RSCC has previously reported on the United States Department of Treasury’s Office of Foreign Assets Control’s (OFAC) guidance on sanctions compliance, primarily on the concept of extraterritorial jurisdiction as it relates to secondary sanctions. And on May 2, OFAC published “A Framework for OFAC Compliance Commitments,” which focuses on the critical components of a sanctions compliance program and provides clear guidelines for how that program should look.
“OFAC, for the first time, has framed the elements of a sanctions compliance program, in a bevy of ways mirroring many of the tenets of the anti-money laundering (AML) compliance program,” wrote the authors of a Steele report on the guidance. “This includes prongs such as crafting stout internal controls, engaging in proactive OFAC risk assessments, adequately training and arming staff with knowledge and resources and testing and auditing systems and their human decision-makers to ensure systemic vulnerabilities are closed quickly.”
The five essential components listed in the guidance are: Management commitment, risk assessment, internal controls, training, and testing and auditing. According to the guidance, management commitment is “essential in ensuring the [sanctions compliance program] receives adequate resources and is fully integrated into the organization’s daily operations, and also helps legitimize the program, empower its personnel, and foster a culture of compliance throughout the organization.”
What OFAC is looking for here is a clear and documented demonstration of support and effort from the executive suite and the board of directors. The support and effort should enable the compliance program to communicate its purpose throughout the organization, have the authority to put a stop to certain activities when red flags appear, and be able to bypass the executive suite to communicate directly to the board if necessary. The guidance gives specific examples and steps that management should take in order to meet OFAC requirements.