Lessons from the financial frontline of the Russian-Ukraine war

Spare a thought for those at the coalface of banks, financial institutions, and other service providers’ responses to the cocktail of sanctions meted out by the UK, EU, and the US in recent weeks in response to Russia’s unjustified invasion of Ukraine. Coffee consumption among back-office and operational professionals has skyrocketed, and no doubt one or two more grey hairs have emerged overnight for the small legion of overworked sanctions compliance officers tasked with protecting the integrity of the Nordic and Baltic financial system.

For first- and second-line personnel, Teams call after Teams call with rattled internal executives, jittery clients and re-energised enforcement authorities has been the order of the day for the last month and a half. However, with the war between Russia and Ukraine now arguably entering a new phase, and powerful individual sovereigns and collectives potentially becoming increasingly selective with the prohibitions that they impose on individuals and entities deemed complicit with Russia’s unprovoked invasion of Ukraine, what are some of the initial key takeaways for local banking providers?

1. Targeting the right talent: Do the region’s banks have the right people in-house to provide senior management with a comprehensive understanding of any Russia-related nexus that exists across operations and clients? Or is the right type of niche subject matter expertise still thin on the ground, with HR teams and bespoke executive search firms continuing to attempt to prise away the seasoned risk and compliance professionals from the City of London, Frankfurt, Paris, etc.? Interpreting package after package of Russia-related sanctions – often with little or limited implementation guidance – is not something that can simply be delegated or outsourced. It requires top management to build best-in-class sanctions teams.

2. Cutting back on Russian exposure: Multiple lenders cut back on their exposure to Russia following the 2014 invasion and annexation of Crimea, however, events over the last six weeks have further accelerated this trend. Notable credit exposures that require urgently triaging include, among others, risks presented by local subsidiaries; direct/indirect exposure to Russian banks via the interbank market; exposure to Russian sovereign debt through direct government bond holdings or derivative instruments; ties to Russian corporations and HNW individuals through loans, credit lines, insurance products, etc.; and the knock-on effect of local and European corporate clients who could be impacted by Russian (and Ukrainian) inflationary pressures and supply chain disruptions.

3. Tough enough sanctions screening: Six weeks into the conflict, sanctions screening systems and protocols may need to be revised to ensure that they have a laser-like focus on customer types, jurisdictions and products and services that possess a Russian (and possibly Belarussian) dimension to them. Advisory bodies such as FinCEN continue to caution that banks must as a matter of urgency continue to investigate suspicious activity to avert possible sanctions evasion by, among other, oligarch style figures. Boards of directors and executive management are scrambling to alter financial institutions' risk appetites and strategies to reflect today’s new geopolitical landscape, and this extends to sanctions screening workstreams in-house.

4. KYC back in the spotlight: Banks should not be under any illusions that they don’t have any KYC deficiencies – every business up and down the country has them. Are all employees singing from the same hymn sheet regarding who, when and what to screen against? Can we say with confidence that banks are screening not only PEPs but also those related to them? Did local management’s long-promised review of data completeness, quality and integrity actually get completed? Are financial institutions’ systems successfully integrating key data from branches and subsidiaries if a merger or acquisition has recently taken place? Have in-house sanctions screening teams finally addressed issues relating to manual data processing and different writing systems and regional naming conventions? This list of urgent questions could go on and on and on.

5. Reprisal cyber-attacks: It goes without saying that ongoing heart-breaking events in Ukraine have served as a convenient smokescreen for opportunistic actors (including ones that are potentially Russia state-sponsored) to target the region’s banking sector. Well-drilled having survived multiple Covid-19 lockdowns, financial institutions will need to remain hyper-vigilant in their surveillance and threat preparedness. Of additional note, the recent ejection of a significant number of prominent Russian banks from SWIFT could equally make the payments messaging service (a chokepoint for global transactions) vulnerable to future retaliatory cyber-attacks.

Most Nordic banks have some experience with what one could describe as “bad guy” sanctions and ejecting persona non grata from the financial system. However, events in recent weeks have been both tragic and unprecedented in nature and revealed a number of pain points related to the current state of banks’ sanctions compliance programmes. As we enter the next phase of the Ukrainian war, the C-Suite – if it has not already – should be commissioning root-and-branch reviews to determine how going forwards banks can avoid being caught flat-footed by a similar geopolitical crisis.