When you think sanctions, there are a few things that probably come to mind: Iran, North Korea, possibly Russia. You may envision munitions being smuggled in Cold War-era trucks by rogue factions of defunct military groups. You may think only bad actors such as known terrorists are direct targets of U.S. sanctions, and that only companies operating within the U.S. are subject to sanctions rules. If you think this, you’d be wrong.
U.S. sanctions are much broader than you’d expect
The agency responsible for U.S. sanctions is the Office of Foreign Assets Control (OFAC), a division of the U.S. Treasury Department. OFAC’s sole function is to enforce the economic and foreign policy goals of the executive branch of the U.S. government, and the primary way it does this is through economic and trade sanctions. OFAC puts in place sanctions on specific nations, entities or individuals to prevent groups that are deemed a threat from getting access to resources such as technology, funds, aid and even shelter. It also has the power to enforce those sanctions by placing crippling fines and penalties, criminal liability and loss of trade privileges on individuals or companies that violate the sanctions. However, what could be most damaging is a company’s reputational risk following the publication of any such violation.
Of course, any company based in the U.S. is subject to OFAC’s jurisdiction. So are companies that operate within the U.S. or import to the U.S. But OFAC’s reach is much, much broader than this. In fact, in light of recent enforcement actions OFAC has taken, it’s difficult to see how any company or individual anywhere in the world would be safe in assuming they aren’t subject to OFAC’s sanctions authority. OFAC’s reach also includes e-commerce transactions conducted over the internet and shipped from locations anywhere in the world.
Recent fines reveal enhanced compliance risks
In July 2020, a U.S.-based e-commerce, retail and data giant agreed to pay OFAC $134,523 to settle its potential civil liability for apparent violations of multiple OFAC sanctions programs. According to OFAC, the organization violated multiple U.S. sanctions by providing goods and services to persons on OFAC’s Specially Designated Nationals and Blocked Persons List (SDN List), including individuals located in sanctioned regions of Crimea, Iran and Syria, and people employed by the sanctioned embassies of Cuba, Iran, North Korea, Sudan and Syria. The company also failed to send timely notifications to OFAC of certain transactions, as required.
Managing the risks now requires technology plus a robust internal program
OFAC determined the source of the apparent violations to be faulty screening procedures: the company’s automated processes failed to properly analyze all data required for compliance with OFAC sanctions. For example, the company’s screening system did not flag several hundred transactions that involved individuals whose names appeared on the SDN List, even when the name on the sales order was an exact match with that on the list.
OFAC strongly encourages organizations under its jurisdiction—which is most of them—to develop, implement and routinely update a sanctions compliance program (SCP) based on their risk level. While each risk-based SCP will vary depending on a variety of factors—including the company’s size and sophistication, products and services, customers and counterparties, and geographic locations—each program should be predicated on and incorporate at least five essential components of compliance:
- Management Commitment
- Risk Assessment
- Internal Controls
- Testing and Auditing
Companies that proactively manage their compliance programs and voluntarily report violations are much more likely to avoid severe consequences. Using an accurate, reliable software solution is another critical element that OFAC has specifically highlighted numerous times.
Automated screening for sanctioned parties is a crucial component
One essential component of any strong compliance program’s internal controls is a method to screen all the crucial details of every transaction to identify potential sanctions violations. The restricted party screening (RPS) engine within E2open’s export compliance software is one such tool. It automatically screens individual or large volumes of partner records against over 680 restricted party lists (including OFAC’s SDN List), 180 countries and roughly 98% of world trade, identifying individual transactions with potential sanctions risk for your review.
The names of companies, persons, entities, regions and even towns are in constant flux. New entities incorporate, and others disband daily. People use aliases and other forms of obfuscation to avoid detection. Because of these dynamic variables, there is no individual industry, sector or geographic default approach to screening for restricted parties—and no software tool—that can be applied with universal certitude. Instead, strong sanctions compliance programs depend on individuals knowledgeable about their legal requirements, the products they sell and their business and its associated geographies—accompanied by powerful automation technology to monitor transactions.
The importance of tuning even the most powerful RPS process
To better facilitate that compliance screening program and cater to individual customer needs, E2open created the ability to “tune” the RPS engine. Every customer is different, and while no screening application will create a 100% foolproof solution, E2open recommends performing a tuning exercise with clients whose profiles might make them more risk-sensitive or exposed to scrutiny. This gives the customer a greater understanding of the solution and improved confidence regarding how the tool fits into its compliance program.
Using the application dictionaries, word-weighting capabilities and advanced secondary screening logic, the tool can be refined to focus on any special areas of concern brought to light by the tuning exercise. Typically, this is done using customer data—sometimes seeded with known sanctioned persons or entities. The results are then analyzed, refinements performed on the RPS engine, and the exercise repeated until the results of screening tests are acceptable.
The best compliance tools are driven by the best trade content
E2open’s RPS engine is driven by the industry’s most comprehensive database of government regulations and international business rules, included in E2open’s Global Knowledge® application. Our internal team of trade experts around the world gather, translate, interpret and update country-specific trade regulations. Having a robust trade content database like Global Knowledge provides many notable advantages for global trade, such as the ability to automate your participation in free trade agreements.
OFAC’s arm reaches all over the world, and companies must have a robust, proactive process in place to comply with all that OFAC requires. E2open enables you to automate that process using the most powerful, most accurate, most comprehensive trade compliance solution available.