A

Welcome back to FinTech Insider. I'm Kate Moody and today we're diving into a trend that's quietly reshaping global finance sanctions. Here's a question people in the know are asking. Are we actually seeing a slowdown in sanctions? And if that wasn't already on your radar, it should be. Today we're going to unpack exactly why. According to LexisNexis Risk Solutions latest sanctions Pulse report, the first half of 2025 saw a 40% drop in new sanctions designations. The steepest slowdown in three years after a non stop flurry of updates since 2022. But here's the twist. Fewer new entries don't necessarily mean compliance got easier. Delistings, modifications and regional divergences are still keeping fintech compliance teams on their toes. And enforcement, it's still moving at full speed with Fin the Office of Foreign assets control topping $238 million already this year. So what does all of this really mean for fintechs? Should we be worried? Can compliance teams breathe a little? Or is this just a temporary lull before the next wave of regulatory pressure hits? And how can fintechs leverage automation, AI and real time data to stay ahead in an increasingly complex landscape? In partnership with LexisNexis Risk Solutions, we're unpacking these questions with an expert panel to separate perception from reality and help fintechs navigate the risks and opportun opportunities that come with a quieter sanctions cycle. So let's dive in. Firstly, we have someone who is very familiar with Alexis Nexus Risk Solutions and the work that they do. It's a big welcome to Katharina Prenic, Head of Regulation and Policy economic crime at LexisNexis Risk Solutions. Welcome to the show. Katerina, can you tell us a bit more about your role and in particular, what exactly is a sanction? Maybe for listeners that haven't come across this topic before.

B

Hello everyone and thanks for having me. Kate, it's great to be here today with you. James and Emil on quite excited to talk about the topic. As you said, I'm head of Regulation and policy at LexisNexis Risk Solutions. In my role I focus on understanding the evolving regulatory landscape around financial crime. And that goes for anything from sanctions to anti money laundering to fraud prevention. And a big part of my work actually involves translating complex regulatory changes into actionable intelligence for our clients, which includes banks, fintechs, other financial institutions globally. Really. So to answer your question about about the sanctions and what they actually are, maybe just a little bit of intro to Help start the conversation and introduce sanctions to the audience. Now, assuming everybody would understand them, they can be quite complex. We can tell that sanctions are essentially restrictive measures imposed by the governments or international bodies like United nations to achieve specific foreign policy and security objectives. They're basically a tool for economic diplomacy. They sit somewhere between the diplomatic pressure and military intervention. And in practical terms, sanctions typically come in different forms, such as, for example, asset freeze, where you must freeze the funds and economic resources of designated individuals or entities. This means that if someone is on a sanction list and tries to open a bank account or conduct a transaction through your institution, you must block it. Then another one would be trade restrictions, for example, which prohibit or restrict the import or export of certain goods or to a specific country or involving certain parties. There is a travel ban, though those are less relevant for financial institutions. And sectorial sanctions which target specific industries or sectors of an economy like energy or defense for financial services firms. Sanctions compliance in practical terms would mean you would need to screen every customer transaction, business relationship against this list to ensure that you're not facilitating sanction activity. And this is an optional, by the way. Breaching sanctions can result in severe penalties, reputational damage and even criminal prosecution. And what makes this particularly challenging right now is the sheer volume and volume and complexity behind it. And we'll talk about this in more detail, I'm sure, because we're going to go through the report, but definitely good timing to dive into the topic.

A

Awesome. Well, yeah, thank you so much. I mean, firstly, great intro to yourself and to the topic as well, so looking forward to pick your brains as we go through, so thank you. Joining Catalina, we also have James Dodsworth, senior manager for Financial crime at Thistle Initiatives. Welcome to the show, James. Again, I'm sure you're very familiar with this topic as well over at Thistle, so great to have you on the show. But would you mind telling our listeners a bit more about you and what you've been up to in this space recently? Please, yeah.

C

Hi, Kate, thanks. Thanks for inviting me back again. It's good to be here. So, yes, I'm James Finisher at Thistle Initiatives. We're a regulatory compliance consultancy. I lead on sanctions and fraud work with fintechs, banks and other financial services firms. It's definitely been an interesting period over the past few months in relation to sanctions. There's a number of firms out there, seen some regulatory scrutiny of their sanctions programs. A lot happening there. We've also been performing some interesting independent testing of screening tools as well, which is always an interesting Exercise when firms get the results of someone coming in and actually looking at their screening programs. So yeah, really excited to be here. Really interesting topic. Good to have a chat with everyone here.

A

Fantastic. We are, thank you very much for joining us. And another fantastic addition to our lineup is Emil Dow, principal consultant head of sanctions at Fintrail. Big welcome to the show for you as well. Emil, please could you introduce yourself and your role at Fintrail for listeners, please.

D

Thanks very much. It's great to be here.

B

Yeah.

D

Fintrail is a financial crime compliance consultancy. We work with firms across the uk, Europe and beyond. I lead many of the sections projects that we do with our clients, whether that's assurance and testing of the systems and controls they already have in place or helping firms navigate kind of the regulatory requirements and build out screening programs from scratch.

A

Awesome. Well, yeah, as I'm sure listeners can tell, three awesome experts who can help us unpick this complex but very important topic. So let's dive in. Katerina, you very kindly kind of gave us an initial intro to sanctions. As you introduce yourself, could you maybe explain a bit more about why these are so important impactful within financial services? Like why should people working in this space be really keeping an eye on this topic?

B

Yeah, absolutely. I think it's a crucial topic really because it's got a significant impact on the market, on the financial institutions. Why sanctions matter so much for financial services. Because banks and fintechs are essentially the gatekeepers of the global financial system if you like. If the sanction individual or entity can access financial services, they can move money, they can conduct fraud, operation evade justice or continue harmful activities. So governments rely heavily on financial institutions to enforce sanctions policy. And getting this wrong isn't just a compliance issue. It's a matter of national security and international stability. And to go to your questions about not only why it matters, but why are we seeing probably this slowdown? If you look into the report that we are going to talk about today, we're seeing a significant moderation in sanction activity and the number is quite stark, I would say. In the first half of 2025 we recorded 113 list updates across the four major regulators, the UN, EU, OFAC and OFSEA. That's 23% decrease compared to 146 updates for the first half of 2024. More notably we saw 1397 net designation added in the first half of 2025. That's 40% drop from the 2,340 net additions we saw in the same period last year. So to put this into context, this is the steepest slowdown we've seen in three years since Russia's invasion of Ukraine in 2022. Sanctions lists have been growing and growing and it was in unprecedented pace. We've seen more than one update per business data. At some point the volumes were rentless, quite concerning for the companies that had to conduct the screening and conduct the due diligence behind this. But now for the first time since that period began, we are seeing the pace ease significantly. The data shows that this isn't just a minor fluctuation, it's a meaningful slowdown. But we can dive into the reasons actually and look into why is it so. We still see that Russia related sanctions dominate. Russia accounted for 92% of the EU additions and 106% of OFAC additions in the first half of 2025. So yes, that's over 100% for OFAC because they have also sanctioned enable third country supporting Russian invasion. We are also seeing some significant delistings like Syria. It's a perfect example. Following the regime change we saw 518 delisting sanctions were substantially eased. This is quite unprecedented in scale. At the same time we're seeing intensified targeting in specific areas. For instance, the focus on shadow fleet vessels. These are ships helping sanctioned countries evade restrictions resulted in 629 vessel designations across different agencies. So when you ask if this is a short term pause or long term trend, I think the Honor sensor would be. It's complicated and we'll probably dive into that in a little bit more detail. I'll let others comment as well.

A

Yeah, absolutely. James, what was your take on these findings from the report?

