Mitigating TFS Risk Through Sanction Compliance Program: RACI Edition

This article provides a detailed walkthrough of the legal framework in Australia governing Targeted Financial Sanctions (TFS)and its compliance, including:
  • Sanctions Regime in Australia
  • The Need for Sanctions Compliance Policy in Tranche 2 Entities to ensure alignment with the guidelines given by the Australian Sanctions Office (ASO), the Australian Sanctions Regulator.
    • Emphasising how the Compliance and Governance Function can leverage the RACI matrix to ensure smooth execution of roles and responsibilities to mitigate terrorism financing and proliferation financing risk
  • Consequences of Non-Compliance with TFS Obligations
  • Types of Sanctions Issued by Australia
  • Challenges encountered while implementing TFS measures and Best Practices to be incorporated for robust TFS Compliance
Including emphasis on processes to have in place for identifying designated persons and entities, assessing potential prohibited activities for TFS risk, and effective compliance measures to be implemented within the Sanctions Compliance Policy.

What are Targeted Financial Sanctions (TFS)?

Meaning of Sanctions:
In order to understand TFS, we first need to understand the meaning and intent behind sanctions. Sanctions are restrictive measures that a country or international organisation takes to respond to serious international concerns. Sanctions are imposed as restrictive measures to influence the behavior of individuals, groups, entities, or countries to compel desired behavior or stance.

Countries impose sanctions when there is an increase in violations of human rights, terrorism, proliferation financing, and other inhuman acts that are detrimental to society. Instead of using armed forces, governments use sanctions as a method to punish wrongdoers or delinquents and compel their compliance with government foreign policy requirements.

Meaning of Targeted Financial Sanctions (TFS)

TFS restricts the direct or indirect role in making an asset available to a designated person or entity and taking measures to freeze such assets, if in control, to prevent their use by designated persons or entities. In simple words, TFS strictly prohibits the supply of any assets to designated persons or entities. Australia maintains a Consolidated List, known as the Australian Sanctions Office (ASO) Consolidated List, which consists of names of designated individuals and entities subject to Targeted Financial Sanctions. This list includes details such as:
  • Names
  • Aliases
  • Dates of birth
  • Other identifying information.
Reporting Entities must compare names in TFS lists every time they onboard new customers and monitor existing business relationships to ensure compliance with sanctions regulations . Under the Australian Sanctions Regime, engaging in financial transactions with these designated persons or entities is prohibited.

Sanctions Regime in Australia

Australia enforces two primary categories of Sanction laws, which play a significant role in maintaining national security and aligning with international laws. To navigate this sanctions regime effectively, Reporting Entities should ensure that their Sanction Compliance Policies align with the legislative requirements to mitigate any consequences arising from non-compliance.

The two categories of Sanction laws enforced in Australia are given below:

United Nations (UN) Sanctions

These sanctions are imposed by the United Nations Security Council (UNSC). Australia implements these sanctions under the Charter of the United Nations Act, 1945 and its regulations, to which Australia adheres.

Autonomous Sanctions

These sanctions are imposed by the Australian authorities to address specific foreign policy concerns. These sanctions are administered by the Australian Sanctions Office (ASO) and are based on the following laws:
  • Autonomous Sanctions Act 2011
  • Autonomous Sanctions Regulations 2011.

In situations of international concern, Australia and the UNSC are applicable. These Sanctions frameworks are named after the targeted country, group, or thematic issue (e.g., ‘Iran sanctions’) to address specific circumstances and objectives. Sanctions frameworks are regularly updated by Australia to align with the foreign policy goals and international obligations.

Given below is the UNSC and Australian Autonomous Sanctions Framework:

Need for Sanctions Compliance Program in Tranche 2 Entities to Ensure TFS Compliance

In the evolving Sanctions regime landscape, Tranche 2 Reporting Entities such as Lawyers, Real Estate Agents, Accountants, Trust, and Company Service Providers need to align their TFS Compliance obligations with prevailing sanctions compliance requirements. In order to efficiently comply with these regulations and mitigate the risk of violating such sanctions, it is imperative for these Reporting Tranche 2 entities to develop, adopt, and implement a robust and well-crafted Sanction Compliance Program.

