In part 1 of Trade Compliance 101: An Introduction to Restricted Party Screening, we discussed some of the basics of export and trade compliance, and the terms and ideas that new trade compliance professionals—and those responsible for restricted party screening—might encounter.
For part 2, we discuss some of the real-world scenarios that, while unlikely, drive home the importance of screening for denied and sanctioned parties—and doing further due diligence above and beyond just screening.
Restricted Party Screening watch lists—more than just terrorists and money launderers
Entering into the process of Restricted Party Screening for the first time, one might think that government watch lists are full of criminals, tyrannical dictators, and terrorists. They include those, yes, but also individuals, organizations, and companies less dramatic in nature.
Individuals and companies can find themselves on restricted, denied, or sanctioned party lists because they have previously committed violations, usually with knowledge of the criminality of their actions. Perhaps they smuggled controlled goods, or intentionally ignored restricted or denied stakeholders involved in the transaction. Or perhaps they ended up on an industry-specific list—a sanctioned medical professionals list, for example—that is not necessarily relevant to trade restrictions in the general sense.
Yes, terrorists really do use their real names
Often, there’s a misconception that restricted parties will always mask their names or identities in order to receive shipments or business, rendering restricted party screening less effective. Many of these parties do try to hide their identity, though often they simply use their real names. Criminal elements aren’t always as clever as they think they are, and watch lists include aliases whenever known.
You may think that someone using the name of Al-Qaeda, for example, would surely be a prank—some kid entering an order into an eCommerce system for fun. But a story from a major software provider tells otherwise.
Of the tens of thousands of online requests they receive for the personal version of their software, it’s not uncommon to see orders come in from actual names of actual terrorist organizations. Potential prank pulling aside, when they conducted further research into the IP addresses associated with the orders, they quite often discovered that the location indicated a high likelihood of it being the actual party, or an associated party, in question. These were often immediately followed by requests from repeated false names after the initial transaction was denied. These were also denied due to IP and country restrictions put in place by the software provider in their download process. Through the robust compliance checks in place, the company averted what could have been a potential export violation in the making.
Fake names for universities
Another example of name fraud comes from the realm of higher education. In this case, an attempt was made by an apparent “educational institution” from another country to send a delegation to tour a U.S. research facility. In this particular case, the attempt was foiled because, despite having created a false organization which the visitors purported to represent, several of the individuals visiting were on restricted party lists when screened.
In addition, the research facility’s screening included an address check, which revealed that the “educational institute’s” address didn’t exist. This caused additional red flags to be raised, and the request was ultimately denied, averting the potential deemed export violation preemptively.
Denied Party Screening and legitimate business
When it comes to restricted party screening, due diligence may stop business because a debarred person is caught trying to circumvent your due diligence process (this is where automating the screening process can come in handy). Sometimes, restricted party screening can inadvertently put the brakes on a legitimate business transaction instead. This often occurs when a name is common, and if no additional criteria (e.g., business name, address, etc.) are entered during a search.
This was the case when a parts supplier applied to become a vendor to a mid-sized manufacturer. When the manufacturer performed their due diligence and screened the potential supplier (yes, vendors and suppliers should be screened), a prominent employee at the supplier appeared on a list. The manufacturer denied the supplier’s application. After some discussion, research, and additional details from the supplier, the manufacturer was eventually able to determine that the Denied Party Screening match was a false alert and begin the business relationship.
When an individual or entity returns a result, they may not be the same party as the one on a watch list. It is worth the time to perform additional due diligence on matches to ensure that legitimate business opportunities are not lost. Perhaps the date of birth doesn’t match, the location, or another detail which could clarify the status of a false alert.
It is important to consider which list the name appears on as well. Industry or context-specific lists are intended to prevent business only within that context. The General Services Administration (GSA) lists or state-wide Medicare/Medicaid debarments lists are good examples of context specific lists.
In the face of hundreds of government watch lists, most people are law-abiding
The scenarios above may paint a grim picture but most of the people you will interact with during the course of your day-to-day operations are not on any watch lists. The goal of describing these scenarios is to highlight some of the challenges of denied party screening and illustrate why review and due diligence are a key part of any compliance program.
When it comes to restricted and denied party screening, if you see a yellow flag—investigate, do your due diligence, and maintain your audit record. You never know when you may need it.
A glossary of themes/topics in this Trade Compliance 101 article:
Due Diligence: The process of reviewing, or vetting, potential restricted party screening matches. This is an important aspect of any restricted party screening program. While the number of matches will be small, and the number of those that are confirmed matches even smaller, research and documentation is key to effective export, trade, OFAC, and financial compliance.
Yellow / Red Flag: In the context of receiving a positive screening match, this generally indicates that something is out-of-place, and is commonly used in Restricted Party Screening solutions. This might be a name that seems odd, IP addresses not aligning with the apparent business location, addresses that don’t exist and cannot be found, or business names that don’t appear to exist, among other issues.
IP Address check: An IP address, usually appearing as four strings of up to 3 numbers, separated by a period (i.e. 18.104.22.168, known as IPv4)) or a longer string of letters and numbers (known as IPv6), can provide the actual geographic location of an email sender, or the source location of an online request. In export compliance, this can be combined with Country Sanctions and online forms to give an additional layer of due diligence.
Address screening or checking: Address screening usually refers to the actual process of having an address (without an individual or organization) screened against the various restricted party lists. Address checking can either be an online or manual process of viewing the location of the party being screened and determining what is actually at the location, if anything.