C

I think this is a really interesting report. I think when we think about sanctions designations obviously in the past few years, all we can think about is the sheer numbers as Katerina alluded to sorrowfully going back from the Russian Ukrainian conflict and just the unprecedented numbers of designations that were placed over the past number of years. So maybe in some respects a slowdown in that area was going to be coming at some point. And as Katrina's already pointed out as well, when we think about the change in government material as well, that's an opportunity to remove destinations there and hopefully open up that economy as well. So whilst the numbers are quite stark, I think it's also it reflects the current sort of social political environment which of course could change at any minute. As we know we're still seeing designations coming out in the past few weeks from the uk, EU and the US against rosneft and other oil producing Russian firms as well. So it's an ongoing balance. I think it's a really interesting insight as to showing the slowdown maybe in the scale, but the importance doesn't go away. I think that's the main thing. The risk still prevalent for everyone.

A

Yeah. And Emil, from your perspective in compliance, how real do these numbers feel on the ground? Is this playing out in terms of the conversations you're having with people working in the industry?

D

Yeah, I mean, just to add to what James and Katharine have already pointed out, kind of the move away from the unprecedented levels, I would also add to that and say that it's also within the context of a U.S. administration that has largely not been targeting Russia in a meaningful way for most of this year, until about last week when we saw some designations come out against Russia. I think that has also added to that drop in designations. Generally. It's moving towards kind of maintenance packages, so maintaining existing measures, designating kind of evasion networks, operating out of third countries, or extending kind of partial bands to become full bands, or kind of closing some of the loopholes that have been present in previous iterations of existing sanctions packages. So I think it's more about maintenance, which for me produces just as many challenges for the private sector, because actually it's not just about screening against new additions to the list, but actually thinking quite creatively around sanctions of Asian typologies. And that's kind of the space that we're moving into. I think at the same time, we have seen areas where sanctions have ramped up. Iran is a great example of that. The US pressure on Iran has been ramping up steadily throughout the year under the second Trump administration. And just last month we had the snapback of UN Iran sanctions, with the UK and the EU following with their own unilateral sanctions against lots of entities and individuals in Iran. So we have seen sanctions ramp up in other areas and I think it's. I would not call it a kind of a persistent drop. It's just a sort of a trend of the times, I suppose.

A

Yeah, no, that makes a ton of sense, I suppose. Katherine, I'd like to get your perspective, just to build on Emil's point around how maintenance doesn't necessarily mean life is easy for fintechs in a space or financial services more broadly. Could you help listeners maybe understand what is it practically that organisations need to be doing at this time to kind of prepare?

B

Yeah, absolutely. And I agree having less names to screen doesn't necessarily mean that it's Easier. And this is why it's so important. It's actually becoming more complex, I would say, just in different ways. Here's the paradox. Fewer use designation doesn't mean less work. In fact, in some ways it means harder work. And I'll explain why the nature of sanctions updates is changing. We are seeing more modifications to existing entries, changes to names or addresses, identifying information. We are seeing lots of delistings like the 518 serial delistings I mentioned. Each delisting requires system updates and potentially appraising assets, complex ownership structures, designations of entities with complex corporate hierarchies. And those are the most problematic probably. Emil mentioned the evasion tactics that are so important to follow. There are also statements of risk reasons, updates, changes in the justification for sanctions which can affect how you assess risk. Those are all subtle changes that don't make the headlines like the major new designation round. But they require just as much attention, sometimes even more, because they're easy to miss if you're not paying close attention. So if a firm is only focused on a new addition, they could completely miss out the listing and continue to build transactions from someone who's no longer sanctioned. That's a customer service problem and potentially legal risk if you're effectively freezing funds without legal basis. And those evasion tactics that you mentioned are getting more sophisticated. Sanction parties don't just give up when they're added to the list. They still create shell companies with different names. They use family members or associates as fronts. They route transactions through multiple jurisdictions. They leverage cryptocurrency and informal value transfers. They exploit different differences between the regulatory regimes as well. So this means that you can't just rely on the exact name matching against the sanction list. You need sophisticated analytics, behavioral monitoring, adverse media screening, beneficial ownership analysis. It's all layered controls that detect the reality behind the facade. And we also have to take into account the regional divergences that are creating complexity. The eu, UK and the US sanction list are no longer perfectly aligned. And we're seeing different designation timelines, varying criteria for inclusion, different listing procedures, sector specific differences, and so on. So it's really important also to look out for the enforcement expectations which haven't changed at all. Those are all lessons learned for the market. We have to look into that so we can learn what the regulators are expecting the firms to do. Like catch every update, no matter how subtle they are, maintain the effective screening systems, conduct the thorough investigation of hits, document all the decision making, have robust the governments and oversight, and obviously have everyone who is working within sanction space, not only being trained, but to keep up with all the, all the changes in terms of gaining that knowledge constantly. So, yeah, it's quite challenging, I would say.

