Sanctions compliance in an era of international conflict: An organizational imperative

Michael Volkov

Michael Volkov

Michael Volkov (mvolkov@volkovlaw.com) is CEO of The Volkov Law Group in Washington, DC, USA.
Alexander Cotoia

Alexander Cotoia

Alexander Cotoia (acotoia@volkovlaw.com) is the Regulatory Compliance Manager at The Volkov Law Group in Washington, DC, USA.
Listen to article
5 minute read

By Michael Volkov and Alexander Cotoia

Since the Russian Federation’s full-scale offensive military action against the sovereign nation of Ukraine in late February 2022, the imposition of incrementally more aggressive sanctions regulations targeting certain sectors of the Russian economy, oligarchs tied to the Putin regime, and organizations implicated in providing materiel and support to Russia’s military has been ubiquitous. These measures include, but are not limited to, sanctions regulations promulgated by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) and trade controls issued by the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) that have attempted to cripple the Putin regime’s ability to acquire both financing and tangible commodities to sustain its military offensive.

While a fulsome discussion of these sanctions regulations is beyond the immediate scope of this article, compliance with OFAC and BIS regulations poses a unique challenge to organizations with international exposure, especially regarding Russia, Belarus (a close Putin ally), and certain occupied regions of Ukraine (including, but not limited to, the Crimean Peninsula, and the so-called Donetsk and Luhansk People’s Republics). Notably, trade controls have also grown in prominence in connection with the People’s Republic of China, which, as of this article’s writing, seems intent on undermining US foreign policy strategy by supplying the Russian Federation with a variety of direct and indirect aid.

The sheer volume of sanctions regulations amidst rising international tensions requires organizations to adopt new policies, procedures, and specific controls to mitigate the potential for a regulatory infraction or, worse, a criminal violation. As U.S. Deputy Attorney General Lisa Monaco emphasized during remarks made last summer, the Department of Justice (DOJ) views sanctions enforcement as the “new FCPA”—an explicit allusion to the DOJ’s concerted effort over the past decade to ramp up enforcement of the Foreign Corrupt Practices Act, a statutory scheme used to hold individuals and entities accountable for the bribery of foreign government officials.[1] To that end, organizations are encouraged to consider the following in relation to their sanctions and export control programs.

Ensure the organization’s risk profile is accurate

A fundamental building block of an effective sanctions and trade compliance program is a holistic risk assessment and routine testing of internal controls. Relying on DOJ guidance concerning the evaluation of corporate compliance programs, organizations should avail themselves of the opportunity to consider: (a) the nature and extent of their international exposure, especially in sanctioned jurisdictions, taking into account the totality of their global supply chains; and (b) whether existing controls are operationally effective in preventing the possibility that the organization could violate sanctions regulations.[2] For example, organizations with considerable financial dealings with any institution or individual based in the Russian Federation should consider whether any of their activities constitute a violation of OFAC’s financial dealing prohibitions, including strict transactional restrictions targeting any dealings with specific state-owned financial institutions. Controls should be tested—and, where necessary, adjusted—to ensure that no capital outflows are made to any bank designated by OFAC as subject to one or more transactional proscriptions.

In a similar vein, a manufacturing organization that is largely dependent on exports to Russian-based entities should take heed of BIS’s intense focus on ensuring that virtually any item subject to the jurisdiction of the Export Administration Regulations (EAR), with few exceptions, require a license for export, re-export, or transfer (in-country). Even if the item is designated as EAR99, the organization should still account for the EAR’s General Prohibitions, which, among other things, prevent commodities and associated technology from being exported, re-exported, or transferred to embargoed or sanctioned countries/regions, in support of a variety of prohibited end-uses or to a wide range of prohibited end-users, including most notably military end-users.[3] In short, existing controls should be adjusted to account for actual operational risks faced by the organization on a daily basis.

