The Descartes Systems Group Inc. (DSG) Earnings Call Transcript & Summary

Hi, everyone, and welcome to our webinar session Can I Trust My Supply Chain, best practices for screening business partners. My name is Asif, and I'm the Senior Marketing Manager at Descartes. We have an hour for this webinar. Hopefully, we might finish in a little bit earlier, depending on the questions and answers session. I will be the moderator for this session, and I have a few housekeeping factors before we begin. You can submit any questions you have via the panel, and we'll try to answer as many of them as possible. If we do not get to all of the questions, we will provide a document with all the questions and answers as a follow-up to the session. Also the webinar will be recorded, and we will provide you with a follow-up e-mail with the link. So now let's get started. Today's session is presented by PwC Partner for Customs and International Trade, Giovanni Gijsels; PwC Manager for Export Controls and Sanctions Compliance, Vira Savva; and Senior Account Executive at Descartes, Konrad Preuninger. So I'll turn it over to Giovanni to kick things off first.

Okay. Thank you very much. Well, talking about the need for screening, there are a number of [indiscernible] that we have to take into account. And when we look at the reason for screening, maybe as a bit of a background, I started out as steward customs and trade advisor. I'm really talking about the only -- well, talking about customs, import and export. And when I started, screening certainly was not on the agenda. Over time, we started to realize that a lot of companies, mainly in sensitive industries, were looking into, yes, who are my business partners and needed to be able to control who are my business partners. But it was, for instance, these consolidated companies or companies with high-tech sensitive items. But over time, that has really evolved. And I think, today, we're in a situation that, actually, every single company should have a screening process. How the screening process looks like, how that takes place can be very different, and I think we will discuss that further on today and how you can structure that. But every single company needs to have a structure in place, has a reason behind it why there are screening, looking into what kind of business partners am I looking into. The reasons are quite clear, and then on the slide, we show some examples. Those are published. And certainly, in the U.S., you see that the legislator and, for instance, [indiscernible] they're one of the government authorities basically looking into screening. They are very open about sharing cases. They share the names, they change -- they share the reasons behind it, why they basically sanctioned the company. And there are quite some good examples on actually what they want companies to do. The challenge very often is that companies -- most companies struggle a bit with data, data quality, but also the list from the authorities are not always [indiscernible]. And I think one of the good cases that we see here are, for instance, the one of Apple, where Apple on the App Store basically is doing screening. You know that if you go online or on your iPhone, basically, you can download various apps. And actually, Apple was screening them. What they did not do is looking at the people behind those companies. So you don't see any of the people behind it, and that's basically the reason why they got a sanction from the U.S. We also see, well, significant monetary fines. Typically, companies are, indeed, from a U.S. point of view, getting very significant fines, but we'll come to that later on. But also from European financing, that might change. So there is always that name and shame part, but also the fines linked to violation are very, very significant. The next example that we can share is Microsoft that had to pay $3 million over Russian sanctions, basically, because their screening process did not take into account to, a sufficient extent, the fact that a lot of the names are in Cyrillic. And if you screen, the lists are quite often in, let's say, Roman characters, like from an English point of view. But that gives a challenge if you're screening against Chinese or Russian counterparties where you have a different alphabet. And with Cyrillic, yes, it is not that different. Transliterations can be made, for instance, but it's basically where they got the complaint that they did not do enough efforts there to make sure that they capture the different entities. Now this is mainly from a U.S. point of view. The -- one of the big reasons why in Europe, it came on to the agenda is, of course, due to the actions of Russia towards Ukraine and the invasion there where, suddenly, an economy very interlinked with European economy was sanctioned. We did have it before with Iran. We did have it before with Syria. But actually, the impact with Russia is much more significant on the European economy. It's not massive. The Russian economy is not that large. But nearly, every country in Europe does have some connections with Russia. And if you just think about all the discussions on oil and gas, for instance, dependency on Russia, it is much more interlinked than these other countries, I think, that had sanctions in the past. So the exposure for the typical company is much higher. And it also made it very local and to talk about doing business with Iran. Everyone thinks really shipping things to Iran only and not doing business with Iran. Now with Russia, what we did see is that a lot of European companies really operating part of our ecosystem here in Europe suddenly got sanctioned because, ultimately, of the chain, they are owned by a Russian oligarch that was sanctioned. So that's -- who owns the company becomes very important. And for instance, there was an example in Belgium, in the Port of Antwerp, where a company basically linked to some other chemical companies actually got sanctioned. They made fertilizers where, initially, they didn't have a license to operate, which was causing even a hazard for the other companies because they were part of that supply chain, where certain substances need to move from one place to another, and you can only stop that for a certain amount of time. So the reason behind that was, okay, the company is owned by, but it's actually other than that is a company which is fully part of the economy and not Russian by nature. You would not recognize as a Russian company. So it does show the need of knowing your business partners even locally, so that there could be local impacts or who owns the company ultimately becomes very important. That led to quite some discussions in Europe where a lot of these oligarchs suddenly transferred a lot of their assets and shares and whatever to their wives or mothers. And for instance, there was a case on the Wagner's Chief. So the Wagner Group is active in Ukraine. You might have seen there's a person in the news complaining about the lack of resources he's getting, but he's part of that inner circle of Putin. And basically, yes, his belongings were transferred to his mom, and she basically filed a court case and actually won that. So it does put the limits on what is possible there. But you do see that there is a big shift in, yes, who do we need to screen, and these things can move. So that's also very important. It's not a very static topic. It's a topic that is constantly moving. Now I mentioned that from a fine perspective and the reason behind it, you do see that U.S. has very significant fines and typically also looks into what is your process and are you doing the necessary things to make sure that things cannot go wrong. They look into what could go wrong based on your current setup. So the fact that you, for instance, if you don't screen and they don't find any infarction from a U.S. point of view, they might say, "Well, you're not screening. You're doing business all over the world. You could have had an issue, and you would not discover it. So you will fine you." So you will see in a broader sense than pure screening that a lot of companies got fines because the U.S. considered their compliance program as insufficient for their business. So it is very important that you have something in place that meets your -- let's say, the risks of your business, that is in line with the risk of your business, so you can defend yourself if they say, "Okay, are you in control? Are you doing whatever you can to avoid that things go wrong?" And that's a bit what the U.S. always takes as a position. In Europe, we have much more -- or we had much more the position that we look into what went wrong and then are there reasons to explain why it went wrong. And in most cases, that means that the actual fine and the actual impact is rather low, unless you really did things on purpose. Now a big change happened end of last year where, actually, they set sanctions evasions. It is so important now that we want to make it a European crime. European crimes are very limited. We've talk about things like child trafficking, for instance. So very, very, well, severe things where, basically, everyone says you cannot do that. They brought sanction evasion up to that level. But also, following this, the commission prepared a proposal to give, let's say, European context on the sanctions. Sanctions in Europe are still a responsibility or something that member states can decide themselves, how do you do your sanction system, which fines you impose. But actually, for sanctions evasion, they want to bring that to European level and said, "Okay, there should be a minimum threshold, where they're talking, for instance, about 5% of the global turnover of the company if you make funds available to a sanctioned entity." So 5% of the global turnover of the company. As a group, that brings us from, let's say, a monetary fine perspective, really, on par with the U.S., where you talk about fines of millions, even into billions, where in Europe, we talk hundreds of thousands of euros typically. But if you move into 5% of turnover, yes, you talk about millions. So it is really a topic that is of concern for everyone. And to maybe summarize that, so, indeed, there could be monetary fines if you don't do that. If you're really involved in certain activities that authorities really don't like, and they said, "Hey, you've done that on purpose," they could deny your export privileges. They could list you as a sanctioned entity. But also I think what is important is that they require criminal liability of executives. What that typically means is that, for instance, the CEO of a company will be hold accountable. So you -- and I've seen the cases, you might get a letter at home if you're CFO is stating that your company is in violation and that you are personally also held liable for that. Last part, you do see that screening becomes very broad. So it's not only about the sanctions that are in place. But for instance, also human rights considerations are taken into account. And you do see that the reputational elements, like you see Apple, Microsoft here, you are published, that's not good, but you also see that consumer groups and certain activists are listing. I just did some research prior to the webinar. There is a list stating these companies are still active in Russia or companies being called out for using sweatshops and so on. So you do see that also that part, the social aspect, the human rights criteria, et cetera, become very important. And it's not only the sanctions or the penalties you might get from authorities, but also from the consumers, the market out there that, actually, is imposing on companies to be aware of who you are working with up and down the supply chain. And with that, I hand over to Vira who will explain us a bit how a screen program could look like.

