How supply chain professionals can smoothly navigate sanctions

Jag Lamba

Jag Lamba

Jag Lamba (jag@getcerta.com) is the Founder & CEO of Certa in Saratoga, California, USA.
6 minute read

By Jag Lamba

We’re well over a year since the Russian invasion of Ukraine, and resulting sanctions continue to be a priority topic for businesses around the world. In the United States, the U.S. Office of Foreign Assets Control (OFAC) has been kept quite busy because of these developments overseas. Part of the U.S. Department of the Treasury, OFAC’s broad goals are to prevent financial crimes, drug trafficking, and weapons proliferation through economic and trade sanctions that align with national security and constantly evolving foreign policy goals.

Sanctions on individuals, organizations, and the broader Russian regime are not the only sanctions in play, of course. Many other entities have been sanctioned in recent years, and undoubtedly more will be in the future. US-based organizations and those doing business here need to keep on top of the latest sanctions landscape; the inability to stay compliant with these regulations can result in fines that are costly in both terms of finance and reputation.

With the geopolitical environment more volatile than it has been in recent memory, it’s going to remain hard to know where the next sanctions will be pointed. Therefore, it’s hard, if not impossible, to know in advance where our businesses will need to divest in short order once those sanctions come down. What we can do, though, is treat current and yet-to-be-realized sanctions like any other risk category and build stronger capabilities for tracking, assessing, and mitigating sanctions risks.

The procurement department has evolved into a kind of compliance hub for today’s organizations, handling risks around data privacy; environmental, social, and governance factors; information security; and other compliance areas with as much transparency as possible. This is largely due to chain managers’ proximity to suppliers’ data and the robust third-party management tools that allow data to flow securely and efficiently between departments as needed.

As a result, much of the burden of assuring sanctions compliance and related risk has fallen to those managing the supply chain. How can supply chain risk managers keep up with sanctions and steer clear of fines and reputational damage? Let’s dive in.

Not to be ignored: The OFAC 50% rule

Are my suppliers on a sanctioned list? It’s a simple question that rarely has a simple answer, but getting it wrong could be incredibly costly. In a perfect world, it would be as easy as looking up the list of sanctioned—also referred to as “blocked”—companies and making sure none of your suppliers or partners were included on the list. The reality, though, is more complicated.

Enter the OFAC’s “50% rule,” which stipulates that not only are the individuals and organizations on a blocked list subject to sanctions, but so are any companies with “combined ownership by sanctioned . . . parties of 50 percent or more.”[1]

What goes into a combined 50% is not always clear, and it’s very common for sanctioned entities to hide their ownership structures to try and keep doing business. That means companies need to be extraordinarily vigilant and do their homework on current and potential future suppliers. Even if there is a significant degree of separation between a blocked individual or company and a supplier (there could be parent companies, shell corporations, subsidiaries, and more in the way, obfuscating true ownership), that doesn’t matter. A company that continues to work with that supplier could be fined if it turns out that the blocked entity has a large enough ownership stake or controlling power in the supplier or the companies that own that supplier.

If this sounds complicated and difficult to pinpoint, that’s because it is. Getting an accurate view of a company’s potential sanctions risks via their suppliers requires a lot of transparency into those suppliers, preferably from the point of onboarding. How do you get there?

Automation to the rescue

Manually searching hundreds or thousands of suppliers’ ownership structures, then tracking them on an ongoing basis is frankly not feasible. It would be an incredible drain on departmental resources, as it would take hours upon hours of employee time, manual recording, and reporting, and it would introduce many opportunities for human error that could lead to a financially costly mistake. And then that process would need to be done repeatedly since ownership structures and sanctions lists change regularly.

Several features through third-party management platforms can automate this crucial activity, however. Up-to-date visibility into the ownership structures of many suppliers is possible when these lifecycle management platforms are connected to third-party data (think Dun & Bradstreet, Moody’s, and Sayari). This connectivity allows for routinely updated data to be fed to procurement teams without the need for resource-intensive manual intervention.

