The Elevation of Sanctions Compliance
This has been an interesting enforcement year. The Biden Administration promised a renewal of aggressive enforcement. The difficult transition from the last administration and political resistance to confirmation of political appointees has delayed the transition process. Consequently, enforcement has gotten off to a slow start. But companies would make a big mistake in embracing complacency or just waiting for enforcement to pick up before elevating compliance initiatives.
I would shorthand this period as the calm before the storm. DOJ’s FCPA enforcement is in a lull, probably because of coordination issues with the Administrations global anti-corruption initiative. The cases are in the pipeline and everyone should anticipate a significant uptick in FCPA enforcement, as well as other areas like antitrust and AML compliance.
The enforcement story in 2021 centers on OFAC sanctions. OFAC has been a steady force in enforcement. OFAC has brought 16 enforcement actions with a total of $20.6 million. DOJ brought the SAP sanctions enforcement action as a major complement to OFAC. In addition, DOJ has brought two significant sanctions enforcement actions involving violations of the North Korean sanctions program.
Organizations have to elevate the importance of sanctions compliance. In 2019, OFAC released its Framework for a Sanctions Compliance Program. OFAC’s guidance was comprehensive and raised expectations for OFAC compliance. Unfortunately, it does not appear that companies have understood the message – OFAC compliance has to be a priority and companies that ignore such expectations do so at their own peril.
OFAC has done a great service for compliance. Its Framework sets forth five basic requirements for an effective sanctions compliance program, including: (1) senior management commitment; (2) risk assessment; (3) internal controls; (4) testing, audits and continuous monitoring; and (5) training. OFAC’s Guidance is concise and clear. Companies have no excuse for ignoring OFAC’s guidance.
Many companies face significant sanctions risks. Some appear to stall because of what they perceive as the “enormity” of the task. In reality, however, designing a n effective sanctions compliance program turns on a careful assessment of risks, allocation of compliance resources based on risk-ranking principles, and tinkering with controls based on experience on a continuing basis.
In other words, sanctions compliance is not as hard as companies think. Two issues, however, require careful analysis – first, OFAC’s Guidance requires an assessment of supply chain risks; and second, third-party risks pose significant issues relating to re-distribution and trans-shipment of goods to prohibited countries. Trade compliance professionals understand these risks and know how to address these issues.
In the face of OFAC enforcement and a continuing commitment by this Administration, organizations have to devote adequate attention and resources to OFAC compliance. Automated platforms present significant synergies for companies – they provide anti-corruption, sanctions and AML risk management.
Organizations however have to do more than just buy an automated platform. Companies have to commit to building appropriate policies, procedures and internal controls surrounding the automated platform to ensure success.
Additionally, OFAC mandates that companies conduct annual training of relevant personal on sanctions compliance. This is a significant requirement that many companies have either ignored or misunderstood.