This publication is made subject to the disclaimer
The Cyprus Securities and Exchange Commission recently issued Circulars C-337 reminding regulated entities of the existence of the Specially Designated Nationals List (“SDN List“) of the Office of Foreign Assets Control (“OFAC“) issued in accordance with the Countering America’s Adversaries Through Sanctions Act (“CAATSA”) and that obliged entities should routinely screen their customers and their relationships in respects to a possible hit against sanctions.
On the back of this circular, I think relevant to discuss the OFAC sanctions in more detail with a focus on who they apply to, when they apply, how to identify sanctions risks and what possible measures an obliged entity can take to mitigate such risks.
What is the SDN List?
OFAC publishes a list of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific. Collectively, such individuals and companies are called “Specially Designated Nationals” or “SDNs.” Their assets are blocked and U.S. persons are generally prohibited from dealing with them.
Who should be screening the SDN List?
Let’s look at C-337, which in turn indicates of the existence of the list and calls upon obliged entities (ASP, CIF, AIF, AIFM, other) to ‘study the provisions of the sanctions […] and assess whether they affect the obliged entity. As can be understood the obligation to include the SDN List in the sanctions program might be necessary. However, an indication of this requirement is derived by analyzing your risk appetite as much as your operational dealings. Operational dealings are relevant since OFAC sanctions will be applicable if your Cypriot entity is subject to the US Jurisdiction (further reading below).
In accordance with Annex III of this law, countries subject to sanctions, embargos or similar measures issued by, for example, the Union or the United Nations are to be treated as high-risk factors. Annex III is associated with Section 64(3) of the Law. Section 64(3) of the Law requires obliged entities to apply enhanced due diligence measures.
The Prevention and Suppression of Money Laundering Law does not require obliged entities to take into account OFAC Sanctions. By extension the CySEC Directive regarding the prevention and suppression of money laundering and terrorist financing (in Greek), or the law 58(I)2016 does not adopt US Sanctions. So, in conclusion, no law of the Republic of Cyprus requires an obliged entity to follow OFAC Sanctions.
If the Cyprus law does not require me to follow OFAC Sanctions, why should I?
OFAC sanctions laws extended to none US citizens by the connection and operations that they have to the US.
U.S. persons must comply with OFAC regulations, including all U.S. citizens and permanent resident aliens regardless of where they are located, all persons and entities within the United States, all U.S. incorporated entities and their foreign branches. In the cases of certain programs, foreign subsidiaries owned or controlled by U.S. companies also must comply. Certain programs also require foreign persons in possession of U.S.-origin goods to comply.
Typically a none US national will be treated as one when the following occurs:
- Communication or movement of funds is in the US. May be sufficient to create US jurisdiction
- Money transiting through the US may be sufficient to create US jurisdiction. This is every transfer involving US Dollars.
- US citizens are appointed to the management of an obliged entity.
- The holding company is a US entity and the obliged entity its subsidiary.
Accordingly, under the above circumstances, the US Jurisdiction will extend to Cyprus and an appropriate Sanctions Compliance Program should include OFAC Sanctions.
OFAC Sanctions Compliance Program
An effective OFAC Sanctions Compliance Program is one which ensures, as a minimum, that (1) Customers and (2) Beneficial Owens are systematically screened against the sanctions list search. Furthermore, the Sanctions Compliance Program must take into account the risks faced by obliged entities associated with the services they offer.
The frequency of the screening process depends on the internal policies and procedures, the size, the geographical exposure and so forth. Failure to detect such exposure an enforcement action against the obliged entity may apply.