On 2 May 2019, the U.S. Treasury's Office of Foreign Assets Control ("OFAC"), the agency responsible for enforcing economic sanctions, published "A Framework for OFAC Compliance Commitments" (the "Framework") which outlines five components OFAC considers to be essential for an effective risk-based sanctions compliance program. OFAC also highlights “root causes” of sanctions violations in the Framework. The Framework offers private equity and other fund managers a detailed insight into OFAC’s expectations with respect to an organization’s sanctions compliance program for the first time.
What does this mean for private equity fund managers?
The Framework is particularly relevant following the U.S. Government's escalation of U.S. sanctions around the world, such as its recent re-imposition of sanctions against Iran and Cuba.
OFAC has included the existence of a sanctions compliance program in its baseline penalty calculation, specifically to help determine whether a corporate violation was 'egregious'. This indicates that implementing a robust compliance program can help mitigate any enforcement action if a violation of sanctions law occurs.
Application to non-U.S. entities
The new OFAC guidelines not only apply to U.S. companies generally, but also to non-U.S. companies which may find themselves subject to U.S. sanctions laws, such as non-U.S. companies that conduct business in or with the United States, that employ U.S. citizens or that use U.S.-origin goods or services. The list of “root causes” of sanctions violations listed below includes issues frequently encountered by non-U.S. companies. For example, OFAC notes that many non-U.S. entities have violated U.S. sanctions laws by processing transactions that involve a sanctioned country or person through U.S. financial institutions (almost all of which have been denominated in U.S. dollars), even if there is no other U.S. nexus to the transaction.
Five essential components of a sanctions compliance program
OFAC lists these as being:
- Management commitment;
- Risk assessment;
- Internal controls;
- Testing and auditing; and
The Framework aims to ensure that executives understand and promote corporate compliance through a top-down approach to U.S. sanctions compliance.
Root causes of sanctions violations
OFAC also provides a non-exhaustive list of the “root causes” of sanctions violations, based on historic enforcement cases, including:
- Lack of a formal sanctions compliance program;
- Misinterpreting, or failing to understand the applicability of, OFAC’s regulations;
- Facilitating transactions by non-U.S. persons (including by overseas subsidiaries or affiliates);
- Exporting or re-exporting U.S.-origin goods, technology or services to OFAC-sanctioned persons or countries;
- Utilizing the U.S. financial system for commercial transactions involving OFAC-sanctioned persons or countries;
- Sanctions screening software or filter problems;
- Improper due diligence on customers/clients (e.g., ownership, business dealings, etc.);
- Decentralized compliance functions and inconsistent application of an sanctions compliance program;
- Utilizing nonstandard payment or commercial practices; and
- Wrongdoing by key employees that may result in individual liability.
Impact on PE firms' compliance programs
Sanctions-related due diligence is crucially important in a private equity context, and U.S. government expectations regarding effective sanctions compliance programs should serve as a starting point for private equity fund managers looking to reassess or enhance their sanctions compliance programs.
Developing a robust compliance program begins with conducting a risk assessment of a firm’s business to identify those areas that may pose greater risk of violating OFAC sanctions. OFAC expects a risk based approach and private equity fund managers should tailor their compliance programs based on an assessment of the applicable risks to them and their portfolio companies.
Cost of non-compliance
A breach of sanctions is likely to be a costly error with potentially heavy civil fines being imposed. Further, a breach of sanctions can constitute a serious criminal offence and risks significant reputational damage. As stated above, implementing a robust compliance program can help mitigate any enforcement action as well as reducing the risk of the occurrence of a sanctions breach.
How can Hogan Lovells help?
- We design global sanctions compliance program and associated policies, draft and deliver training on sanctions compliance.
- We carry out risk assessments and gap analysis reports to examine private equity manager's and their portfolio companies' compliance with sanctions, as well as export controls and customs duties where this is relevant.
- We perform sanctions due diligence reviews in a private equity context to inform the extent of the due diligence efforts at various points in a transaction, and implement sanctions uplift compliance program post-closing.
- Our global International Trade team can advise on monitoring and complying with sanctions restrictions that are put in place by the UN, EU, U.S., UK, France and all relevant jurisdictions.
- We help clients understand which of their global portfolio companies, officers and employees are required to comply with sanctions and how corporate and governance structures affect the degree to which they are affected by sanctions.
- We undertake internal investigations and represent clients in external investigations conducted by U.S., EU, UK and other agencies. We can call on advice from former UK and U.S. regulators and prosecutors.