Identify, remediate, and disclose potential violations

While conducting a risk assessment or periodic audit of various facets of an organization’s compliance program, potential infractions of sanctions or trade controls regulations should be identified, promptly remediated, and voluntarily disclosed to the appropriate agencies. The need for prompt, voluntary disclosure of all nonprivileged facts and information to the relevant enforcement authorities is a virtual prerequisite for any cooperation credit under new guidance issued by the DOJ last year.[4] As Monaco again starkly emphasized, organizations with a “sanctions problem” are required to “pick up the phone and call [the DOJ]” before the DOJ discovers the misconduct in question. Moreover, failure to completely disclose the facts and circumstances surrounding a potential sanctions infraction—including identifying all culpable actors—may completely negate the positive effect of the organization’s preliminary cooperation. As such, all organizations facing a potential sanctions or trade controls issue are encouraged to be completely candid with government investigators and avoid the temptation—all too common in legal circles but completely inapposite in a compliance context—to withhold salient facts or documentation in a misguided effort to maintain leverage in negotiations. As further directed by Monaco this year, this tactic risks substantially reducing or altogether eliminating a culpable organization’s eligibility for full cooperation credit.

Finally, it seems trite but necessary to emphasize that organizations that commit to implementing remedial measures must faithfully do so. The failure to adequately address compliance program deficiencies following a potential violation is an almost certain recipe for a repeat violation and unwanted government attention. Given the DOJ’s adoption of new, more objective criteria for appointing corporate monitors to oversee the implementation of compliance program upgrades, organizations that overcommit and underdeliver in a remediation context face the very real possibility that the organization itself could be subject to corporate monitorship.

Invest now in additional compliance resources

A chronic lack of resources has historically constrained the ability of the compliance function to maximize its practical utility to the organization overall. Due mainly to the misperception that compliance is a hindrance, rather than a benefit to, the organization’s operations as a whole, the compliance function is routinely understaffed, overworked, and ill-equipped to deal with emerging sanctions and trade control expectations. Given the new emphasis by government authorities on sanctions and trade controls violations and evasion, it is incumbent upon organizations to invest now in additional resources commensurate with their risk profiles and operational scales and to dedicate those resources to sanctions and trade controls compliance. All too often, organizations with tremendous international exposure in high-risk jurisdictions operate with a proverbial skeleton crew responsible for all facets of the organization’s compliance controls. The new, more intense regulatory environment demands a sea change in C-suite thinking about the compliance function. Personnel with specific expertise and familiarity with sanctions and trade controls compliance should be retained to assist the organization in identifying systemic weaknesses, remediating those deficiencies, and broadly educating the organization’s other personnel on the importance of sanctions compliance.

While far from exhaustive, we offer the preceding recommendations as the basis for a critical examination of an organization’s sanctions and trade compliance program. As government regulation continues to grow, it is imperative that compliance-conscious organizations adapt quickly to emerging expectations in the sanctions and trade controls landscape.

Takeaways

  • The uptick in sanctions and trade controls activity should cause organizations to assess the effectiveness of their current controls.

  • Sanctions evasion activity is the “new” Foreign Corrupt Practices Act; the U.S. Department of Justice has demonstrated a willingness to pursue sanctions violators zealously, especially as it relates to the Russian Federation.

  • An updated risk assessment that accounts for the organization’s exposure to high-risk and sanctioned jurisdictions is required.

  • Existing internal controls should be evaluated for effectiveness and modified or replaced where appropriate.

  • When in doubt, disclose and remediate. Companies that commit to taking specific remedial measures should follow through on their commitments to avoid additional unwanted scrutiny.

 
1Lisa O. Monaco, Deputy Attorney General Lisa O. Monaco Delivers Keynote Remarks at 2022 GIR Live: Women in Investigations,” June 16, 2022, https://www.justice.gov/opa/speech/deputy-attorney-general-lisa-o-monaco-delivers-keynote-remarks-2022-gir-live-women.
2U.S. Department of Justice, Criminal Division, Evaluation of Corporate Compliance Programs, March 2023, https://www.justice.gov/criminal-fraud/page/file/937501/download.
315 C.F.R. § 736.2.
4 Lisa O. Monaco, “Memorandum Concerning Further Revisions to Corporate Enforcement Policies Following Discussions with Corporate Crime Advisory Group,” September 15, 2022, https://www.justice.gov/opa/speech/file/1535301/download.
This publication is only available to members. To view all documents, please log in or become a member.
Become a Member Login

What to read next...

Staying ahead of the curve: Understanding and implementing DOJ's latest guidelines

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings