In the past, many businesses operated under the misconception that banks were solely responsible for sanctions compliance. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has disabused large companies of this misunderstanding through significant monetary penalties against a broad array of businesses outside the financial industry. Today, both U.S.-based international businesses and non-U.S. companies that conduct business in the United States and/or with U.S. companies generally understand the importance of having a sanctions compliance program commensurate with their risk profile.
Most companies, however, do not adequately consider whether they are getting the most out of their compliance programs. Narrowly tailored compliance programs that only serve to avoid sanctions violations do not provide optimal returns on investment. Fully functioning compliance programs have the potential to generate significant revenue, especially for high-risk businesses. For these businesses, compliance functionality should not be judged exclusively on the business opportunities lost because of sanctions compliance concerns.
OFAC generally assesses civil monetary penalties against high-risk businesses: large, commercially sophisticated companies in highly-regulated industries. The agency uses the standards established by the U.S. Small Business Administration in its consideration of the size of a business. These standards are based on either the average annual receipts or the average employment of a firm, depending on the specific industry.
High-risk companies typically have an international customer base and supply chain, as well as overseas subsidiaries and/or branches. Sanctions compliance risk for U.S. companies increases proportionately with enhanced foreign contacts. Non-U.S. companies should measure their risk and compliance programs in relation to their reliance on U.S.-origin goods and services, including U.S. person directors and employees, and connections to the U.S. financial system.
Questions to Consider
Formal auditing and testing that only examine the protective nature of sanctions compliance programs fail to provide a complete assessment. It may be helpful for both U.S. and non-U.S. companies to consider the full value of their programs by considering the following three relatively simple questions:
- What potential business opportunities have been declined because of sanctions compliance concerns?
- When has the compliance program facilitated business?
- How does the program assist business operations in adapting to changing regulations and compliance expectations?
The first inquiry may reveal whether a program has the appearance of a paper tiger or window dressing. Clear, well-written policies and procedures are an important foundation, but documents alone do not form an adequate program. Depending upon the specific industry, it may be advisable to maintain a file of rejected business and a record of any additional action stemming from the discovery of derogatory information.
The second and third suggested questions help to evaluate the relationship between compliance and revenue generation. Although it is not always possible to do so, programs should seek to resolve compliance issues in favor of scrutinized deals or transactions with minimal interruptions to business operations. Compliance programs should seek positive results through interpretation of general licenses, submission of specific licenses, and interpretive guidance requests to authorize business that may otherwise be prohibited as a matter of law.
We will continue to monitor sanctions compliance developments and best practices and publish updates as new developments arise.