Checklists can be handy — by simplifying and focusing on specific issues, a checklist can organize thinking and prioritize tasks. Here are five (5) questions that are fairly simple but revealing as to whether a company’s Sanctions Compliance Program (“SCP”) is effective. This is not an exhaustive list but it is my top 5. Question 1 — Does the Company conduct annual sanctions compliance training...
With the beginning of the era of the “New FCPA,” as coined by DOJ’s Deputy Attorney General Lisa Monaco, we now need to focus on third-party risk and sanctions enforcement. The law, the practice and the risks are important and not just the same as FCPA legal requirements. As we embark on a new criminal enforcement era surrounding sanctions violations, companies have to address this...
Sorry to start a four-part series with a reference to music from our long-ago past. The Four Tops sang the “Same Old Song, with a Different Meaning” (released in 1965 — Video Here). So, how does that relate to third-party risks? Well, bear with me here for a little. Legal and Compliance bloggers, compliance vendors, prognosticators, Compliance Podcasters, and everyone in the Paparazzi have written,...
If companies operated with perfect governance mechanisms and controls, they would all be ready for the coming sanctions enforcement storm. However, that is not the corporate reality. Even after several companies are the subjects of these aggressive enforcement actions, corporate boards, senior risk managers and senior executives will turn to the chief compliance officer and ask — “do we have an effective sanctions compliance program?”...
Even with the current focus on sanctions compliance, many companies have done little to assess and enhance their existing sanctions compliance program. Instead, companies have stitched together a basic sanctions compliance program that centers on a screening tool and little beyond that. Such a limited program provides just a false comfort of compliance. Many companies are not even conducting the mandated basic requirement of annual...
Microsoft’s remedial steps provide important best-practices for companies facing similar risk factors in the global economy, especially for global software companies that rely on Internet-based operations. According to OFAC, Microsoft demonstrated a reckless disregard for U.S. sanctions by failing to identify that over a seven-year period, more than $12,000,000 worth of software and services were exported from the United States through Microsoft systems and servers...
The Episode is available HERE. Matt Stankiewicz, a Partner at Volkov Law, is a leading industry expert on cryptocurrency. Bittrex, a leading cryptocurrency exchange, suffered twin enforcement actions for AML and Sanctions Compliance deficiencies. Matt takes a deep dive on the enforcement actions and outlines practical compliance steps that every cryptocurrency exchange should implement. The Episode is available HERE. Corruption Crime and Compliance is available...
Jessica Sanderson, Partner at the Volkov Law Group, re-joins us for a posting on a recent OFAC enforcement action. Jessica can be reached at [email protected]. Some may dismiss OFAC’s recent announcement last week that it issued a Finding of Violation to MidFirst Bank for violations of the Weapons of Mass Destruction Proliferators sanctions regulations as insignificant because OFAC did not impose any civil monetary penalties,...
Alex Cotoia, Regulatory Manager and Compliance Consultant, rejoins us for a timely posting on compliance overkill in this era of aggressive sanctions enforcement. Alex can be reached at [email protected]. The uptick in recent sanctions activity caused in large part by the Russian Federation’s unprovoked and unilateral invasion of Ukraine has caused absolute pandemonium in many compliance circles. While the U.S. Department of Justice (and the...
We have all read about the high-profile malicious cyber-attacks and ransomware demands and payments. The Colonial Pipeline case demonstrated how responsive law enforcement can be in tracking down perpetrators and recovering ransom payments. The Treasury Department’s Office of Foreign Asset Control (“OFAC”) has a vested interest in this enforcement arena. On September 21, 2021, OFAC issued an updated ransomware advisory on the topic (“Updated Advisory”)....
