No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Compliance

Clarity on Sanctions Compliance: Examining OFAC Guidance and Enforcement

Organizations Can Mitigate Risk with an Effective Sanctions Compliance Program

by Steven Kuzma and Christian Cooper
March 12, 2020
in Compliance, Featured
Clarity on Sanctions Compliance: Examining OFAC Guidance and Enforcement

With U.S. sanctions compliance fines at a decade high, organizations should be taking note of how to address emerging areas of sanctions risk. BDO’s Steven Kuzma and Christian Cooper offer takeaways from OFAC’s new sanctions compliance framework.

As former U.S. Deputy Attorney General Paul McNulty once warned: “If you think compliance is expensive, try noncompliance.”

The failure to implement and maintain an effective sanctions compliance program (SCP) represents a grave threat, and developments in 2019 highlighted this. The Treasury Department’s Office of Foreign Assets Control (OFAC) published its first guidance document on compliance, and it substantially increased enforcement activity compared to previous years. To maintain an SCP that safeguards against risk and can adjust to the changing sanctions landscape, organizations must establish a thorough understanding of the latest OFAC framework, in addition to examining recent enforcement activity and the aggravating factors that affect fines.

Historically, OFAC sanctions primarily stemmed from major investigations of financial services organizations, due to the fact that OFAC targeted the financial services industry both to combat money laundering and because of the likelihood of substantial monetary recovery. Know your customer (KYC) cases have also been a focus area, and technology companies have come under increasing scrutiny as well. The new guidance document and recent enforcement trends could potentially signal a broader scope of enforcement for OFAC, so industries other than financial services must ensure they have an effective SCP in place.

New Compliance Framework

In May 2019, OFAC published a guidance document, “A Framework for OFAC Compliance Commitments,” that encouraged companies to “develop, implement and routinely update” a risk-based SCP. It identified five “essential components,” including management commitment, risk assessment, internal controls, testing and audit and training. This framework provides clarity for companies on how to strengthen compliance practices, which should include clear policies, comprehensive procedures and thorough due diligence practices.

The framework also acknowledges that an SCP should be tailored to each organization’s specific needs in order to develop and implement an effective program. Factors to consider include an organization’s “size and sophistication, products and services, customers and counterparties and geographic locations.” This explicitly includes “foreign entities that conduct business in or with” the U.S. as well.

While the framework’s content was similar to other guidance documents previously published by the Securities and Exchange Commission (SEC) and Department of Justice (DOJ), it was the first comprehensive guidance document on compliance from OFAC. The framework is a helpful resource for companies, and it increases the transparency of how compliance penalties are decided. It also collates guidance in one place rather than forcing companies to review various prior settlements and public statements.

A lack of explicit guidance has previously impacted OFAC’s enforcement actions, as seen in the case of Exxon Mobil Corp. v. Mnuchin. In an unusual move, Exxon Mobil sued OFAC over a $2 million 2017 penalty related to a violation of sanctions against Russia. Exxon argued that OFAC’s guidance was not clear and did not apply to its activities with the company Rosneft. The chief executive of Rosneft, Igor Sechin, was on the Specially Designated Nationals and Blocked Persons List (SDN), but Rosneft was not on the U.S. sanctions list. In December 2019, a Texas district court granted the motion for summary judgment and vacated the fine.

The Exxon case demonstrates the importance of explicit guidance on compliance, both so companies can implement an effective SCP and so OFAC can prevent pushback on penalties. The framework document provides more clarity on compliance, and it explicitly states that “a successful and effective SCP should be capable of adjusting rapidly to changes published by OFAC,” including updates to the SDN list.

OFAC Penalties in Context

OFAC had a very busy 2019, doling out penalties and settlements that reached the highest amount of the decade. However, OFAC’s annual penalties have tended to be top-heavy, with one or a few sizeable fines and many smaller ones. This uneven distribution can give a distorted view of how OFAC applies its enforcement actions.

In 2019, 26 penalties and settlements against 22 companies totaled $1.29 billion, but more than 98 percent of that ($1.27 billion) was against two companies. The average enforcement action was $49.6 million, but the median was only $454,000. This large gap between the average and median occurred throughout the decade.

2019 also brought a significant increase from recent years, as 2016 to 2018 saw just over $200 million in penalties from 32 enforcement actions. The decreased enforcement activity in those years was likely a result of the DOJ’s 2016 introduction of a pilot program that encouraged self-reporting under the Foreign Corrupt Practices Act (FCPA). The program was extended in 2017 and made permanent in 2018, so the failure to self-report violations going forward can expose companies to higher penalties for noncompliance.

From 2010 to 2019, OFAC issued 186 penalties or settlements totaling nearly $4.9 billion, but most fines were less than $1 million, and more than one-quarter were less than $100,000. Just 16 of those penalties and settlements exceeded $20 million, and four exceeded $600 million, including two in 2019 against U.K.-based Standard Chartered Bank and Italy’s UniCredit.

Often, multiple agencies are involved in significant enforcement actions, including the SEC, DOJ and Department of Commerce, so OFAC’s activities are not the full measure of sanctions compliance enforcement. However, multimillion-dollar enforcement actions only make up a small percentage of OFAC’s activities, and most penalties and settlements are comparatively low.

