Governments may impose sanctions on countries and individuals in order to punish violations of international law including human rights offences and financial crimes like money laundering and the financing of terrorism. In the maritime shipping industry, international sanctions are a particularly important consideration: ships regularly travel to different countries, carrying a variety of cargos and often visiting ports in high risk jurisdictions. Accordingly, global regulatory focus on shipping sanctions has increased recently as governments and international organizations move to address illegal activities originating in countries such as Iran, Syria, and North Korea.
In May 2020, the United States’ Office of Foreign Assets Control (OFAC), working in conjunction with the United States Coast Guard, released a new Sanctions Advisory for the Maritime Industry. Expanding on previous advisories, the publication detailed current and emerging trends in illicit activity and sanctions evasion in the shipping industry, with recommendations for how to comply with the relevant compliance regulations. The OFAC advisory was followed by the UK’s Maritime Guidance document, released by the Office of Financial Sanctions Implementation (OFSI), which set out similar advice and recommendations for the shipping industry.
Sanctions violations in the shipping industry can result in significant compliance penalties, including fines and prison sentences. Accordingly, firms operating within the industry should understand maritime sanctions AML/CFT risk and how to comply with their regulatory obligations.
Maritime shipping requires vessels to move cargo through a series of handlers and global jurisdictions. The complexity of that process affords criminals the possibility of concealing their identities, altering or disguising shipping information or exploiting administrative disparities between countries, in order to evade sanctions and AML/CFT measures. Firms that are new to, or unfamiliar with, the technical and logistical conventions of maritime shipping may miss certain risk factors specific to the industry such as ship-to-ship (STS) transfers of cargo, or manipulation of transponder-based Automatic Identification Systems (AIS) that are to track vessels’ movements.
Adding to the compliance challenge is the fluidity of roles and responsibilities within the maritime community. In addition to scrutinizing vessels, parties that shipping firms must factor into their AML/CFT sanctions screening programs include:
- Vessel captains
- Port authorities
- Maritime insurance companies
- Industry associations
- Crewing companies
- Flag registry managers
- Traders and suppliers
Those roles may be defined differently between jurisdictions or shift their function over time, making it more difficult to apply the appropriate sanctions screening and AML checks to the names and entities involved in a transaction. Accordingly, firms must work to understand how each role functions as part of their specific shipping arrangement and how that should affect their AML response.
Effective screening in the shipping industry should be built on robust know-your-customer (KYC) measures. That process includes conducting due diligence on the vessels and persons involved in a business relationship in order to acquire identifying information that can be checked against the relevant sanctions lists. Where due diligence suggests a greater AML risk, firms should implement enhanced due diligence (EDD) and subject vessels to a greater degree of scrutiny.
Firms must understand what kind of identifying information is needed for their maritime sanctions compliance process. This includes:
- The shipping transportation route
- The location in which a vessel is flagged
- The origin and destination of goods being shipped
- Reasonable assurance that sanctioned persons will not benefit from the shipped goods
- Access to end-user certification
- Whether the shipped goods are dual use
The nature of the maritime industry means that some due diligence information will be difficult or even impossible to obtain but firms should aim to build as detailed a compliance picture as possible.
Under Financial Action Task Force (FATF) recommendations, firms must take a risk-based approach to AML/CFT compliance, deploying AML measures proportionate to the level of risk that they face. In a shipping and sanctions compliance context, this means that firms must conduct risk assessments of the vessels and entities with which they are engaged: while there is no one-size fits all model for maritime risk assessment, key considerations are as follows:
- Firms should develop and conduct their assessments in a manner that suits the potential risks they face in the shipping industry.
- Risk assessments should be conducted with appropriate frequency to account for changing levels of risk.
- Firms should leverage all available information for their risk assessments and use that information to inform ongoing due diligence throughout the business relationship.
- Risk assessments should be used to assign risk ratings to customers and customer groups or account relationships. Higher risk customers should be subject to enhanced due diligence measures. Some jurisdictions offer metrics by which to assign risk ratings, such as the OFAC risk matrices.
- Risk assessments should include mergers and acquisitions.
- Risk assessment methodologies should be updated appropriately when deficiencies are identified or when customers are found to have committed a regulatory violation.
Companies should ensure they have the resources and AML/CFT infrastructure to meet their sanctions obligations. Certain best practices can help increase the accuracy of shipping industry due diligence and, by extension, the effectiveness of the sanctions screening process. These include:
Know your customer’s customer: The shipping industry is made up of supply chains involving multiple trading partners. With that in mind, it is prudent for shipping firms to practice know your customer’s customer (KYCC), which extends information gathering and due diligence obligations to the connections that their customers have with third parties. The scope of KYCC in the shipping industry may be limited for logistical reasons or by domestic privacy legislation: firms should work to establish what kind of KYCC information they need to gather (given the risk profile of their customers) and the feasibility of doing so.
Grey lists: Firms should seek to inform their due diligence process with publicly available grey lists which list vessels that have been associated with sanctions violations but not deemed to be in direct violation. Grey lists may be issued by governmental or non-governmental parties, and function to help firms assess potential business relationships against their risk appetites and CDD capabilities. Grey lists can have a significant reputational impact so firms should ensure that the lists they use are maintained with up to date information drawn from reliable sources.
Automatic identification system: AIS history should form an important part of a firm’s due diligence process since it tracks a given vessel’s global location and movements and tends to remain active throughout a journey. Accordingly, firms should base their risk assessments on AIS information and be alert to any historic incidents of potential data manipulation. While there are legitimate scenarios where AIS may need to be turned off (for example interference with internal systems, weather conditions, and other safety reasons), other instances may indicate an attempt to avoid KYC scrutiny.
Suspicion-based reporting: Firms must be familiar with a range of common deceptive shipping practices that could indicate attempts to evade regulatory measures. Such practices include AIS manipulation, hoisting ‘false flags’, and ‘flag hopping’, and firms should set a threshold of suspicion at which they submit a report to the relevant authority. In order to complete a suspicious activity report (SAR) appropriately, firms should understand who to report to and what information to include. OFAC’s recently-released advisory guidance includes a number of agencies to which firms may be able to submit SARs: ultimately, it is a firm’s responsibility to report to the correct authority or authorities.
To provide effective AML/CFT risk compliance, e-payment providers should implement a suitable automated, intelligent transaction monitoring for AML systems to analyse customer and transaction data and identify red flag activities. Automated AML data solutions not only identify risks before they become threats, but they also reduce the risk of human error and deliver ongoing compliance by adapting to global watchlist databases and legislation.
On an administrative level, e-payment providers must be proactive in ensuring they meet all licensing and registration requirements that apply to them. By adapting to regulations and implementing policies to fit under the new normal of payments, e-payment platforms can reduce the threat and potential damage of digital money laundering.