and and identify, bad guys. There's a lot there's sort of been a a revolution in open source information that's available. So there are NGOs and different groups that are putting just a wealth of information out there into the public public domain that that you can leverage as a financial institution to really sharpen the focus of your investigative inquiries. So there there are things you can do, but I I I that are novel, but it really does come back to the fundamentals. That's that's spoken like true former intelligence analysts, Brian and Brian Botha. That was, really interesting. And Brian throwing in the the the John Wooden quote as well. Fantastic, Chip. I'm gonna turn it over to you to react to that and see if you could top the John Wooden quote. Well, I thought I already did with Dan Aykroyd on on floor waxes or top. Well, that was pretty good. I was surprised you didn't meet that challenge. Maybe even that just dates me. I I I'm not really sure. No. Look. I mean, this is this is the dream team of, of, financial integrity as as as we call the mission now, with the convergence of sanctions, AML, CFT, ABC, WMDPF, and and maybe most recently export controls. And and I agree with everything that the dream team has said. I'll just say that, you know, our experience in the market, whether with governments or with, the private sector, has has reflected that if you are not converging around identifying and assessing risk and then managing it, you will not be effective from a risk mitigation perspective, and you will not be sustainable from a cost management perspective. It's just you you've gotta bring these these programs together in the ways that, you know, we were talking about earlier in in in the show. Maybe just one one, anecdote that might be helpful, and and I'm saying this in part, McLenn, because this is a huge, thank you and, shout out to to you and the IFI team for the work that you have done with, with the state department, the Department of Commerce, BIS, and with Treasury, to bring, training around the world to understand how to combat sanctions evasion and export control circumvention associated with what has been the number one collective security threat to open societies of the last, three years, which which has been Russia's invasion of a neighbor. That training program has brought, incredible knowledge to over 30 countries about how you put controls in place to detect risk associated with export control, circumvention, sanctions evasion, which ultimately relies on the transparency and accountability of AMLCFT regimes. And, you know, that's a groundbreaking program. I do hope it continues, notwithstanding whatever the headlines are today or yesterday, because it's really important both from a collective security perspective that, if we can't in a post World War two environment enforce the most important norm, which is that territorial integrity and respecting the boundaries of UN member states is rule number one of a global, order that allows the rest of us to to go about our lives without the concerns of a World War one or two, then we're in big trouble. So I I hope that program continues. And secondly, because it has brought incredible technical, I think, knowledge to to the market over how to make Convergence work at a practical level. So I just wanna thank you for that, and and I do think that's a great exhibit of everything that you're talking about is that program. Awesome. No. Thanks, Chip. That's definitely been, one of our proudest and most important programs is is all that work. And we've certainly learned a lot, from from each and every country and engagement that we've been on, as well. And, before we kinda wrap up, and and get some key takeaways, I'm gonna press you all. You've given so many so many great takeaways already. I'm gonna see if I could press each of you for one more piece of advice for the the the audience, and then we've got a couple questions that came in. But but but before we do that, I I was talking to Brian Grant earlier, a few weeks ago, and the question came in related to this. And Chip just mentioned the the export controls piece. And as as I think most people know, the BIS issued some guidance, specific to financial institutions that was very detailed, on on certain expectations, not just for USFIs, but for all financial institutions. And I know that's something, Brian, that that you've you all have been grappling with, and, maybe you could use this as your piece of advice, key takeaway for the group. But I was I was hoping you could speak for a minute, about your take on on on that guidance from a financial institution's perspective. Yeah. Well, I guess I would say that the the primary way to mitigate export control related risk is everything that we've talked about. It's that holistic financial crimes program. It's it's taking the red flags. It's taking some of this open source information that's out there and going and proactively looking, for, potential pockets of risk, channels of risk. It's, enhancing just, you know, your customer due diligence and the like. I don't think it is primarily or even really about screening BIS lists, which, you know, were not designed, for screening. And there's been a lot of conversation within industry there. And there's an opportunity cost, I think, to, you know, screening in real time, from a payments perspective, some of these BIS lists, where you don't necessarily have the the sort of information you have on an OFAC list to, to disposition and alert. Maybe you have a lot of parties that are in in prison and things like that not likely to be involved in real time payment screening. So, you know, this, sort of the flip side of the coin to risk is opportunity cost. Right? And I think policy maker makers, regulators, and then also, folks in a financial institution have have to consider consider opportunity cost. Right? So we are grappling as an industry with some of the guidance that gets, you know, very specific, around screening particular lists, and and sort of that more more to come on that. But I I really do think that the the best way from a public and a private perspective to to get after this risk is