GRC Tuesdays: Efficiently and Effortlessly Screening Against Restricted or Denied Parties

Most organisations are legally bound to screen their business partners against restricted or denied party lists flagged by governments and institutions such as the United Nations Security Council Consolidated List or the World Bank Listing of Ineligible Firms and Individuals and this can quickly become a complex exercise, where the stakes are pretty high in case of failure to comply.

What are sanctions and why are they imposed?

Sanctions are commercial and financial penalties imposed by a country – or a group of countries, on specific countries, entities, or individuals to stop aggression or breaking of international laws. Short of military intervention, sanctions are the toughest actions nations can take and are considered as a direct intervention when diplomacy failed.

Embargoes, for instance, are a classical type of sanction that intends at economically crippling targets by limiting or banning exports or imports of their given goods or services.

The current situation in Ukraine has put a spotlight on sanctions when it comes to stopping threats to the sovereignty and territorial integrity, but there are various reasons for enforcing such penalties:

  • Reflecting concerns about political violence and human rights violations or abuses
  • Violence perpetrated against civilians including violations of international humanitarian law and human rights
  • Concerns about the nature of nuclear, weapons of mass destruction and proliferation programs
  • Association with regimes indicted for or suspected of committing war crimes
  • Fighting terrorism and promoting international peace and security
  • Breach of peace agreements
  • Serious corruption
  • Failure to recognize results of democratic elections, including coup to seize power
  • Political, security, economic and humanitarian challenges

More recently, counties like Australia have also started enforcing “Significant cyber incidents sanctions regime” that target more specifically person or entity that have caused, assisted with, or attempted to cause a significant cyber incident.

Since the end of World War I and the more systematic recourse to this strategy in lieu of military confrontation, there have been many countries or regimes hit with sanctions including Angola, Central African Republic and Democratic Republic of the Congo, China, Cuba, Democratic People’s Republic of Korea (North Korea), Eritrea, Ethiopia, Former Federal Republic of Yugoslavia, Guinea-Bissau, Haiti, Iran, Iraq, ISIL (Da’esh) and Al-Qaida, Ivory Coast, Lebanon, Liberia, Libya, Mali, Myanmar (Burma), Nicaragua, Rwanda, Sierra Leone, Somalia, Sudan and South Sudan, Syria, Taliban regime in Afghanistan, Venezuela, Yemen and Zimbabwe, and more.

In some cases, and to provide a more tailored response, sanctions are also defined under programs that are not country specific. In this case, the responsible governments and institutions issue a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries.

In the United Stated or instance, the list is managed by the Office of Foreign Assets Control (OFAC) and called Specially Designated Nationals and Blocked Persons List. Also usually known as “SDN List”.

Most government agencies and international organizations that release these lists will provide a search capability. But it’s of course not integrated to a company’s source sales, purchasing, payment or delivery systems. As a result, the risk of non-compliance with restricted or denied parties can be quite high for companies in certain sectors or involved in import/export that need to screen transactions against multiple – regularly changing – lists. And the implications of any non-compliance can be severe: from a financial fine to revoking a license to operate or even prosecution for the company and individuals involved.

Making the screening process more efficient… And even effortless!

As established in the previous paragraph, compliance with this requirement would require manually checking the business transactions against every list, which can amount to a great effort and is prone to error.

Instead of doing this manually, why not automate the screening of restricted or denied parties and integrate these compliance checks directly in real-time within the order-to-cash and procure-to-pay processes via SAP Watch List Screening?

Overview%20of%20the%20address%20screening%20process%20in%20SAP%20Watch%20List%20Screening%20using%20sales%20order%20as%20an%20example

Overview of the address screening process in SAP Watch List Screening using sales order as an example

What is SAP Watch List Screening?

SAP Watch List Screening is a Software-as-a-Service application running on SAP Business Technology Platform. It consists of two microservices for screening and the management of screening hits.

In short, it enables companies across all industries to screen their business partners (businesses, individuals, and entities) against sanctioned party lists, therefore ensuring their compliance with guidelines, regulations, and legislations.

With this service, organizations can:

Reduce processing efforts

Simplify screening efforts by uploading a provider-defined sanctioned-party list and then automatically screen names and address information against entries in these lists
Resolve the screening hits found during screening by either confirming or rejecting them, via the provided user interface Resolve identified hits

Integrate with other business processes and applications

Call the screening service on SAP Cloud Platform within the trade compliance document in SAP S/4HANA or from any other SAP or non-SAP application through published APIs
The decisions of screening specialists are made available for further action and investigations Provide traceability

Overview of SAP Watch List Screening enabling businesses to screen against lists from government agencies and international organizations to lower exposure to risk and give companies more consistent compliance across your entire enterprise

Some of the benefits that companies can expect with automated screening Cloud service are:

Reduced risk

Elude partnerships and relationships with sanctioned individuals and entities and reduce the risk of non-compliance business-wide
Automate compliance checks across critical sales and procurement processes to improve results and decrease supply chain delays Automated compliance

Simplified screening

Use a SaaS model that simplifies screening, provides instant access to up-to-date watch lists, streamlines uploads, and accelerates time to value

In addition, SAP Watch List Screening also includes an Ad-Hoc Screening capability enabling users to quickly screen a single name and address or a whole list of names and addresses at once. Since this is just a simulation, there is no publication or persistence of the screening hits and can be used for rapid confirmations or enquiries.

Concerning the content and more specifically the sanctioned-party lists, as mentioned in the Administration Guide, one of the prerequisites is a signed contract with Mendel Verlag – the list provider that supplies the up-to-date watch list information for this SAP service.

What about you, how does your company address screening requirements? I look forward to reading your thoughts and comments either on this blog or on Twitter @TFrenehard