Sanctions compliance—unless it’s your job, it’s hardly topping the Monday morning meeting agenda. More and more, however, there’s a case for integrating sanctions compliance as a routine, organisation-wide process.
In May 2019, OFAC quietly released new sanctions compliance guidelines. Despite the low-key nature of the guidelines release, the potential ramifications of getting caught out are worth losing sleep over.
Here, we’ll cover just how OFAC have moved the sanctions compliance goalposts—leaving businesses the world over open to off-radar, well-intentioned sanctions breaches—and what you’ll need to do in order to avoid an expensive run-in.
If this helps you identify that sanctions compliance is an issue in your organisation that needs tackling, take the first-step outlined below in the wrap-up to get the quick and easy wins.
Who the OFAC? And Why the OFAC?
For the unacquainted, OFAC are the US Department of the Treasury’s Office of Foreign Assets Control—in effect, they’re the people slapping wrists and doling out the fines. Staying in OFACs good books is easier said than done. In 2019 OFAC sanctions-breach penalties reached historic highs of $1.3 billion as the Trump administration increasingly uses sanctions as a foreign policy tool. Only recently, in October 2020, OFAC fined Warren Buffet’s holding company, Berkshire Hathaway, for a settlement fee of $4.14M after one of its subsidiaries had fairly innocuous trade dealings with the Iranian Government that weren’t overtly clear to Berkshire Hathaway. Whoops. The margins for error are narrow. For Buffet, little more than another cost of doing business. For others, a stiff fine puts a comparatively larger hole in the side of the ship that won’t just be shrugged off.
The take-homes here are twofold:
If the likes of Warren Buffet are on OFAC’s radar, then so is everyone else—countless low-key breaches won’t make headlines.
Sanctions compliance risk today is amplified—just dealing with affiliates who are themselves in breach, will potentially expose you to inadvertent breaches and fines through peripheral association with those entities.
The good news is, aligning with the increasing complexity around becoming sanctions compliance assured is much less complex than the new governing rules.
5 things that Will Keep them OFAC out of Your Business.
The good news gets even sweeter—OFAC pledge leniency to those able to demonstrate a conscious and iron-clad sanctions compliance process (SCP).
Those seeking to benefit from that leniency will do well to lock down and integrate the 5 new tenets of OFAC’s 2019 guidelines update that go as follows.
- 1. Management Commitment
- OFAC expects a trickle-down culture of compliance that grows out of your management layer. They also expect you to have a Sanctions Compliance Officer appointed.
- 2. Risk Assessment
- OFAC insists on periodic risk assessments of clients, geographical locations, even products and services, to determine your likelihood of committing a breach.
- 3. Internal Controls
- For effectiveness of your compliance process, active controls need to be present for the identification, record-keeping, and reporting on activities regulated by OFAC.
- 4. Testing & Auditing (We’ll help you tick this box overnight)
- Sanctions compliance process MUST be routinely tested and audited to ensure diligence. Weaknesses in process should be detected and dealt with regularly.
- 5. Training
- Every element of your compliance process should be taught as a module within a broader SCP training programme that staff should undergo to ensure effectiveness of SCP goals.
Follow these 5 pillars and you should safely navigate the increasingly complex sanctions compliance landscape, without falling foul of the OFAC’s eagle eye.
Where to Start?
Do the Easy Stuff First: Testing & Auditing
Given that OFAC just made sanctions compliance kind of hairy, you’ll be forgiven for the glazed-over head-scratching at this point. Where to start? Rather than bury your head in the sand, tackle the easy stuff first.
What’s the Easy Stuff?—Testing & Auditing
Before you go putting up job ads for a Sanctions Compliance Officer, get a little housekeeping done by chalking off item 4 of the OFAC 5—testing and auditing.
ScreenAML will do this for you quickly and flawlessly.
Screening for how compliant you are right now means cleaning house and digging up what dirty data laundry you might have tucked away out of sight that you’re unaware of.
With virtually zero ground-level understanding, ScreenAML can be custom-deployed in minutes to routinely turf out data errors and fuzzy matches of entities you’re transacting with that have real potential to have OFAC come knocking.
If you’re open to a demo of ScreenAML as a first-step on the road to becoming fully OFAC-proof, we’d be glad to help. Book a demo timeslot, and we’ll show you the ropes.