Key Elements that should be incorporated in the Sanction Compliance Program (SCP) are discussed below:

Simplifying Compliance and Governance Functions’ Roles and Responsibilities Using a RACI Matrix

Reporting Entities must establish a structured Sanctions Compliance Program (SCP) that sets out clear governance structures by defining roles, responsibilities, procedures, and internal controls to comply with Australian Sanctions laws. However, simply having a policy in place is not enough; the challenge lies in its effective implementation.

A crucial governance tool that helps the Tranche II entities to delineate the duties of their governance functions effectively is the incorporation of a RACI (Responsible, Accountable, Consulted, Informed) chart, also known as the Sanctions RACI matrix, into the Sanctions Compliance Program. It helps with a clear visual understanding of which employee in the organisation is responsible, accountable, consulted, or informed in the context of specific TFS compliance-related tasks, for instance:

What is a Sanctions RACI Chart

  • Responsible – Task Execution: For instance, the Screening Analyst is “Responsible” for carrying out the execution of the Sanctions Screening obligation.
  • Accountable – Define Outcome Ownership refers to building from the above example, the AML Compliance Officer is “Accountable” for the outcome generated during the screening exercise, and needs to decide further action, depending on the screening outcome.
  • Consulted – Input Provision refers to seeking relevant inputs, if any, from colleagues who are responsible for associated tasks, such as in the instance of screening, the Screening Analyst may be required to consult with the KYC Analyst to obtain key identifier details of the customer which need to be entered into Screening Software to carry out screening obligation.
  • Informed – Keep in the Loop refers to keeping relevant parties informed about the tasks in question.

Why is the Sanctions RACI Matrix Important for Sanctions Compliance?

The Sanctions RACI model clearly assigns who will perform tasks, who oversees them, and who needs to be consulted or informed, ensuring seamless operational execution of TFS compliance. This Matrix is helpful for Reporting Entities because it:
  • Clearly defines the responsibilities of Sanctions Compliance in an organisation.
  • Avoids duplication and gaps by assigning specific roles in sanctions-related workflows.
  • Enhances cross-functional coordination between various designated personnel of compliance, legal, and operations teams.
  • Supports audit readiness by providing a structured governance framework with accountability for sanctions compliance.

Suggestive Sanctions RACI Matrix Illustration

Given below is the Sanctions RACI chart mapping key sanctions compliance tasks to the internal governance function within a Tranche 2 Reporting Entity:

Mapping TFS Governance in Tranche 2 Entities Through RACI Matrix:

1. Understanding the Sanctions Regime
Sanctions are official measures imposed by governments or international bodies to achieve specific foreign policy or national security objectives. These measures can include restrictions on trade, financial transactions, or other economic activities with designated individuals, entities, or countries.

Boards and Senior Management of a Reporting entity should develop a written AML/CTF program by understanding the applicable sanction regime. Therefore, it becomes crucial for them to understand:

  • When to apply sanctions
  • Why are sanctions imposed
  • Who is responsible for Sanction Compliance
  • How to implement and monitor compliance procedures

2. Conducting Sanctions Risk Assessments
Risk plays a key factor in ensuring sanctions compliance. By gaining a clear understanding of the risks that an organization encounters at the overall operational level, it becomes possible for a Tranche 2 entities to create a more effective Sanctions Compliance Program.
The Boards and Senior Management of the Reporting Entities are responsible for conducting a comprehensive Risk Assessment to continuously assess their exposure to sanctions risks in terms of:

  • Nature of products and services offered
  • Customer and supplier base
  • Geographic regions of operation, etc.
By evaluating these elements, Reporting Entities can draft their SCP to address their unique risk profiles effectively.

