Earlier this year, OFAC fined an Australian freight forwarding and logistics company and a cross-border trade financing firm based in Hong Kong $6 million and $5 million, respectively, for violations of OFAC compliance regulations due to lapses in their sanctions screening processes.
These rulings shed light on how OFAC’s trade regulations extend beyond U.S.-based companies. Foreign businesses using the U.S. financial system for transactions must have a robust compliance program that enables them to meet their U.S. sanctions compliance obligations to avoid these outcomes.
So, what options do companies have available to them? And what lessons can we learn from these incidents?
How Rapid Expansion Outran Compliance Measures and Impacted an Australian Freight Company
By providing international shipment services to and from the DPRK, Iran, Syria, and other entities on the OFAC Specially Designated Nationals (SDN) and Blocked Persons list, the Australian global logistics company was in breach of U.S. Sanctions. The services, which occurred from 2013 to 2019, involved the U.S. financial system, resulting in a whopping 2,958 violations of multiple OFAC sanctions stemming from inadequate sanctions screening programs.
The Australian global logistics provider did not take appropriate nor rapid action to address compliance risks while conducting commercial activities involving the U.S. financial system. Whether foreign or domestic, all organizations performing U.S. dollar transactions must follow U.S. sanctions screening best practices.
How the Non-Compliance Occurred
Before the OFAC violation, the business enjoyed rapid expansion by acquiring various local and regional freight forwarding companies. Therefore, it had to handle hundreds of new invoices and payment applications spread across various international branches.
This rapid growth was not supported by adequate compliance controls and policies on global trade. In the face of the increasing complexity of internal operations and 3rd party risks, the company failed to adopt a robust denied party screening and OFAC compliance program.
The first warning came when a U.S. bank the company worked with, performed its own sanctions screening, noticed potentially non-compliant transactions involving Syria, and subsequently threatened to terminate the business relationship. The Australian organization responded with supporting documentation and an insistence on its compliance. But sufficient action to reform its sanctions screening processes did not occur until 2017 when the business formally disabled shipments to sanctioned countries and hired an accounting firm to handle a forensic investigation of its transactions.
The efforts were too late, and most of the OFAC compliance violations happened before these changes were implemented.
The Extent of OFAC’s Penalties
The Office of Foreign Assets Control cited a “reckless disregard for U.S. economic sanctions laws,” as the Australian business had plenty of opportunities to know and fix the gaps in its sanctions screening and general compliance system. Its bank raised concerns before OFAC discovered the breaches, and its remedial actions at the time were unsatisfactory.
However, OFAC did note that the company voluntarily disclosed its violations and cooperated with the government agency in analyzing the scope of the violation. It also implemented strong compliance reforms after the incident, including:
- Developing a compliance audit plan
- Performing a risk-mapping exercise to implement appropriate controls
- Requiring a sanctions compliance training program for staff
- Implementing frequent sanctions screening against OFAC sanctions lists
- Ensuring due diligence that its third-party partners were also adhering to the same OFAC compliance standards
The Lessons We Can Learn from the Incident
While complicated payment arrangements and new international mergers and acquisitions are standard for multinational corporations, they pose additional risks regarding trade and export compliance. Businesses must govern payments closely with third parties, affiliates, and subsidiaries by employing sanctions screening tools capable of conducting comprehensive OFAC sanctions searches. Any involvement with U.S. financial institutions must have strict policies in place to prevent non-compliance with U.S. sanctions.
Organizations should be prepared to respond promptly and thoroughly to denied party screening issues by identifying the root cause and implementing the necessary policy changes and controls. While management of the Australian company here issued compliance reminders, these alone were not a substitute for concrete changes.
How Rogue Employees Cost This Offshore Trade Business $5 Million in OFAC Penalties
A Hong Kong-based offshore trading and cross-border trade financing company faced a $5 million civil liability fine for breaching the Iranian Transactions and Sanctions Regulations (ITSR). Despite the sanctions screening procedures, the organization had instituted, it made payments in U.S. currency through American financial institutions for Iranian goods causing OFAC compliance violations.
How the OFAC Compliance Violation Occurred
Unlike most examples of OFAC violations, this was not caused strictly by a failure of the sanctions screening program, but by the misconduct of rogue employees acting contrary to formal business policy and concealing their actions from executive management and compliance officers. When these noncompliant employees submitted the payments through the U.S. financial system, they intentionally omitted any references to Iran in the documentation. They purchased Iranian-origin high-density polyethylene resin (HDPE) from a supplier in Thailand but concealed the country of origin on the bill of lading (violating export compliance) as well as on the invoices such that multiple U.S. financial institutions were unable to identify these transactions as violating U.S. sanctions.
The Extent of OFAC’s Penalties
The enforcement action taken by OFAC in this case highlights the importance for non-U.S. organizations to be vigilant of the compliance risk they face and the regulations they are obligated to when they engage in U.S. dollar transactions.
The Hong Kong trading business took rigorous remedial action immediately. It identified these infarctions by beefing up its sanctions screening process and voluntarily self-disclosed the violations to OFAC. In addition to investigating the root cause and terminating the offending employees, it mandated denied party screening for all parties in all business transactions going forward. These actions served to lower its settlement from the maximum monetary penalty of $152 million to $5 million.
The Lessons We Can Learn from the Incident
This case emphasizes why risk-based sanctions screening controls are necessary for preventing OFAC sanctions. It is also a testament to how employees attempting to circumvent organizational policies end up hurting the company as a whole.
The company needed a more robust compliance due diligence program, auditing, and testing for their overseas branches and subsidiaries.
Our Takeaways from These Incidents
While domestic U.S.-based companies generally understand sanction compliance regulations from OFAC, and other regulatory agencies, non-U.S. entities who transact with or use the U.S. financial system need to be familiar with and comply with U.S. sanctions including knowledge of OFAC sanctions lists and how to conduct effective sanctions screening.
These significant fines show that OFAC has taken an aggressive enforcement stance on violations for domestic and foreign businesses. OFAC’s official framework for compliance commitments specifically names “foreign entities that conduct business in or with the United States” as responsible for employing “a risk-based approach to sanctions compliance.”
But keeping up with U.S. regulations can be a challenge for a foreign organization, as new rules and exclusion updates happen constantly. The OFAC SDN list, for instance, can add new persons and businesses at any time without warning.
To remain compliant, businesses both inside and outside the U.S. need to rely on robust software solutions to automate and streamline sanctions screening responsibilities. Any task where manual processes are too slow or prone to human error is fixable through global trade and denied party screening platforms.
How Descartes Can Help Non-U.S. Organizations with OFAC Compliance
Descartes is a provider of an industry-leading suite of denied party screening, 3rd party risk management solutions, as well as trade content for leading business systems, that is utilized by companies across industries, not just banks.
Descartes Visual Compliance and Descartes MK solutions are flexible and modular, allowing organizations to pick the specific and exact functionality and content they need for their particular compliance needs and scale up later as and when necessary.
By utilizing our robust solutions, organizations can strengthen their compliance processes, including OFAC compliance, enhance their competitive edge, as well as increase sales velocity.