Originally published on Volkovlaw.com and republished with permission.
As companies elevate their “game” in sanctions compliance, it is important that compliance officers critically examine the strengths and weaknesses of their compliance programs. Many companies already have a third party screening technology but little else beyond a basic screening process.
From my vantage point, I have observed some common weaknesses:
1. Segregation of Duties & Control Process
Many companies maintain a screening program and assign the responsibility to a single person. Such an arrangement can be risky. A single employee may incorrectly or corruptly “approve” a transaction despite significant red flags or even a negative result. By segregating the process into discrete tasks (e.g., review and approval), a company can eliminate this risk. Further, a company should create a specific procedure for identifying a red flag, elevating the red flag and resolving the red flag. A documented and established process for third party screening and resolution of issues is a critical component of an effective sanctions compliance program.
2. Beneficial Ownership & the 50% Rule
The OFAC prohibition therefore extends beyond those entities or individuals listed as a Specially Designated National to unlisted but related entities as well.
The compliance community recognizes the importance of identifying beneficial owners of a specific organization. It is a critical part of due diligence and risk management for not only sanctions but anti-corruption and money laundering risks. Compliance officers have to implement information gathering processes to include beneficial ownership and verification of such ownership. In the sanctions context, such information is critical for applying the 50% Rule, which extends a sanctions prohibition against a named entity or individual to any related entities in which the entity or individual (or combination thereof) owns 50% or more. The OFAC prohibition therefore extends beyond those entities or individuals listed as a Specially Designated National to unlisted but related entities as well. Too often companies ignore the beneficial ownership requirement and the 50% Rule when evaluating a specific transaction.
3. Sanctions Search Mistakes
On occasion, companies make mistakes when conducting searches. They fail to recognize close “matches” or ignore refinements to identifiers or common spellings in specific geographic areas. Unfortunately, OFAC screening is not just a “yes” or “no” process – it involves more judgment calls and investigation than recognized. As the stakes increase, companies have to invest in training and auditing to ensure consistent quality and accuracy in searches.
4. Third-Party Risk Mitigation
In order to mitigate potential third-party risks and transfers of products to prohibited persons and countries, companies have to employ a robust set of controls to ensure compliance by third parties. A company cannot sell its products to a distributor, who in turn, redistributes the product to a prohibited party. To mitigate such risks, companies have to secure robust OFAC compliance certifications as part of a contract, and monitor and verify resale of products to lawful parties. Such activity has to be included in regular training and auditing programs.
5. Failure to Audit, Measure & Improve
A vital part of any compliance program is to review its performance. An independent review of a compliance program provides important insights into performance, weaknesses in the program, and remediation of the program. If a company is committed to maintaining an effective sanctions compliance program, the company has to audit, test and monitor the program.
Join Michael Volkov at the 2019 Ethics & Compliance Virtual Conference for a more his in-depth session on “Supply Chain & Third-Party Distributor Risks in the Era of Aggressive Sanctions Enforcement.”