3. Implementing Sanction Screening Software
Compliance Officer of Reporting Entities should implement robust Sanctions Screening Software for automating the process of checking transactions and counterparties against the sanctions list.

Such software should be finalized based on the Sanction Compliance framework and Risk Assessment of the Reporting Entity so that the software should be capable of integrating seamlessly with the existing system.

Regular updates and maintenance are necessary to ensure that the software remains effective with the update in the Sanction list.

4. Screening Transactions & Parties

Screening Analyst, in consultation with the compliance team, has the responsibility to systematically screen all customers, transactions, and third-party service providers against the following lists to detect any prohibited dealings against:

  • UN Sanctions list, and
  • Australian Autonomous Sanction list.
This process should be risk-based, focusing more resources on high-risk areas, such as transactions involving high-risk jurisdictions or sectors.

5. Analysing Sanctions Matches
When a potential match is identified during screening, it is essential for the Screening Analyst to analyse and disambiguate it thoroughly to determine if it is a:

  • Full Match
  • Partial Match
  • No Match
  • False Match.

6. Reporting Suspicious Matters to AUSTRAC
Reporting Entities should engage in conducting the Screening comprehensively against the Consolidated list and the UN list, and if they find any suspicion, then the Compliance Officer of the organization has the responsibility of filing a Suspicious Matter Report (SMR) to the AUSTRAC CEO within a reasonable time. At the same time, the Compliance Officer must ensure that customer-facing personnel, such as the frontline staff or other staff members, do not tip off the existing or potential customer regarding SMR in their name, if any. This can be achieved by ensuring that the information sharing in the context of suspicious matters is restricted and limited to relevant employees only.

7. Updating Sanctions Compliance Policies and Procedures
Sanctions regulations are dynamic, which undergo frequent updates and changes. Boards and Senior Management of the Reporting Entities should regularly review and update their internal policies and procedures to reflect the current legal landscape.
This may include several activities such as:

  • Revising compliance manuals
  • Updating training materials
  • Updating operational protocols to incorporate new sanctions regimes, etc.

8. Providing Role-Specific Training and Awareness Programs
The Compliance Officer has the responsibility to implement the internal policies and procedures effectively and regularly comply with the AML/CFT framework, and to do this, there needs to be an effective training and awareness program. The Reporting Entities should provide ongoing training to their employees regarding sanction compliance requirements. Training programs should be tailored to distinct roles within the organisation, ensuring that all staff understand their responsibilities and the importance of the Sanction Compliance Program as well as the risk of sanctions contraventions.

9. Ongoing Monitoring AML Compliance Officers of Reporting Entities should conduct day-to-day monitoring and periodic reviews to assess the effective implementation of the Sanctions Compliance Program (SCP). Ongoing monitoring may include activities such as:
  • Reviewing screening processes
  • Evaluating the handling of potential matches
  • Ensuring that policies are being followed correctly
  • Addressing weaknesses in the compliance framework
  • Identifying areas of improvement, etc.

10. Maintaining Records
The Compliance Officer of a Reporting Entity has a responsibility to ensure that the entity is complying with the AML/CTF Act and Rules. Therefore, in order to comply with such statutory obligation, the Compliance Officer should maintain detailed records of all the measures taken during the Sanction Compliance Policy to demonstrate diligence and readiness for audits and regulatory reviews. It is the obligation of the Reporting Entities to retain records of designated services and related customers for 7 years.

Benefits of the Sanctions RACI model in Sanctions Compliance and Governance

The Sanctions RACI model enhances Sanctions Compliance and Governance by clearly defining roles and responsibilities for critical tasks like screening, analysing, and reporting, and thereby reducing the ambiguity and duplication of efforts. It ensures that the compliance team of an organisation know who is Responsible, Accountable, to be consulted, and kept informed at each stage of the sanctions compliance process. This structured matrix improves coordination, streamlines decision-making, and strengthens regulatory adherence to the AML/CTF framework.

