Obtain the data you need to make the most informed decisions by accessing our extensive portfolio of information, analytics, and expertise. Sign in to the product or service center of your choice.
The Office of Foreign Asset Control (OFAC) has for the first
time issued guidelines on what it believes constitutes a robust
compliance program covering economic and trade sanctions. This
guidance entitled A Framework for OFAC Compliance
Commitments outlines the type of program that should be
implemented and what it should contain. The core themes are:
Management Commitment to promote a culture of compliance and
ensure that the organisations compliance unit is funded and
autonomous
Risk Assessments on the areas that an organisation is likely to
encounter potential OFAC issues, for example, customers, locations,
commercial products and customer networks
Internal Controls that allow an organisations compliance
program to be flexible in accordance with sudden changes to OFAC
watch-lists and sanctioned licenses
Auditing to constantly identify and target areas of weakness.
Ensure that these areas can be plugged effectively and
efficiently
Training for all employees and personnel on a periodic
basis
Any subsequent investigation by OFAC into a possible monetary
fine being raised against an organisation will consider the
elements of this framework and what the bank or financial
institution under investigation has implemented.
There is a similarity in OFAC's advisory with the New York
Department of Financial Services (DFS) Part 504 ruling in 2017
which also provided clarification on the screening of entities and
individual's as part of an anti-money laundering policy. The DFS
ruling was in part designed to address the threats of money
laundering by ensuring that banks and financial institutions had
sufficient tools and technology in place to better capture
instances of financial crime.
Both OFAC and DFS appear to have similar expectations regarding
management accountability, robust testing processes and the
adequate training of staff in compliance matters.
But why have these actions come into being now and what are the
potential motives for OFAC in raising its compliance commitment
framework?
Over the last seven years OFAC has issued a total of 110 penalty
notices totaling over $3.5 billion in monetary terms. In 2019 alone
(as of May) the number of settlements concluded by OFAC stands at
14 with the total financial penalties hitting $1.2 billion.
One of the clear reasons for OFAC's attention in this area can
be found from looking at a random year, such as 2015, where we can
ascertain from the OFAC notices that out of 15 settlements, seven
of these were issued due to no compliance program in place or an
inadequate program. A similar story is also uncovered when looking
at 2014 when nine out of 22 settlements issued by OFAC again lacked
or had an inadequate compliance policy.
One example in 2014 comes from a North American bank that failed
to review or screen bills of lading, certificates of origin and
shipment advice which contained references to Iran and the Iranian
Shipping Lines company. Whilst OFAC ruled it as a non-egregious
case, it noted that the transaction could have been prevented as
'the documents were in the banks possession… (but the) interdiction
software did not identify references to the sanctioned
parties'.
Instances such as this and the continuous uncovering of export
compliance breaches by organisations with no compliance program
must be frustrating for regulators.
It is in this context that OFAC have specifically mentioned the
root causes of previous settlements and penalties. Whilst the lack
of a sanctions compliance policy is top of the list, there is also
another interesting category which has been called out; 'Sanctions
Screening Software or Filter Faults'.
Within this category OFAC specify instances when new additions
to the Specially Designated Nationals list (SDN) and the Sectoral
Sanctions Identification list (SSI) have not been updated by banks
or financial institutions. Furthermore, a lack of alternative
spellings for sanctioned locations such as Habana/Havana are also
missing from many organisations compliance policies.
This last example is a potentially worrying sign as it suggests
a weakness with current vendor products which banks and other
organisations are using today. One of the most important things
organisations can do is to stress-test and review their current
procedures and policies for managing trade-based compliance. Weak
areas such as alternative spellings of individuals and locations
are easy to remedy but those items in the most recent OFAC penalty
notices such as networked commercial partners associated with
Iranian Shipping Lines or monitoring the destination of discharged
goods require special vendor partnerships.
Banks need to work with the best content providers available in
order to be proactively managing and identifying compliance risk.
Shipping practices, document management and commodity end-usage are
all key weapons in a compliance arsenal and are all areas in 2019
that OFAC has highlighted in their penalty notices.
The new compliance framework issued by OFAC heightens the stakes
and it is important for organisations to follow through on these
commitments.
Posted by Byron McKinney, Associate Director Maritime &
Trade Product Management, IHS Markit