A

Yeah, no, absolutely, James. Yeah. As Katrina's outlined, this is a really complex space for people working in financial services. From what you're seeing, are financial service organizations just looking to do like the bare minimum in this space or are people really kind of trying to go down all of these different avenues and explore all of these different ways to kind of fight the issues that Katerina outlined?

C

Yeah, I think Katharine's outlined there's a number of different areas there to consider. Right. That's a lot for firms to be thinking about and really assessing when they're going into it. I think what, from my experience, what we've seen out there is it's going to be a spectrum of responses in relation to that particular question and it does go from the do the bare minimum, take your tool off the shelf, put your customer list through it. I hope it works all the way through to the more advanced fintechs who are now looking at the use of AI and machine learning to augment their already existing rules based approaches and also making that wider consideration around culture and training that Katerina's alluded to as well. So like anything in our sector, it's a real range of approaches to this. A lot of it's dependent on the business models of the firms and the product sets they've got. They may not feel as though that they're as exposed to sanctions as maybe some of the other firms are with their product sets, which is fine, but unless you've made a thorough risk assessment in relation to sanctions risk, that's almost lip service to an extent. So definitely a spectrum on this in terms of what people are focusing on. Certainly seen examples, as Katerine has alluded to, of where there's been divergence of sanction lists and also sectoral sanctions. Some firms really focusing on their product sets and what's really important to them and where their risks are and focusing in and really looking at specific risks in certain areas, whilst not, you know, not stopping doing anything else, but really taking a very focused risk based approach to their potential risk models because of all the things Katrina's alluded to in terms of ownership structures and all these evasion tactics as well.

A

Yeah. Emil, this is obviously a very complex topic which uses up a lot of time and energy and resources for internal compliance teams. But if they don't nail this, what does it look like when the system breaks, does this have ripple effects? Does this impact customers more broadly?

D

I wouldn't say it impacts customers other than if you have a name that is very like a name on the sanctions list, you might face a few delays with your payments or have a few additional questions from your bank. But I think we need to kind of think about Sanctions are in place for a reason, right? They're in place to restrict, say, Russia's ability to obtain certain elements that it needs for its missiles that it's sending into Ukraine. So if the system breaks, so to speak, and banks are allowing payments to go through or payments to be processed, that ultimately results in the delivery of those goods into Russia and then ending up on the battlefield, that has real world consequences. And I think that's important to keep in mind. In the UK and many other jurisdictions, sanctions is a strict liability and very high risk area. And that means that saying I didn't know is not a defence when it comes to sanctions. And regulators are likely to want to unpack. Exactly how did firms make an assessment of their sanctions risk assessment? Did they tailor their controls adequately to respond to that risk exposure that they've identified? And if there are any areas where they have said reduced screening or not screening certain customer base, that needs to be justified and sort of well explained to the regulator. And again, strict liability means high potential enforcement actions here.

A

Yeah, no, for sure. Really, really essential. Katherine, as we've touched on in the conversation already, we are seeing divergence across regions. How do you think that regional divergence is impacting how fintechs and financial services are responding in this space? Is it making life more difficult?

