Understanding OFAC- administered sanctions programs

The US government is increasingly looking to economic sanctions programs to achieve foreign policy and national security objectives, and businesses that intend to operate in the global marketplace must develop strategies for complying with rapidly changing regulations in this area.

Economic sanctions programs, which are administered by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC), have been particularly effective in weakening countries, such as Iran, that the government views as a national security threat. They have also served as an integral component of America’s counter-terrorism strategy. As a result, OFAC and the Department of Justice have intensified their enforcement efforts and aggressively pursued potential violators throughout the world. Like the Foreign Corrupt Practices Act before it, economic sanctions enforcement is poised to be the next major focus for government regulators.

Companies that hope to succeed in cross-border business must develop a strong compliance infrastructure to address substantial and challenging OFAC compliance risks for US persons and entities, as well as those who fall within US jurisdiction or wish to access the US financial system. This article provides an overview of OFAC sanctions programs, describes the main components of an effective compliance program, and identifies specific compliance challenges due to recent developments in sanctions enforcement.

Types of economic sanctions

Federal statutes and presidential executive orders serve as the basis for OFAC-administered sanctions programs. The three most prominent federal statutes that empower the president to designate targets of economic sanctions are the International Emergency Economic Powers Act, the Trading with the Enemy Act and the Antiterrorism and Effective Death Penalty Act. Under these statutes and related executive orders, sanctions programs may be either unilateral (administered only by the US) or multilateral (administered in coordination with other countries).

Sanctions programs are split into two categories: country-specific sanctions and sanctions that target specific individuals or entities. Within country-specific sanctions programs, there are comprehensive trade prohibitions and partial trade prohibitions. These programs ‘block’ the transfer of assets to designated countries and use other trade restrictions to further US foreign policy objectives. Comprehensive sanctions programs, which block all trade with sanctioned countries, are administered against Burma (Myanmar), Cuba, Iran, Sudan and Syria. Selective sanctions, which impose trade restrictions that target specific activities, are administered against countries such as Lebanon and Libya.

The second category of sanctions targets specific individuals and entities that are named in OFAC’s Specifically Designated Nationals and Blocked Persons (SDN) list. The SDN list contains thousands of names and is continually updated by the Treasury Department. Business transactions of any sort with SDNs are prohibited.

Preventing violations of OFAC sanctions

Violations of OFAC sanctions can lead to severe civil and criminal penalties, including substantial jail terms for individual executives. Given the complexity of many business transactions and the large number of parties involved, US companies or companies subject to US jurisdiction should undertake the following four primary measures to ensure compliance with sanctions programs.

Assess risk. OFAC-administered sanctions programs can implicate direct and indirect relationships. The company must understand each component of a business transaction and know who the relevant parties to the transaction are. In addition to counterparties, the company should consider how a transaction is to be financed. Once that information is identified, the company should thoroughly analyze the risks involved in any transaction using the procedures described later in this article. All risk rating systems should describe the transaction, the level of risk involved, and the resolution of any OFAC-related issues. The risk rating process should be standardized and well documented. In connection with assessing risk, companies should bear in mind that OFAC prohibits the ‘facilitation’ (approval, financing or assistance) of an unlawful transaction.
 

Adopt policies and procedures and conduct training. OFAC-administered sanctions change frequently in response to developments in US foreign policy. Companies should adopt policies, procedures and training processes to help employees understand how to spot issues and communicate with legal and compliance professionals when necessary. Company personnel should understand that economic sanctions risk assessment and review diligence is a necessary part of transactional due diligence. In the instance of a possible violation, OFAC has the power to issue document subpoenas. Thus, the company’s policy should address document preservation obligations and the procedures for communicating with government regulators. Once policies and procedures are in place, the company should ensure that its employees are trained on each component of the compliance program.     
Audit the compliance process. Once policies and procedures, including a risk rating system, are adopted, companies should audit their compliance processes. An audit may involve a review of company documents or a test of the compliance program based on a hypothetical business transaction. The use of outside auditors, such as lawyers or those with a counterterrorism background, should be considered. Companies should audit their compliance process at least yearly.

Engage with the regulator. Finally, companies should consider seeking guidance from OFAC before engaging in transactions that may pose a high degree of legal risk. OFAC attorneys will provide general guidance by phone, although OFAC will not be bound by any informal oral advice. More detailed advice can be obtained in writing or through face-to-face meetings with OFAC staff. If a company has serious concerns about a transaction that cannot be resolved through informal communications with OFAC, it is advisable to formally apply for a ‘license’ to engage in the transaction. Such licenses – which can permit either a certain category of transactions or a single transaction – may be obtained from OFAC through a formal written request setting forth in detail the proposed transaction.

