Fintechs face tsunami of risk as Russia sanctions crunch
As sanctions close in on Russia, the regulatory landscape has become a moving minefield for fintechs, who now face rising compliance costs and changing risk considerations.
Coping with regulatory risk can be challenging at the best of times, but the sanction warfare of the kind waged against Russia has fintech compliance teams “grappling with the sheer complexity”.
“Every fintech CEO at the moment is going to their compliance team to ask how the Ukraine crisis will impact them,” says Charlie Delingpole, founder and CEO of reg-tech firm, ComplyAdvantage.
“Compliance has just become 50 times harder.”
Upping the ante
Firms are coping with the changes in different ways, with some choosing to outsource expertise to dedicated reg-tech firms and others suspending some services until the picture becomes clearer.
“We’ve had sanctions before – with Crimea in 2014 – so fintechs have the controls and procedures in place,” says Adam Jackson, director of policy at Innovate Finance. “What we haven’t had before is the sheer scale and the frequency of the updates.”
Digital finance and investment fintech, Dozens, announced last week that it was “turning-off outgoing international payments with immediate effect” to ensure “no money gets into the hands of sanctioned individuals or businesses”.
Financial activities spanning multiple counterparties or geographies are naturally higher risk for financial institutions—Dozens’ decision demonstrates the drastic measures that some fintechs are having to take to protect themselves.
International wire transfers, trade finance, and crypto and forex platforms—with complex processes and extensive KYCC exposures—are particularly vulnerable. Myriad sanctions regimes also add an extra layer of complexity for fintechs operating globally.
“There are UK, EU and US sanctions, everyone has their own set,” says Jackson. “So, different firms, depending on which markets they are in, or where they are taking payments or providing services, will be covered by multiple different rules.”
Winners and losers
Some fintechs are faring better during the policy upheaval by providing clarity amid the chaos.
UK compliance data provider, ComplyAdvantage, says the web traffic to its sanctions page has increased from 100 views per week to 4000 views per week since the escalation in policy action towards Russia.
With swathes of clients relying on up-to-date sanctions intel, the company now has a sanctions screening team active 24/7 to monitor new information and update resources as new information comes in.
In light of the fast-moving geopolitical situation, ComplyAdvantage has recommended fintechs undertake an immediate review of systems and controls to ensure screening platforms are equipped to detect relevant risks and to manage them.
The company also suggests reviewing exposures for potential red flags and updating training protocols to ensure that staff are up to date with the latest developments and how to enact them.
Of course, all of this comes with a cost and it’s also likely to have an impact on speed and breadth of service, at least in the short-term.
“There will probably be a slowdown in both onboarding and payments because of the additional oversight firms now need to apply,” says Delingpole. “Compliance costs will only be magnified – the same systems that they previously used should be effective, but there’s a dramatically higher level of entities and companies that they need to watch out for now.”
Paying the consequences
The investment is well worth it. History has shown us that in a fast-moving and international arena, teeming with new players, companies can be caught out.
US cryptocurrency payment platform, BitPay, was fined $507,375 in 2021 by the Office for Foreign Assets Control (OFAC), for sanctions violations due to failing to screen customers in real-time, at point of transaction.
Despite having screened and approved its roster of merchant customers beforehand, BitPay inadvertently enabled digital transactions by customers’ customers in sanctioned jurisdictions, including Crimea, Cuba, North Korea, Iran, Sudan, and Syria.
Other cases include the international payments platform, Payoneer, which paid OFAC $1.4m in 2021 for violations of multiple sanctions programs, and TransferGo, who was penalised by the Office of Financial Sanctions Implementation in 2021.
Delingpole compares the regulatory risks facing fintechs in the current environment to the 2014 de-risking of the UK-Somali remittance corridor.
“There were lots of fintechs sending money to Somalia at the time, but with the ongoing issues around Al-Shabab, people weren't sure whether money was going to the terrorist group or to their relatives,” he says.
“As regulators cracked down on terrorist-financing, HSBC de-risked and Barclays was left as the last bank standing in the region. Most of the money moved to fintech companies, 90 per cent of which were ultimately wiped-out.”
Sanctioned individuals or corporations in the past have sometimes looked towards alternative platforms to move funds – exploiting their global reach or market nascency as a means of circumventing sanction measures.
“This is the first major developed market conflict where we’ve also had a very digitalised financial infrastructure,” says Jackson. “The world was different back in 2014. We need to test the resilience and ensure all players are thinking about all angles of sanctions.”
Fears are also mounting around Russia’s use of cryptocurrencies to support its economy and maintain capital inflows into the country, augmented by some crypto platforms’ refusal to restrict Russian users from their services.
Turning to crypto to evade sanctions is not unprecedented. Shortly after the US imposed sanctions on Venezuela in 2014, for example, the Venezuelan government launched its own cryptocurrency, the Petro, and began transacting in digital currencies to access international financing.
While the endeavour had limited success, particularly given the system’s susceptibility to fraud and counterfeit Petro transactions, the initiative demonstrated the potential for using digital assets to exploit weaknesses in traditional sanctions regimes.
“The market is now so much more diverse, with lots of smaller players in the mix,” says Jackson. “Implementing sanctions involves substantial resources and capability – so naturally there will be more vulnerabilities among a larger network of firms.”
“The scope to evade sanctions may be limited, but everyone has to be committed to closing off any loopholes,” he adds. “We ensure that all our members, no matter how small, are maintaining their anti-fraud precautions and strengthening their cyber resilience.”