B

Yeah, I would say it's becoming more challenging with practical issues for globally operating fintechs. And it's a trend that's accelerating post Brexit. Historically, EU and UK sanctions were identical because the UK implemented EU sanctions directly as an EU member state. But since Brexit, the UK has its own sanctioned regime and while there is still significant alignment, we are seeing meaningful divergences that emerge. And to give you some more concrete examples of what this looks like in practice, you'll see different differences in timing. The EU might designate an entry on Monday, the UK on Wednesday and the US two weeks later. It's not or not at all. So during those gaps, what do you do if you're in a fintech with customers in all three jurisdictions? Do you apply the most restrictive standard? Do you risk one jurisdiction's compliance to serve customer in another? Then of course, the scope differences. The UK can be More aggressive in some areas. For example, I'll give you anti corruption sanctions targeting individuals that there's a UK global anti corruption sanctions regime. The EU and US might not have equivalent designations or sectorial variations. Particularly around Russia we see differences in energy sanctions, technology, export controls, financial services restrictions. The UK approach to Russian oil and gas has diverged from the EU's at times. And then the delisting processes. Different jurisdictions have different procedures and timelines for removing individuals. Or from the list series of recent examples where EU and US approach may be shown as different. For fintechs, this creates could create some of the pain points I would say like with the system complexity, your screening infrastructure needs to handle multiple lists with potentially different matching rules. You can just screen against one consolidated list in certain situations. So you also have customer experience. You have to keep in mind like imagine a customer who can bank with you in London but not in Amsterdam. Because of the list differences that can be confusing. Decisioning is also important where there is a partial match or an entity connected to someone on only one list. And how do you make first decisions? So you need the staff that understands the differences and of course the resource allocation. You need compliance expertise across multiple regulatory regimes, which is expensive, especially for smaller fintechs. And don't forget audit and documentation. You need to demonstrate to multiple regulators that you're complying with each specific regime's requirements. That's particularly challenging in these differences that might not often be subtle. So it's not like EU and UK lists are completely different by the way. They're probably like 90 to 95% overlap. But it's that 5 to 10% difference that causes problems precisely because it's easy to miss. But yeah, lots of challenges across because of those differences across different agencies.

D

Yeah, I just was going to add to that because I think with fintechs in particular, it's important to keep in mind that especially fintechs without their own banking license often screen according to their banking partners risk appetite. So while there could be a competitive advantage, a fintech in Singapore sure doesn't have to comply with UK or EU or even US sanctions list. But it probably needs to if it wants to keep its banking relationships happy, if it wants to kind of think about its reputational risk. But also what we haven't talked about yet is the secondary sanctions enforcement risk, particularly from the us. So if you make a choice not to screen against the US list or you are involved in payments that would otherwise be prohibited, if you were screening against the US list, you could potentially end up on the sanctions list yourself. So that's a tricky position for fintechs and I think many are too cautious to actually fully take advantage of jurisdictional differences because of that.

C

I'd echo exactly what Emil's saying. There's certainly considerations that we see out there and I think firms taking that more general approach, if we can call it that, I think because of their banking partners, absolutely valid. We've also, as we point out, we've got to consider the risks of the reach of these designations. Mills mentioned OFAC has got the widest reach going. As soon as you trade in a dollar, that's it, they're all over you. So there is definitely, probably a cautious approach, I think, for a lot of fintechs in relation to any sort of divergence, looking at the differences between the different sanctions lists at this time, that may evolve over time potentially, but certainly I see more of a general approach to making sure that touching the eu, the uk, us, EU lists, that is the be all and end all at this stage. And again, that may change. There could be some specialization or there may be some way of doing this. But I think the reach of those sanctions means that if you are an international fintech, you've got to be wary of the subsidiaries, the entities that you've got as part of your global firm and what that effect might have in terms of whether they're brought into the scope of those broader designations.

A

Absolutely. Okay, we're going to take a very quick pause here, but coming up, we're going to turn to how fintechs can respond. So building agility, leveraging AI and preparing for enforcement in this quieter but still very risky environment. Even as sanctions lists slow down, compliance complexity is increasing. Enforcement is on the rise with the Office of Foreign Assets control fines topping $238 million in 2025. Let's explore now how fintechs can build agile adaptive compliance programs to stay ahead. Katerina. I suppose in the previous section we talked a lot about the scale of challenge in this space and many of the kind of issues that that fintechs and financial services more broadly are facing into. Do you think that fintechs and banks are investing enough in remaining agile in this space?

