Risk Management Blog

cybersecurity

4 Ways to Mitigate OFAC Sanctions Risk

Share on:

  • July 23 2015
  • Lowers & Associates

4 Ways to Mitigate OFAC Sanctions Risk

by Lowers & Associates | July 23, 2015

risk management Do you or does your company engage in transactions with foreign companies or individuals? Do you have business or financial relationships with any kind of foreign entity that exists within a country or region that is on a Federal watch list?

The Office of Foreign Assets Control (OFAC) may be more important to you than you think. It is often cited as one of the most powerful Federal agencies most people have never heard of. To illustrate its power, OFAC settled for a $1 billion fine on BNP Paribas in June 2014 for money laundering on behalf of Sudan and other entities, part of a whopping $9 billion penalty in total.

OFAC is a U.S. Department of the Treasury agency that enforces trade and economic sanctions in support of U.S. foreign policy and national security. Its emphasis is on anti-money laundering actions against both state and non-state actors to combat foreign terrorism, drug trafficking, arms dealing, and other threats to national security. Its broad mandate as part of national security policy and very potent powers make it important for you to know how to cope with the sanctions risks it poses.

Sound anti-money laundering compliance practices can help mitigate the risk of OFAC sanctions. There are 4 general elements to this program, adapted to the specific circumstances of your organization:

1. Designate an OFAC compliance officer.

It is always important to have specific roles responsible for specific processes and procedures to maintain accountability. The compliance officer has to be the person in the organization with the most knowledge about OFAC priorities, criteria, and enforcement powers, and must be in a position to define the organization’s response to these risks. The person in this role must have authority commensurate with the responsibility, including the ability to promote necessary internal changes in processes and reporting to the Board and/or top management to ensure compliance.

2. Develop internal policies, procedures and controls.

The organization should conduct a risk assessment to address OFAC enforcement targets. These will include the specific kinds of transactions the organization makes with foreign entities; the size, frequency and location of the transactions; and the known characteristics of partners to the transactions. Each of these dimensions is complex and can pose greater or lesser risks for money laundering. The policies or controls developed may reflect the level of risk.

3. Train employees on an on-going basis.

Employees who interact with foreign transactions and/or partners to transactions need to understand the implications for potential OFAC infractions and act accordingly. This training design should be updated as needed to keep the organization in compliance as its business practices and financial transactions change. Similarly, employee training should be continuously refreshed to stay abreast of changing circumstances.

4. Conduct a thorough review of the compliance program every 12 to 18 months.

In addition to regular internal reviews, the organization should hire an external auditor to review the compliance program. The auditor must be expert in OFAC policy as well as financial systems, and understand the purpose and methods involved in using procedures and controls for risk mitigation.

Many organizations have—or believe they have—little exposure to foreign financial transactions. Nevertheless, it is prudent to establish an anti-money laundering compliance program, including OFAC compliance, as part of general risk management. Organizations that have conducted an appropriate risk assessment can develop the compliance program they need.

Learn more by downloading our latest white paper on the topic of Anti-Money Laundering.

bottom-CTA-AML-ebook

ABOUT THE AUTHOR

Lowers & Associates provides comprehensive enterprise risk management solutions to organizations operating in high-risk, highly-regulated environments and organizations that value risk mitigation.
View all posts by Lowers & Associates >