Forgive me for overusing the term “convergence” but when the shoe fits, I say “wear it.” If you are managing corporate risks and responsible for securing export licenses, ensuring that you are complying with OFAC sanctions requirements, interacting with customs and immigration officials around the globe, and conducting third party due diligence to onboard a new agent or distributor, , there is no question that there should be “convergence” among the various functions responsible for managing these risks.
Unfortunately, companies do not necessarily organize around efficiencies when creating procedures, and very often you will see a department responsible for export and sanctions compliance functions separate from the anti-corruption function. By ignoring some practical benefits, companies may be losing administrative efficiencies.
I am not suggesting that there is a substantive overlap but it appears to me that some of the information collection and analysis for compliance in these areas does overlap.
For example, in the OFAC and anti-corruption compliance, the beneficial ownership of a third party is an issue that has to be resolved in order to ensure compliance. The OFAC issue resolves around prohibited entities and persons; the anti-corruption issue focuses on relationships with existing and former government officials. Nonetheless, the information is needed for two distinct purposes. One component of an organization should identify the beneficial owners of third parties – not two separate departments like a global trade and an anti-corruption group. My point is that there are synergies here and they should be explored, assessed and implemented when cost-effective and efficient.
I am not recommending that one person, one group or one function should be responsible for securing export and import licenses, checking parties to a transaction against OFAC lists (and other watchlists), and completing FCPA due diligence. However, to the extent there are synergies, they should be explored, and at a minimum there should be communications across functions to ensure information sharing.
The enforcement risks in each of these areas are high. FCPA enforcement has focused on interactions between customs agents and brokers and government border officials. We have seen a number of enforcement actions surrounding these interactions given the risk for bribery demands by customs officials, and the willingness of customs agents and brokers to pay such bribes to ensure timely transport of goods.
OFAC sanctions enforcement has been increasing each year beyond the financial industry. Companies are playing Russian roulette when they continue to ignore screening requirements for customers, third parties, vendors and suppliers. Companies have to employ screening systems, develop protocols for elevating potential matches, and then resolving potential matches before completing a business transaction.
Given the significant risks surrounding international trade and immigration enforcement, companies should re-examine the way in which they allocate resources, organize the resources, and implement appropriate controls. There are definitely opportunities for companies to consolidate certain functions in the OFAC and FCPA process to ensure compliance.
For example, a basic screening program can be employed to confirm OFAC compliance and collect basic information about a potential third party. One person or department may be able to complete this task as a basic building block for an overall OFAC and due diligence compliance review.
A potential vendor/supplier can reply to a single set of questions to address both OFAC and FCPA risks. There is no need to separate those two functions into separate departments. A procurement department in a company can easily collect relevant information to onboard a new vendor and at the same time collect information needed to complete an OFAC and FCPA due diligence screening process. Companies need to identify potential synergies in these areas to make sure that they have identified possible efficiencies to decide whether organizational changes may be needed.