Screening all suppliers for sanctions risks automatically will be crucial in staying compliant no matter what new sanctions arise in the coming years. Advancements in these risk-management platform technologies in recent years have made it possible for current suppliers to be run through a careful check and for a close screening to take place when a company is considering potential new suppliers. Whenever something troubling is found—a connection to a blocked entity or other significant risk factors—the system can automatically flag it and notify supply chain professionals so they can act.

With new sanctions being enacted regularly, there’s always the chance that a previously clear supplier suddenly is “blocked,” and now represents a huge potential risk to companies continuing to do business with them. Automation functions are the quickest way to be notified of any newly problematic connections throughout the supply chain whenever new sanctions are implemented.

An added wrinkle

Complicating the ability to efficiently track sanctions compliance throughout supply chains, in late 2022, the European Union Court of Justice removed the requirement for companies’ ownership to be publicly available.[2] In some cases, this could make it easier for organizations to obfuscate their ownership structure—making it harder for supply chain professionals to check if their suppliers are running afoul of the OFAC 50% rule.

Time will tell the extent of the impact of this ruling and whether something rises up to serve a similar function in the international business community. But this uncertainty is even more reason to put systems into place that can track, analyze, and share relevant third-party data throughout a company. There might be some road bumps in getting that data into the third-party management platform; however, with the right tools and technology, companies can secure the right information to automate and make transparent what they can. One way is to require suppliers—especially new ones during onboarding—to self-report their ownership structures. This won’t have the same impact as a fully automated feature pulling from third-party data sources, but it’s a starting point that can help make any manual work to fill in gaps in known ownership structures more feasible.

Acting now

There are dozens of sanctions programs in place now, all looking to discourage the continuation of work with certain countries, individuals, or groups.[3] The geopolitical volatility that has ramped up in recent years shows no signs of abating; therefore, the chances of new sanctions are high. Businesses that equip their supply chain managers with the means to automate and make visible crucial ownership and compliance violations data will navigate any new regulations and sanctions with much less disruption than those who don’t. This represents significant potential for gaining ground against competitors unprepared for that uncertainty.

Helpfully, the same technologies that can help monitor sanctions compliance are also able to measure the impact a single supplier has on a company’s operations. That makes it easier for companies to find a path forward when new sanctions or an ownership change transforms a previously safe supplier into a risk. A supplier that is a major overall contributor to a company’s supply chain will need more careful planning to replace; however, smaller ones can quickly be divested with less impact on the day-to-day operations of a company.

Companies that prepare—and act—to stay in compliance with evolving sanctions are the companies that will find their supplier risks more manageable and visible—even as we venture into uncharted geopolitical waters.

Takeaways

  • Today’s procurement department has evolved into a compliance hub for organizations, with much of the burden of assuring sanctions compliance and related risk falling to those managing the supply chain.

  • There are dozens of sanctions programs in place now, all looking to discourage the continuation of work with certain countries, individuals, or groups.

  • Getting an accurate view of a company’s potential sanctions risks via their suppliers is complicated and requires a lot of transparency in those suppliers—preferably from the point of onboarding.

  • With new sanctions being enacted regularly, there’s always the chance that a previously clear supplier suddenly is “blocked,” and now represents a huge potential risk to companies continuing to do business with them.

  • Automation functions are the quickest way to be notified of any newly problematic connections throughout the supply chain whenever new sanctions are put in place.

 
1 Dow Jones, “What is OFAC’s 50 Percent Rule?” accessed June 9, 2023, https://www.dowjones.com/professional/risk/glossary/sanctions/ofacs-50-percent-rule/.
2 Transparency International, “EU Court of Justice Delivers Blow to Beneficial Ownership Transparency,” blog post, November 22, 2022, https://www.transparency.org/en/press/eu-court-of-justice-delivers-blow-to-beneficial-ownership-transparency.
3 U.S. Department of the Treasury, Office of Foreign Asset Control, “Sanctions Programs and Country Information,” accessed June 9, 2023, https://home.treasury.gov/policy-issues/financial-sanctions/sanctions-programs-and-country-information.
This publication is only available to members. To view all documents, please log in or become a member.
Become a Member Login

What to read next...

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings