As the penalties for the Office of Foreign Assets Control (OFAC) enforcement actions continue to escalate, its scope has expanded beyond Financial Institutions (FIs) to now impact organizations across every industry. Despite a temporary slowdown, non-FIs cannot afford to back off on sanctions screening without becoming vulnerable to hefty penalties—particularly as evolving pandemic-driven market conditions have led to a significant rise in online transactions.

Consider this: in 2019 there were more than 26 enforcement actions by OFAC totaling over $1.2 billion in fines—and 15 of those enforcements involved organizations that are not financial institutions.1 In fact, in recent years, 81% of fines levied by OFAC were aimed at non-bank organizations.2 For example, a U.S. technology firm was penalized for violations of the 50% Rule—OFAC’s second ever such fine.3 And, a recent OFAC penalty against a non-bank firm in February 2020 totaled over $7.8 million.4

This trend towards strict regulation continues to increase. The penalty amounts of 2019 were much higher than 2018’s number of enforcements—seven actions totaling nearly $72 million.5 It should be clear that in this accelerating regulatory environment, complacency is not an option. A proactive culture of OFAC sanctions compliance is not only necessary but essential at a time when online transactions are bringing forth consistent sanctions enforcement.

OFAC sanctions compliance is mandatory and should be proactive

Regulators already expect businesses to have a robust sanctions program in place and proactively make a strong documented effort to prevent sanctions violations. In fact, 73% of OFAC’s monetary penalties from 2013-2018 have been assessed against companies that did not submit self-disclosures.6

Newer guidelines formalize regulatory expectations and establish a measurement tool by which OFAC can calculate the extent of penalties assessed for violating. And, those penalties are just the start of what your business can experience from the impacts of an OFAC enforcement. In addition to exorbitant fines, non-compliant businesses leave themselves open to extensive reputational damage, onerous remediation costs, expensive business disruptions and diminished shareholder value.

Still, compliance is not without its obstacles. The volatile geopolitical environment coupled with risky relationships with customers, suppliers and third-party vendors creates an ongoing challenge to continually track and stay current with evolving sanctions mandates. Soaring online transactions demand global digital identity intelligence to guard against risk. So what can enterprises do to put a robust sanctions compliance program firmly in place?

Know the five essential components for OFAC sanctions compliance

First, a top-level commitment to a “culture of compliance” is key. Senior management, including leadership, executives and the board of directors, must be aligned with the program. Sufficient resources need to be allocated, including an appointed OFAC sanctions compliance officer, adequate controls and overall enterprise-wide program adherence.

Second, a risk assessment strategy that supports a risk-based approach must be designed and updated. This strategy needs to be predicated on conducting due diligence of customers, client relationships and transactions. It also must include the on-boarding and ongoing processes, as well as mergers and acquisitions.

Third, robust internal controls that include well-defined policies and procedures should be put in place. By doing so, it becomes possible to identify, interdict, escalate, report and keep records related to OFAC sanctions.

Fourth, effective levels of independent auditing and testing to evaluate the efficacy of the sanctions compliance program should be addressed. Businesses should be prepared to continually update and enhance its program including all compliance-related software, systems and technology.

And finally, sanctions-specific training is required to communicate the sanctions responsibilities of each employee. In this way, a deeper knowledge base is built across the business on sanctions compliance expectations and accountability.

Remain vigilant about common OFAC compliance mistakes

Even when the five tenets for a formal OFAC sanctions compliance program are adhered to, enterprises must still be attentive to falling victim to misunderstanding the applicability of OFAC’s regulations leading to enforcement actions. Your business is exposed to sanctions risk if it performs any of these commonplace actions:

• Facilitate transactions by non-U.S. persons, especially by overseas subsidiaries or affiliates
• Export or re-export U.S.-origin goods, technology or services to OFAC-sanctioned people or countries
• Process payments through U.S. financial institutions for commercial transactions involving OFAC-sanctioned people or countries
• Neglect to update sanction screening software and filters
• Conduct improper due diligence on customers/clients (e.g., ownership, business dealings, etc.)
• Decentralize compliance functions and inconsistently apply a sanctions compliance program
• Use non-standard payment or commercial practice

In addition, OFAC states that if there is individual liability of managers, supervisors and senior management, then both entities in violation and the people responsible for the violation can be held liable.

Optimal OFAC compliance can coexist with core business objectives

With the trajectory of OFAC expansion in its pursuit of sanctions enforcements expanding rapidly, the time, effort and expense of compliance may seem daunting. It is making increasing sense for businesses to leverage global digital identity intelligence while not compromising their budgets or operations timelines.

Solutions are available that provide a full range of industry-trusted sanctions risk assessment tools, combining award-winning global digital and physical risk intelligence with innovative technologies. These solutions can help quickly determine the risks that customers, vendors and third-party suppliers may represent. Now is the time to achieve an effective cost-efficient sanctions strategy that supports your core business.

For more information on watchlist screening, call 1-800-953-2877 or visit this webpage.

1, 4 and 5. https://www.treasury.gov/resource-center/sanctions/CivPen/Pages/civpen-index2.aspx
2. Compliance Week, “Understanding OFAC: A Best Practices Compliance Guide for All Businesses,” 2018
https://www.complianceweek.com/thought-leadership/understanding-ofac-a-best-practices-compliance-guide-for-all-businesses/23765.article
3. Karp, Brad, et al., “Economic Sanctions and Anti-Money Laundering Developments: 2018 Year in Review,” February 21, 2019
https://wp.nyu.edu/compliance_enforcement/2019/02/21/economic-sanctions-and-anti-money-laundering-developments-2018-year-in-review
6. Paner, Jeremy, “Nearly 75 Percent of OFAC Penalties Have One Commonality,” Trade Sanctions Blog, https://www.lexology.com/library/detail.aspx?g=18b2cd91-1758-45b7-8e80-74ebeb6ca3fa