19 Tips for Cracking the Code of Global Sanctions Compliance

Banner artwork by JulsIst / Shutterstock.com

Global sanctions compliance, once considered a niche practice area, often blanketed over a range of commercial contracting and broader compliance activities. Its practitioners usually have a seat at the table, but various forces, to varying degrees across sectors, are coalescing to raise its profile.

Growing attention from government enforcement agencies is a leading reason for the increasing importance of global sanctions compliance as a discipline.

As a result, this is a great period to invest time, thoughts, and possibly treasury in your organization’s global sanctions compliance program. In this article, I offer a few suggestions for this purpose.

My focus is largely limited to the economic and trade sanctions codified in regulations enforced by the Office of Foreign Assets Control within the United States Department of the Treasury. While there are meaningful differences between economic sanctions and trade sanctions, those differences are outside the scope of this article. Accordingly, I refer to “global sanctions” in a more generic way to refer to economic and trade sanctions taken as a whole. Also mostly outside the scope of this article are the global sanctions laws of jurisdictions outside the United States. A strong majority of OECD countries have global sanctions laws that bear clear parallels to those of the United States but with differences nonetheless.

Key impacts of global sanctions

At a high level, global sanctions are blocks (or freezes) on the property, assets, and interests in property or assets of sanctioned persons, so that unsanctioned persons cannot deal in or with such blocked property, assets, and interests in property or assets. 

A standard example is the blocking of a sanctioned person’s bank accounts so that unsanctioned persons (e.g., usually including banks themselves) must refrain from dealing in or with funds in such accounts. Global sanctions enforced by the Office of Foreign Assets Control (OFAC) can also reach physical assets (e.g., planes and automobiles), real property, and certain ownership interests in legal entities. Some OFAC programs are so extensive that they essentially embargo an entire country. Cuba is the best example of this but North Korea, Iran, Syria, the Crimea region of Ukraine, and portions of the Donetsk and Luhansk regions of Ukraine are also subject to comprehensive OFAC sanctions that are tantamount to embargoes. One sometimes hears the term “blockable interest” in global sanctions circles. Among OFAC’s most powerful blocking mechanisms is to prevent sanctioned persons from accessing the United States financial system, including United States dollar-denominated transactions outside the United States.

It follows that unsanctioned persons seeking to comply with global sanctions must develop programs and internal systems to identify and avoid situations in which they may otherwise have business dealings with sanctioned persons and their property, assets, and interests in property or assets. It should be noted that OFAC sanctions apply in general to United States citizens and permanent residents, persons within the United States, and companies organized under the laws of the United States (including foreign branches of those companies).

Core attributes of a global sanctions compliance program

A reliable global sanctions compliance program takes aim at the right risks. It simultaneously consolidates the right data, the right controls, and the right organizational authority into the hands of those charged with executing the program.

Businessman take a jump uniting puzzle.
A successful global sanctions compliance program requires those in charge to have the right data, the right controls, and the right organizational authority. riedjal / Shutterstock.com

Such a program features robust “know your customer” reviews, including screening all prospective outside business partners against sanctioned party lists maintained by OFAC and other regulatory bodies. A particularly vexing piece of the OFAC puzzle is the “50 percent rule,” by virtue of which sanctions are placed on otherwise unsanctioned entities that are owned 50 percent or more by sanctioned persons, whether directly or indirectly and whether solely or in aggregation with other sanctioned persons.

It should be noted that OFAC has issued valuable guidance on its expectations of global sanctions compliance program characteristics. Published in 2021, A Framework for OFAC Compliance Commitments, is a reference that should influence the continuous improvement cycles that nurture your organization’s program. This document can be found here.

A reliable global sanctions compliance program takes aim at the right risks and consolidates simultaneously, into the hands of those charged with executing that program, the right data, the right controls, and the right organizational authority.

The right risks

Any regulated organization should continuously examine its risk vectors. This is an evolutionary process that has the principal objective of pointing risk mitigation and risk management resources at the most significant risks.

This is an evolutionary process that has the principal objective of pointing risk mitigation and risk management resources at the most significant risks.

Tip 1: Focus on how funds enter and exit your organization. You should fully screen and evaluate the sources and touchpoints of incoming funds as well as the ultimate recipients (and intermediary touchpoints) of outgoing funds.

Analytic finance graph report.
Be certain to monitor all funding coming in and out of the organization to eliminate any potential risks. Graphic farm / Shutterstock.com

Tip 2: Evaluate your contractual relationships. All customers, suppliers, partners, and other outside persons with whom you have contractual relationships should be adequately vetted and screened.

