The US Treasury Department says creating a compliance programme in accordance with its freshly released guidance could help companies reduce penalties in sanctions cases.
The department’s Office of Foreign Assets Control (OFAC) published “A framework for OFAC Compliance Commitments” on 2 May, following months of anticipation from Washington, DC, sanctions lawyers about the enforcer releasing such assistance to the corporate world.
“This underlines our commitment to engage with the private sector to further promote understanding of, and compliance with, sanctions requirements,” OFAC director Andrea Gacki said in an accompanying statement.
Among the headlines of the 12-page document is that OFAC will consider whether companies had a suitable and easy-to-follow compliance programme that “captures the organisation’s day-to-day operations” at the time a sanctions violation occurred.
A company’s existing compliance structure will be a factor in whether OFAC classes a breach as “egregious”. In egregious cases that aren’t self-reported, OFAC begins its penalty considerations at the maximum fine available. A “wilful or reckless violation of the law” could lead to such a designation, according to the agency’s enforcement guidelines.
OFAC says in the guidance that companies should conduct frequent assessments to identify potential sanctions risks and independent audits of its compliance programme. However, lawyers have questioned how OFAC will establish whether a company has done so.
“It will be interesting to see how companies show evidence they have undertaken risk assessments,” said Michelle Williams at Clifford Chance in Washington, DC. “Is OFAC going to ask to see copies of those? It is not something you would usually share,” she added.
OFAC has called on senior management to create a “culture of compliance” by allowing employees to blow the whistle without fear of reprisal and “taking actions that discourage misconduct”. Company leaders must also approve programmes and ensure that compliance units are adequately resourced, the agency said.
The US sanctions’ enforcer used the term in a civil penalty published the same day against New York transport company Mid-Ship. The company received a $871,837 penalty for processing payments linked to Iran’s sanctioned state-owned shipping company, and OFAC said it’s “culture of compliance appears to have been deficient at the time of the apparent violations”.
While most of the guidance contains general advice for companies, OFAC has dug into specifics on a handful of issues. The agency flagged that companies should regularly update screening software to ensure it reflects current sanctions lists and also accounts for alternate spelling of words across different jurisdictions.
Much of OFAC’s compliance guidance will be familiar to US sanctions lawyers who have read OFAC’s recent decision notices, where the agency has increasingly described both positive and negative features of penalised companies’ remediation efforts. However, lawyers said the newly published guidance is helpful.
“OFAC's expectations have never been in a one-stop shop. It is helpful to have a framework document to refer to,” said Kerry Contini at Baker McKenzie in Washington, DC.
The very existence of the formalised guidance also puts companies on notice, lawyers told GIR. Cari Stinebower at Winston & Strawn in Washington, DC, who was previously a counsel at OFAC, said: “Now that this document exists, a company without a programme that contains each of the elements will be found to be lacking in its compliance.”
Stinebower moved from Washington, DC-headquartered firm Crowell & Moring to Winston & Strawn on 23 April.