The past few months have provided the compliance professional with two very useful releases of information from the Department of Justice (DOJ) around compliance programs. April saw the release of the Evaluation of Corporate Compliance Programs, 2019 Guidance, from the Criminal Division. In July, the Antitrust Division released its Evaluation of Corporate Compliance Programs in Criminal Antitrust Investigations. Obviously, they had different foci but they provided the anti-trust/anti-bribery (ABC) compliance practitioner with solid information about not only what the DOJ is thinking about when it comes to its expectations around a compliance program but also benchmarks for best practices compliance programs in both ABC and anti-trust.

However, these releases bookended the release of the Office of Foreign Asset Control’s (OFAC)  Framework for OFAC Compliance Commitments (Framework), which was released in June. It is guidance for those entities seeking to comply with sanctions through a sanctions compliance program (SCP). Mike Volkov, one not normally associated with hyperbole, has called this “a game-changer”. Over the next few days, I will be reviewing the OFAC Framework and exploring how it informs the ABC compliance practitioner. But first, before we get started….

Ginger Baker died yesterday. Drumhead or not, if you had any love for classic rock, you knew Baker as the drummer for the first super-group, power trio Cream. About the most succinct statement one could make about Baker was found in the first paragraph of his New York Times (NYT) obituary, which said, “he helped redefined the role of drums in rock”. While he was not as uninhibited as Keith Moon of the Who; or perhaps not as slick as John Bonham of Led Zeppelin, Baker “brought a new level of artistry to his instrument, and he was the first rock drummer to be prominently featured as a soloist and to become a star in his own right. Mr. Clapton praised him as “a fully formed musician” whose “musical capabilities are the full spectrum.” Neil Peart, the drummer with the band Rush, said of Baker his playing was, “extrovert, primal and inventive and “set the bar for what rock drumming could be.”

OFAC itself said the Framework “strongly encourages” companies subject to its jurisdiction to take a “risk-based approach to sanctions compliance by developing, implementing, and routinely updating a sanctions compliance program (SCP).” OFAC recognizes that all businesses are different in “size and sophistication, products and services, customers and counterparties, and geographic locations”. To this end each compliance program should not be a cookie cutter, off the shelf solution.

OFAC related that each corporate compliance program should be predicated on and incorporate at least five essential components of compliance, which I will be exploring in greater depth over the next several days:

• management commitment;
• risk assessment;
• internal controls;
• testing and auditing; and
• training.

However, OFAC stated that it would consider the robustness and implementation of these five prongs after conducting an investigation and in consideration of a civil penalty. Equally important, OFAC’s Office of Compliance and Enforcement (OCE) will also make a determination as to any of the five elements that should be incorporated into a corporate compliance program going forward as a part of any formal settlement agreement. The Framework goes on to state,  “OFAC will evaluate a subject person’s SCP in a manner consistent with the Economic Sanctions Enforcement Guidelines (the “Guidelines”).”

Moreover, as OFAC applies the Framework to each specific fact pattern, it will favorably consider companies that have an effective compliance program. The Framework listed the following example, “under General Factor E (compliance program), OFAC may consider the existence, nature, and adequacy of an SCP, and when appropriate, may mitigate a CMP on that basis.” OFAC reiterated that its analysis is based on the five essential components of compliance listed above. Additionally, a company “may also benefit from further mitigation of a CMP pursuant to General Factor F (remedial response) when the SCP results in remedial steps being taken.”

With the increased sanctions program, most notably against Cuba, Iran and Venezuela, OFAC has demonstrated an aggressive policy of enforcement this year in particular. In this new era of forceful OFAC sanctions enforcement, companies subject to OFAC jurisdiction need to be aware of the requirements for an effective SCP. As Volkov noted, “Companies that are in the process of implementing or updating their OFAC sanctions compliance program should review these documents and should incorporate these compliance expectations and elements into their own analysis.”

Finally, OFAC will most likely consider the existence of an effective SCP at the time of an apparent violation as a factor in its analysis as to whether a case is deemed “egregious.” The Framework provides companies with a structure for OFAC’s belief of the five essential components of a risk-based SCP. If a company under OFAC investigation has an “effective SCP” at the time of the violation, or if the subject implements remedial compliance measures at the time of the resolution, OFAC may reduce a penalty and/or deem the penalty non-egregious. This is what every compliance practitioner and compliance program needs to hear.

As you get ready to explore the OFAC Framework with me this week, I hope you will listen to my Top Five Ginger Baker (recommended at Volume 11 or higher) tracks. All of these tracks come from YouTube.

1. Sunshine of Your Love
2. White Room
3. Strange Brew
4. Had to Cry Today
5. Do What You Like

[View source.]