OFAC Publishes New Framework for Compliance Commitments

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), which administers and enforces U.S. economic and trade sanctions programs, recently published an updated framework for compliance commitments. OFAC strongly encourages entities subject to its regulations to employ strong, risk-based sanctions compliance programs. The May 2, 2019 framework outlines five essential components that OFAC encourages be included in any sanctions compliance program. These five components are:

• Management commitment;
• Risk assessment;
• Internal controls;
• Testing and auditing; and
• Training.

It is critical that any entity under OFAC jurisdiction review the newly-released compliance framework carefully and implement or modify its sanctions compliance program accordingly. In the event of a violation, OFAC will consider more favorably a company that had an effective sanctions compliance program in place at the time of the apparent violation, and such a program can have a considerable impact on the amount of any penalties imposed.

Similar compliance guidelines have been published by other U.S. government agencies overseeing sanctions, financial crime, and export controls. For example, the Department of Justice recently published “Guidance on Evaluating Corporate Compliance Programs.” The Department of State’s Directorate of Defense Trade Controls also provides compliance program guidelines, and the Department of Commerce’s Bureau of Industry and Security likewise has published extensive export compliance guidelines.

While the key compliance elements recommended by OFAC broadly track those endorsed by other U.S. government agencies, OFAC also included an appendix to its framework that provides examples of common sanctions pitfalls taken from public enforcement actions. This summary is particularly useful for companies just starting to implement a sanctions compliance program, but also provides a good refresher for entities with more sophisticated compliance functions. For example, given OFAC’s strict liability regime, it is important to be mindful of the balance between efficiency when screening customers and other business partners and ensuring that your company’s searches are not so narrow that they miss alternative spellings for sanctioned persons or countries. The appendix also lays out some issues frequently encountered by non-U.S. companies, such as the fact that processing a U.S. dollar-denominated transaction through a U.S. financial institution can result in a prohibited activity if a sanctioned country or person is involved, even if there is no other U.S. nexus to the transaction.

Wiley Rein has unparalleled sanctions compliance experience. Should you have any questions regarding OFAC’s recently published framework for compliance commitments, or any of the other compliance guidelines identified above, please do not hesitate to contact one of the members of the international trade and national security practices listed on this alert.