Acquiring or Investing in Sanctioned Companies
Contents
- 1 Analyzing OFAC Sanctions Enforcement Trends
Analyzing OFAC Sanctions Enforcement Trends
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals. OFAC has been very active in recent years, issuing new sanctions programs and bringing enforcement actions for violations of sanctions rules.
Understanding OFAC’s enforcement priorities and trends can help companies and individuals ensure they are in compliance with applicable sanctions programs. This article will analyze key developments in OFAC enforcement and highlight important lessons for sanctions compliance.
Recent OFAC Sanctions Highlights
In 2022, OFAC designated nearly 1,000 new entities under various sanctions programs, with a major focus on Russia-related measures following the invasion of Ukraine. Some highlights:
- Over 600 Russian-related designations, including major Russian banks, state-owned enterprises, oligarchs, and government officials[4].
- Numerous designations under the cyber-related sanctions program.
- Additions to the Chinese Military-Industrial Complex sanctions program.
- Designations under the Global Magnitsky sanctions targeting human rights abuses.
The unprecedented number of new Russia-related sanctions has significantly expanded the compliance burden for global companies. Firms must vigilantly screen customers, vendors, and transactions to avoid dealings with designated persons or prohibited sectors[1].
OFAC Enforcement Actions in 2022
In 2022, OFAC announced 16 public civil enforcement actions for apparent violations of various sanctions programs. This is lower than the prior two years, which saw 27 actions in 2021 and 30 actions in 2020[2].
While the overall number declined, settlement amounts remained high. OFAC collected over $1.1 billion in civil penalties in 2022, the second-highest amount ever. This reflects OFAC’s continued focus on pursuing large cases with major financial penalties[2].
Some notable 2022 OFAC settlements include:
- JPMorgan Chase Bank N.A. – $162 million for apparent violations of multiple sanctions programs[6].
- American Express – $372 million for apparent violations related to Cuba and other programs[6].
- PayPal – $7.6 million for apparent violations of global and country-specific sanctions programs[6].
These settlements serve as a reminder that even the most sophisticated global institutions struggle with sanctions compliance.
Key OFAC Enforcement Trends and Risk Areas
Analyzing OFAC’s recent enforcement actions reveals several trends and risk areas that companies should watch closely[2][3]:
Screening and Transaction Monitoring Failures
Many OFAC actions involve deficiencies in screening customer databases, vendors, or transactions for matches with sanctioned parties. Firms must screen across multiple sanctions programs and lists and conduct ongoing monitoring to detect prohibited dealings[5].
Non-U.S. Subsidiaries and Acquisitions
OFAC continues to pursue enforcement actions based on sanctions violations by non-U.S. subsidiaries of U.S. companies. Acquiring a company that has transacted with sanctioned parties can also lead to violations. Companies must ensure sanctions compliance controls extend across global operations[2].
Facilitation and Causing Violations
In addition to directly engaging in prohibited transactions, companies can face liability for causing or facilitating violations by other parties. This risk extends to banks, payment processors, and companies providing goods or services that enable sanctioned dealings[3].
Reexport Violations
Reexporting U.S.-origin goods to a sanctioned country or party can lead to violations, even if done by a non-U.S. entity. Screening for sanctioned reexport destinations is essential[2].
Exports to Russia
With expansive new Russia-related sanctions in place, OFAC is closely watching exports and reexports to Russia for signs of diversion to sanctioned end-uses or end-users[1].
Compliance Program Expectations
While enforcement actions often focus on specific compliance breakdowns, OFAC also assesses the overall adequacy of sanctions compliance programs. OFAC outlined its compliance expectations in a 2019 guidance document[3]:
- Management commitment to compliance
- Risk assessment
- Internal controls, including policies and procedures
- Testing and auditing
- Training
- Personnel accountability for sanctions compliance
Firms should evaluate their sanctions programs against these elements to identify and address gaps. Merely having a program on paper is not enough – it must be effectively implemented and consistently enforced[2].
Mitigating Potential Violations
Given the dynamic nature of sanctions programs, some compliance lapses are inevitable. However, companies can take steps to mitigate potential violations and penalties:
- Implement robust screening and transaction monitoring processes.
- Conduct periodic audits to identify program weaknesses.
- Provide regular sanctions training to employees.
- Encourage internal reporting of compliance issues.
- Undertake swift remedial actions and enhance compliance controls after identifying deficiencies.
- Consider voluntary self-disclosure of potential issues to OFAC.
Key Takeaways
As sanctions programs expand and enforcement scrutiny increases, companies must make sanctions compliance a top priority. By enhancing risk assessment, internal controls, and training, firms can reduce violations and penalties. Prompt remediation and voluntary disclosures also mitigate potential OFAC actions. With sound compliance practices, companies can manage sanctions risks and avoid severe enforcement outcomes.
References
[1] ICLG, “Russia Sanctions, OFAC Enforcement Trends, and Compliance Lessons Learned”
[2] Morrison Foerster, “U.S. Sanctions Enforcement: 2022 Trends and Lessons Learned”
[3] OFAC, “A Framework for OFAC Compliance Commitments”
[5] SSRN, “Enforcing Economic Sanctions: Analyzing How OFAC Punishes Violators of US Sanctions”
In addition to civil penalties, OFAC also pursues administrative actions against sanctions violators. These can include cautionary letters, finding of violation notices, and civil monetary penalties[4].
Key trends in OFAC’s use of administrative actions include[4][5]:
- Increasing use of non-public actions like cautionary letters to address minor or unintentional violations.
- Larger penalties for egregious or reckless violations, especially those involving high-risk jurisdictions.
- Requirements to overhaul sanctions compliance programs in addition to penalties.
- Focus on individual liability and penalties against corporate officers and managers.
While civil enforcement settlements receive more public attention, administrative actions make up the bulk of OFAC’s sanctions enforcements. Understanding potential administrative consequences is important for risk management.
Cooperation with Regulatory Partners
OFAC does not act alone in pursuing sanctions violators. It often partners with other government agencies and regulators in investigations and enforcements[6]:
- Department of Justice – criminal prosecutions
- State regulators – actions against banks and financial firms
- Securities and Exchange Commission – cases against public companies
- Federal Reserve – actions against banks under its jurisdiction
Regulatory coordination expands the consequences of sanctions violations beyond just OFAC penalties. It is critical to view OFAC enforcements as part of a broader risk management approach.
Future Outlook for OFAC Enforcement
Looking ahead, sanctions enforcement will likely remain elevated as geopolitical tensions persist globally. Companies should expect[7]:
- Continued focus on Russian sanctions violations
- Close monitoring of China-related dealings
- More enforcement actions related to ransomware payments
- Increased individual liability and penalties
- High settlement figures, especially for large institutions
While OFAC may be constrained by limited resources, sanctions compliance will stay an enforcement priority. Vigilance and adaptability will be key for managing sanctions risks.
With sanctions rules constantly changing, even companies with strong compliance programs can stumble. But those who proactively assess their sanctions exposure, adapt controls to address emerging risks, and undertake swift remediation efforts will fare far better when issues arise.