it's all the stuff that that that we've talked about. Awesome. No. Thanks thanks for that advice. And then so in terms of other key takeaways, Lawrence, maybe I'll turn to you, and let's think about sort of advice or key takeaways we give to to to the audience here related to this theme of convergence, but in the context is of how overall we as a community can be more effective in protecting the integrity of the financial system and advancing our collective security through targeted sanctions. So so, Lawrence, from the perspective of a regulator, what advice would you have for the group? Yeah. Sure. I would offer three things and some of them we've already talked about, but I think are worth emphasizing at the close. One is breaking down silos. Right? We talked about that within institutions. I think that's that's critical and and not just collaborating, but at least fostering a greater understanding within different units at all levels about what all the different units do, I think could be helpful in identifying and mitigating risks. So I think that was an important point. A second is innovating, with compliance solutions. Right? We know that there's some in the private sector that are experimenting with new or novel ways to identify and mitigate sanctions evasion or sanctions risk. And we wanna encourage that. And we're certainly aware there's challenges associated with that, but that's an area that that we wanna hear from, private sector to to work with them on that. And then lastly, goes back to a point that Chip was talking about earlier, which is why are we doing what we're doing? I think it is very easy to get lost in the minutiae of of technical sanctions compliance, which can get very technical very quickly. But why are we issuing these sanctions in the first place? I think that's important for for all of us, in government and also private sector to remember. Right? It's to advance certain national security or foreign policy priorities. We're seeking to prevent terrorist organizations or rogue regimes like Iran and North Korea from accessing and using the international financial system to to engage in activities that threaten our national security. And the success of any sanctions program really depends on implementation by the private sector. That's where the rubber meets the road. When a bank blocks assets of a sanction actor or prevents them from engaging in certain activities, that's where they feel the pain. And so I think it's really important, obviously to to to maintain that public private partnership, but also for all of us to keep that in mind and so that doesn't get lost. Really great points, Lars. Thank you. And, maybe Brian O'Toole, just from the perspective of somebody who's helping to lead, sanctions programs at a at a major US financial institution, do you have any advice maybe for other compliance managers out there? Yeah. I mean, I think it falls a little bit on what Brian Grant was talking about with the export controls compliance. Don't wing it. Come up with a framework. Understand what your risk is, how you're gonna respond to issues. Right? Like, you may be looking at a you know, to the point about not having the information as an institution, you may be looking at a payment and some customer says, oh, yeah. That's the AR 99. How are you supposed to challenge that? Like, do you believe your customer? Do you need to exit your customer? Right? You know, there are all sorts of really horrible questions like that that you can look at the facts, and maybe they're clear in one circumstance and they're easy. But in in, you know, 85% of these, it's gonna be a massive gray area, and you may not have the information to make a decision. So how do you structure your program to consistently make decisions that mitigate and manage risk for your institution, in light of those those constraints? And so I think, you know, coming up with the program, coming up with a rubric for handling these things, and writing it writing the damn thing down. Right? Like, you know, I think we talked about it on the prep call. If it's not written down, you didn't do it. So, you know, I think I think that's the thing that I would kind of leave you all with is making sure that you've got a program you can execute against consistently. Because if you don't have a consistent execution, you're just gonna you're gonna run yourselves into trouble with your customers, with your regulators, and everybody you're dealing with. Makes total sense. Oh, thank you, Brian. And then last, Chip, you've been at this for a long time. You've been dedicated to this mission sort of based on all yours your years of experience. What advice maybe maybe you could tell your advice to some of the I'm sure we have other people on the call who are who are maybe, just getting started in their careers or mid career. You have any, thoughts related to Convergence and and things that that advice you would have to give us to some of our newer folks? Jenny, thank you. And and as everybody knows, you know, the clock is always the enemy when you get a group like this together because this is something we could talk about for a long time. I would say in a phrase, make financial integrity work for you. What does that mean? Our firm and certainly when we were in government altogether, we have spent plenty of time and we have plenty of of of clients and partners and mission oriented work to help governments, meet global standards, prepare for mutual evaluations, and and, address strategic deficiencies and all the rest. We have plenty of of partnerships with clients that are working through mediations, enforcement actions, or meeting new requirements, and and those are necessary. But making AML, CFT, sanctions, convergence, financial integrity work for you is a little bit different. It means if you're a government, don't think about how do I get great scores on an exFATF assessment. Think about what are the things that keep me up at night as a government that keep my society in a position of risk, and how can I use the financial integrity regime of AMLCFT convergence with sanctions to address those risks in ways that make us safer? That's how a