B

I should probably let regulators decide if they are. I can only say what I'm observing talking to fintechs in my day to day. I believe that there is significant investment in both tools and building the knowledge, networking with other peers in the industry, I definitely see that. Whether we can do more, we probably always can. And I think one of the key challenges here is everyone trying to be more proactive rather than just being reactive when it comes to sanctions for that, utilizing technology that can help us build certain models that could help us keep up with all the changes. Whether that is enough. Yeah, again, very difficult to say. However, I did mention when we were talking a little bit about the technology and how we can build the agile systems, we're talking about utilizing technology for the predictive analytics, try to find the best of the match to save the time to deal with it in the most compliant way to help us with the network analysis because of the complex ownership structures, even looking into the scenario, modeling this kind of compliance, building this kind of compliance is, it's not cheap, it can be very difficult. There can be cultural differences as well, as we mentioned before, but we definitely are trying to move from that check the box kind of exercise type of compliance to continuous risk management. And when it comes to fintechs, I think we are seeing that talent, we see people being hired with significant knowledge in sanctions. I can definitely say that change in culture and continuous learning for sure.

A

Yeah. Emil, the organizations that you speak to, the ones that are doing well in this space, what is it they're nailing? What is it that kind of they're doing that you think other organizations should be doing?

D

Yeah, I think the organizations that really are excelling in sanctions are the ones who prevent sanctions evasion rather than just react to it. I think it goes back to the point that we discussed earlier. Many of the measures that we have today simply cannot be implemented simply by screening using a list of names. So whether it's your activity based sanctions where you have prohibitions on providing certain services to certain persons or certain industries industries or certain areas of the world, banks and fintechs now need to understand who their clients are, what they're doing, and crucially who they're servicing, who they're doing it with in order to kind of proactively detect any violation of those prohibitions. We've also seen enforcement actions focusing increasingly on things like dynamic customer data. So not just the customer's name, but also things like the customer's IP address in order to find possible sanctions risk exposure. And then adding on top of that, we've got the kind of sanctions invasion becoming ever more sophisticated. We talked about this already, but kind of complex ownership and trust structures used by Russian elites or Iranian shadow banking networks. Lots of focus there. And frankly, the names on the sanctions list are probably not that likely to occur in your transactions. You're much more likely to have sanctions risk exposure that is not immediately obvious to a screening system. So I think that to kind of summarize, I think the organizations that are doing sanctions well are the organizations that have employed people to look more proactively at sanctions risk and kind of build out typologies that respond to possible red flags or transaction monitoring rules to flag certain transactions that could be indicative of sanctions evasion. And then finally it's about kind of predicting a little bit what's coming down the pipeline in terms of sanctions. Often if you are tuned into the world of sanctions, you often know the direction of travel. So for example, you'll see the US or the UK put out guidance on certain typologies or sanctions evasion schemes that they've observed. And then over the coming months you then see designations that specifically fit that typology. And I think that's kind of something that organizations that do well also stay on top of that and kind of see what's coming down the pipeline.

A

Yeah, no, that makes a lot of sense, Katerina. One thing that we've maybe I don't think talked about very much so far, which is pretty surprising given it's an episode of Intech Insider is AI. Where does the conversation around AI overlap with sanctions? Like is AI going to help? Is it going to solve everything in this space and make this all magically simple and disabled?

