Bourse and Bazaar | Esfandyar Batmanghelidj: In a recent speech, Under Secretary of the Treasury Sigal Mandelker warned that foreign companies that maintain a presence in Iran must conduct “extra due diligence to keep them from being caught in Iran’s deceptive web.” Mandelker has been touring countries in Europe, Asia, and the Middle East, engaging governments and businesses in order to “make clear the very significant risks of doing business with companies and persons” in Iran.
Many Iranian companies, particularly in the private sector, have long taken seriously the need to conduct enhanced due diligence, including on their own customers and partners. Improved transparency is a prerequisite of working with foreign companies, which remain wary of the wrath of US regulators for any inadvertent sanctions violations.
Since the implementation of the JCPOA nuclear deal, and in anticipation of new foreign trade and investment, many Iranian enterprises have hired specialist consultants to help establish internal compliance departments and institute robust anti-money laundering (AML) and counter-terrorist financing (CTF) processes. Technology solutions are central to any such transparency efforts.
While Iran is witnessing a wider push for transparency, particularly around Iran’s compliance with the Financial Action Task Force (FATF) action plan, there remains internal resistance to compliance reforms. As explained by one consultant who advises Iranian companies on compliance policies, “Elements of the Iranian government contribute to the problem by issuing instructions that foreign companies and technologies should not be engaged to assist the banks in their compliance efforts.” These sensitiveness are especially acute for the Central Bank and Ministry of Economy, where Iranian officials fear that foreign technology could be used for espionage. Given that there are no homegrown compliance tools, system-wide implementation remains a distant prospect.
In the meantime, ambitious banks such as Middle East Bank and Saman Bank have been at the forefront of the effort to empower their compliance departments and to demonstrate competencies in know-your-customer (KYC) and know-your-transaction (KYT) due diligence.
However, conversations with several international compliance specialists, who agreed to describe their experiences on background, make clear that—counterintuitively—US sanctions pose the most significant challenges in the effort to improve sanction compliance within Iranian banks and companies. These sanctions prevent industry-standard technology, including software that enables the automated searches of companies and entities for hits against global sanctions lists, from being accessed by users with Iranian IP addresses.
For example, World-Check, a market-leading compliance tool from Thomson Reuters which allows users to “automatically and cost-effectively screen all of their customers, partners, employees, and business transactions for potential Iran sanction risk,” is inaccessible from Iran, despite the fact that the company advertises a specific “Iran Economic Interest Solution” comprised of World-Check and a second product called IntegraScreen. So while foreign companies can use the product to mitigate their sanctions risks, Iranian companies cannot do so for the benefit of their foreign clients or customers.
American companies such as Thomson Reuters are reluctant to enable use of their service from Iran due to primary sanctions prohibitions on exporting a service to Iranian companies, even if that service is intended to help Iranian firms improve their compliance with US and EU sanctions laws. Compliance professionals report that smaller European software companies, which could have filled the gap, are reluctant to do so due to the possible negative impact on their US business and difficulties in processing related licensing fees.
These circumstances leave some Iranian companies to pursue less-robust software solutions from markets such as India, which can contribute to screening failures. Alternatively, Iranian companies seek back office support “offshore,” in effect subcontracting their compliance work on an ad hoc basis. Neither of these solutions reflect the compliance best-practice that US officials insist upon for those companies that wish to pursue trade and investment in Iran. In the event of a compliance failure, such measures are unlikely to hold up to regulatory scrutiny.
US officials could remedy these issues through smarter sanctions policy. Given similar fears among consumer technology companies, the US government enshrined the accessibility of internet and communications tools in 2014 with the creation of General License D, which protects the provision of services and software “incident to the exchange of personal communications over the Internet, such as instant messaging, chat and email, social networking, sharing of photos and movies, web browsing, and blogging.” The license, which has been only partially successful at preserving access to technology products for Iranians, reflected an assessment on the part of US officials that protecting the free exchange of information was consistent with the aims of Iran policy.
Despite the consistent message from US Treasury Department and State Department officials that a lack of transparency in Iran’s economy represents a national security threat to the United States, particularly in regards to terrorist financing risks, there has been no similar effort to ensure the availability of compliance tools for Iranian end users. One compliance executive, who specializes in enhanced due diligence, wondered, “If Iran cannot access the very tools that it needs in order to reform, is it being set up to fail?”