No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe
Jump to a Section
  • At the Office
    • Ethics
    • HR Compliance
    • Leadership & Career
    • Well-Being at Work
  • Compliance & Risk
    • Compliance
    • FCPA
    • Fraud
    • Risk
  • Finserv & Audit
    • Financial Services
    • Internal Audit
  • Governance
    • ESG
    • Getting Governance Right
  • Infosec
    • Cybersecurity
    • Data Privacy
  • Opinion
    • Adam Balfour
    • Jim DeLoach
    • Mary Shirley
    • Yan Tougas
No Result
View All Result
Corporate Compliance Insights
Home Compliance

OFAC Puts Asian Companies on Notice with “Compliance Framework”

Guidelines Delineate 5 Essential Components of Compliance

by Wendy Wysong
May 10, 2019
in Compliance, Featured
roll of hundred dollar bills wrapped in barbed wire

The Clifford Chance team covers OFAC’s recently published “Framework for OFAC Compliance Commitments,” with a particular focus on how the guidelines will impact companies based or operating in the Asia-Pacific region.

with co-authors Ali Burney and Nick Turner

Officials from the U.S. Office of Foreign Assets Control (OFAC) have been teasing for months that they would issue guidelines to help companies comply with U.S. sanctions regulations. On May 2, 2019, OFAC made good and published the much-anticipated “A Framework for OFAC Compliance Commitments” (the Framework), outlining the five essential components of an effective sanctions compliance program.

The Framework comes at a time when OFAC is more focused than ever on bringing enforcement actions against companies in Asia-Pacific, as illustrated by the cases we discuss below. The Framework puts companies on notice that OFAC expects non-U.S. companies, especially those in higher-risk industries, to adopt risk-based compliance programs to minimize the risk of violations. For companies with nonexistent or weak sanctions compliance programs, it’s never too late to start building one, using the Framework as a handy blueprint.

Optional – In Theory, but Not in Practice

A company does not violate any law or regulation by ignoring the Framework, but failing to follow it will have a detrimental impact in the event of an OFAC enforcement action. In particular, any company appearing before OFAC in settlement discussions will need to justify their decision to deviate from the Framework’s five components or risk a harsher penalty, or at least a harshly worded rebuke in the compliance section of any settlement announcement.

Moreover, OFAC could directly target management for failure to implement a compliance program. This flows directly from OFAC’s Enforcement Guidelines, which judge management’s involvement in or knowledge of the sanctions violations as follows:

“If the apparent violation was undertaken without the knowledge of senior management, was there oversight intended to detect and prevent violations, or did the lack of knowledge by senior management result from disregard for its responsibility to comply with applicable sanctions laws?” (emphasis added)

The good news: OFAC makes clear that the Framework does not mandate a one-size-fits-all approach, and it is not a checklist. Rather, sanctions compliance should be tailored to a comprehensive assessment of a company’s risks.

The Five Components and How They Apply

The Framework is built around five “essential components:”

  1. management commitment,
  2. risk assessment,
  3. internal controls,
  4. testing and auditing and
  5. training

A key theme throughout is identification of “root causes” and “systemic deficiencies.”

According to OFAC, management commitment is one of the most important factors for a successful sanctions compliance program. Management must promote a “culture of compliance” by appointing a dedicated OFAC sanctions compliance officer and qualified team, with authority, autonomy, regular access to management and – most critically – adequate resources and technology.

Next, OFAC considers the sanctions risk assessment to be “one of the central tenets” of the Framework. A sanctions risk assessment should consider risks associated with geographies, products and services, supply chains and customers. This is not a “one and done” exercise. Risk assessment should take place periodically to help a company address new or changing risks.

The third element, internal controls, refers to regularly updated written policies and procedures, recordkeeping and other measures to mitigate a company’s sanctions risks.

The fourth element, testing and auditing, is essential to ensuring that the controls are functioning as designed. It must be comprehensive and objective, whether internally or externally conducted. Importantly, OFAC expects that the results of audits and testing will be used to inform and immediately and effectively improve the sanctions compliance program.

Finally, the Framework calls for training, at least annually, that reflects the company’s risk assessment and past audit and testing findings. Training materials should be made easily accessible and available to employees on an ongoing basis.

OFAC states that it will apply the Framework in enforcement cases in three situations:

  • In determining what compliance commitments a company must make as part of a settlement.
  • In evaluating mitigating factors under OFAC Enforcement Guidelines, including (most importantly) whether the company had an effective compliance program at the time of the violation.
  • In evaluating whether a case involves “egregious” violations under the Enforcement Guidelines.

Heads Up, Asia

While the Framework hardly breaks new ground in the eyes of sanctions compliance gurus, it serves as a timely summary and reinforcement of compliance efforts in light of OFAC’s heightened interest in bringing enforcement cases against companies based or operating in Asia-Pacific.

Of most interest, the document includes a list of “root causes” gleaned from past enforcement actions. Some of these root causes were illustrated in three cases over the past three months with an Asia-Pacific nexus.

