The Bank of Lithuania has issued instructions for fintechs on the implementation of international sanctions which come into force from September 1, 2023.
Some of the key takeaways from the new instruction:
- A new requirement for FMPs is an annual and ad-hoc enterprise-wide sanctions risk assessment, in which the financial market participants assess their operational risk, customers risk, and the risk of proliferation financing.
- Testing of the suitability, efficiency and effectiveness of the internal control systems must be performed at least once every 2 years.
- FMPs will be required to inform the Bank of Lithuania within 5 business days on the detected serious deficiencies in its internal control system when those deficiencies had a serious impact on the implementation of international sanctions.
Our practical tips for #financialinstitutions and regulated entities:
- Internal controls related to sanctions should be proportional to their business model, clientele, geographies and other factors.
- To have a whitelist of persons that are not subject to sanctions screening, for example Lithuanian banks, as long as such whitelisting is reasonable and identified in sanctions policy.
- Ensure that you screen not only your customers, but also business partners, counterparties, service, intermediaries, shareholders, managers and even your employees, when relevant.
- Appoint an employee responsible for the implementation of sanctions.
- To review your sanctions policy and procedures (annual and ad-hoc reviews of policies and procedures, decision-making procedure on identified sanctions violations, procedure for appointing the person responsible for organising implementation of sanctions should be included).
If you need assistance with implementing new requirements, do not hesitate to contact us!