Maintaining sanctions compliance

with contributing authors Ali Burney and Nick Turner

When was the last time you performed a gap analysis of your organization’s sanctions compliance program?

Potential sanctions violations could be waiting just around the corner. Meanwhile, U.S. regulators expect international companies to have sophisticated sanctions and export controls programs. This is especially true for those that engage with U.S. persons, U.S. goods or the U.S. financial system.

Here are some thoughts on managing the risk proactively.

Annual Risk Assessments

Effective compliance is built on risk assessments. Conduct assessments early and often, at least annually, and consider the risks posed by the customers, products and geographies with which you do business. Take into account the relative strength of your organization’s compliance controls in light of recent audit or compliance testing findings. And develop an action plan that responds to any deficiencies observed. Overall resources should be allocated in accordance with areas of highest risk.

Don’t overlook the commercial risks associated with sanctions. Examples include delayed or seized shipments, difficulty obtaining financing, lost business opportunities and litigation risks. Non-U.S. companies that do business with U.S. persons or U.S.-regulated companies should think carefully about how sanctions risks could impact their partners and resolve issues ahead of time. This is doubly important for those that seek financing from U.S. sources—sanctions weaknesses often get highlighted during due diligence.

Best Practices

Here are some other (non-exhaustive) examples of best practices for building a world-class sanctions compliance program. How well does your organization stack up?

  • Make governance and escalations key features of your compliance program. Responsibilities should be well delineated with clear lines of authority for decision-making. Don’t forget to keep records of decisions and management meetings.
  • Know your customer (KYC) and customer due diligence (CDD) procedures should help identify high-risk customers (HRCs). Enhanced procedures for customers with high sanctions risks should be documented with clear steps for assessing and responding to sanctions red flags.
  • Develop a comprehensive map of data flowing through, and stored within, various systems for the purpose of sanctions screening. From a sanctions perspective, relevant information can be related to customers, accounts, third parties, transactions or other activities involving property or any direct or indirect provision of value.
  • Training should be delivered regularly to employees on sanctions risks and procedures specific to their roles—including directors and senior management.
  • Due diligence is critical to uncovering transactional risks presented by counterparties and for tailoring covenants in deal agreements. Due diligence questionnaires should probe for sanctioned countries, sanctions targets or entities owned or controlled by sanctioned persons. Even indirect dealings with sanctions targets can pose risks. Take for example an intermediary that sells a company’s products into a sanctioned country.
  • Transparency and accuracy are virtues. Information should never be removed from payments, trade documents or databases to disguise sanctioned countries or persons. Doing so can lead to significant reputational costs; delayed, rejected or frozen transactions; and informal blacklisting by banks, suppliers and other parties due to perceived risks—not to mention potential regulatory consequences.
  • Conduct internal investigations under attorney-client privilege and, if appropriate, self-disclose potential regulatory violations with the aid of legal counsel. Train your staff on crisis management protocols, dawn raids and restrictions on communications with regulators or the media. It never hurts to be prepared for the unexpected.

This list is just a start. Your sanctions controls should stay current with changes in the enforcement and regulatory environment. Sanctions regulations are among the most complex and dynamic of any area of law. Appoint a dedicated person to monitor changes to regulations, emerging risks, enforcement actions and other trends. New information should be shared with internal stakeholders in a timely, actionable manner and incorporated into policies, procedures and training as necessary.

When in doubt, seek guidance from a lawyer with expertise in the field.

Wendy Wysong

Wendy L. Wysong, a litigation partner with Clifford Chance, maintains offices in Hong Kong and Washington D.C.  She offers clients advice and representation on compliance and enforcement under the Foreign Corrupt Practices Act, the Arms Export Control Act, International Traffic in Arms Regulations, Export Administration Regulations, and OFAC Economic Sanctions.  She was appointed by the State Department as the ITAR Special Compliance Official for Xe Services (formerly Blackwater) in 2010.

Ms. Wysong combines her experience as a former federal prosecutor with the United States Attorney for the District of Columbia for 16 years with her regulatory background as the former Deputy Assistant Secretary for Export Enforcement at the Bureau of Industry and Security, U.S. Department of Commerce.  She managed its enforcement program and was involved in the development and implementation of foreign policy through export controls across the administration, including the Departments of Justice, State, Treasury, and Homeland Security, as well as the intelligence community.]

Ms. Wysong received her law degree in 1984 from the University of Virginia School of Law, where she was a member of the University of Virginia Law Review.

Contact information:

Wendy L. Wysong
Clifford Chance
28th Floor Jardine House
One Connaught Place
Hong Kong
+852 2826 3460
+852 9280 3612 (cell)


2001 K Street, NW
Washington, DC 20006
+1 202 912 5030
+1 202 290 7634
[email protected]

Related Post

Got Compliance News?

We do!  Sign up for CCI’s free weekly eBlast to get GRC news, views, jobs & events delivered to your inbox once a week.  Cancel anytime.

Click to Subscribe.