Tip 3: Review your workforce. You should screen employees and contractors to ensure that your workforce does not include sanctioned individuals.

Tip 4: In light of current events, OFAC has indicated that Russia-related sanctions are top priorities.

The right data

It is an understatement to say that correct and complete data is the pillar on which the program stands. Much has been said about this, but there are some unique data factors to consider as they relate to a global sanctions program.

Tip 5: Compliance program personnel must have access to data related to new customers, new suppliers, new ventures, and new markets. A solid data analytics program can predict these developments by depicting emerging trends in T&E spending, sales opportunities notes, research and development activities, and lobbying endeavors.

Tip 6: Send questionnaires to potential customers and suppliers. Such questionnaires should probe all aspects of their business that are relevant to your global sanctions compliance posture. 

Tip 7: With reference to OFAC’s 50 percent rule, establish means of determining ownership structures of customers, suppliers, and other outside partners. Be prepared to allocate a sizeable budget toward this objective. Unlike OFAC provisions, global sanctions enforced by the European Union, the United Kingdom, and Canada sanction entities owned or controlled by sanctioned persons.

Tip 8: Use outside resources to screen and vet all outside entities with whom you do business. This should include banking relationships, ownership structures, legal entity arrangements, and the composition of boards of directors. Again, this has budget ramifications. There are numerous commercially available, subscription-based tools specifically designed to conduct such screening.

Tip 9: Do not settle for a data analytics approach that simply repackages what has already happened. You need predictions, not repackaging.

The right controls

Proper controls are essential to a global sanctions compliance program so that transactions or relationships that require further assessment are identified and paused, pending that assessment.

Regularly test the effectiveness of your controls. Don't assume they're working; you need data generated by regular testing. You should always have in-hand data that will convince enforcement officials that your controls don't just exist on paper.

Tip 10: Compliance personnel must be included in contractual negotiations, especially in requests for non-standard terms on global sanctions compliance commitments.

Tip 11: Recent enforcement actions suggest that OFAC expects internet protocol range blocking to be deployed to deny access to IT systems from embargoed territories.

Tip 12: Global sanctions assessments must be included in Accounts Payable/Receivable review procedures. These assessments must “follow the money” to evaluate hands that may touch funds in each transaction.

Tip 13: Regularly test the effectiveness of your controls. Don’t assume they’re working; you need data generated by regular testing. You should always have in-hand data that will convince enforcement officials that your controls don’t just exist on paper. United States Department of Justice has much to say on effectiveness testing as well. See, for example, the Criminal Division’s Evaluation of Corporate Compliance Programs.

Tiny people testing quality assurance in software.
Continuously conduct data testing to ensure that your controls are operating effectively. PCH.Vector / Shutterstock.com

Tip 14: Recordkeeping controls are paramount; do not overlook them. The general retention period for a “full and accurate record” is five years after a regulated transaction. 31 C.F.R. 501.601.

The right organizational authority

For a global sanctions program to be effective, personnel in positions to execute its controls in good faith must have the authority to do so and to do so swiftly. For example, this could mean halting shipments or payments, pausing the onboarding of a new customer, or ending a contractual relationship.

Tip 15: Compliance personnel must be able to influence — if not direct — colleagues in other functions. They should be a mandatory approval point for all high-risk transactions.

Tip 16: Compliance personnel must be authorized to file reports with OFAC when obligated to do so (e.g., blocked property reports, rejected transaction reports, etc.).

Tip 17: With limited exceptions, compliance personnel must be authorized to gain access to all manner of data within a corporate setting. Alliances with IT departments are key.

Tip 18: Consider creating a Global Sanctions Council chaired by global sanctions compliance leadership with quarterly meetings attended by representatives from key functions such as finance, sales, business development, and legal.

Tip 19: Compliance personnel should be among those who receive, evaluate, and address any whistleblowing concerns about global sanctions. The US government has recently incentivized whistleblowers specifically in relation to global sanctions programs.

Building a compliance compass

Global sanctions programs are currently receiving an elevated level of attention from boards, shareholders, and government enforcement agencies. Global sanctions are not only here to stay but are likely to continue to grow in their scope and complexity. Implementing an effective, enduring program in this environment is critical, and this presents a terrific opportunity for compliance professionals.

Disclaimer: The information in any resource in this website should not be construed as legal advice or as a legal opinion on specific facts, and should not be considered representing the views of its authors, its sponsors, and/or ACC. These resources are not intended as a definitive statement on the subject addressed. Rather, they are intended to serve as a tool providing practical guidance and references for the busy in-house practitioner and other readers. Information/opinions shared are personal and do not represent author’s current or previous employer.