In May 2019, the Office of Foreign Assets Control (OFAC) published “A Framework for OFAC Compliance Commitments” (Framework), a long-awaited OFAC guidance on a risk-based approach to sanctions compliance programs (SCPs). Part of the U.S. Department of the Treasury, OFAC administers and enforces U.S. economic and trade sanction programs against U.S. persons and foreign entities and individuals conducting business in or with the U.S., U.S. persons, or using U.S.-origin goods or services.

According to the Framework, in enforcement actions, OFAC favorably considers persons that have effective SCPs at the time of apparent violation when applying the Economic Sanctions Enforcement Guidelines to the specific factual situation. For example, OFAC may mitigate a civil monetary penalty (CMP) upon its consideration as to the existence, nature and adequacy of an SCP, and may even further mitigate CMP when a well-developed and implemented SCP results in remedial steps being taken.

The Framework outlines the five essential components of a risk-based SCP: (1) management commitment; (2) risk assessment; (3) internal controls; (4) testing and auditing; and (5) training. Companies and individuals that may be subject to OFAC jurisdiction are encouraged to employ a risk-based approach to sanctions compliance by developing, implementing, and routinely updating their sanctions compliance programs.