B

I don't think AI is going to make anything magically disappear, unfortunately, although we would want that to happen. But I think the truly agile sanction compliance and what it looks like in 2025 and beyond can't ignore AI for sure. We discussed this and Emil mentioned this. I really liked his response when he was talking about the responsiveness and keeping up with with certain guidance. And that is so true because we are learning a lot from different examples from enforcements, from threat assessments. We can definitely learn and use AI in certain sense to help us with that real time responsiveness as well. In Agile Program, when a sanction list updates your systems and your systems are updated within hours, sometimes even minutes, not days anymore, your historical transactions are automatically rescreened. Customers who might be affected are identified immediately. Hopefully your compliance team receives intelligence alerts that prioritize the real risk. So this requires the automated data feeds system designated for rapid configuration pre built workflows for different types of updates. You see where I'm heading with this? There is something we call intelligent screening. Basic name matching is no longer sufficient Agile programs, they need to use different depending on what you need as an organization. Obviously you can go from fuzzy matching entity resolutions that identifies when different names actually refer to the same entity. Network analysis that maps the relationships and it identifies potential fronts or facilitators. Machine learning that improves the accuracy over time. Reduce false positives while catching the matches. Even using technology for the behavioral analytics to monitor not just who the customers are but what they're doing. You can learn from those relationships using the predictive capability. The most sophisticated programs that are now starting to use AI for identifying entities likely to be sanctions before they're designated or for forecasting regulatory trends based on the geopolitical developments model exposure to different sanctions scenarios. And let's not forget that all of this in agile programs is not treated in silos. The systems that we are seeing would need to be connected and communicate with KYC teams, transaction monitoring, fraud detection, AML or CTF programs, cyber risk assessments and so on. So a lot is happening. I think not everyone is doing that in the same pace. Lots of innovation in the market. Do we see the AI reshape the sanctions and compliance programs? Not yet, probably. Does it have a potential? Absolutely. Especially around the pattern recognition and the anomaly detection optimization and you know, analyzing volumes of data our human team could handle. So I think that's something to look out for. It's probably going to introduce lots of changes in I don't know when, maybe today, maybe next month, maybe in a quarter, maybe in a year. But I would definitely be excited to look where it goes.

A

Absolutely. ML, obviously there's lots of technical change happening in this space from organizations you're working with. Are you seeing any preferences for building these new capabilities in house versus working with partners? Do you think that organizations are successfully leveraging regtechs and some of the other external organizations that could help them accelerate in this space?

D

Yeah, I think I'll quote the European Banking Authority on this, which they put out an interesting report a few months ago where they highlighted the poor implementation of many regtech tools. And that wasn't saying that the regtech tools were bad, it was highlighting specifically the lack of oversight and ownership of these tools. And I think that's particularly important when it comes to sanctions. As I said before, firms really need to make sure that the tools they're using are calibrated exactly to the sanctions risks that they're facing. So if they are doing cross border payments to high risk jurisdictions, they need to ensure that their screening tools are set up to detect things like transliteration of names that are common to that country or things like that. The FCA said the same in their thematic review in 2023, I think, where they really highlighted the fact that firms need to understand the tools that they're using and calibrate them to their sanctions risk. So not just taking a tool out of the box and kind of plug and play and just go with it. That being said, the tools alerts can work for things like what Katerina talked about, kind of predictive sanctions evasion, or it can even help kind of prioritize what sanctions alert should be reviewed first. That doesn't mean that you can skip reviewing others. All sections alert should probably be reviewed, but you can kind of help with prioritisation. The kind of question around whether you build that in house or whether you take a tool that has already been built by someone else really comes down to do you understand how the tool works, especially in sanctions, which is a strict liability area. So if you have a breach, the regulator will want to see that you understand the tools that you are using and how specifically, if it's using AI, the decisions that it's making, not only the alerts itself, but how it's pulling together information that you are then using to make a decision. The regulator will want to see that you have ownership over that and then you can explain the AI to the regulator. If you can do that in house, great. But there's also a lot of tools out there that can do that as long as you kind of put your own stamp on it.

C

Just to really follow on from what Mail was saying there, I think there's been a couple of instances where tools are being built in house that have not done what they were expected to do due to a lack of testing. So we've seen some major cases over the past year where that's been the case with some banks. Really, to Emil's point, look, this is all about showing you're working. If you're going to make a change in how you're approaching your sanctions framework and screening program, you've really got to understand it. You've got to be able to risk assess it properly, as Emil's been saying. And you've got to be able to actually demonstrate why you've made the changes, what's the impact of the changes. Some of that's relevant to the firm itself. You need to think about what sort of resources you need, what benefits might you get from, you know, what operational effects might come up through use of AI to help pre screen a number of different elements for sure. But ultimately, if something goes wrong, have you got everything in place to demonstrate that you thoroughly tested what it was that you were changing within your framework and where you're moving to. I think that's really crucial from some of the examples we've seen.

