If you are mystified by your company’s compliance responsibilities related to sanctions, there is help. In 2019 the Department of Treasury’s Office of Foreign Assets Control (OFAC) published new guidance on how to create a framework for an effective sanctions-compliance program. It can help you comply. And if you should inadvertently run afoul of the complex rules and be assessed a civil penalty, having an effective sanctions compliance program (SCP) in place can help you mitigate the penalty.
Every month, U.S. agencies add persons and organizations to prohibition lists. OFAC makes changes sometimes a few days in a row, then not for a couple of weeks—updates are not on a fixed schedule. Sanctions are complex. OFAC regularly enforces them, levying fines on companies it believes has violated them.
According to Attorney Michael Volkov, CEO of The Volkov Law Group, “OFAC regularly pushes the limits of its jurisdiction. They’re not afraid to test the boundaries … the law is not well fleshed out. OFAC will not hesitate to bring enforcement actions against cases of first impression, against conduct it deems to violate the spirit of the sanctions program. Companies subject to OFAC jurisdiction should be mindful of the requirements for an effective SCP (sanctions compliance program).”
When OFAC issued the guidance, law firm Alston & Bird reported: “OFAC sets forth, for the first time, five components that the agency views as essential for a sanctions compliance program. Since OFAC gives significant weight to the efficacy of a company’s compliance program in its enforcement actions, companies can now use OFAC’s guidance as a roadmap to determine whether their own compliance controls align with OFAC’s expectations.”
OFAC issued its guidelines days after the Department of Justice had issued new guidelines for white-collar and anti-trust compliance programs aiming to ensure programs are effective. According to Sheppard, Mullin, Richter & Hampton LLP, the DOJ’s guidance centers on three questions:
- Is the corporation’s compliance program well designed?
- Is the program being applied earnestly, effectively and in good faith? and
- Does the corporation’s compliance program work in practice?
Together the DOJ and DOT/OFAC guidelines serve to provide a framework for compliance programs.
The OFAC document “is meant to assist prosecutors in making informed decisions as to whether, and to what extent, the corporation’s [sanction] compliance program was effective at the time of the offense, and is effective at the time of a charging decision or resolution, for purposes of determining the appropriate (1) form of any resolution or prosecution; (2) monetary penalty, if any; and (3) compliance obligations contained in any corporate criminal resolution (e.g., monitorship or reporting obligations).”
As reported in an article by Alston & Bird, OFAC says compliance should be based on five core components:
- Management Commitment
- Risk Assessment
- Internal Controls
- Testing and Auditing
By availing themselves of the guidelines, companies can take steps to review and strengthen or construct their compliance programs to prevent sanction violations and mitigate penalties should an apparent violation occur despite an SCP.
See the OFAC guidelines here: A Framework for OFAC Compliance Commitments.
Vendor checks against sanction lists are an important part of a sanctions-compliance program.