How to Avoid Sanctions Violations: OFAC Compliance Program
The Office of Foreign Asset Control (OFAC) has a tiered system to address sanctions violations committed by exporters. OFAC acts as an open resource and often works with companies that disclose their mistake or suspected violation to avoid meaningful penalties. OFAC has given a brief list of both the common mistakes that lead to violations and the types of violations that frequently occur.
Common Mistakes that Lead to Violations
• Human Error • Misinterpreting OFAC Regulations
• Flawed Screening • Inapplicable or Expired OFAC License
• Misspelling • Outdated Internal Systems
• Failure to Update Internal Lists
• Unlicensed exports
• Transactions with sanctioned countries (usually indirectly or with the wrong license)
• Transactions involving Specially Designated Nationals and Blocked Persons (SDN’s)
• Interacting with a freight forwarder outside of OFAC jurisdiction that commits a
OFAC strongly encourages export businesses to have an internal compliance program in place so that any potential sanctions violations are avoided or immediately caught. OFAC has expressed key elements that should be in every viable compliance program while also noting that compliance programs should be tailored to the business and there is no set structure that will work universally.
The compliance program should constantly assess high risk areas of the business, taking into account the following factors of the business.
• Business size and location • Partner Activities
• Customer Base • Product popularity and use
• Transactional process
Relevant documents should be regularly reviewed through multiple general systems as well as specific review of the following export factors.
• Buyers • Final Buyer • Banks
• Sellers • Manufacturers • Suppliers
• Shipping Companies • Consignees • Notify Parties
• Forwarding Agents • Ports of Loading • Ports of Discharge
• Ports of Transhipment • Final Destinations • Shipping Vessels
• Air Carriers • Country of Origin of goods
Even though OFAC gives such an expansive list, this may not be exhaustive for some export transactions that involve a wide network of responsible parties. Many exporters have electronic systems in place to catch blocked individuals or entities that may be one of the parties above. OFAC also notes that while conducting business with individuals from other countries, such as carriers, it is important to confirm who they are interacting with since they may not be directly under U.S. Jurisdiction and often completely disregard OFAC regulations.
Internal Testing and Audits
A business’ compliance program should be tested on at least an annual basis. Evaluating the effectiveness and identifying deficiencies will allow the program designer to remediate any outstanding issues that will likely lead to a violation. OFAC encourages businesses to use a third party to audit and test their compliance program and to immediately report if there are any glaring flaws that most likely resulted in an unnoticed violation in the past. The key areas to test and audit in your compliance program are as follows.
• Filtering programs • System Performance • Escalation Process
• Policies and Procedures • Internal Communication • Record Keeping
• External Communication • Plans for improvement • Training Programs
• Risk assessment and Matrices
Responsible Individuals: A Management Team
The program should designate positions for employees that will manage the various aspects of compliance generally alongside the controls, testing and auditing of the program. OFAC highly suggests that this team and the person who audits the program should not be the same person who designed and implemented the compliance program.
All employees should be made aware of the compliance program within the business and the broad concepts of how it operates. Employees should also be aware of how to use the system to check for a blocked person or who can be referred to for assistance with doing so. Every new employee should be given training specifically relating to how to utilize the compliance program. OFAC also suggests annual refreshers for all employees.
The program should be able to be updated regularly and would ideally update itself when new lists and licenses are issued. This is very important as the high risk areas in a business may shift as new licenses are issued or as the business itself experiences internal structure shifts.The program should also be intuitive so that if there is new management, there will be little to no confusion for new employees to learn, understand and manipulate the system while also making it receptive to new technologies.
Another very important note is that businesses are mandated to make blocked and rejected transaction reports whenever there is contact with an individual or entity that has been subjected to sanctions. These occurrences are to be reported to OFAC within ten days of the blocking or rejection. Furthermore, if someone is in possession of a blocked asset or interest, the person must file an annual report of the property. These reports would also be best executed if integrated into a business’s compliance program.
Have questions related to anything you've read above? Feel free to connect with us using the Contact form at the bottom of the Home page.