OFAC unveils framework for sanctions compliance
On May 2, 2019, the US Treasury Department’s Office of Foreign Assets Control (OFAC) published guidance on the core elements of what OFAC considers to be an effective sanctions compliance program. The Framework outlines five essential components of a compliance program - management commitment, risk assessment, internal controls, testing and auditing, and training - and lists several root causes of apparent violations of US sanctions resulting from program deficiencies and breakdowns.
Tip of the month: Compliance Programs
Common advice to avoid liability/mitigate penalties is to have a “strong compliance program”. It is important to remember your compliance program must be more than just a written document. When the U.S. Justice Department recently declined to prosecute Cognizant Technology on an alleged bribery charge in India, it specifically mentioned “the existence and effectiveness of the “pre-existing compliance program”. Note “effectiveness” and “pre-existing”. So, how do you determine if your compliance program is “effective”? One suggested place to start is reviewing the April 2019 guidance by the U.S. Justice Department on how prosecutors should evaluate the effectiveness of corporate compliance programs to avoid criminal conduct. This 18 page guidance is available on the DOJ website and discusses a programs “design” (including who was involved in the design), whether the program works in practice, and if it is periodically updated. Similar analysis can be applied in other jurisdictions. Our “tip” is to design a all-inclusive compliance program (a) that has top level company support, (b) is broad and comprehensive, (c) that actually finds and corrects compliance issues, and (d) is periodically updated. You may be required to provide metrics to prove your compliance program works in order to avoid or mitigate penalties.
US companies to comply with new final rule on US Entity List
The US Government added Huawei Technologies Co., Ltd. (Huawei) and 68 other non-US affiliates to the Entity List in May 2019. The US Government determined that there is reasonable cause to believe that Huawei has been involved in activities contrary to the national security or foreign policy interests of the United States.
The Export Administration Regulations (EAR) provides a list (“Entity list”) of the names of certain foreign persons – including businesses and other types of legal persons – that are subject to specific license requirements for the export, re-export and/or transfer (in-country) of specified items, US-origin items and other items that are “subject to” US Export Regulations. A general license related to this designation has also been issued by the US Department of Commerce authorizing certain transactions through to August 19, 2019. A number of U.S.-and Non-US companies have already taken actions to comply and have stopped providing Huawei with their products, e.g. software.
US DOC updates Privacy Shield FAQ to cover Brexit
The US Department of Commerce “DOC” has updated its guidance on the EU-US Privacy Shield. The DOC outlined whether a participant can rely on the Privacy Shield to receive personal data from the UK in light of the UK’s planned withdrawal from the EU. Participants must update their Privacy Shield commitments as described in the Guidance, and these updates will depend on whether the UK withdraws from the EU with or without a transition period. DOC also outlined the consequences of these two possible scenarios to avoid the publication of misleading information.
Managing corruption risk: A worldwide approach to a global problem
The global expansion of corporate liability for corruption in several foreign countries demonstrates the need for companies to adopt a truly worldwide approach to anti-corruption. In the past year alone, India, Russia and Italy have all implemented notable changes to their respective anti-bribery laws that may raise new risks but also provide new defenses to multinational companies operating in those countries. Although companies have historically focused on the US authorities’ expansive interpretation of the Foreign Corrupt Practices Act, these extraterritorial developments demonstrate the need for companies to be aware of the different anti-bribery laws that are applicable when investigating international corruption or designing and implementing successful compliance programs.
Dutch senate passes a new law on due diligence to prevent child labor
On May 14, 2019, the Dutch Senate passed a law on due diligence to prevent child labor (Wet Zorgplicht Kinderarbeid). The law is expected to take effect in 2020. It applies to all companies that conduct business in the Netherlands, including companies registered in the Netherlands and those registered outside but selling into the country. Companies are required to submit a statement declaring that an appropriate level of due diligence has been conducted to identify and prevent the use of child labor in their supply chain. Companies that have violated those obligations have to expect administrative fines being imposed including legal action taken against management.
Compliance Management Systems
DOJ announces publication of guidance on evaluating corporate compliance programs
The Department of Justice (DOJ) Criminal Division announced on April 30 the release of a guidance document for white collar prosecutors on the evaluation of corporate compliance programs. Entitled “The Evaluation of Corporate Compliance Programs,” the document, which updates a prior version issued by the Division’s Fraud Section in February 2017, seeks to better harmonize the guidance with other Department guidance and standards, and provide additional context to the multifactor analysis of a company’s compliance program.