Determining Factors for Penalties

Considering the wide variation in the size of OFAC fines, it’s essential to understand the factors OFAC considers in enforcement. The best way to mitigate risk and avoid significant penalties is to implement an effective SCP and regularly update it. While there is no one-size-fits-all approach to this, OFAC looks favorably on good faith efforts by organizations to be compliant.

The failure to self-report a known sanctions violation can be an aggravating factor that may increase a fine, but two factors result in the harshest penalties: actively concealing a violation and breaking the terms of a previous agreement. These misdeeds led directly to the spike in OFAC penalties in 2019.

In the case of UniCredit, the total settlement across regulatory agencies came to $1.3 billion, including $611 million for OFAC. The Italian bank’s subsidiaries in Germany and Austria processed billions of dollars of transactions through the U.S. financial system for clients in Iran, Libya, Sudan, Cuba and elsewhere between 2002 and 2011. The banks attempted to conceal these sanctions violations by removing certain identifying words from payment messages.

As for Standard Chartered Bank, it was fined $1.1 billion, including $657 million by OFAC, primarily because it broke the terms of a previous deferred prosecution agreement with the DOJ. The bank had reached a $667 million settlement in 2012 for violating sanctions against Iran between 2001 and 2007. However, it continued processing transactions for Iranian clients both during and after the period covered by the two-year deferred prosecution agreement.

The removal of sanctions also does not mean that a company is in the clear for previous misconduct. In January 2020, Eagle Shipping International agreed to a $1.1 million settlement for violating sanctions against Myanmar between 2011 and 2014. The U.S. lifted those sanctions in 2016, but the company was still held responsible for the violations. The Connecticut-based company filed for bankruptcy in 2014 and reorganized with a new management team, which reviewed the company’s previous sanctions compliance and reported the violations. Had it not self-reported, the company could have faced an even higher fine.

Looking Forward

OFAC’s recent compliance framework provides more clarity, but each organization must examine the unique risks it faces and ensure their specific SCP can address these. Certain technology solutions can help — such as blockchain to improve KYC records and machine learning to analyze data for indications of bribery or corruption — but these must be calibrated and tested routinely.

Maintaining an effective SCP demands the continual assessment of risk, as well as ongoing testing of internal controls and training for compliance best practices. This requires investment, but it’s well worth it. According to the 2020 BDO Middle Market CFO Outlook Survey, 63 percent of CFOs say they plan to increase spending on risk management and compliance this year. As McNulty notes, noncompliance is even more expensive.


Tags: DOJ pilot programSanctions
Previous Post

The Digital Services Act: The Next GDPR

Next Post

U.S. Tech Firms Bullish on Global Expansion in Spite of Growing Uncertainty

Steven Kuzma and Christian Cooper

Steven Kuzma and Christian Cooper

Steven Kuzma is a Senior Managing Director in BDO’s Forensic Investigation & Litigation Services practice. He is a former partner at a Big Four firm with more than 41 years of experience assisting clients with complex issues related to corporate compliance, commercial disputes, purchase price and post-acquisition disputes, fraud and forensic investigations, lost profits, bankruptcy and insolvency, insurance claim and business interruption, franchise and dealership disputes, economic valuation and damages analysis. He has testified in deposition, arbitration and in federal and state courts throughout the United States.
Steve’s experience spans a diverse range of industries, including retail, consumer and industrial products, financial services, health care, life sciences, entertainment, real estate, agriculture, utilities and technology.
Christian Cooper is a Managing Director in BDO’s Forensic Investigation & Litigation Services practice. He has more than 15 years of experience working with organizations in developing, assessing and improving corporate compliance programs; conducting fraud and complex accounting investigations; implementing anti-fraud and corruption programs; and designing internal controls and regulatory compliance procedures.
Christian’s forensic experience includes engagements involving bribery and corruption, money laundering, sanctions violations, corporate compliance, acquisition forensic due diligence and other fraud matters. He has led engagements in more than 35 countries around the globe.

Related Posts

Paul Weiss Economic Sanctions and AML Developments 2022_f

Economic Sanctions and AML Developments

by Corporate Compliance Insights
March 15, 2023

Sanctions start high and stay high 2022 Year in Review Economic Sanctions and AML Developments What’s in this report from...

mining for gold in russia

U.S. Widens Sanctions, Targets Russian Gold Production

by Michael Volkov
July 13, 2022

Russia cranked up its gold production to offset previous international sanctions; now, the U.S. and a group of international allies...

russia ukraine impact

Casualties of War: Global Conflict’s Threat to Business Is a Call to Arms for Cross-Functional Teams

by Chuck Randolph
June 22, 2022

The full extent of the war’s impact on assets and business continuity is unknown, but the time to manage elevated...

Ukraine protest outside of Congress

Biden Administration Ramps Up Enforcement of Russia Sanctions and Export Controls. Here’s What Compliance Teams Need to Know.

by Roberto Gonzalez, Jessica Carey, Rachel Fiorill and Patrick McCusker
March 11, 2022

As the people of Ukraine continue to hold out against the Russian invasion, the Biden Administration, in partnership with allies...

Next Post
illuminated globe, global network

U.S. Tech Firms Bullish on Global Expansion in Spite of Growing Uncertainty

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT