Sanctions Compliance Programmes: Where Do I Begin?

The saying “you can never be too careful” has never been more applicable than it is currently for those with regulatory exposure in maritime trade and its associated supply chains. 

In May 2020, U.S. regulators released an advisory aimed at the wider maritime industry, making it clear that all entities across the maritime sector and related supply chains must significantly improve their compliance programmes to avoid breaching U.S. sanctions.

Just two months later, in July 2020, the UK’s Office of Financial Sanctions Implementation (OFSI) released a guidance document focussing on financial sanctions guidance for those operating within the maritime shipping sector.

OFSI quickly following suit, with an advisory for the maritime industry, is no coincidence. Now more than ever before, those involved in the maritime industry need to adhere to the compliance expectations outlined by leading global regulators and, should they choose to ignore them, there will be a steep price to pay. 

Who needs to demonstrate best efforts in compliance?

Gone are the days when financial institutions were the only entities being scrutinised to ensure regulatory compliance. The recent OFAC and OFSI guidance comprehensively expands the regulatory focus, placing firmly in the sights of international regulators all maritime industry stakeholders including; 

• Maritime insurance companies  
• Flag registry managers 
• Port state control authorities
• Shipping industry associations 
• Regional and global commodity trading, supplier, and brokering companies
• Financial institutions
• Ship owners, operators and bunker providers
• Classification societies 

Sanctions Compliance Checklist

Ensuring regulatory compliance is a gargantuan task, however regulators have provided guidance to assist companies in ensuring that they have robust measures in place. 

In the case of an investigation, following guidance issued by regulators such as OFAC’s Framework for Compliance Commitments, regulators will favourably consider the existence of an effective SCP at the time of an apparent violation. For the company under investigation, this means a potential positive impact on both the form of resolution and the severity of the penalty.

Moreover, a company adhering to a SCP based on guidance issued by regulators, particularly OFAC, may stand a lower chance of becoming involved in an OFAC violation. 

We are going to take a look at some of the main actions companies should be taking following the release of the recent advisories. This list is not exhaustive.

1. Define internal risk parameters

Clearly defined risk parameters are essential to ensure that staff understand what underpins the SCP that they are following. This should include defining the minimum controls standards to prevent a sanctions violation, as well as thorough and continuous research to determine which countries your business engages with. 

OFAC stresses the importance of taking a risk based approach when designing or updating an SCP, with a key element being the conducting of routine “risk assessments” in order to identify potential OFAC issues that the organisation in question is likely to encounter. Such risks can arise both internally and externally, by clients, products, services, and supply chain, among many others. 

As a part of defining internal risk parameters, a clear understanding of what constitutes an appropriate time frame for conducting due-diligence is also essential. As a rule of thumb, the sooner, the better, in order to minimise regulatory exposure. 

2. Ensure management commitment & staff training

The commitment by senior management to support an organisation’s risk-based SCP is one of the most important factors in determining its success. Using a top-down approach is essential when fostering a culture of compliance within an organisation and when ensuring that the appropriate resources, authority, and autonomy have been granted to effectively deploy its SCP program. A training program should be provided to all appropriate employees on a regular basis and should generally provide job-specific knowledge, communicate each employee’s sanctions compliance responsibilities, and hold employees accountable for sanctions compliance training through assessments.

3. Understand who & what you need to look at

With 90% of world trade travelling by sea, we all rely on the smooth running of the maritime industry for stability, security, and business continuity. But, with such a large amount of related transactions happening daily to support the maritime industry and its supporting supply chains, there is a lot to look at.

Let’s start with the main methods employed to breach sanctions in the maritime world.

Illicit & suspicious shipping practices

• STS transfers: A ship-to-ship transfer is the movement of cargo from one ship to another while at sea, rather than in port. While the majority of STS transfers are perfectly legal, they can also be used to conceal the origin or destination of the transferred cargo.
• AIS transmissions: Vessels conducting illicit ship-to-ship transfers will typically disable AIS to evade detection. Alternatively, vessels manipulate the data transmitted via AIS to conceal a vessel’s next port of call or other information regarding its voyage. 
• False documentation: Complete and accurate shipping documentation is necessary to ensure that all those associated with a transaction understand the parties, goods, and vessels involved in a given shipment. Documents, such as bills of lading and certificates of origin, can be falsified to conceal what is being shipped and shipment origin.
• Financial system abuse: Bank accounts are often established with the primary purpose of engaging in and concealing illicit activities. These can be used as fronts to conduct transactions in violation of sanctions and facilitate illicit shipping practices. Bad actors also often set up complex corporate ownership and management structures to hide the ultimate beneficiary.
• Concealment: Those seeking to evade sanctions will often employ tactics that physically conceal illicit cargo onboard a vessel.