Identification of Applicable Sanction Regime

As an initial step in drafting an effective Sanction Compliance Policy (SCP) under the AML/CTF Program, Reporting Entities must make themselves aware of the relevant sanctions regime that their business needs to adhere to.
  • If sanctions requirements apply to the extent of imposing restrictions on trade or commercial activities, Reporting Entities should ensure that their Sanctions Compliance Policy includes a provision and procedure for conducting due diligence when such goods or services are offered to customers.
  • When Targeted Financial Sanctions are applicable to Reporting Entities, they need to have in place Sanctions Compliance Policies and Procedures which accurately provide for the identification of sanctioned individuals and entities. Such categories of persons or organisations designated under TFS may include Politically Exposed Persons (PEPs), entities linked to terrorism, or those acting on behalf of sanctioned countries.

Subscription to Relevant Regulators for Updates

Keeping up to date with the regulatory requirements is crucial for ensuring effective TFS compliance. Tranche 2 Reporting Entities should actively monitor the updates in Australia’s Sanctions framework by subscribing to the DFAT’s Mailing List.
  • Reporting Entities should subscribe to DFAT’s Mailing List to get timely updates on the following:
    • Changes to Australian sanctions laws
    • Revisions to existing regulations
    • Additions or removals from the Consolidated List of sanctioned individuals and entities.
  • If the proposed activity of the Reporting Entity is subject to sanctions and meets the criteria for a permit, then the Reporting Entity must register and apply through the PAX Portal.

Sanctions Screening

  • Reporting Entities should choose the appropriate Automated Screening Tool (AST) in their AML/CTF Compliance Program by integrating it into their internal due diligence process to screen persons, entities, and assets.
  • Reporting Entities should ensure real time checking against the Consolidated List as maintained by ASO. The Screening Process should be dynamic and updated regularly to capture new listings or delisting.

Performing Sanctions Due Diligence

To ensure compliance with the TFS measures and minimize the sanctions risk of their organization, Tranche two entities should incorporate some due diligence measures to comply efficiently with the Sanctions Compliance Policy. Due Diligence is a critical element in assessing the risk of engaging in prohibited activities and in identifying designated persons or entities.

1. Conducting Independent Checks

Reporting Entities should conduct independent checks on all persons or entities involved in the proposed activity. If a Reporting Entity is dealing with a company, it should understand its corporate structure. It should also look out for any indirect connections to designated persons or entities on Australia’s sanctions list.

2. Assessing the purpose and end use of Goods and services

Reporting Entities should ensure who will use the goods and services and what they will be used for. Reporting Entities should search the Australian Department of Foreign Affairs and Trade (DFAT) Consolidated List to verify whether any person or entity with which the Reporting Entity is dealing is subject to targeted financial sanctions.

3. Understanding Complex Business Structure & Beneficial Owners

When dealing with companies or any legal structures, Reporting Entities should assess the ownership and control of that organisation to identify the Ultimate Beneficial Owner (UBO), Director, Authorised Signatory, etc. that may be linked to sanctions target.

4. Performing Sanction Risk Assessment (SRA)

Reporting Entities should conduct a structured Sanctions Risk Assessment (SRA) in identifying and assessing whether the proposed activity is prohibited under TFS Compliance Regime. SRA forms a core component of an effective Sanction Compliance Policy.

