Checking In on Sanctions Enforcement
The Department of Treasury’s Office of Foreign Asset Control continues to ramp up sanctions enforcement. Even with the likely relaxation of the Iran and Cuba sanctions, OFAC has been continuing its aggressive enforcement program.
Thus far, OFAC has collected approximately $270 million in civil penalties, and participated in several major criminal investigations, including Commerzbank and Schlumberger. Commerzbank agreed to pay a total of $1.45 billion for sanctions violations, including $259 million to OFAC. Schlumberger agreed to pay a total of $155 million for criminal sanctions violations and $77 million for criminal forfeiture.
Aside from these major enforcement actions, OFAC settled with PayPal for a $7 million civil penalty for sanctions violations.
Most importantly, OFAC’s aggressive enforcement program of sanctions violations has raised the profile of sanctions compliance. Over the last five years, more companies are focusing on sanctions compliance and designing effective strategies to ensure that all transactions are screened appropriately for potential sanctions issues.
At the same time, OFAC has adopted complex Sectoral Sanctions as part of the Russia/Ukraine sanctions program, and is about to announce new cybersecurity sanctions to implement a recent Executive Order designed to deter cyber hacking and attacks.
The number and complexity of sanctions ebbs and flows with the changes in foreign policy interests. For years, businesses have had to deal with iterations of the Iran sanctions as the US government ratcheted up sanctions as part of a coordinated plan among anti-Iran forces. You can rest assured that there will be difficult issues to come as the Iran sanctions are relaxed (or suspended) and companies begin to enter the Iran market to secure new business opportunities.
Perhaps the most significant development in the sanctions area has been the aggressive enforcement of sanctions against financial institutions, particularly global banks. OFAC and the Justice Department have devoted significant resources to rein in global banks that blatantly ignored sanctions in the interest of commercial profits. BNP Paribas, Commerzbank, and Standard Chartered are poster children for the need to develop effective sanctions controls for financial institutions.
OFAC and the Justice Department continue to forge a strong working alliance, as reflected in the coordinated enforcement program. Sanctions enforcement is rapidly catching up with FCPA enforcement because of the effective partnership built between OFAC and the Justice Department, just like the SEC and DOJ partnership responsible for FCPA enforcement.
Global companies have to respond to these developments by enhancing sanctions compliance. At first blush, many companies adopt a simple – “we just need to screen our customers” for potential sanctions violations. Such an approach is more than naïve; it is on its face deficient. Screening involves a number of judgment calls, before and after checking a database for potential matches.
Compliance practitioners have to be familiar with how the sanctions apply and to whom they apply in a global context. With this understanding, entities and individuals have to be screened for potential matches. Not to sound like former President Clinton with respect to the definition of “is,” but the definition of an OFAC “match” is not as easy as it sounds. There are significant judgment calls that have to be made and documented, just like in many other compliance contexts.
Whatever happens over the next few months in Iran, Cuba, and overall sanctions enforcement, global companies, big and small, have to design and implement effective sanctions compliance strategies.