Earlier this year, the U.S. Department of the Treasury issued a new “Framework for OFAC Compliance Commitments” (the “Framework”). The Office of Foreign Asset Control (“OFAC”) is the Treasury Department’s arm that administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals. The U.S. government targets foreign countries, terrorist organizations, narcotics traffickers, persons engaged in the proliferation of weapons of mass destruction, and other threats to national security, foreign policy, or the economy of the U.S. with certain economic and trade sanctions. OFAC imposes controls on economic transactions and freezes assets under U.S. jurisdiction. OFAC publishes a Specially Designated Nationals and Blocked Persons (“SDN”) list (along with other lists) of organizations and individuals who are subject to sanctions. U.S. companies are obligated to determine whether their counter-party to any international transaction is subject to sanctions.
OFAC’s Framework encourages organizations to employ a risk-based approach to sanctions compliance by implementing a sanctions compliance program. Although a risk-based approach means sanctions compliance programs may vary depending on a number of factors, OFAC considers the following five components “essential” to any sanctions compliance program:
(1) Management commitment - including the provision of adequate resources to the compliance unit and support for compliance personnel’s authority within the organization.
(2) Risk assessment - including routine risk assessments to identify potential OFAC issues likely to be encountered in the organization.
(3) Internal controls - including policies and procedures to identify, interdict, escalate, report, and document activity that is prohibited by OFAC-regulated sanctions.
(4) Testing and auditing - including assessment and analysis of current processes as well as identifying enhancements to the program to remediate gaps identified.
(5) Training - including periodic training for appropriate personnel to provide job-specific knowledge and communication of compliance responsibilities.
These five components reflect the “Hallmarks of Effective Compliance Programs” that we have discussed in prior alerts. OFAC will consider the existence, adequacy, and nature of a sanctions compliance program during an investigation and may mitigate civil monetary penalties based upon its evaluation of the program. All organizations dealing with international transactions should consider implementation of sanctions compliance into their risk assessments and existing compliance programs.