TO BE OR NOT TO BE?, Feb 2023

Published by KCS Group Europe, ITFA Member Institution, in January 2023

Russia’s invasion of Ukraine and the subsequent sanctions, forced businesses into a choice. Either they were required, in an already difficult and competitive environment, to look elsewhere to other markets just as corrupt and dangerous as Russia, or to seek loopholes and shortcuts in the sanctions program and claim that their individual or corporate entity was clean and therefore fine to work with, even if this is self-evidently untrue. Either scenario is a nightmare for compliance procedures, and thus, some companies would choose to just circumvent these entirely out of desire or expediency. 

On more than one occasion, KCS Group Europe has been asked to conduct due diligence to approve corporate entities connected to notorious oligarch, Mikhail Friedman, on the basis that he does not directly own the companies so therefore the client would not be directly working for a sanctioned figure. This is not only semantics but wilfully ignoring the point of the diligence in the first place. Alternatively, a spate of UK law firms are looking to work with Yandex, the Russian search engine and technology firm, despite the sanctions applied against its founder, Arkady Volozh, and the company’s role as a pro-Kremlin mouthpiece. In both of these cases, the impetus seems to be: find us a way we can work with these companies, and implicit in the request is the admission that this is inappropriate. 

This also works the other way: a Russia affected by broader and deeper sanctions than ever taking a more global approach to its business, making increased use of second- and third-hand networks to transfer monies and ship products in contravention of sanctions, and relying on international partners who are either complicit or naïve enough to work with them. A number of American technology firms are using Turkish shell companies to sell products through to Russian entities, with little to no evidence that KYC is being conducted on the part of the American firms to ensure that their actions are not contravening sanctions. The same is true of hollow corporate entities in Greece arising to sell oil believed to originate from Russia, before disappearing as quickly as they were created. Deception and obfuscation have always been key elements in the Russian playbook – but Moscow is being assisted enormously by either the inadequacies of Western diligence and compliance, or their desire not to know. 

It is, of course, not only Russia that is triggering a divesting of compliance norms.

The global economic uncertainty has made the race for the growing markets – particularly those in Africa and the Middle East – tighter and nastier, and to some extent, the businesses are taking off the gloves and doing whatever they feel they need to do to survive. And yet, lawyers, accountants, and bankers alike, are attempting to ignore KYC in some of the most dangerous and challenging markets on the planet, either because they are so desperate for business in the current dire economic straits, or because their only concern is to bring the money in regardless of the cost down the line. The consequences of this will be severe: fines at best, disbarments and criminal investigations at worst. 

But the short-termism persists, not only in the act of pursuing unsuitable clients in the first place but in the practice of how the KYC checks are done… when they are done at all. In-house compliance analysts tend to rely on freely available social media and databases to make their calls, when such a limited source base is inappropriate because of the degree to which the bad actors are already manipulating online information to cast themselves in the best light, or because the databases can only tell you what is already known and not what the target may have gone to great lengths to hide. Even the framing of KYC itself is being diminished, with requests being increasingly targeted to only look for a certain aspect of criminality, or to consider a facet or locality as off-limits. 

Again, it is hard to ignore the impression that – as illustrated with Yandex and Friedman – clients do not want to look too closely, because they already fear what may be found. Meanwhile, generally speaking, there is no acknowledgement of, or direction on, the issue from board level because directors, according to those with current knowledge of the sector, are primarily concerned only with preventing cyber-attacks in the heightened Russia-fuelled threat climate, or are invested in the short-term money themselves, on the basis that this makes their immediate position and remuneration stronger and any problems will be someone else’s to deal with. 

So let us offer some New Year’s predictions. The deterioration in quality, and quantity, of compliance and KYC will decrease in inverse proportion to its growing necessity. The ‘cost-cutting’ approach instituted during the coronavirus pandemic, where deep due diligence by expert outside firms was relegated in favour of cheaper in-house operations, will continue but this time be driven more by a desire to better control the information and the consequences. And there will, at some point, come a ‘perfect storm’, where the short-term attitude of firms, the disinterest of directors, and the inadequacies of how KYC is enacted will all coalesce into a situation that sees a major legal or financial firm be publicly, and expensively, humiliated.

This may or may not come to pass; but there is still time for companies to reconsider their KYC practices (or lack thereof) and make the commitment to change that, frankly, the realities of global politics and economics demand. A new approach to compliance that puts properly conducted, appropriate and enforceable diligence at the heart of corporate decisions, which is not bounded by profit motive or outside influence and which is acknowledged as a contributing factor to a company’s success, rather than a distraction from it – that would be a fine New Year’s tradition to keep.