On May 2, 2019, the Office of Foreign Assets Control (“OFAC”) issued its “Framework for OFAC Compliance Commitments” presenting a number of recommendations for the design, implementation and periodic update of Sanctions Compliance Programs (“SCPs”) by “organizations subject to U.S. jurisdiction and foreign entities that conduct business in or with the United States, U.S. persons, or using U.S.-origin goods or services.”
OFAC’s recommendations refer to the most important factors for assessing an SCP’s success, including (i) management commitment; (ii) risk assessment; (iii) internal controls; (iv) testing and auditing; and (v) training. Additionally, OFAC’s guidance has an appendix outlining the circumstances that frequently cause SCPs to fail.
OFAC prepared its guidance based on the results of recent administrative enforcement actions, including OFAC’s actions against Stanley Black & Decker, Inc. and Standard Chartered Bank, whereby the subject companies agreed to pay significant monetary penalties and enhance their compliance programs. OFAC also prepared its guidance based on the current standards, regulations, and best practices on point, including the manual issued by the Federal Financial Institutions Examination Council (“FFIEC”).
The design and implementation of an SCP consistent with OFAC’s guidance is strongly recommended for companies and financial institutions because it is a factor that OFAC will consider favorably when deciding whether to sanction an apparent violation of its regulations, or for calculating the appropriate penalty.