Financial institutions have been grappling with conflict-related sanctions and resultant risks for decades, including those that emerged in the wake of the 2001 terrorist attacks on the US and Moscow’s annexation of Crimea in 2014.
Yet the economic restrictions that the US, acting with the G7 and the EU, has rolled out in response to Russia’s invasion of Ukraine are unprecedented in scale and scope. They represent “a new kind of economic statecraft with the power to inflict damage that rivals military might”, as US president Joe Biden put it, in a recent speech in Warsaw.
To risk managers, this not only signals how finance is being weaponised for foreign policy aims, placing them firmly in the crosshairs of geopolitical tensions; it also piles pressure on their businesses to get the risk management associated with the war in Ukraine right — to avoid falling foul of sanctions regimes.
“It’s providing stress on all systems,” says Charles Minutella, global head of customer and third-party risk intelligence at World-Check, a unit of data provider Refinitiv that specialises in due diligence for sanctions and anti-money laundering risk.
The first difficulty for financial institutions is dealing with the sheer number of sanctions and entities involved.
There were already over 300 sanctions lists globally, in different languages and formats, involving different levels of specificity and compliance, before the Ukraine war. But the picture now is rather different, says Minutella: “The volume of names being added to sanctions lists because of Russia is monumental. The sanctions put in place after Crimea were a blip compared to this.”
Lawyers point out another problem: that, when new sanctions come into force, or when existing ones are amended, there is often not much notice to comply.
UK Finance, which represents banks in the UK, says its members have considerable experience and processes in place to implement sanctions swiftly. But it also says that “lack of alignment” on listings and the application of them from the UK, EU and US is “causing an already complicated area to become even more complex”.
Jeremy Barnum, JPMorgan’s chief financial officer, told analysts on the bank’s latest earnings call in April that it had been dealing with economic sanctions “of unprecedented complexity with multiple directives from governments around the world”.
One reason for the complexity is that sanctions against Russia have been extended beyond the traditional targets of individuals and entities to whole sectors, including oil and natural gas. This makes the task of identifying all the relevant companies and subsidiaries affected by sanctions still harder.
Moreover, UK Finance argues that the number of companies in continental Europe and the UK with Russian links is leading to unintended consequences. For example, businesses that employ mainly EU or UK nationals can still fall foul of ownership and control clauses introduced in response to the conflict.
This was highlighted in March when UK-based health food chain Holland & Barrett reportedly found that a routine debt payment to creditors was held up by HSBC because the bank was reviewing the sanctions status of LetterOne, Holland & Barrett’s Russian-backed owner.
For banks that have lent to companies that have been, or may be, sanctioned, there are other complex questions. Allen & Overy, a law firm, says these can include whether a borrower that has not been sanctioned can still access payment systems — such as Swift, the Belgium-based financial messaging system — if its own bank account is held at a sanctioned bank that is no longer permitted to use Swift.
On top of this, financial institutions must contend with elevated cyber risks. In April, authorities in the US, Australia, Canada, New Zealand and the UK warned in a joint advisory notice that “evolving intelligence indicates that the Russian government is exploring options for potential cyber attacks”. They also noted that some cyber crime groups had pledged support for Russia.
“Banks are going to need to take these threats seriously because these financial institutions are now a component of this conflict,” says Adam Meyers, a senior vice-president at CrowdStrike, a US-based cyber security company.
He identifies three main types of cyber threat: “computer network exploitation” by nation states — in this case, Russia — using ransomware to steal information; criminal hackers seeking to extract financial gain; and ideologically motivated “hacktivists” attempting to leak sensitive information to cause embarrassment for financial institutions.
Meyers says that some banks may have become more vulnerable as a result of changes to their network architecture that were implemented to enable remote working — with the result that firewalls are sometimes not as effective as before.
This means they have to pay more attention to who has access to data within the organisation. “Banks need a ‘zero trust’ defensive strategy but a lot of organisations aren’t doing this. It’s one of the things we are increasingly on our soapbox about,” Meyers says.
As with cyber threats, other risks for financial institutions that existed before the Ukraine war have been exacerbated by the knock-on effects of the conflict. Chief among them is commodity price volatility. This has strained the financial market infrastructure that is designed to ensure smooth operations.
Clearing houses, which use financial buffers known as margin to ensure a trade is completed even if one party defaults, are particularly affected.
The amount of margin posted at a clearing house by market participants is designed to withstand significant market volatility. Yet recent exceptional swings in the prices of commodities, such as nickel, have prompted concern that shock events are becoming more frequent.
This has potentially significant implications for how margin is set and, ultimately, how market risk is managed.
Walt Lukken, president of the Futures Industry Association, whose members include futures exchanges, clearing houses and commodity traders, says: “We still think that margin is an important way to cover potential risk. But there appear to be more of these ‘black swan’ events happening and we need to find ways to anticipate that.”
Source: Economy - ft.com
