The Department of Treasury’s Office of Foreign Asset Control (OFAC) has steadily expanded its influence in the enforcement landscape.  Global companies now face a complex regime of sanctions that require careful navigation.

As the U.S. government expands its reliance on sanctions to influence foreign actors and advance foreign policy interests, global companies have to design and implement robust trade compliance programs.  In recognition of this fact, OFAC is planning to issue guidance on compliance programs sometime early in 2019.

While OFAC did not have a record-setting year in terms of enforcement actions in comparison to prior years, OFAC has been extremely busy administering the Ukraine-Russia sanctions program and re-imposing the Iran sanctions program.  In its boldest move yet in the sanctions arena, OFAC adopted broad sanctions against Russian Oligarchs, which ultimately led to divestiture of Oleg Daripaska’s interests in several related companies.

For 2018, OFAC had only 7 separate enforcement actions, totaling 71.5 million in total civil penalties.  Interestingly, OFAC did not announce its first enforcement action until June 2018.

OFAC continued to punish global banks for violating OFAC sanctions.  This year, Société Genéralé and JP Morgan Chase, reached settlements of $55 and $5 million, respectively, for violating OFAC sanctions.

But the most important OFAC sanctions enforcement action, by far, was the resolution of the Epsilon case (here).  In that case, OFAC was victorious in its appeals position regarding the applicable standard for enforcing third-party liability for violation of sanctions regulations.  As affirmed by the US Court of Appeals for the District of Columbia Circuit, a company violates a sanctions regime if it ships products to a third-party when the company knows or should have known that the third-party intended to ship the product to a prohibited entity (SDN or country-specific prohibition).  The key point in this decision is the company’s state of mind at the time of the shipment – the government need not prove that the product ultimately was shipped to a prohibited person or entity, only that the company knew or should have known the third party intended to ship the product to a prohibited entity (SDN or country-specific prohibition).

Companies have to focus on their third-party risks, not just in the FCPA context, but in the sanctions enforcement arena.  This requires companies to commit to more than just “screening” of distributors and companies but proactive compliance strategies that include robust contractual protections, training, monitoring of third parties, and auditing of third parties to ensure compliance with sanctions restrictions.

Unfortunately, too many companies believe that screening third parties and customers through open source intelligence is all that is required.  Sanctions compliance requires careful design and implementation of the required elements of a compliance program.  OFAC’s upcoming guidance will reinforce the need for a robust compliance program, not just a stand-alone system for screening third parties and customers.

OFAC intends to hold companies accountable, whether in a voluntary disclosure situation or an OFAC-initiated enforcement  action.  In doing so, OFAC professionals will review company compliance programs with a keen eye toward each program element, including: tone-at-the-top; policies and procedures; internal investigations and internal complaints; third-party and customer screening; training; auditing and assessment.