Thank you, Giovanni. Good morning, good afternoon, everyone. I want to apologize in advance for my voice. It went in vacation earlier than it wants to go, but let's just make it work. So what we want to cover in the next 2 sections of the webinar is to give you this practical aspect. So how the sanction screen should look in a company. It's important to start from the fact that there are no clear legal requirements on what you are obliged to do as a company. So there's nothing that would say you're obliged to screen. But at the same time, there is a law that says you are not allowed [ to do the sanctioning ]. I will come to this [indiscernible] on -- it's a good question. And we actually collect the requirements from the enforcement piece by piece. So when you have a Microsoft case, you suddenly see that they don't actually expecting you to screen against or [indiscernible] characters, which was not the case before. In this Apple case, they care about upper and lower cases in my works business execution. What's important here is that it's not a problem that would keep every type of a company. It doesn't mean that the smaller company necessarily should have a comprehensive huge sanctions coding program that is the same as a pharmaceutical company have immediate. So this first. No, although they are also saying there is no one size fits all. It's up to the company to do the risk assessment and to decide on what exactly do they need to do to not warrant a sanction. So what we put on the slide next is the concentrate of all the practical experience we have been dealing in the different companies, the different sites and knowing where the risks lie and what do you need to do as a company to be sure you can see it while you were doing your the [indiscernible] sanctioning in the [ midst ] of your business partners. So first question that reminds us, who do I need to screen, because, often, we see the perception that the customers are enough. And it's normally treasury that might screen outgoing payments to make sure they do not go to the sanctioning -- or I'm looking at my customer's [indiscernible] in the case of vendors, but for the customers, when someone is changing their customers, they are not seeing sanction, but that's not quite the case. You really need to look at all the business partners between each. So obvious to us is everyone in [indiscernible] everyone who's paying to me and the banks and [indiscernible] the banks are my business partners. But that's not to worry. And actually, we need to go as far as possible in certain circumstances. So if you have an information about the end users of it, you need to screen your end users. And that's, again, a very good example with the Russia now. When you are selling goods to a company located in Kazakhstan, but the end user is located in Russia, then you need to ask a question and you need to [indiscernible] to know that it's not sanctioned entity. This is as far as [indiscernible] suppliers. I'm buying from the company in Poland, where they do the goods come from? Who is the supplier? Maybe I also need to dig deeper and screen them as well. Again, it's not obvious. You might not have this data, and that's often a question from the clients. What about the distributors -- our distributor? My distributor have their own customers. They will never tell me the names. [indiscernible] getting this information. And here, the answer is always, of course, it depends on the risk, what are you selling first of all. And of course, if it is a standard business practice, you can look the name. No one will blame you from not getting the name. But at the same time, if you're goods were [indiscernible] and end up with a Russian [indiscernible] company, you wouldn't be in this situation. That's why all we can suggest is at least include in the contract a provision that you expect your distributor to do the screening. So it will not [indiscernible] responsibility from the [indiscernible], but it will help at least in the future damage control. And the same for any other entities and individuals who are [indiscernible] if you have these conditions. And then that was again already mentioned is Apple. When Apple had the name of the [ entity ] the name of the software owner in that store, but not the developer. They screened -- the developers that they didn't screen the owners. And this was an inefficiency, and that was why [indiscernible]. A good question here as well is like what do you do [indiscernible]. Every time we work with the clients and establishing sanction screening program, discussion backs up because we have a contradictory legislations. We have GDPR rules in Europe that say you're not allowed to collect [indiscernible] without legitimate interest. And we have a screening requirement, specifically for the U.S. sanctions where you actually -- that's very [indiscernible]. You really need to screen that business. But apologies, I am not [indiscernible] focus. I'm not forcing you to do so. And here, we always suggest both at the privacy officer of your company assessing case country by country because position of [indiscernible] can be different position [indiscernible]. This is a complicated question to assess. This is why you establish this interesting [indiscernible]. Now moving to the next big set of questions is which list do I care about. We know who do we need to screen, but which lists do I need to use? First layer is obvious one, the one that directly impacts me, because I will keep it there. So if I'm a new company, I care about your sanctions, I might also care about sanctions of my country. So generally, you can go further than you sanction more companies. So that's also the reality. So if you are [indiscernible] a company you care about, you keep company first. But then comes from other layers. So the most complete, that one, but at the same time, the least one is [indiscernible] U.S. pets. They do not directly apply to you, but they have this extraterritorial element in them, which means that if you have so-called [indiscernible] in your transaction, a good example is just I do the payments in U.S. dollars, [indiscernible] through the U.S. financial system. This is [indiscernible], and we need to care for them. That's why we always say better screen against them, sanction less and then assess case by case, then really [indiscernible]. Sometimes, your sanctions are faster than European ones, and you see, okay, this is a Turkish company that was sanctioned today by the U.S., but it's an intermediary of Russian company. I would like to stop doing business with them, even if the sanctions [indiscernible]. It's my decision that the company to stop. This is the second part of the list. And then we have a batch that would be relevant for your type of business. Export controls needs, that's like you call them export control set. But this is good example, entities of [indiscernible] security