A. Identifying Prohibited Activities

To ensure compliance with Targeted Financial Sanctions (TFS), obligated entities must adhere to strict prohibitions regarding interactions with the designated persons or entities. Following are the activities that are prohibited under TFS:

  • Provision of Assets: Reporting Entities are prohibited to provide assets directly or indirectly to, or for the benefit of, designated persons or entities.
  • Use of Controlled Assets: Asset holders must not use, deal with, or facilitate the use of assets owned or controlled by designated persons or entities. Such assets are considered ‘frozen’ by the ASO and cannot be accessed or utilized in any manner by the Reporting Entities.
Reporting Entities must ensure that their Sanctions Compliance Policy include a clearly defined assessment procedure for evaluating whether a proposed activity is prohibited under TFS. The Reporting Entity should examine:
  • Whether the proposed activity involves any direct or indirect provision of assets to a designated person or entity, or whether it benefits them in any way. If so, the activity may constitute a breach of TFS obligation and must be flagged for further review or reported to AUSTRAC CEO.
  • Whether the activity involves the use of or dealings with any assets that is owned or controlled by a designated person or entity. If so, the activity will be prohibited under TFS.
If neither of the elements is present, the proposed activity will fall outside the purview of prohibited activities and Reporting Entities can continue with the business relationship.

SCP Training & Internal Awareness

As part of their obligation to comply with the Sanctions Compliance Policy, Reporting Entities should prioritize staff training and internal awareness. Tranche 2 entities should implement regular training programs to help their employees:
  • Building awareness on the Australian Sanctions framework
  • Identifying restricted persons/assets
  • Knowing actions to take when a designated entity or asset is flagged
  • Acknowledging their responsibility to contact ASO in case of uncertainty.

Review of Sanctions Compliance Measures

To ensure continued compliance with the SCP:
  • Reporting Entities should perform periodic sanctions health checks
  • Reporting Entities should implement timely remediation measures based on the findings from the evaluations
  • Reporting Entities should identify compliance gaps and take corrective actions to make improvements in their current policies and framework.

Control Framework for TFS Compliance

To ensure that Tranche 2 entities remain compliant with the Sanctions laws, it is essential to understand the specific Sanction measures. Key Sanction measures often include:
  • Freezing of assets: Sanctions may require Reporting Entities to block access to funds, bank accounts and freezing of physical or digital assets owned by the blacklisted individuals or entities.
  • Travel Bans: Travel restriction prevents designated individuals from entering or passing through Australia.
  • Trade Restriction: These measures include banning the sale or purchase of specific goods or services between the countries.
  • Business Limitations: Stopping companies from investing, buying shares, forming joint ventures, or transferring intellectual property with the targeted party.
These measures can be used for different purposes. Sometimes it may be used to prevent a harmful situation from continuing. In some cases, the measures can also be used as a tool to control damage caused by any crisis.

Consequences of Non-Adherence to Sanctions Compliance Requirements

Reporting Entities should establish and maintain a robust SCP to ensure adherence to applicable Sanctions laws. If they do not comply or contravene with the applicable sanctions’ compliance laws, then they may have to face the following penalties:

For Individuals: If the contravening party is an individual, then they will be liable for an imprisonment of up to 10 years or a fine of up to 2500 Penalty Units or three times the value of the transaction (whichever is greater), or both.

For a Body Corporate: If contravention is done by the body corporate, then it will be punishable by a fine of up to 10,000 Penalty Units or three times the value of transaction (whichever is greater).

Note: The term “Penalty Unit” refers to a standard monetary amount used in Australian legislation to calculate fines for various offences. As of 1 July 2024, the value of a penalty unit is set at Australian $330.
From 1 July 2026, the Australian Dollar amount of a Penalty Unit is replaced by the amount calculated using the following formula:

Penalty Unit Value = (Indexation Factor × Previous Penalty Unit Value)

Types of Sanctions in Australia

Sanctions are of distinct types, each designed to address specific issues. Apart from TFS, the following are some of the other types of Sanctions:

Sectoral Sanctions

These sanctions focus on specific sectors of the economy. It does not block everything, but places limits on some financial activities within a sector to slow down growth in those areas.

Comprehensive Sanctions

These sanctions are the most wide-ranging. It prohibits all forms of trade and financial interaction with a targeted nation.

Challenges Faced by Regulated Entities While Complying with TFS Requirements

Ensuring risk-based compliance with TFS may present several challenges for Regulated Entities, including Tranche 2 Entities. To effectively uphold their SCP, Reporting Entities must recognize and address the following challenges:

1. Suppliers and International Branch Offices: Operating across multiple jurisdictions means navigating varying sanctions laws and enforcement practices. This complexity can lead to inconsistencies in compliance efforts across different regions.
2. Reporting and Alert Management: Regulatory bodies and requirements, such as ASO and Australian sanctions laws, often require prompt reporting of matches or suspicious activities. Delays or inaccuracies in reporting can lead to penalties. Sometimes, inaccurate, or incomplete data can result in missed matches or false positives, undermining the effectiveness of the compliance process.
3. Sanctions Evasion Tactics: Sanctioned individuals and entities continuously develop new methods or emerging technologies to circumvent the restrictions; therefore, it becomes a challenging task for the Reporting Entities to have ongoing vigilance and continuous monitoring of the current compliance strategies.
4. Automated Screening Complexities: Automated systems can generate numerous alerts that require manual review, consuming significant resources and potentially delaying legitimate transactions. Implementing automated screening solutions that seamlessly integrate with current IT infrastructure and workflows is often complex and resource intensive for the Reporting Entities.

Best Practices for Regulated Entities to Ensure Robust TFS Compliance

To ensure robust compliance with Targeted Financial Sanctions, Regulated Entities should adopt the following best practices in their SCP to mitigate risks and penalties:

1. Effective Management of Sanction Alerts: Reporting Entities should make sure that relevant personnel are trained to interpret and manage alerts that are generated by the sanctions screening systems.
2. Timely Reporting and application of TFS Measures: Upon identifying a confirmed match, Reporting Entities should promptly apply necessary TFS measures, such as freezing assets and prohibiting transactions.
3. Conducting Sanctions Risk Assessment: Reporting Entities should regularly conduct risk assessments to identify and evaluate potential sanctions risk associated with the organization’s operations.
4. Ongoing Training and Awareness Programs: Reporting Entities should provide ongoing education and training to their employees about sanctions regulations and the organization’s compliance obligations.
5. Implementing Internal Controls to Mitigate Sanctions Risk: Reporting Entities should implement robust policies and procedures to prevent and detect Targeted Financial Sanctions violations in their organization.
6. Establishing Sanctions Compliance Committee: Reporting Entities should establish a Sanctions Compliance Committee to oversee the implementation and effectiveness of the Sanctions Compliance Program in their organisation. This Committee should play a key role in ensuring proper governance and continuous improvement of the compliance framework.

Don’t Leave TFS Compliance to Chance!

Regulated entities, including Tranche 2 Entities, must have a Sanctions Compliance Policy as an integral part of their Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) obligations. Ensuring adherence to TFS not only safeguards the entity from significant legal and financial risks but also strengthens the integrity of Australia’s financial system.

By implementing comprehensive risk assessments, robust internal controls, timely reporting mechanisms, and continuous staff training, Tranche II Entities can confidently navigate the complex sanctions landscape in Australia.

Embedding sanctions compliance that aligns firmly with the AML/CTF framework demonstrates a proactive commitment to regulatory expectations and contributes to global efforts against financial crimes and terrorism financing. Ultimately, a well-structured SCP is essential for sustainable compliance, operational resilience, and maintaining the trust of regulators and stakeholders alike.

About the Author

Linkedin

Jyoti Maheshwari

CAMS, ACA

Jyoti has over 9+ years of hands-on experience in regulatory compliance, policymaking, risk management, technology consultancy, and implementation. She holds vast experience with Anti-Money Laundering rules and regulations and helps companies deploy adequate mitigation measures and comply with legal requirements. Jyoti has been instrumental in optimizing business processes, documenting business requirements, preparing FRD, BRD, and SRS, and implementing IT solutions.

Reach Out to Jyoti