OFAC Publishes a Framework for Compliance

On May 2, 2019 the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC)(1) published “A Framework for OFAC Compliance Commitments”(2). The publication is intended to provide OFAC’s perspective, to entities subject to US jurisdiction, on what are essential components of an effective sanctions compliance program.

OFAC developed this framework in our continuing effort to strengthen sanctions compliance practices across the boardThis underlines our commitment to engage with the private sector to further promote understanding of, and compliance with, sanction requirements.” - Andrea M. Gacki, Director of the Office of Foreign Assets Control (3)

Summary

  • OFAC continues to emphasize and “strongly encourage” entities subject to U.S. jurisdiction to take a risk-based approach to sanctions compliance by “developing, implementing, and routinely updating a sanctions compliance program (“SCP”).

  • Regardless of company size, sophistication, products/services, geographic locations, etc…each SCP should incorporate at least these five (5) components: management commitment, risk assessment, internal controls, testing and auditing, and training.

  • In enforcement cases, OFAC will evaluate an entities SCP against the Economic Sanctions Enforcement Guidelines (the “Guidelines”)(4) and when applying the Guidelines will favorably consider an entity that had an effective SCP in place at the time a violation occurred.

A Few Key Points

  • Management Commitment

    • Effective senior management commitment, among others, includes providing adequate resources for compliance and support for the authority of compliance personnel within the organization.

    • Adequate resources includes ensuring there are enough personnel with sufficient expertise dedicated to compliance, and adequate information technology, and other resources, as appropriate.

  • Risk Assessment(5)

    • OFAC recommends a risk-based approach to implementation of a SCP and one of the integral components of this approach is to conduct periodic risk assessments.

    • The assessment should include, among others, a review of customers, vendors, products, services, third-party intermediaries, and geographic locations.

  • Internal Controls

    • An effective SCP should include policies and procedures. These policies and procedures should be enforced and updated when weaknesses are detected or requirements change.

    • Sufficient personnel should be appointed to ensure proper integration of the company’s policies and procedures into the daily operation of the company.

    • The organization should clearly communicate their policies and procedures to all relevant staff.

  • Testing and Auditing

    • An effective SCP include’s a comprehensive and objective testing or audit function that identifies program weaknesses and deficiencies.

    • Any deficiencies identified, including software systems, should be addressed.

  • Training

    • An effective training program is considered an integral component of a successful SCP. The training should be provided to all appropriate employees and personnel on a periodic basis (at a minimum, annually).

  • Root Causes of OFAC Compliance Program Breakdowns - OFAC has identified the following common areas where deficiencies resulted in sanctions compliance failures:

    • Lack of a formal OFAC sanctions compliance program;

    • Misinterpreting, or failing to understand the applicability of, OFAC’s regulations;

    • Facilitating transactions by non-US persons (including through or by overseas subsidiaries or affiliates);

    • Exporting or re-exporting US-origin goods, technology, or services to OFAC sanctioned persons or countries;

    • Utilizing the US financial system, or processing payments to or through US financial institutions, for commercial transactions involving OFAC-sanctioned persons or countries;

    • Sanctions screening software or filter failures;

    • Improper due diligence on customers/clients;

    • De-centralized compliance functions and inconsistent application of their SCP; and

    • Utilizing non-standard payment or commercial practices.

Contact us to learn more about OFAC’s guidance and to find out how GCSG’s Advisory and Audit teams can guide and partner with you to reduce your sanctions compliance risk and protect your company’s bottom line and reputation.

References

Japan Imposes Additional Unilateral Sanctions on North Korea

On Friday, December 15, 2017 Japan imposed additional unilateral sanctions against 19 North Korean entities.  This includes companies involved in the financial services, coal, and oil trading sectors.

With the additional 19 entities, the total number of North Korean entities under Japanese sanctions now stands at 56.

(1) "According to a Foreign Ministry official, all the companies are already subject to U.S. sanctions, starting from January last year." 

Key Link(s):

UK Introduces Sanctions Bill

On October 18, 2017 the UK "Sanctions and Anti-Money Laundering Bill" (the "Bill") was introduced in the upper house of the Parliament of the UK.  The UK government news release stated the Bill "ensures that when the UK leaves the EU, we can continue to impose, update, and lift sanctions and AML regimes." (1)

Most of the sanctions regimes the UK is currently complying with had their powers established in the European Communities Act of 1972.  Once the UK fully withdraws from the European Union, the Bill will establish necessary legal authority in order to continue to work with their international partners and effectively enforce sanctions regimes and money laundering regulations. 

"This will enable us to impose sanctions as appropriate either alone or with partners in the EU and around the world, to take targeted action against countries, organizations and individuals who contravene international law, commit or finance terrorism or threaten international peace and security." (2) - Alan Duncan, Minister for Europe.

Key Link(s):