of [indiscernible] German [ prohibition ] concerned. Japanese [ prohibition ] concern. So these are the lists where authorities are saying, "I'm suspecting this company might be engaged in the proliferation of weapons of mass destruction." So if you are selling something to them, that is subject to control. My jurisdiction, you need a license. But this is a very simplified way. Of course, there are many gray areas [indiscernible]. This is simple. They are not necessarily always there to apply it. Again, [indiscernible] you care about your list, and this [indiscernible] transaction [indiscernible] this is your vendor and not the customer, you're not stopping anything for them. But you still might want to screen against this because the obligation is pretty harsh, and you might want to [indiscernible] entity. Another good example is if you are a pharmaceutical company, you have a full list of the U.S. medicines, which seems that you are not allowed to deal with the company or individual because he cannot pay from the medical -- U.S. medical program funds. It's pretty mandatory for pharmaceutical companies who are not challenging for our businesses. So that's something to think about as well, where I'm working, with whom I'm dealing, what kind of [indiscernible]. And of course, if you have transactions up in Australia or in Japan or in U.K., you might want to have their national sanctions. They are very much aligned with the U.S., but there might be exception. Canada, for example, quite often goes further and sanctions more than U.S. So if you do business in Canada, you might want to [indiscernible]. And the last set, it's -- we call it beneficial to have, but this is really important. So you might have heard about 50% ownership or the ownership and control concept, as we have in EU. You are not directly dealing with the sanction entity or doing with the company that is owned the sanction entity. Maybe after 3 chains of companies maybe in advocate of a couple of sanctions individuals and you are not allowed to deal with them. So the problem with this kind of confidence is that our torches are not necessarily publishing. You might know -- not know that like Belgian company is actually sanctioned because it's owned by this Russian oligarch. And there are content providers who are working on it. So they're creating and are constantly updating the list of companies that are owned by the sanctioned companies. So if you have this content, you're safe. You can really detect the business partner that you are not allowed to deal with. Similar example is the control list because when you [indiscernible] also care on control, which is not the case for the U.S. And control is a very blurry kind of motion, hard to say. To put it again, Russia is always a good example now because we have so many sanctions and so many things happening. So the Russian oligarch was owning 80% of the company. But suddenly after sanctions were imposed, they only own 20% of the company because they passed the [indiscernible] to their wives. It does not mean that the company is not controlled by the Russian oligarch. That's a question that is negotiable. There are many legal aspects on it, but that's again the kind of list that helps you to [indiscernible]. And after you continue to [indiscernible] do you have the risk here that this oligarch is still ultimately controlling the company and you're violating your sanctions. Another good example is FCP, foreign corrupt practices kind of list, and companies that are having anticorruption [indiscernible] will often screen business partners in this kind of pace as well. And for Sabre, which is now very -- half of it is Germany and Switzerland and [indiscernible] once the legislation in place. And these are 2 examples of the last 2 lists that show also the sanction screening program. It's really active that can allow you to expand not only to the trade sanctions, but have other considerations [indiscernible] because this is really a mechanism to protect the business partner and then how you will act after [indiscernible] responsible sourcing in sustainability team, whatever kind of team you might have in your company that will also benefit on the screening solution that you have in place. And next type question is, when do I need to -- how often do I need screen? And here, again, the answer is it depends on the company, depends on the risk profile, not -- maybe not necessarily all kinds of screens you will need. But the best practice is to have these 3 types of screening, like you seen in the screen. The first one is the contractual, we call it contractual. You don't have a contract yet. You haven't created the business partner in your ERP system yet, but your sales or procurement team will start the negotiation. They are doing a lot of work. They might be even sending some samples. But ultimately, after months of work, you create a business partner and you see there is sanction. So you couldn't have negotiations [indiscernible]. So that's why we always advise, either train your sales and procurement to do the screening themselves or tell them to reach out to the sales team. But even before the business partner requesting, just -- especially if there is -- especially if it's a new company [indiscernible] 2022 or it's a company in Kazakhstan or it's a new customer that is not very well known on the [indiscernible] market, better screen before entering the discussion. Then after using the time [indiscernible]. And second, I will screen is ongoing screening. So you [indiscernible] customers, vendors, buyers, whatever you have in your system and you screen them every day, every month, every week, depends on your, again, risk profile, your situation, it's your decision on how often do I want to. You screen them against the sanctions update because authorities are publishing updates every day. And yesterday, your supplier could be okay. But today, you suddenly sanctioned, and you need to stop shipment that is ongoing. You need to stop payment [indiscernible]. So that's why this going screening element is very important. So it's your existing database that you constantly check. Is there something new that I need to know about? And the last one that is very good to have transactional screen. It is when you create sales model, an ongoing delivery [indiscernible] with payments, and there might be purchase mentioned that are not [indiscernible]. So suddenly, account holder is a different age. The bank is different. And you might want to know why. You might want to be sure that I'm not actually sending the money to the sanctioned entity now. My business partner was okay, but maybe it wasn't [indiscernible] sanction entity. So these are 3 types of screening that are good to have, like expected to have. And it's, of course, the plans and abilities depending on the risk profile or [indiscernible]. And then what do you do with the list? So