No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

5 Steps to Implement a Sanctions Compliance Program

How to Minimize the Risk of a Sanctions Compliance Investigation

by Michael Volkov
December 10, 2020
in Compliance, Featured
cardboard boxes and airplane lifting off with prohibited symbol on gray background

With OFAC’s reach lengthening in the past few years, organizations should play close attention to their sanctions compliance program (SCP). Michael Volkov outlines five key actions to take now to ensure an effective SCP.

Companies have to implement a sanctions compliance program (SCP). When I use the term SCP, I mean much more than just having one employee screen a customer before a shipment is sent. Too many companies are behind the eight ball when it comes to sanctions compliance.

The Treasury Department Office of Foreign Asset Control’s sanctions guidance, issued in May 2019, is an extraordinary document and includes numerous prescriptive requirements. Companies ignore the SCP Guidance at their peril. If there is one area that companies need to address – and do so now – it is sanctions compliance. If you have not implemented an SCP, or if you are still relying on a basic screening protocol, your company is at risk for a sanctions compliance investigation.

The stakes surrounding sanctions compliance have multiplied several times. The Justice Department expects companies to voluntarily disclose potential sanctions violation where there is evidence that the violation may be willful.

The Treasury Department’s Office of Foreign Asset Control (OFAC) has a robust and mature enforcement program. Over the last few years, OFAC has successfully expanded its enforcement focus beyond the financial industry and now targets manufacturing, service and other industries.

A good starting point for an SCP includes the following five basic measures:

1. Senior Management Adoption of a Trade Compliance Policy

A company’s board of directors and senior management need to adopt and release a trade compliance policy that addresses SCP requirements, including sanctions compliance, export controls if relevant (ITAR and dual-use EAR/CCL items) and anti-boycott requirements. The trade policy has to reference screening and internal controls requirements needed to identify and elevate any potential sanctions issues for further review.

2. Risk Assessment and Supply Chain Audit

OFAC described a robust risk assessment requirement to address all third-party and customer risks and extended this assessment to include a company’s supply chain. OFAC has brought enforcement actions against companies that included supply chains that sourced materials from prohibited entities or countries. Remember, supply chain liability may be imposed even if you do not specifically know that your supply chain includes materials from prohibited entities or countries.

3. Screening Technology and Internal Controls

While many companies have subscribed to an open-source intelligence screening technology (or an export-focused screening database), this is just the beginning of satisfying the requirement for internal controls to identify, elevate and resolve screening results. A company cannot assign the responsibility for screening, research and resolution of results to one person.

OFAC has prescribed a number of requirements on this topic:

  • With respect to a screening technology or platform, a company has to document the reasons for selecting the specific service. If this is conducted by an RFP, a company should preserve these documents.
  • A company has to calibrate its technology to match its risk profile. High-risk third parties have to be identified based on established factors (e.g., geographic location and annual revenue).
  • A company has to test its technology regularly to ensure it is operating properly. Amazon, Apple and other companies have suffered OFAC enforcement actions because of basic screening errors.

Aside from the screening technology, a company’s internal controls have to identify and describe third-party due diligence procedures and research requirements, elevation of potential red flags and a formal review and approval process, as well as follow-up monitoring activities and oversight requirements.

Learn about AI-Driven Adverse Media Screening here

4. Annual Training

Many companies are unaware of a specific SCP Guidance requirement: Sanctions compliance training for responsible persons must be conducted annually. Sanctions compliance has to be added to the list of required training programs, including sexual harassment, code of conduct and other relevant topics.

5. Periodic Audits and Monitoring

To ensure sanctions compliance, companies have to adopt an auditing and monitoring program. It is not enough to rely on a screening technology to alert an official of new adverse media; a substantive monitoring program has to focus on high-risk activities, including third-party distributors and verification of end-use shipments to lawful customers and countries. An annual audit program of a sanctions compliance program has to include testing and verification of screening, due diligence, beneficial ownership and geographic locations.

There is much more needed for an effective SCP; companies have to get started on this important compliance area. The DOJ and OFAC are sure to increase their enforcement efforts, and companies need to prepare for the upcoming aggressive enforcement environment.


This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.


Tags: DOJInternal ControlsMonitoringOffice of Foreign Assets Control (OFAC)SanctionsSupply Chain
Previous Post

Aligning your Compliance Program to the Latest DOJ Guidance

Next Post

Implications of India’s New Labor Law Codes

Michael Volkov

Michael Volkov

Michael-Volkov-leclairryan Michael Volkov is the CEO of The Volkov Law Group LLC, where he provides compliance, internal investigation and white collar defense services.  He can be reached at mvolkov@volkovlaw.com. Michael has extensive experience representing clients on matters involving the Foreign Corrupt Practices Act, the UK Bribery Act, money laundering, Office of Foreign Asset Control (OFAC), export controls, sanctions and International Traffic in Arms, False Claims Act, Congressional investigations, online gambling and regulatory enforcement issues. Michael served for more than 17 years as a federal prosecutor in the U.S. Attorney’s Office in the District of Columbia; for five years as the Chief Crime and Terrorism Counsel for the Senate Judiciary Committee, and Chief Crime, Terrorism and Homeland Security Counsel for the Senate and House Judiciary Committees; and as a Trial Attorney in the Antitrust Division of the U.S. Department of Justice. Michael also maintains a well-known blog: Corruption Crime & Compliance, which is frequently cited by anti-corruption professionals and professionals in the compliance industry.

Related Posts

Fox_DOJ Speeches_f

Analysis of Recent DOJ Statements

by Corporate Compliance Insights
March 23, 2023

DOJ leaders provide insight into agency's plans. Analysis of Recent Statements DOJ Shaping the Future of Corporate Criminal Enforcement What’s...

Fox_2023 ECCP Update_f

2023 Evaluation of Corporate Compliance Programs

by Corporate Compliance Insights
March 23, 2023

Keeping up with 2023 changes to DOJ guidelines. Additions, Deletions & Changes From 2020 2023 Evaluation of Corporate Compliance Programs...

safe harbor

What Is Safe in a World Without Antitrust Safe Harbors?

by Fiona Schaeffer and Adam Di Vincenzo
March 22, 2023

A trio of policy statements dating back to 1993 established the concept of safety zones with regard to information exchanges...

Paul Weiss Economic Sanctions and AML Developments 2022_f

Economic Sanctions and AML Developments

by Corporate Compliance Insights
March 15, 2023

Sanctions start high and stay high 2022 Year in Review Economic Sanctions and AML Developments What’s in this report from...

Next Post
Secretariat Building in New Delhi

Implications of India’s New Labor Law Codes

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT