If your business activities take place in the U.S., you need to be doing OFAC screening. Michael Volkov offers five areas most companies that most organizations fitting this description could stand to improve upon to ensure compliance.
As companies elevate their “game” in sanctions compliance, it is important that compliance officers critically examine the strengths and weaknesses of their compliance programs. Many companies already have a screening technology but little beyond a basic screening process.
From my vantage point, I have observed some common weaknesses:
Segregation of Duties and Control Process
Many companies maintain a screening program and assign the responsibility to a single person. Such an arrangement can be risky; a single employee may incorrectly or corruptly “approve” a transaction despite significant red flags or even a negative result. By segregating the process into discrete tasks (e.g., review and approval), a company can eliminate this risk. Further, a company should create a specific procedure for identifying a red flag, elevating the red flag and resolving the red flag. A documented and established process for screening and resolution issues is a critical component of an effective sanctions compliance program.
Beneficial Ownership and the 50 Percent Rule
The compliance community recognizes the importance of identifying beneficial owners of a specific organization. It is a critical part of due diligence and risk management for not only sanctions, but anti-corruption and money-laundering risks. Compliance officers have to implement information-gathering processes to include beneficial ownership and verification of such ownership.
In the sanctions context, such information is critical for applying the 50 Percent Rule, which extends a sanctions prohibition against a named entity or individual to any related entities in which the entity or individual (or combination thereof) owns 50 percent or more. The OFAC prohibition therefore extends beyond those entities or individuals listed as specially designated nationals to unlisted, but related, entities as well. Too often, companies ignore the beneficial ownership requirement and the 50 Percent Rule when evaluating a specific transaction.
Sanctions Search Mistakes
On occasion, companies make mistakes when conducting searches. They fail to recognize close “matches” or ignore refinements to identifiers or common spellings in specific geographic areas. Unfortunately, OFAC screening is not just a “yes” or “no” process – it involves more judgment calls and investigation than recognized. As the stakes increase, companies have to invest in training and auditing to ensure consistent quality and accuracy in searches.
Third-Party Risk Mitigation
In order to mitigate potential third-party risks and transfers of products to prohibited persons and countries, companies have to employ a robust set of controls to ensure compliance by third parties. A company cannot sell its products to a distributor who, in turn, redistributes the product to a prohibited party. To mitigate such risks, companies have to secure robust OFAC compliance certifications as part of a contract, and then monitor and verify resale of products to lawful parties. Such activity has to be included in regular training and auditing programs.
Failure to Audit, Measure and Improve
A vital part of any compliance program is reviewing program performance. An independent review of a compliance program provides important insights into performance, weaknesses in the program and remediation of the program. If a company is committed to maintaining an effective sanctions compliance program, the company has to audit, test and monitor the program.
This article was republished with permission from Michael Volkov’s blog, Corruption, Crime & Compliance.