let's imagine you screened and you suddenly have a list of -- in your work, there's a list of companies that you need to deal with. And how do you handle them? What is the best practice in the market? And that's, again, that's just an example. But typically, what do we see or what do we do as well as the company, we have a first set of review, where it's like a very simple comparison where machines still see the similarity, but the human can say, "No, these are certainly different entities," and you don't need to go any further. You see that this name and this name are completely different. They have some similarities, but they are different. And you just eliminate the false positive. It's like [indiscernible] somewhere there. It's quite fast, too, but it depends on the volumes. Of course, you might have volume of them if you have many business partners. But this is the first review that is done. It can be a really [indiscernible] kind of profile that is distributing [indiscernible] false positives. Whatever is not obvious and can look as a potential [indiscernible], it goes to the second level of review. And you are the person with a deeper knowledge of investigation -- sanctions investigation, understanding the impact of sanctions, needs to [indiscernible] and start really looking into available information. Who is my business partner? Who is the sanction entity? Are they the same? Are they related? And they normally starting using all the available databases [indiscernible] such as from simple Google Search and Google Maps where you see [indiscernible] in the same place. There are certainly [indiscernible] group looking at, I don't know, public, the available audit reports published by the company. Are they related [indiscernible]. This is the more mature profile and would have the knowledge of sanctions, needs to invest in it. And then if it's really true hit, needs to understand what does it mean for us. Not all sanctions are black and white. Not all sanctions that you have to start dealing with the business partner. Some mean that you can do -- and then the person who is to have [indiscernible] explain this further to the next escalation decision. And there, the best practice is to involve the upper management, include in the discussion what does it mean for us, what is the business partner and what expansions, what is allowed, what is not allowed, for them to take an ultimate decision, are we continuing the business or not, because this is ultimately their responsibility, because they have this good understanding of this, and they need to know [indiscernible] to have the feeling how sanctions are important. They need to take painful sanctions business decision. So this is -- we sometimes see the full [indiscernible] responsible from legal, from [indiscernible] department, from sales, from procurement, et cetera, and they are discussing the cases and make new decision. What's important that during all this process, from the moment when you have identified it until the moment a decision is taken, and sometimes it takes a while, no business should happen with this business partner. There are very mature IT systems where the [indiscernible] and then the business partner is locking your fee, and you cannot see the document any more. But not all companies have this in place. So it's just a good communication, integration with other departments when you say we need to stop, we need to wait until the decision is taken, all shipments or payments need to stop at this point in time. An important element of all this is [indiscernible] investigations. You have -- you need to write it down because [indiscernible] you need to be able to demonstrate that you do have a screening in place and here are the proof. And again, make sure that your systems allow you to have audit trail that will be shown who did, what did well. And last slide, so [indiscernible] in time. What do you -- what are the preconditions for the [indiscernible]? So what are the elements that we need to care about? So [indiscernible], that's the first one. If you want to compare your business partners that you're sanctioning is you need to be sure that your business partners' data are correct. You have email, you have address, [indiscernible] but then it's great, of course, if you have more information. You have, for example, identification number of the companies. And it allows you to do the investigation more efficiently. If the names are incorrectly mentioned and the addresses are missing, then it's really hard to go [indiscernible]. Then of course, updated sanction list, we want to know what [indiscernible] work. You want to be able to do it as fast as possible. And there are company providers in the market, including -- that are providing with the updates with the delta file that is sent to your system, the [indiscernible] model updates and checking of business partners. Then, of course, as [indiscernible] solution. We are now luckily living in the time of a very good technology when we can see that the algorithms are designed to really minimize them on the false positive, which means less work for you to do, but also [indiscernible] because you don't want to be safe. And of course, the [indiscernible] behind, it doesn't care about upwards [indiscernible]. It doesn't care about is it Savaria or Sabadra. We still get the hit. It's important that typos any -- different type of spend, especially with the names that were [indiscernible] are considered, and solution is still capable to [indiscernible] and understand. And then the team that you would have in your company or a person who will be doing this kind of work, that needs to be independent from the business because the decisions that you need to take sometimes are contradictory to the management. So that's something that needs to be a skilled person, knowing sanctions, but also independent in the judgment. And what is good to have and really pleasing of is this integration with other company sources. You might have a legal team or a compliance team that [indiscernible] seeing your customers. Integrate them with the sanction team, but they know that there is a solution and the [indiscernible] activity. And the same, again, you have a responsible sourcing team. They should be able to leverage in the [indiscernible]. That's important to also be sure that whatever sanctions team is doing is communicated to other business units, but they have a power to start the transaction with [indiscernible]. So it's a bit like [indiscernible] view on all compliance processes you have and these processes you have and having the smart integration of the screening tools. So it doesn't become a burden in a way, but have a sufficient element. We are capable of catching the [indiscernible] but we are not disrupting the business for no reason. So that's it. Thank you. I'll stop here and pass it over to Konrad for the demo of the various list.

