Now, more than ever, sanctions lists are growing daily, and therefore navigating the challenges related to compliance is becoming more complex. In the region, prominent US sanctions already exist with respect to Iran, Syria and Yemen. There has been talk of US sanctions against Iraq and Turkey.
A prime example of prominent sanctions are those that the United States on November 5, 2018 fully re-imposed on Iran. These sanctions had been previously lifted or waived under the Joint Comprehensive Plan of Action (or ‘Iran deal’). Given the recent tensions between the US and Iran, the US is aggressively continuing its campaign of maximum financial pressure on the Iranian regime and intends to strenuously enforce the sanctions that have come back into effect as well as newly announced sanctions.
While historically enforcement actions have been more prevalent in the financial services sector, regulatory bodies are increasingly turning their attention to other industries which have recently been subjected to significant fines. The US Department of the Treasury has issued 22 enforcement actions along with a record of USD1.3 billion in total penalties in 2019 alone.
Consequently, sanctions and compliance continue to remain critical factors for businesses across all sectors.
While not exhaustive, the following are some proactive measures which should be taken by companies to mitigate the risk of violating sanctions:
- Understanding international sanctions regimes: Companies should obtain an appropriate level of understanding of international sanctions regimes, seek information from professionals to the extent necessary, and conduct research to make a determination as to the legality of their transactions under the relevant sanctions’ laws. Entities should check with their regulators regarding the suitability of specific programs to their unique situations. For example, the US Office of Foreign Assets Control (OFAC) issues public advisories on important issues related to sanctions, and while these documents may focus on specific industries and activities, they should be reviewed by any party interested in OFAC compliance.
- Due diligence: It is important for companies to conduct continuous due diligence on their entire supply chain, including customers and clients (and their respective partners and affiliates) to ensure the continued sanctions compliance of all stakeholders so that none of them become subject to sanctions or penalties. All stakeholders should be subject to periodic KYC checks.
- Risk assessment: The assessment may include risks posed by clients, customers, products, services, supply chain, intermediaries, counterparties, transactions, and geographic locations. For example, an anti-bribery/anti-corruption risk assessment, may be a good foundation for a sanctions risk assessment.
- Sanctions compliance officer: Companies should designate an individual with the primary responsibility for integrating the company’s policies and procedures into the daily operations of the company or a dedicated “sanctions compliance officer”. The sanctions compliance officer should be charged with assisting in the development of a compliance program and to monitoring and verifying that procedures are being followed.
- Formulate a sanctions compliance program: Companies should develop and implement a sanctions compliance program and policy manual in order to understand what actions can and cannot be taken. There is no single compliance program suitable for every company. It is further recommended that the sanctions compliance program be subject to regular review and, when necessary, routinely updated.
- Internal controls: The purpose of internal controls is to clarify expectations, define procedures and processes pertaining to sanctions compliance (including reporting and escalation chains), and minimize the risks identified by the company’s risk assessment. Policies and procedures outlining the sanctions compliance program should be easy to follow, capture the organization’s day-to-day operations, and designed to prevent employees from engaging in misconduct.
- Training: The training program on the company’s sanctions compliance program should be provided to all appropriate employees and personnel (and, in particular, business units operating in high-risk areas) on a periodic basis, and at a minimum, annually.
- Use of Technology: Invest in software or update sanctions screening software to comply with sanction regulations.
- Reporting: Companies should put appropriate procedures in place to identify, escalate, and report transactions that are in violation of sanctions regulations (voluntary self-disclosure).
- Contractual safeguards: Companies should include contractual exit rights in all agreements with their counterparties whereby, should enforcement action be taken against a counterparty, the company has the right to remove itself from the transaction.
- Snap-back safeguards: Measures taken by companies should include specific sanctions-related force majeure provisions and sanction termination and wind-down provisions which can provide contractual protection in the event that sanctions are re-imposed in the case of snap-back.
- Documenting: It is imperative for corporates to document and report all sanctions compliance efforts (for example, keep a written record of their screening policy and be able to justify the timescales and frequency of screenings). Their systems and checks should ensure a documented trail of all actions taken in such matters.
* * *
A company in noncompliance may be opening itself to adverse publicity, fines, and even criminal penalties (if violations are other than inadvertent). Taking preemptive actions would enable a company to show that it has proactively taken steps to structure its operations to ensure that it is compliant with sanctions in an open and transparent manner. Such preventative measures would significantly reduce the potential risks of costly sanctions violations and provide a company with a competitive advantage of being in a better position to navigate sanctions. ■