government needs to think of this. And all too often, you know, we've all seen it, including The United States. You know, when we were managing this, it was we we thought that all the time, but we also wanted to make sure that, you know, like everyone else, we scored well on all of our tests. But don't get too focused on the test. Remember, this is supposed to work for you. In the private sector, it is often seen as a cost of doing business. Right? I I would flip it around. And the most exciting partnerships we have with clients in the market are ones where because they are committed to and investing in their financial integrity programs and this convergence, they are staying in, they're entering, and they are growing in new markets where others cannot compete because they can manage risk that others can't even identify. So if you wanna be in emerging markets where risk return is always the question for a business, well, if you want the return, you gotta handle the risk. These programs are designed, or they should be, to allow businesses to compete in places they otherwise couldn't because they can show that they can identify, assess, and manage risk in ways that keep them responsible, but at the same time allow them to compete in some tough places. And, and and you guys know our our firm is in some tough places, but we're growing markets the right way, not at the cost or expense of compromising financial integrity, but precisely by running towards it and attracting everything from foreign direct investment to correspondent banking relationships to cross border trade to lending and more sophisticated financial services precisely because these programs are creating an ecosystem where markets can feel more comfortable competing, investing, and ultimately growing. That that's making AMLCFT work for you. That's making Convergence work for you. And that's probably, I think, the most important message or or or lesson I've learned in in my in my time is that this this is supposed to work for us. I love it. I love it. Make financial integrity work for you. How do I make financial integrity work for you? We do have we do have just a couple minutes left, and I'm gonna try to synthesize a couple of questions that we got in and open it up. I know, Chip, you'll have thoughts on this. Others feel free to to chime in too. But we we got a lot of questions about the outlook for the future of AFL CFT and sanctions under the new US administration, and in particular we have people asking, about the FTO designation of the cartels, and the implications of that. Will do we expect to get more information, to the private sector that will be helpful? Chip, others, your views on those questions. Maybe just a quick lead off Danny because I know everybody's got thoughts on this. There are gonna be lots of, I think, technical and really important questions about things like secondary sanctions attached to SDGTs, not DTOs, and what does that mean for exposure to Mexico, etcetera. Those are really important. I'm going to back the lens way up and just simply say this administration, like any administration, needs to set priorities over where they want to focus, national security, collective security, foreign policy, economic growth initiatives, and they absolutely should do that, as with anyone. The concern I have is making sure that, as in any administration, but particularly given, you know, some of what, I've been reading the last few weeks, is that it's really hard to pick and choose parts of the convergence and say, I just wanna do this, and I don't need to do that. This was the lesson, frankly, that we had to learn after nineeleven. You can't say, I just want to stop al Qaeda, but I don't really feel like doing AML. Because it turns out it's hard to identify and freeze assets of al Qaeda if you don't know who's in your bank or who's in your financial system. So it's hard to understand whether you're dealing with a sanctioned actor if you don't understand the ownership of the companies that you are banking or that you are servicing. So on the one hand, I look at the administration looking to take a more aggressive stance on Iran, on Hamas, on Hezbollah, I love it because that's obviously been a focus of our of our collective security for a long time. On the other hand, if we're not gonna enforce things like the Corporate Transparency Act or AMLA twenty twenty, the first way that any sanctions evader, terrorist organization, rogue state, drug trafficking organization, all of which are parties with this administration as I understand it, the first way they're gonna try and avoid detection is to go get a US company and not tell us who they are. So it's just a good example of just making sure that as as the administration moves forward, what they wanna do, which I fully support, with respect to priorities around terrorist organizations, rogue regimes, drug trafficking organizations, fentanyl, that they're gonna have to do blocking and tackling in order to allow the private sector to identify and address these risks in ways that really are effective. And, you know, it's a learning curve in every administration. I'm just hoping that as this administration takes root, it remembers that you can't really do one without the other on the convergence side, and then on the foreign policy side, remembering that in a global threat environment, you need to take a global approach. It's just that simple. And we've learned that the hard way too. It's it's hard to attack these threats, these concerns on your own. So I hope that's helpful, and obviously, just wanna take the moment to say thank you again for inviting me to be a part of a great discussion. Looking forward to seeing IFI on the circuit and and, getting the Treasury Mafia together for a more casual get, get together after after the panel. Thank you. Awesome. Thank you, Chip, and thank you to others. I see a red, button on my screen which suggests that Ramos tell me that we should close out here. Is that right, Ram? Yeah. I will I'll just do a quick outro and if we if we wanna do some more questions with Chip if he has the time, just for the sake of time to let everyone go. But thank you