Thank you, Vira. So I'm going to start to show my screen. Which one? Screen 1. Perfect. If you -- Vira, is it thumbs up, you can see my screen? Yes. Okay. Perfect. Thank you. So good day, everyone. Konrad Preuninger here from Descartes. If there's any questions along the way, feel free to throw them in the chat. Or if there's a Q&A section on the control panel, throw it over, whether for myself or for Vira and Giovanni at PwC. After my section, we're going to do a Q&A part, so we can address those questions. If we don't, we can do it at a later point. But in my session, I'm going to go through one slide on what key capabilities you're looking for in a screening platform. And then I'll give a small demo on 3 fun use cases of using different search [indiscernible]. So if you divert your eyes to the bottom of the screen, there are 3 different options that you look for in a screening tool or a combination in it. And on the left side, we have -- you have your online screening. I think that's very simple, straightforward. It's a web-based tool where you can log in, plug in your business partner information and then retrieve the results within a few seconds. This will be more applicable to smaller companies or departments and companies that are doing screening for a dozen or so entities per week. It's a bit more manageable because this is a process that can bog down your time, and you want to make sure you still have a healthy balance between this or operative processes and your strategic projects. So then leading into the middle of the batch screening, having a tool that can upload your Excel spreadsheet, because you likely are working with a large pool of business partners, hundreds or thousands, that you don't want to have to manually screen. You just want to upload in the system and retrieve the results and have that ongoing screening. And then also there's many different use cases where you may enter into a joint venture or acquire another company and you want to quickly screen their business partners before you officially engage in that type of partnership to make sure you perform your due diligence. And then the last part, the integrated screening, and this is always the best way is really automating the screening in the background, whether it's your ERP or CRM or whichever business system you use, where your business partners live today. This is the preferred solution because you're going to want to automate the screening of the background to eliminate human risk. It's easy to forget to screen every partner, so that's why it is a preferred solution. And especially when the bigger company you are, or as you do acquisitions, you may have multiple business systems. So you can point everything into one solution, such as Descartes Visual Compliance sanctions tool. And for example, we have one customer who has 8 different ERP, CRM systems, Oracle, SAP and Salesforce. Instead of doing screening decentralized, they point everything individual compliance, so they have one source of the truth, and they kind of centralize all those activities. And then, of course, you're going to want a combination of everything. So you're always going to need online screening to perform extra screenings off those hits that you get. And then batch screening can come into play as you need. But my recommendation, especially if this is a totally new process to you is crawl, walk, run. So start with the online screening, regardless of how big you are, and then scale the process as you see it working for you and your company and your department. So key capabilities, which if you navigate your eyes to the top, the main thing that Vira really touched on in one of her slides was the ongoing monitoring. So we call that dynamic screening. So regardless, if you've done it in an online batch or integrated screening approach, you want to be able -- you want those entities to be rescreened daily by the -- by your platform because company A may be safe today, but they could enter sanctions tomorrow or in 3 years from now. You don't want to set up a manual reoccurring process where you go and manually rescreen them, but let the system do the work for you. And no news is good news. If there's ever a hit in the future, you want to let the system notify you via e-mail to resolve those results. The second part is global list coverage. So there's a ton -- there's hundreds of lists out there. So the typical ones are the EU, U.S., U.N., U.K. Switzerland. But if you're doing business in Qatar or the UAE or China, there's all those local lists that you need to adhere to. So at Descartes, we manage it on our own. We have a team of about 80 people that are staying on top of these regulatory changes and then codifying it into our database. So you always have the latest list that you're then rescreening it within the system. And then the third part is advanced adjudication, and this is more applicable to when you have those larger volumes because you're going to have a false positive rate. And wherever it may be, you want to very quickly resolve all those hits. So why do we have a hit and very quickly clear it or close it, so you can move on with your day and on your other more strategic projects. Second to last, we have our search treating logic, and also what Vira touched on was the master data quality. This is something most of our customers are challenged with because they have data from multiple systems, which are entered by their sales team or other types of teams, and they're all going to differ in quality. So you want to be able to adjust the logic on how your data is matched against those sanctions lists. So if it's very good government verified data, you want to use more of an exact search. Or if it's of lesser quality, you may want to open up that risk net and use something like fuzzy or [ phonetic ]. And I'm going to show a few examples after this. The last point is the analytics and governance. Usually, that's seen as a nice to have, but it's one of my favorite parts is the analytics gives you of like how well the process is working. So after 3 to 6 months, you have the data in the system. You can identify where the bottlenecks are. And then you can run or engage some improvement processes, so that we can streamline this process faster. And then the governance is for -- if you have a larger team, maybe like 15, 20-plus users around the world, you want to ensure that your team is doing what they're supposed to be doing. You -- they said, "Yes, I'm going to conduct screening," but are they really? And even if they are, how are they resolving the hit? So if they're kind of indicating everything is a false positive, is that really the case? Are they just trying to checkmark that box? But it gives you that control over the entire compliance procedure because in the end, especially if this is a new process, it's a change management project. It's people, process, technology. So you