How can a compliance professional navigate an increasingly complex sanctions landscape? I recently visited with Adam Frey, Managing Director, and Eric Lorber, Vice President at K2 Intelligence Financial Integrity Network (FIN) on this topic.
What are the different types of sanctions? The first type are generally the best known, comprehensive jurisdictional sanctions. If you are in the US or a US person you cannot do business with individuals or entities who are ordinarily resident in certain jurisdictions, such as Iran, North Korea or Syria. The second set is more generally list-based or conduct based sanctions. The sanctions restrictions apply specifically to individuals or companies who are engaged in bad activity, such as narcotics trafficking, nuclear proliferation or human trafficking. The key is they are specific list-based programs.
The third set are regime-based sanctions programs. It is still a list-based program but is targeted at specific regimes. An example of this type of sanctions program is the one against Zimbabwe, where individuals and officers of a government were targeted because of their affiliation with that government. The fourth type of sanctions are sectorial sanctions. This type began or were developed in a context of the Ukraine sanctions program in 2014 developed to forcefully respond to Russia’s effort to annex Crimea and Ukraine, as well as destabilize Eastern Ukraine.
The final type of sanctions are secondary sanctions, perhaps the most controversial. It is secondary sanctions and, like sectoral sanctions, were also developed to solve a policy problem. The policy problem was the US could impose substantial jurisdictional sanctions, for example, on Iran. However, if there is no US jurisdiction then third-party companies in third party countries could continue to do business with Iran. This would substantially undermine the economic impact of the US sanctions program against Iran. This led to the idea of secondary sanctions that are sanctions restrictions that apply even when there’s no US jurisdiction. Put simply, you can do business with Iran but if you do, then your company will lose access to US markets and most importantly the US banking system.
There are several reasons sanctions have become such a favored economic tool. Obviously short of war it is hard to punish a country, person or group or try to stop untoward behavior. This makes sanctions look like the most appealing option. They can be written quickly and implemented in short order. This makes sanctions a tool that can be implemented in an expedited and an expeditious manner.
Yet perhaps most interestingly, is that the sanctions in the compliance ecosystem have a feedback loop, which Lorber said “builds on itself. What do I mean by that? Over the last 15 or 20 years, you’ve seen really financial institutions in particular subject to enforcement activity by OFAC. This has led to most large financial institutions, have invested quite a bit of money and quite a bit of resources into beefing up their sanctions compliance programs.” As a result, when new sanctions designations come out or new Executive Orders are issued, these financial institutions are in many ways better able to detect and disrupt any illicit activity associated with new action that occurs.
Which business sectors do sanctions apply to? Obviously financial is high on the list, however commercial corporations should not assume that sanctions do not apply to them. Recently there have been a push for sanctions in a much broader set of industries. This includes energy, agriculture, tech and others as well. The bottom line is that sanctions are here to stay and every business needs to understand their impact to your company.
I always enjoy looked at that veiled land, the future. In this world of sanctions, the $64,000 Question is what companies can do to prepare for the unknown. It starts with training and communications to make sure all staff understand their sanctions risk and the importance of complying with the organization sanctions obligations. There are two critical components to this first step. The first is the ubiquitous tone from the top from senior management, this is critical to having to each person internalize their ownership of sanctions risks. The second component is staying informed of the very fast-moving sanctions landscape. This means compliance professionals must keep abreast of the developments in the news and industry and ensure that you have adequate resources to address these risks.
One of Frey’s key insights is what he called the internalizing of sanctions compliance risk management by having each employee manage the sanctions risk in front of them; whether it be clients, customers, third parties or others. This is the very essence of operationalizing compliance and by driving your risk management to the front lines of your organization. This process enables an organization to respond more quickly and be nimbler with risks as they arise. It also means that risks can be identified more quickly so they can be pushed up the line to the compliance function to bring additional resources or expertise to bear, if needed. Frey said, “to the extent that you can get each person at the ground level understanding what the sanctions risk is of their activity of their product; it can only benefit the organization.” While every organization will always the need for a compliance department as the second line of defense, to the extent you have buy in from all employees, it is definitely is something that can only be good for the organization.
Another trend in sanctions compliance that Frey believes will continue to accelerate is the overlap of multiple sanctions programs; both list-based and country-based. Frey pointed to the example of OFAC looking at targeting Chinese entities, but under the Iran sanctions program or Russian entities under the Venezuela program. We are starting to see how connected everything is. The result is that you cannot look at your sanctions program in isolation. This has also manifested in how OFAC, and indeed the US government, is expanding out their sanctions enforcement and the scrutiny beyond the traditional financial institutions and towards commercial corporations such as in the maritime and shipping industries, insurers, port operators, other and corporations who may not have considered such potential sanctions risks to date.
There are three general observations applicable to every compliance regime. The first is the accelerating effect of COVID-19, coupled the economic crisis; that regulators are showing no sign of decreasing scrutiny or enforcement of sanctions, or really any kind of financial crime. This is true even with the ever-present pressure to cut costs. The performance, down to the bottom line, will be impacted even more. Now is not the time for compliance programs to go lax, or to let down their guard.
The second is that while no organization can be perfect and no compliance program can be perfect, to the extent that you can demonstrate a strong program and a strong track record, it will be looked favorably by the regulators when it comes time for charging or penalty assessment. Frey noted, “that old adage, I hate to say it, but the ounce of prevention is worth a pound of cure.” The third and final observation is that sanctions and sanctions enforcement are expanding beyond the traditional industries financial institutions where it has been focused in the past. Maritime, shipping and insurance are now directly in the regulators eyes and they need to get their compliance programs up to speed to manage these new risks.
Join me tomorrow in Part 2, where I continue my visit with Lorber and Frey as we look at sanctions compliance programs and what happens if you have a violation.