Yesterday, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) published ‘A Framework for OFAC Compliance Commitments’* in order to provide organizations subject to US jurisdiction, as well as foreign entities that conduct business in or with the United States or US persons, or that use US-origin goods or services, with a framework on the essential components of a sanctions compliance program (SCP). The document* also outlines how OFAC may incorporate these components into its assessment of apparent violations and resolution of investigations resulting in settlements. OFAC strongly encourages organizations to approach sanctions compliance using a risk-based analysis by developing and updating a SCP.
While each risk-based SCP will vary depending on a variety of factors—including the company’s size and sophistication, products and services, customers and counterparties, and geographic locations—each program should be predicated on and incorporate at least five essential components of compliance: (1) management commitment; (2) risk assessment; (3) internal controls; (4) testing and auditing; and (5) training.
Finally, the document includes an appendix that offers a brief analysis of some of the root causes of apparent violations of US economic and trade sanctions programs OFAC has identified during its investigative process. Ten Root Causes of OFAC Sanctions Compliance Program Breakdowns or Deficiencies Based on Assessment of Prior OFAC Administrative Actions are as follows:
- Lack of a Formal OFAC SCP
- Misinterpreting, or Failing to Understand the Applicability of OFAC’s Regulations
- Facilitating Transactions by Non-US Persons (Including Through or By Overseas Subsidiaries or Affiliates)
- Exporting or Re-exporting US origin Goods, Technology, or Services to OFAC Sanctioned Persons or Countries
- Utilizing the US Financial System, or Processing Payments to or through US Financial Institutions, for Commercial Transactions Involving OFAC Sanctioned Persons or Countries
- Sanctions Screening Software or Filter Faults
- Improper Due Diligence on Customers/Clients (e.g., Ownership, Business Dealings, etc.)
- De-Centralized Compliance Functions and Inconsistent Application of an SCP
- Utilizing Non-Standard Payment or Commercial Practices
- Individual Liability
“OFAC developed this framework in our continuing effort to strengthen sanctions compliance practices across the board,” said Andrea M. Gacki, Director of the Office of Foreign Assets Control. “This underlines our commitment to engage with the private sector to further promote understanding of, and compliance with, sanctions requirements.”