have the people, which you conduct training. The process is following your ICP. And then the technology is there to make it easier for you to do and automate whatever is possible. So I'm going to skip over into visual compliance now and give you a few examples. Again, any questions that come up, please feel free to type them in the chat. I just have about 6 more minutes. And then the last 10 minutes, we will have for Giovanni to wrap up on key takeaways and then any questions you have. So I've already logged into Visual Compliance, and our online screening page zoomed in. So to understand this is there's 3 parts. You have your form where you input your business partner information. The second part in the middle is your search [ treating ] logic. So depending on the quality of your data, you can really finally tune how that's matched against those sanctions list. And then the third part is all of our sanctions list, which are in groups and categories. So as I said, there are hundreds around the world. And as you can see, we group them in buckets. So you have your typical OFAC, BIS and the exports and as well in the sanctions bucket. So it allows you to switch off or switch on the relevant list, depending on who you're screening and for what reason. And the main reason you do this is because of the -- your false positives, right? You want to make sure that we only screen against what's necessary, so you don't have a large page of results. So for my first example, I'm going to enter my name, and then I've already entered Cuba in the field [indiscernible] screening. So on this page, you can see there are 0 records return, which mean I'm a safe party to do business with. I'm not on a sanctions list, which is a good thing. However, we -- it does do the holistic view. So there is a flag on the country. I did enter Cuba. I think that's obvious. So even though I'm a safe party to do business with, there are restrictions on the country level. And depending on your business, you may not be able to trade with me because of the country location. To finish off here, I just opened a search criteria to remind ourselves what I searched against which lists, logic and the date time stamp. So what's really important for your tool is to have something that automates the audit log. So this is now within my audit record, so I know what was screened and when and by who. And if there is any resolution, what it was exactly. And the second thing that's happening is that continuous monitoring. So even if -- if I do something bad tomorrow and 3 years from now and I enter sanctions list, then the system will catch that and notify your company of that possible match. Good. So I'm going to go back and give a new example, and I'm going to search [ Aaron Tucker ] in the country of Turkey. I'm going to use the exact search tuning logic. So this is -- you typically use this when you have more data on the company or its government verified. And when we conduct that screening, you can see that there are 0 records returned. There are country flags, it's Turkey. I think that's another obvious one. However, if I go back and search the same name again, and open up to a fuzzy logic, number two, 2 is the most common, so those are typographical areas where there's missing letters or there is a substitute letter. I'm going to use a combined search, and that's going to search across every single search logic, so I don't have to continuously search that same name again. But again, we have exact 0. And if I pop over to fuzzy, we can see there is a match now. So if -- again, it's all about data quality, depending on what your system looks like. But Aragon -- we made a match on [ Aragon Turker ]. I open up this list -- this hit, right? We can see this is coming from the source BIS, the entity list. And it's for Aragon Turker. So I open up what we searched again, we can see Aaron -- match with Aragon because there's a possible missing letter and then Tucker, C and the R. So one thing is, yes, sanctioned entities companies learn that they're sanctioned, and they do intentionally type in a wrong name. Aaron Tuckers looks a little bit more innocent. And in this case, you would, yes, review the results, understand if this is the same address. You may ask your sales team to verify where is this shipment going or you may reach out to the actual individual and say, "Can you please verify your shipping address," for example. And yes, if they return this name, then you know you have a positive match. And if they don't respond at all, yes, that's also an indication that there's likely a positive matching, and you shouldn't move forward. Very nice. I will go back and do one more search. And this is one of my favorite types of searches to do because, is what Vira touched on before, was the sanction ownership or the OFAC 50% rule. Especially in light of current events, this has become a more popular type of list to search against. So if I use Arena Events in Finland, and I take off our optional list, and that's the partners we have that provide this more premium type of content and conduct the screening, we could see there are 0 record return, which mean Arena Events looks like a safe party to do business with. However, if I go back and turn on that OFAC 50% rule and screen the same company again, we now have a hit, or actually 5 hits. But if we focus on the 50% rule, and we hover over the first one, we can see from our partner with -- partnership with [indiscernible], we do have a hit on Arena Events. Why is that? So if you look at the notes, we can read that these 2 Russian oligarchs who actually sit on the SDN and the U.K. sanctions list own 50% or more of Arena Events. And because these 2 oligarchs sit on the sanctions list and own this company, Arena Events is therefore a sanctioned entity, and you cannot do business with them. It's a very interesting type of dataset to review, but it's very important to understand and like really knowing your customer and who owns it. So we're starting to see more and more of that sanction entities are starting to kind of divest their ownership to 49.5%, just below the threshold, or even set up shell companies to hide their identity and their ownership or control. But this type of data really can catch that. So yes, it saves you from compliance and also reputational risk. So that's it on my screening use cases. I'm happy to always connect with you one and one and go through it more in depth. There's a lot more to show. But as long as you understand how online screening could work with the different types of fuzzy logic, phonetic and exact and as well as the list, the same can be applied to running a batch screening within the environment and getting all your business partners into a screening process and continuously on it toward. And now I'm going to pass it back to Giovanni to wrap up, and then we'll answer any questions. But thank you for listening in here.