  • In March 2019, OFAC announced a US$1,869,144 settlement with U.S.-based Stanley Black & Decker, Inc. for 23 apparent violations of the Iranian Transactions and Sanctions Regulations (ITSR) caused by the company’s China subsidiary, which shipped equipment to Iran through third parties. Though voluntarily disclosed, the violations were deemed egregious, and OFAC called out the company’s lack of post-acquisition monitoring, the participation of management and its use of fictitious documents and trading companies to conceal the Iran business. (Read the Clifford Chance briefing on this case here.)
  • In April 2019, OFAC announced two settlements totaling US$441,366 with U.K.-based Acteon Group Ltd. for 20 apparent violations of the ITSR and the Cuban Assets Control Regulations (CACR) by its Malaysian affiliates and U.K., U.S. and Singapore subsidiaries. Acteon Group, which is majority owned by a U.S.-based private equity firm, KKR [NB: the company was owned by a different U.S. private equity firm at the time of the Malaysia violations.], voluntarily disclosed the violations, some of which were found to be egregious due to concealment, the group’s ineffective compliance program and management awareness. OFAC recommended private equity firms conduct regular audits and due diligence of their non-U.S. subsidiaries. (Read the Clifford Chance briefing on this case here.)
  • In May 2019, OFAC announced a US$871,837 settlement with U.S.-based MID-SHIP Group LLC for five apparent violations of the Weapons of Mass Destruction Proliferators Sanctions Regulations. The company made five electronic funds transfers in relation to charter party agreements entered into by its Turkey and China subsidiaries. The agreements involved Islamic Republic of Iran Shipping Lines (IRISL) vessels that were on the List of Specially Designated Nationals and Blocked Persons (the SDN List). OFAC deemed the violations egregious due to MID-SHIP’s deficient culture of compliance despite its position as a global, commercially sophisticated shipping and logistics company and imposed significant ongoing compliance undertakings. (Read the Clifford Chance briefing on this case here.)

Meanwhile, media have widely reported that OFAC and other U.S. sanctions authorities such as the Department of Justice and Federal Bureau of Investigation are aggressively investigating companies in Asia-Pacific for potential violations of the Iran and North Korea sanctions programs, among others, as evidenced by multiple DOJ indictments and asset forfeiture actions involving Singaporean, Russian and Chinese companies involved in petroleum sales to North Korea.

The message? Companies in Asia-Pacific that have yet to invest time and resources into building up their sanctions compliance programs are sitting ducks for new OFAC violations and more serious penalties.

Still waiting to do that risk assessment? There’s no time like the present.


Tags: Asia PacificOffice of Foreign Assets Control (OFAC)Risk AssessmentSanctionsShipping
Previous Post

Making KYC Simpler Through Intelligent Automation

Next Post

Why Organizations Need a Solutions-Based View of HR Compliance and Employee Benefits

Wendy Wysong

Wendy Wysong

Wendy L. Wysong is a partner at Steptoe & Johnson. She served previously as a litigation partner with Clifford Chance, offering clients advice and representation on compliance and enforcement under the Foreign Corrupt Practices Act, the Arms Export Control Act, International Traffic in Arms Regulations, Export Administration Regulations, and OFAC Economic Sanctions. She was appointed by the State Department as the ITAR Special Compliance Official for Xe Services (formerly Blackwater) in 2010. Wendy combines her experience as a former federal prosecutor with the United States Attorney for the District of Columbia for 16 years with her regulatory background as the former Deputy Assistant Secretary for Export Enforcement at the Bureau of Industry and Security, U.S. Department of Commerce. She managed its enforcement program and was involved in the development and implementation of foreign policy through export controls across the administration, including the Departments of Justice, State, Treasury and Homeland Security, as well as the intelligence community. Wendy received her law degree in 1984 from the University of Virginia School of Law, where she was a member of the University of Virginia Law Review.

Related Posts

ai policy

Planning Your AI Policy? Start Here.

by Bradford J. Kelley, Mike Skidgel and Alice Wang
May 7, 2025

Effective AI governance begins with clear policies that establish boundaries for workplace use. Bradford J. Kelley, Mike Skidgel and Alice...

LexisNexis Sanctions Pusle 2024

Sanctions Pulse 2024

by Corporate Compliance Insights
April 10, 2025

How prepared is your organization for the new era of heightened sanctions activity? Annual sanctions report Sanctions Pulse: Looking Back...

business relationship concept hands

Relationship (Owner) Goals: Why Half Your TPRM Red Flags Stay Hidden

by Chris Audet
April 9, 2025

The front-line staff who manage vendor relationships are uniquely positioned to spot problems before they escalate, yet many organizations fail...

robot reading book generated by ai

Teaching Machines to Spot What Matters

by Kevin Lee
April 8, 2025

How emerging technologies are transforming inefficient alert systems and reshaping financial crime prevention

Next Post
Why Organizations Need a Solutions-Based View of HR Compliance and Employee Benefits

Why Organizations Need a Solutions-Based View of HR Compliance and Employee Benefits

No Result
View All Result

Privacy Policy | AI Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Research
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2025 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT
No Result
View All Result
  • Home
  • About
    • About CCI
    • CCI Magazine
    • Writing for CCI
    • Career Connection
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Library
    • Download Whitepapers & Reports
    • Download eBooks
    • New: Living Your Best Compliance Life by Mary Shirley
    • New: Ethics and Compliance for Humans by Adam Balfour
    • 2021: Raise Your Game, Not Your Voice by Lentini-Walker & Tschida
    • CCI Press & Compliance Bookshelf
  • Podcasts
    • Great Women in Compliance
    • Unless: The Podcast (Hemma Lomax)
  • Research
  • Webinars
  • Events
  • Subscribe

© 2025 Corporate Compliance Insights