In an awful lot of the large dollar OFAC settlements, the decision to evade sanctions ends up getting discussed over email. Why shouldn’t firms implement email surveillance of a very limited set of terms – like Iran, Cuba, and North Korea? If firms can identify and put a kibosh on sanctions evasion schemes as they move towards concrete plans to violate regulatory requirements, they could save a lot of trouble and money.
If you keep the list of terms small, you would keep the number of false positives to as minimum – how many people send emails about Iran, other than in a Sanctions context?
What do folks think?