U.S. Treasury issues latest guidance on sanctions compliance
2019-06-04 11:04 Tuesday
The U.S. Treasury's Office of Foreign Assets Control (OFAC) has released a framework to help domestic and overseas companies create a Sanctions Compliance Program (SCP).
The framework applies to any company or foreign entity operating in the States or using goods or services originating from there. It lays out what the OFAC considers critical: management commitment, risk assessment, internal control, testing and auditing, and training.
OFAC says the commitment of senior management is crucial, and senior managers should promote culture compliance throughout their organizations.
A risk assessment should include a comprehensive review of the organization, noting its points of contact with the outside world, and regularly take full account of any potential risks. Internal control should ensure that the organization can quickly adapt to the changes issued by OFAC.
The guidance outlines how OFAC will incorporate these components into its assessment and investigation of apparent violations. The document also includes an appendix that provides a brief analysis of the root causes of apparent violations of the U.S. economic and trade sanctions regime identified by OFAC during its investigation.
OFAC points out that each SCP will vary depending on the size, location, product, and type of customer of the company, but these five key components should be the basis for an effective program.
Rebecca Devaney, a compliance expert, said: "The approach to preventing misconduct is risk-based and the principles in the program can be used to reduce the risk of a wider range of corporate crime." The principles are the same as from those set out in the DOJ's guidance on appropriate procedures for preventing bribery.
"SCP not only reduces the risk of sanctifying a crime, but also reduces the level of punishment that law enforcement will impose. OFAC says it will consider whether SCP exists at the time of any breach in the enforcement process, and if there is a valid SCP in the company, this may reduce the civil penalty," noted Devaney.
OFAC said it can also use the presence of a valid SCP at the time of an apparent breach as a factor in whether the case is considered "egregious".
In addition, the guidance lists the root causes of past SCP failures and defects based on OFAC's previous enforcement actions. It is reported that these contents can help enterprises establish or update their SCP.
The root causes of failures and defects in the SCP include the lack of a formal SCP, misunderstanding of the OFAC regulations, improper due diligence, and the use of the U.S. financial system for transactions involving sanctioned countries.