Episode 94 — How to Conduct a Risk Assessment for Sanctions Compliance
OFAC’s new framework guidance for sanctions compliance programs stretched into new territory with its risk assessment requirement. This new approach reflects OFAC’s recent aggressive enforcement programs.
The scope of a risk assessment has to mirror the breadth of enforcement risks and has to include review of:
(i) customers, supply chain, intermediaries, and counter-parties;
(ii) the products and services it offers, including how and where such items fit into other financial or commercial products, services, networks or systems;
(iii) the geographic locations of the organization, as well as its customers, supply chain, intermediaries and counter-parties; and
(iv) potential merger and acquisitions, especially those involving non-U.S. companies or corporations.