Businesses are now on notice that the U.S. Department of Treasury, Office of Foreign Assets Control (“OFAC”) intends to use its enforcement powers to police a broad array of potential interactions and relationships with sanctioned parties that cannot reliably be captured through traditional transaction due diligence and screening protocols because they involve early stage, informal and even undocumented relationships. In a series of decisions and guidance, OFAC has decisively confirmed it will penalize firms that fail to identify sanctioned party relationships arising during pre-transaction negotiations or involving sanctioned parties merely acting on behalf of transaction counterparties.
Given the amorphous nature of the interactions that can raise such sanctions risks, global businesses have been struggling to adapt their compliance procedures to address these threats. Clear and documented sanctions screening protocols are critical to an effective compliance program, but it is unlikely that any formulaic screen could contemplate every relationship that may raise sanctions risks, given the fast paced and evolving landscape of international business. The evolution of OFAC's thinking highlights the need for tailored, risk-based training of personnel who might interact with sanctioned individuals so they can (i) accurately gauge the substance of their relationships, (ii) weigh the relevant sanctions risk factors, and (iii) elevate potential sanctions issues that may merit further review.
THE BACKSTORY: OFAC'S EVOLVING EXPECTATIONS REGARDING "DEALINGS" WITH SANCTIONED PARTIES
In February 2017, OFAC issued guidance in relation to Venezuela sanctions clarifying that U.S. persons are prohibited from "engaging in transactions and dealings with" individuals named on OFAC's Specially Designated and Blocked Persons List, commonly referred to as the "SDN List," including "by entering into contracts that are signed by an SDN, entering into negotiations with an SDN, or by processing transactions, directly or indirectly, on behalf of [an] SDN."1 In November 2017, OFAC issued further guidance reminding U.S. persons of this restriction and encouraging caution in interactions with the Venezuelan government and state-run oil company Petroleos de Venezuela, S.A. (PdVSA), to ensure that U.S. persons' interactions with those entities in relation to potential debt restructuring discussions did not involve any SDN.2
In July 2017, OFAC imposed a penalty on oil and gas giant ExxonMobil Corporation ("Exxon") under the Ukraine-Related Sanctions Regulations in connection with an agreement between Exxon and Rosneft OAO, an oil company owned by the Russian government.3 While the transaction at issue was lawful, OFAC took issue with the fact that the agreement was countersigned by a Rosneft executive, Igor Sechin, who had been named to the SDN List a few weeks prior to execution.4
In November 2017, OFAC issued a finding of violation against a Massachusetts maritime registry company, Dominica Maritime Registry, Inc. ("DMRI"), in relation to violation of the Iranian Transactions and Sanctions Regulations.5 DMRl's violation was based on the company having entered into a pre-transaction Memorandum of Understanding with the National Iranian Tanker Company ("NITC"), an entity which was at that time an SDN.6
While from a technical perspective applying sanctions regulations to a particular set of facts may be complicated (and can at times appear to border on the metaphysical), from a practical, compliance-oriented perspective the upshot of OFAC's guidance and enforcement posture is fairly straightforward: any business relationship involving a sanctioned person or entity at any stage, in any capacity, raises significant risks that should be effectively identified, elevated, evaluated and addressed by compliance personnel.
TARGETING YOUR RISKS AND TAILORING A PROACTIVE COMPLIANCE RESPONSE
The risk of encountering a sanctioned party while interacting with a legitimate, non-sanctioned counterparty may be significant, particularly when operating in regions or industries that have been targeted by sanctions. Any involvement with a party consequential enough to be sanctioned is likely to be magnified in hindsight by regulators and the media through the prism of the sanctioned party's bad acts and affiliations. In today's regulatory environment, screening the typical players at traditional transactional inflection points isn't sufficient to address sanctions risks because individuals who may be broadly "involved" in a negotiation or transaction are fluid and their names may not necessarily even appear on the documents that could be mined for a traditional compliance protocol using a list-based screening methodology.
Ultimately, while screening is important, screening protocols are passive compliance tools that must be supported by active engagement from those most knowledgeable about the transactions at issue and best suited to identify risks as each transaction evolves. A successful compliance program will create a prominent role for business personnel to evaluate and inform sanctions screening on a transaction-by-transaction basis.
TRAINING, TRAINING, TRAINING
In this regard, training matters. An effective in-house sanctions training plan will be informed by practical considerations about real world operations, examining touch points with targeted countries, regions and industries. Focused training should target all personnel who might interact with a sanctioned party- for instance, an analyst who might need to discuss restructuring of Venezuelan government debt, a trader who might have occasion to negotiate with a sanctioned Iranian tanker company, or any employee charged with interacting with foreign government officials or their affiliates in regions targeted by sanctions.
Furthermore, particularly with risks as dynamic as sanctions, creating an effective first line of defense is more than an annual compliance presentation broadly identifying countries and regions subject to U.S. sanctions and directing further on-the-run questions to the compliance department. A modern sanctions compliance program will incorporate a comprehensive training plan that empowers relevant business personnel to proactively identify risks that may involve entities and persons not directly party to a transaction as well as arming them to be alert to red flags in information that would not normally be available to the compliance personnel. An ideal training program will ensure that key personnel receive detailed and specific information about relevant sanctions restrictions along with up-to date information about OFAC guidance and a clear view of the broad array of potential interactions and relationships with sanctioned parties that should be identified and elevated for further internal review.