Thank you, Konrad. So I think, yes, while we are pulling up the slides again, I think that there are some key takeaways that we want to reiterate and make clear to everyone. I think, yes, in the examples that I shared earlier on, but also what Vira mentioned and Konrad's press, is the last example was a clear one. I think it is very important to know that screening is something that everyone should be doing. It is relevant for all parties involved. And you need to see to what extent you are really impacted by that. And so you need to screen, but I think the level or the extent to which you are impacted should be something you need to look into. That's one of the elements we need to take away, and I don't know why the slides are not really popping up yet. Second one that we want to give is you need to set up an organization behind that. So you need to know, okay, how do we organize things, how do we structure things, how do we reach out to when things, let's say, go around, when we do have a new business partner that is impacted, how do we communicate. So for instance, Europe has been very vocal now on the fact that there's a lot of potential evasion now that have like divergent of goods going to Russia that end of -- to Turkey, sorry, ending up in Russia, Kazakhstan is mentioned there. So they showed some statistics a few weeks ago on trade that just doesn't match. So for instance, if you have a new business partner in Turkey that you don't know and you're in the contracting phase, okay, if you identify, yes, this might be a partner that is impacted, then you might need to talk to, for instance, your sales team. You might need to talk to your legal team because you might [indiscernible] contracts and so on. So it is important to do things that -- or across your organization, and that's doing the correct way. And on the screening part, yes, I think, also with the examples that we have seen, of course, you could skew through the list and compare with your own business partner data, but it might be very challenging. And I think the examples I've shown that it's important to capture those typing errors or variations that exist in a name, but not only because we know that there are challenges on the master data [indiscernible] in the organizations. The same challenge exists on, let's say, the list creation part where the authorities also have their limitations. But as Konrad mentioned also, keep in mind that some people want to avoid being screened and basically will make all these small changes to escape from, yes, being caught. So they make small variations. They make small changes in order not to get on to the list. I think the main conclusion, overall, that I would like to bring is don't throw away the good because you want to have the perfect. And so I think, and I also [indiscernible] that's very clear, if you don't do anything today, maybe, yes, start with doing that manual or that one-off screening to assess your impact, how big are we impacted. If you're only doing business here, well, the examples I've shown that you do need to do screening, but probably the risk might be a bit lower than when you're very active in countries around, let's say, Iran, Russia, China and so on. So take those things into account, but start small if you're not doing anything and take it from there and see where you need to. Typically, what we see with clients is that if they want to take that step, if there's like sort of business case behind it, that, very often, once you start screening, the business case materializes. You will capture things that you say, "Maybe we need to think about this, maybe think about the continuing business." Might be from a sanctions perspective, might be even purely from a reputational point of view that you want to take these actions. So those are the key points I want to reiterate. And maybe now, we can see us for some questions.