A

Yeah, for sure. We're coming towards the end of, the end of the time we've got of this show, but I wanted to end by, by giving each of you, that is the opportunity to shout out a particular sort of single most important thing that you think someone listening to this show that works in a financial services organisation should be really talking to their teams about. So, Katerina, if we were kind of really thinking ahead to what excellent looks like in this space, what one action do you think someone working in a financial services organization should take today to kind of really move this space forward?

B

I'd say, and it's always being mentioned actually in all the conversations when we talk sanctions is sanctions readiness, I guess, staying ahead of not only developments on the regulatory side, best practice that is being shared guidance coming from the regulators, different documentations warning about the different evasion tactics and then of course, everything that is happening on the innovation side, keeping track on how the market is responding and how technology is evolving. So you would make sure that you apply the most suitable approach for your sanction compliance program, I would say.

A

Emil, what about you? What's the single most important action that you think a fintech or bank could take today? To stay on top of this space.

D

I think you need to make sure you have people who understand sanctions, hire really good subject matter experts who have a passion for investigations and don't just view designations that are coming through as the end point, but actually as a starting point for wider analysis. So looking at some of the designations that are coming through, last week we had the UK and the US kind of jointly using sanctions to target a network of companies that were running scam centers in Southeast Asia. That for me, what was in that designation notice the kind of typologies, the companies that were called out, the ways that they were kind of investing in London property markets and incorporating businesses in the bbi, read those designation notices and use it as a starting point for wider intelligence and proactive analysis rather than just the end point, if that makes sense.

A

Yeah, for sure. And James, what about you? What's your one piece of must do action for some work in this space?

C

As a Yorkshireman, I like to go back to practical basics and I think I would just take the step back and make sure you've got a really, really strong, detailed risk assessment in relation to sanctions risk. It's the Fundamental starting point for everything we've been discussing to make sure that Affirm covers all the different systems and controls it needs. More importantly, the product risk. And make sure that you're pulling in the wider business. Don't just silo it into the compliance function is going to conduct this risk assessment. You need to pull in people from the front lines from the product set to really understand and discuss the potential ways that the bank or the firm could be used for sanction cervasion. So for me it's get that, get a really strong risk assessment. Go from there, for sure.

A

Katerina, if people have hopefully listened to this conversation and kind of realize now the importance of this space and want to find out more, where can they find out more? Where can they find out more about the report?

B

Yeah, report is on our website and feel free to download it. You can do so by looking for the Sanction calls report. We do them regularly, so if you're interested in this content, watch out for all the updates that we do provide. We are very happy to engage with people who are passionate about sanctions and we do have not just me, but a couple of other guys in the company who love to discuss it. So do reach out if you want to chat about it or if you just want to read the report. It's on the website, you can download it anytime.

A

Awesome. Yeah, no, we definitely recommend that wraps up today's discussion. Thank you so much for joining. Where can people find out more about you and what you're working on? Katerina?

B

Absolutely. So I'm on LinkedIn. You find me under my name and my surname. Working for Lexus Access for Risk Solutions. As I said, we're passionate about economic crime in general, so if you want to reach out, chat about it. Always happy to get in touch and network with the peers in the industry.

A

Fantastic. James, what about you?

C

Yeah, you can find me on LinkedIn as well. And also fishelinpiffs.co.uk, where we've got our services there, but also we write blogs and articles about these sort of subjects.

A

Awesome. And last but definitely not least, Emil.

D

Yeah, I'm also on LinkedIn and you can also find my contact details on fintrail.com we recently launched kind of a sanctions club for fintechs. So if that's of interest and you want to know more about about the sanctions, come join us.

A

Love it. Sanctions Club. Brilliant. And you can find me also on LinkedIn. I don't have a club, it's just me, but I might have to fix that now. Thank you so much for listening. If you like what you've heard, follow our podcast and don't forget to leave us a review. It helps us to make it better and helps others to find this show. As always, if you want to join the conversation, find us on social media. Just search for 11Fs or FinTech Insider or email podcastlebnfs.com thanks very much. Goodbye.