all, Brian, Chip, Lawrence, other Brian and Danny for sharing your insights with us today, and thank you again to everyone for joining us. Like Chip said earlier, we can keep this conversation going for a long time, but we hope you gained value from today's discussion. I know you can hang back a little bit for, to answer a few more questions. But if you do have a hard stop, please expect a follow-up email that'll include access to recording of today's discussion, and we hope to see you again soon. And thank you again for your time, everyone. Thanks, everyone. Thanks, Rama. Thanks, everyone. Bye. Chip, we have another minute with you? I'm happy to take it if any if anyone's interested, but I appreciate, you guys, letting me hang out a little bit. We so we we had, just, I guess, a couple things. One, I know is an area that that that you know and love, and that's The Middle East. We had a number of, attendees, from The Middle Middle East and a number of questions about the evolving sanctions landscape, in The Middle East, especially with shifting policies, on Russia and the reintensification of sanctions on Iran, and how financial institutions should update or adapt their compliance frameworks to balance regulatory expectations and with geopolitical uncertainties. Yeah. It's a great question and combination of issues. Right? I think I think my first takeaway is that if you are doing business in The Middle East, it is it is a big place and it is a deeply diverse place. Right? So sometimes, that's easy to forget if if you are if you grew up the way I did, which is, you know, you're just sort of American kid, doing your American stuff, and it's you know, The Middle East is over there, and and this is kinda what happens in The Middle East. The reality is it's a deeply diverse place, and there are a lot of exciting, important, things going on. And then there are some really scary things that are going on. So, if you're in The Middle East, it's important to know where and and what your what what your interests are is is where I would start. And then with respect to, the the risks in the region, you know, obviously, everybody's looking at what has been, just a a a a really scary picture, since, October of of twenty twenty three, with respect to, the, the security of Israel, the future of of the Palestinians, the stability of Lebanon, the arc through Syria to Iran, and the implications for a country like Iraq. You know, that's a crescent that is incredibly important, to the people who live there first and foremost and to, a global economy that continues to run trade and, in commodities to and through and from, that region. It's a really important part of the world and there's been a lot of shakeup. And so scary stuff happening with, the war and, with Israel and, Hamas, and, scary stuff happening with, the continued support by Iran for, proxies in the region that have destabilized, neighboring countries, but also some exciting developments. So you think about what's happening in Syria. You know, just amazing. And, Rama, you know, I had this conversation in Jordan, I think it was last month, but, you know, how fabulous that, that you're able to to reconnect with with, with with where you're from and get and just get get together with old family, and a new dawn for for for Syria. And and there's a lot that has to go right as we've talked about, but but tremendous opportunity. You think about Iraq and what and what, what Iraq has been doing to strengthen its financial integrity. We've been doing a lot of work there. They they have a tremendous amount to be proud of, over the last few years that we've been, assisting, that market, embrace and strengthen its financial integrity. You know, a really exciting place with 48,000,000 people that, that wanna grow. Right? That's, that's an exciting picture. When you think about, what's happening in Lebanon, you know, an incredible moment, where, hopefully, Lebanon's new government can stabilize, the the the country in a way that returns it to its, its sort of historical, prominence as whether you wanna call it the Paris or the Switzerland Of The Levant. You know, I'll take either one. But, you know, just a beautiful place, beautiful people that has not had the stability to really, return to, the kind of the kind of country that that it once was, and and that is a new dawn there as well. So really interesting stuff. If you wanna be in those markets, right, in in that region, then you really have to be committed to the financial integrity programs of Convergence because, those are the opportunities. Syria, Lebanon, Iraq, in a dangerous neighborhood, which means you've really gotta take take to heart, not just, the the what the what financial integrity means, but how you do that, how you can demonstrate effectiveness in order to grow business and and protect, the welfare of of those markets, in a in a dangerous neighborhood. When you go to The Gulf, you know, completely different picture. You know, The Gulf has been growing like a weed and a lot of exciting opportunities, growing out of The Gulf and then from The Gulf, you know, across across the region. And so I do think location matters, but whether you're in The Gulf, whether you're in The Levant, whether you're in The Ark, it is a place where you have to be committed to financial integrity, I think to to grow the business in ways to take advantage of these opportunities. And the last thing I'll say is that that will not be done alone by, a country, by, a sector. It is going to require a multilateral approach. It's going to require a public private partnership. Oh, I think we lost Chip. Rama, can you still hear me? I think we have storms passing by that might have gotten Chip, but, I think he was just closing out by talking about the, importance of public private partnerships and everything else that is financial integrity. And so thank you Chip. I'm not sure if you could hear me. We lost you at the very, last few seconds. And, I think we can close out now, Rama. That's right. Thank you everyone so much for your time. Thank you for joining us. Thank you, Chip. Thank you, everyone. It's great to be with you. Okay. Bye bye.