Yes. Thank you for everyone that submitted a question. We might not get a chance to go through all of them, but we'll try and get through as many as we can. So I think the first one is probably for you, Giovanni, is do we need the screening of owners of entities with regards to the 50% rule? I think that's [indiscernible] maybe.

Yes, maybe. Do you need it? Yes and no. So you do see that the trends is being imposed to work more and more entities. So for instance, financial institutions or consultants, as we are at PwC, we already need to look into that. So that's like a legal requirement. It's not there for all companies, but you do need to see, for instance, now with the Russian cases, these oligarchs are mentioned. Very often, they mentioned their companies behind it. If you purely see for the company itself, you might not immediately find it. So -- also there, is it a hard requirement? Not yet. But again, that risk assessment, if you, for instance, very closely interlinked with Russian economy, it might make more sense than when you're only active in your own country again. But it's indeed a growing trend that is certainly out there, and I expect to increase in the coming year.

Thank you. I think the next one, probably for Konrad. So related to the visual compliance tool, what is the guarantee that everything is up to date and all the time? And additionally, what is the coverage kind of global company use it?

Yes. Very -- question I get quite often. So as I mentioned before, we have a team of about 80 people around the world and in countries where you can't even really get the data yourself. One example is China. We have very senior analysts with good connections with government officials that they get data sometimes before it's even published. But our lists are updated almost as fast as they are published, in some cases before they're published in a timely manner. So we don't guarantee it's on an exact minute, but within a timely manner. So you will catch those new hits in the future within a good time frame. And our global coverage is at almost every country in the world. I haven't seen -- I've never been -- we don't -- sorry, we haven't missed the list yet. And at one case, I think our colleague didn't have something in Cuba or in South America, and we were just able to very easily add that into our system. So it's more about when you get started and which list don't you need, and so we can cut off and reduce that false positive rate. Thank you.

And then another one is, I think back to Giovanni, what happens if the owner is sanctioned and the entity is not? For example, being Russian oligarchs that are sanctioned, but their companies aren't necessarily. So what do you do in that case?

Hearing the question about, yes, ownership and control comes into play. So typically, what you have seen is that, yes, not all those companies were sanctioned immediately. So you need to restrict your business with them because probably you will come on to the business, but you also see that [indiscernible] don't have all the information all the time available. So in some cases, it might be linked, and they might publish all things together. In other cases, they might not do that because, also, yes, they're moving ownership all the time. So it's also a fight, but the authorities are having to keep the list up to date basically. So it's a bit up to the companies as well to look into that, yes, are these companies indeed are restricted now for us, which, in some cases, actually was the case a few months ago with several companies in Europe.

Just conscious of the time, so I think the last question, I think, for you, Konrad. Can the visual compliance tool screen transactions, so sales or purchase orders?

That's a difficult question to answer without asking a few more questions what they mean. But if it sounds like it's more of a transactional screening approach, then the answer is yes. But yes, I'll stop there because we're a minute over it. Yes, happy to talk afterwards one-on-one.

Yes, thanks a lot. Thank you, everybody. So firstly, I'd like to thank our speakers. And I'm sure you all agree that, that was quite an insightful session. Also thank you to you all for taking the time to be with us today, and thank you for your questions. As a reminder, this session has been recorded and will be available to view on demand should you wish to view parts of the presentation again, which we'll provide via e-mail. And we'll also answer the rest of the questions that we haven't had a chance to be answered today. So thank you so much for joining us, and I hope you have the great rest of your day.

Thank you.

Thank you.