In January 2015, the Spanish Executive Service of the Commission on the Prevention of Money Laundering and the Financing of Terrorism (“SEPBLAC”) published for the first time its “Good Practices for the application of the lists of persons subject to international sanctions.” The aim of the Good Practices is to help financial entities, as well as other companies, to design and implement adequate internal controls to comply with European Union sanctions which (a) mandate the freezing of funds and economic resources belonging to, owned or controlled by those individuals and entities listed in the EU Regulations (“Designated Persons”), and (b) prohibit making funds or economic resources available to or for the benefit of Designated Persons. In the Introduction to the list of 28 Good Practices, the SEPBLAC reminds us that to comply with the above-mentioned obligations, one of the most important practical problems faced by companies is the screening of clients and commercial partners against the lists of Designated Persons. The 28 Good Practices are divided into the following 5 categories:
- Scope of application: what clients and partners will be screened against the lists of Designated Persons? In relation to what transactions?
- Source of lists of Designated Persons: what source will be trusted to make sure that updated lists are always used?
- Application process: when will the screening be carried out? with what regularity? what degrees of coincidence will be deemed a match?
- Management of alerts: what system will be followed to analyze the alerts?
- In case of match: what procedure should be followed? It is interesting that the SEPBLAC stresses that when a match appears is not the time to decide what to do. There must be pre-established written procedures to determine what steps must be followed.
This is without any doubt an interesting guide for companies operating in Spain, because it is the first document of this type issued by the SEPBLAC and, more importantly, because, as the SEPBLAC warns, “it is not accurate that the real probability of detecting a client included in an international list is inexistent or practically inexistent.” On the contrary, the SEPBLAC continues, even if the number of matches is small, it is “sufficient to affirm that there is a risk that must necessarily be controlled, especially if one takes into account the repercussions, of all types, that an error in this field could have for the obliged entity.” Consequently, Spanish companies should adopt adequate Compliance controls and procedures (or adapt their existing ones) taking into account the SEPBLAC Good Practices.