Understanding the limitations of AIS

AIS is an internationally accepted maritime safety and navigation-related system that transmits, at a minimum, a vessel’s identification and select navigational and positional data, via very high frequency radio waves.

It was originally introduced to improve maritime safety by enabling a vessel’s captain to see nearby ships, primarily in heavily congested ports and waterways, using terrestrial based land receivers.

AIS equipment automatically broadcasts VHF radio wave signals, including details of the vessel name, MMSI number, time, latitude, longitude, speed, direction, and course of the vessel. 

Given that AIS is a self reporting system, it can be open to manipulation. 

AIS transponders can be switched off on-board a vessel in a method known as “going dark”. On occasion, transponders may also lack detail on next ports of call and destination, which is manually input by the captain or master of the vessel. Moreover, no AIS service provider can offer an uninterrupted reporting system, as Satellite AIS may suffer from message collection and latency limitations. 

MMSI numbers and spoofing

MMSI numbers are issued to vessels by flag administrations upon registration. Unlike vessel IMO numbers, MMSI numbers are not unique. 

The MMSI number is the method used to identify AIS signals transmitted by a vessel and, in some cases, the swapping of these numbers noted in the report have been used to falsify a vessel's location.

4) Use multiple sources of high quality data for better visibility of ship movement

As regulators crack down on the practice of AIS position disablement and manipulation, a critical need to ensure persistent ship tracking and transparency, along with dark ship detection, has developed.

Essentially, a dark ship is one that has stopped reporting, however this usually refers to AIS transmissions. The recurring problem of ships “going dark” is, more often than not, efficiently and effectively managed through persistent tracking using multi-source GPS data transmitted over secure satellite communications, such as Inmarsat and Iridium, in combination with AIS. 

It is an approach that specialist technology service providers, like Pole Star, have successfully implemented within numerous tier one banks, dominant flags, and major shipping companies that have been screening and tracking their fleets for twenty years or more, to comply with UN Security Council and International Maritime Organisation regulations.

PurpleTRAC is the only single point service that can provide maritime and ship-centric sanctions and risk screening, supported by our unique ‘hybrid’ persistent tracking capability.

5) Active monitoring

Continually rescreening entities on a regularly scheduled basis, or in light of any changes, is essential to pick up on new red flags that arise. It is important to remember that circumstances evolve and your risk exposure will fluctuate - being proactive and keeping on top of this is necessary. For example, ownership of a vessel can change mid-journey. If ownership changes to a sanctioned entity during your transaction and you don’t notice due to not rescreening the vessel, then you are at risk of being sanctioned.

6) Ensure that you have a tamper-proof audit-trail

As regulators crack down on sanctions regulation breaches, we have begun to see a renewed focus on ensuring the use of tamper-proof systems and processes to demonstrate best efforts in compliance. As discussed earlier, having detailed and accurate reports of compliance actions can work in your favour should you encounter yourself in a situation where you are being investigated.

7) Technology is there to help you, so make use of it

The most common types of deceptive shipping practices don’t always look the same, and with the enormous amount of transactions occurring every hour, compounded by an estimated new regulatory change every 7-12 minutes in the financial sectors, ensure compliance can be like looking for a needle in a haystack. 

This is where technology comes in. Technology will continue to evolve and play an increasingly important role in keeping institutions on the right side of regulators, and while regulatory technologies will never replace human beings, they can and will become pivotal in supporting them in a constantly changing world. 

PurpleTRAC

PurpleTRAC is our award-winning revolutionary regulatory technology system for institutions with sanctions and risk management exposures in maritime trade, enabling users to screen and track vessels and their associated ownership and management in seconds, by entering only the vessel’s name or IMO number. Within 30 seconds, PurpleTRAC screens for the following:

• Ship Global Sanctions List: Screens a vessel’s IMO number against our comprehensive sanctions database
• Company Global Sanctions List: Screens a vessel’s ownership and management against our comprehensive list of sanctions, denied parties, and enforcement actions lists
• Country Sanctions List: Screens a vessel’s flag, its ownership and management, and countries of registration, domicile, and control
• Ship Movement History Check: Screens a vessel’s historic movements and trading patterns 
• Port State Control Check: Screens a vessel’s entire port state control inspection history

Further in line with this advisory, PurpleTRAC now has a new extension:  Bill of Lading Verification (BLV), which will allow customers to significantly extend their documentary fraud risk and compliance investigations by verifying bills of lading in real time. 

PurpleTRAC is also used by flag administrations, and can be operated alongside our Maritime Domain Awareness solution for full visibility of your maritime domain.

Get in touch with us now at sales@polestarglobal.com to learn more about how we can assist you in staying on the right side of regulators in light of this new guidance.