Current compliance challenges

A comprehensive compliance program is necessary because the breadth and targets of economic sanctions change fluidly in response to government foreign policy objectives. As described below, many of these changes affect cross-border business transactions.

Country-specific changes. The scope of the sanctions program relating to Iran, a major foreign policy focus, changes almost daily. Many of these changes concern the Iranian petroleum industry. For example, pursuant to the Comprehensive Iranian Sanctions and Divestiture Act and the National Defense Authorization Act, the United States is enforcing its sanctions extraterritorially by threatening to bar foreign persons and institutions from the US financial system for acts contrary to the objectives of the sanctions regime. The sanctions program relating to Burma is also changing – unlike Iran, the government is easing sanctions for Burma, which may expand opportunities for trade.

Facilitation. OFAC’s evolving interpretation of what constitutes ‘facilitation’ of a transaction has had a significant impact on the manner in which cross-border business is done.

Multilateral sanctions. The increased use of economic sanctions by members of the European Union and the United Nations can give rise to inconsistent requirements for cross-border businesses.

Sanctions programs apply to most foreign transactions, and failure to comply can lead to harsh civil and criminal penalties. Thus, companies that ignore sanctions programs do so at great risk. The US government has aggressively pursued companies engaging in bribery of foreign officials and money laundering. Given the importance of the foreign policy objectives as the core of OFAC, the government is likely to be equally aggressive in pursuing violations of OFAC sanctions. Companies would be well advised to combat such risk by developing a comprehensive compliance program, taking into account recent developments in the law.
                
OFAC frequently asked questions

What countries do I need to worry about in terms of US sanctions?

OFAC administers a number of US economic sanctions and embargoes that target geographic regions and governments. Comprehensive sanctions programs include Burma (Myanmar), Cuba, Iran, Sudan and Syria. Other non-comprehensive programs include the Western Balkans, Belarus, Côte d’Ivoire, Democratic Republic of the Congo, Iraq, Liberia (Former Regime of Charles Taylor), Persons Undermining the Sovereignty of Lebanon or Its Democratic Processes and Institutions, Libya, North Korea, Somalia and Zimbabwe as well as other programs targeting individuals and entities located around the world.

Those programs currently relate to foreign narcotics traffickers, foreign terrorists, transnational criminal organizations and WMD proliferators. It is important to note that in non-comprehensive programs there are no broad prohibitions on dealings with countries, but only against specific named individuals and entities. The names are incorporated into OFAC’s Specially Designated Nationals and Blocked Persons (SDN) list, which includes over 6,000 names of companies and individuals who are connected with the sanctions targets. A number of the named individuals and entities are known to move from country to country and may end up in locations where they would be least expected. US citizens are prohibited from dealing with SDNs wherever they are located, and all SDN assets are blocked.

Entities that a person on the SDN list owns (defined as a direct or indirect ownership interest of 50 percent or more) are also blocked, regardless of whether that entity is separately named on the SDN list. Because OFAC’s programs are dynamic and constantly changing, it is very important to check the agency’s website on a regular basis to ensure that your SDN list is current and that you have complete information regarding current restrictions affecting countries and parties with which you plan to do business.

Who must comply with OFAC regulations?

All US persons must comply with OFAC regulations, including all US citizens and permanent resident aliens regardless of where they are located, all persons and entities within the United States, and all US-incorporated entities and their foreign branches. In the cases of certain programs, such as those regarding Cuba and North Korea, all foreign subsidiaries owned or controlled by US companies must also comply. Certain programs also require foreign persons in possession of US-origin goods to comply.

How much are the fines for violating these regulations?

The fines for violations can be substantial. Depending on the program, criminal penalties can include fines ranging from $50,000 to $10,000,000 and imprisonment ranging from 10 to 30 years for willful violations. Depending on the program, civil penalties range from $250,000 or twice the amount of each underlying transaction to $1,075,000 for each violation.

Is there a mechanism for a company to report its past undetected violations of OFAC regulations for completed transactions? Is any type of ‘amnesty’ available for inadvertent failure to comply prior to the company becoming aware of the OFAC regulations?

Yes, a company can and is encouraged to voluntarily disclose a past violation, and self-disclosure is considered a mitigating factor by OFAC in civil penalty proceedings. Self-disclosure should be in the form of a detailed letter, with any supporting documentation, to Adam Szubin, director, Office of Foreign Assets Control, US Department of the Treasury, 1500 Pennsylvania Avenue, NW, Washington, DC 20220. OFAC does not have an ‘amnesty’ program. The ramifications of non-compliance, inadvertent or otherwise, can jeopardize critical foreign policy and national security goals. OFAC does, however, review the totality of the circumstances surrounding any violation, including the quality of a company’s OFAC compliance program.

Source: www.treasury.gov Resource Center