Assessing Third-Party Sanctions Risks (Part II of III)

The Volkov Law Group
Contact

The Volkov Law Group

The task of designing appropriate third-party sanctions controls requires reverse engineering of relevant caselaw, particularly, the Epsilon Electronics case, which I reviewed in Part I of this series, and the Department of Treasury’s Office of Foreign Asset Control (“OFAC”) sanctions regulations.  It is one thing to detect and prevent situations where a company actor has “actual knowledge” that a shipment to a third party is going to be reshipped to a prohibited country, entity or individual.  It is another thing to extend such controls to detect and prevent shipments where a company actor has “reason to know” that a shipment to a third-party will be transshipped to a prohibited country, entity or individual.

OFAC implicitly acknowledges this difficult compliance challenge in its statement that “reason to know” can be established through a variety of circumstantial evidence, including “course of dealing, general knowledge of the industry or customer preferences, working relationships between the parties, or other criteria far too numerous to enumerate.” This list of potential evidence is expansive and presents real challenges for compliance officers.

As a first step, companies have to begin where all compliance officers start – referring to OFAC’s Framework for Sanctions Compliance Commitments, the definitive guide issued by OFAC in May 2019. Organizations have to take a risk-based approach that is keyed to identify potential areas in which the organization may engage with OFAC-prohibited persons, parties, countries, or regions. As part of this process, organizations should assess their customers, supply chain, intermediaries and counter-parties, the commercial products, networks and systems, and the geographic locations of customers, supply chain, intermediaries and counter-parties. 

The purpose of the risk assessment is to identify inherent risks and make risk-based decision and controls.  Organizations have to integrate existing information and data about its third parties in order to ensure a robust and accurate assessment of risks. At the heart of this assessment has to be the geographic locations of an organization’s third-party intermediaries.  For example, third parties that are located in Dubai present a serious risk, solely by virtue of their proximity to Iran. Similar situations of geographic proximity occur in relation to North Korea, Cuba, Syria and other prohibited countries (and Crimea as a prohibited region).

Organizations have to apply OFAC’s broad standard defining circumstances when an organization has “reason to know” that a third party will transship items to a prohibited country, entity or individual.  In particular, organizations have to collect, review and analyze data concerning the organization’s “course of dealing” with the third party.  This process should be a robust examination of relevant information concerning its interactions and transactions with the third party.  Applying a risk-based approach, organizations adjust the intensity of these reviews based on an overall risk-based approach, i.e. risk ranking that captures relevant risk factors such as geographic scoring, financial level of sales, and product/service characteristics.  In certain high-risk situations, e.g. a high-volume, Dubai-based distributor with ties to Iran, a thorough review, including possible interviews of employees may be required to determine the actual level of risk.  This risk-based examination will dictate the level of scrutiny and specific controls governing the onboarding of a new third party, the renewal of a third-party relationship, and approval of individual transactions involving the third-party. 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© The Volkov Law Group | Attorney Advertising

Written by:

The Volkov Law Group
Contact
more
less

The Volkov Law Group on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.