Banks Need Better Data to Catch Export Control Evasion, Industry Official Says
Banks are facing rising pressure from regulators to catch red flags that may signal export control evasion, lawyers and industry officials said this week. As that pressure mounts, they said many financial institutions still struggle to understand how much and what type of due diligence is needed to catch customers that may be violating export controls.
David Wolff, a trade lawyer with Crowell & Moring, said part of the problem plaguing banks is the lack of resources they have historically devoted to their export control compliance teams compared with their other compliance departments. At banks, “your export control team is the sort of ugly stepchild to your sanctions team in terms of just the sheer number of bodies, the level of expertise,” Wolff said during an April 4 webinar hosted by the law firm and risk advisory firm Kharon.
He said banks’ compliance teams are “grappling with how to ramp up,” but many often lack the customer data to do the export control due diligence that BIS is increasingly expecting.
“It seems as if there's a bit of a disconnect between what regulators think [banks] have access to,” Wolff said, “and what [banks] actually have access to.”
Frank Calestino, senior vice president at Bank of America, noted that most major banks screen against U.S. sanctions lists, which helps them flag and ideally cancel a transaction if the payment involves a party subject to U.S. restrictions. “But getting to the evasion piece -- that's going to be harder,” Calestino said.
BIS, along with the Treasury Department’s Financial Crimes Enforcement Network, has published multiple advisories over the last year with various red flags that the agencies said financial institutions should monitor to catch Russia-related export control evasion (see 2210060043, 2212160027 and 2207130014). The advisories also call on banks to file suspicious activity reports with FinCEN -- the agency last year said it had received reports of nearly $1 billion worth of transactions that may have had ties to illegal exports to Russia (see 2309110049).
Although BIS wants banks to do more work to catch red flags, Calestino said “we really don't have the regulatory mandate at this point to do the things that need to be done -- that should be done -- in order to identify sanctions risk.”
He stressed the importance of gathering data and other customer information, which can allow banks to evaluate whether a transaction poses a risk of sending export-controlled items to Russia. “If you don't have the data in order to look for these types of risks and threats,” Calestino said, “then you have an enormous challenge on your hands.”
Governments and banks also need to have a “discussion about what data elements are the most effective at identifying these things, and then what are the financial institutions ultimately required to do rather than asked to do,” Calestino said, because “those are two very different things.”
The webinar included a Kharon demonstration of data that may be useful to export compliance teams within banks. The firm said Hong Kong-based company Sinno Group Limited -- which isn’t on any U.S. government sanctions or export control lists -- is owned by Chinese resident Qing Lin, who also owns Chinese supplier Sinno Electronics, which was added to the Entity List and sanctioned by the U.S. in 2022 (see 2206280056).
Sinno Group also shares an address with MegaChips Limited, which also isn’t on a U.S. sanctions list, but which Kharon said has shipped semiconductor components and other export-controlled items with possible military applications to Russian end users between 2022 and 2023.
If an exporter encounters this data when considering whether to ship to these companies, the exporter should first assess whether its items are subject to any U.S. export licensing requirements, said Crowell trade lawyer Maria Alejandra del-Cerro. Then the exporter should evaluate: “What has the customer been telling us? How does this information align with what we've gathered as part of our [know-your-customer] process and what we know about the customer and the type of product they're ordering?”
Calestino said for many banks, obtaining the initial ownership and shipping data on those two Chinese companies -- and flagging it before a payment can be processed -- is the difficult part.
“It's getting to the hit that's the challenge, isn't it?” he said. “If they're not listed, then traditional screening is not going to find this. So the question then becomes: have you put something in place that complements traditional screening to identify high risk transactions?”