Sanctions and their relevance for non-financial services organisations
In our series of articles on sanctions compliance risk, we want to address key topics related to the changing focus of regulators, enforcement actions, and discuss how companies can best position themselves to ensure compliance with applicable sanctions regimes.
In this article, we consider why sanctions compliance risk is relevant to non-financial services companies, and what non-financial services companies can do to remain compliant.
The application of sanctions
Sanctions play an important role in the global fight against financial crime, terrorism or other activities, which can pose threats to international peace. Governments or international bodies such as the UN may impose sanctions on other states, legal entities, terrorist organisations or individuals. These have the effect of prohibiting organisations from doing business with those parties or giving the power to impose penalties on those who breach the sanctions restrictions. To avoid breaching sanctions, companies need to screen new customers or existing customers whose KYC profiles have changed, to check that they are not on a list of prohibited organisations or individuals. Companies also need to keep their sanctions lists up to date and, in the event of an update, check it against their customer database.
How are sanctions enforced in Switzerland?
The Swiss sanctions regime is governed by the Federal Act on the Implementation of International Sanctions, known as Embargo Act (EmbA). This authorises the Federal Council to impose non-military measures in order to implement sanctions that have been issued by the UN, and to decide on a case-by-case basis whether to implement sanctions issued by the EU, the Organisation for Security and Cooperation in Europe (OSCE), or by Switzerland’s most significant trading partners. The State Secretariat for Economic Affairs (SECO) is the main authority responsible for monitoring and implementing sanctions.
The complexity and lack of consistency between the various sanctions regimes can make it difficult for companies to ensure that they comply with them all. In Switzerland (as is the case with many other countries), the most significant risk, in terms of the severity of potential enforcement action and financial impact, comes from US sanctions. The Office of Foreign Assets Control (OFAC) of the US Department of the Treasury administers and enforces sanctions imposed by the US government on targeted foreign countries and regimes, terrorists, international drugs traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to US national security, foreign policy or its economy.
Do international sanctions matter in Switzerland?
Sanctions imposed by others, such as the US government, matter to organisations in Switzerland. From January 2018 to March 2020, OFAC has imposed USD1.28bn of civil penalties on foreign companies, or on U.S. companies based on the conduct of their foreign holdings / subsidiaries for breaching their trade or economic sanctions regulations.
Effectively, this means that any connection with US may be a reason for OFAC to extend its jurisdiction over foreign parties. Therefore, international companies, including those based or incorporated in Switzerland, should be aware of the risks of breaches of US-imposed sanctions in their business activities.
How are Swiss non-financial services organisations affected by sanctions?
Sanctions compliance risk has typically been seen primarily as a concern for US or global banks, since they execute transactions in US dollars and so come within the scope of US regulations. In recent years however, OFAC has expanded its sanctions scrutiny to non-financial sectors, such as manufacturing and shipping. This widening of focus is demonstrated by the fact that between 2011 and 2020, within the 159 civil enforcements imposed on companies by OFAC, 65% (104 enforcements) were against companies in non-financial sectors. In 2020 the highest civil penalty imposed by OFAC was levied on a Swiss non-financial services company. This Geneva-based IT company, provides telecommunications network and information technology services to the civilian air transportation industry, was fined almost 8 million USD for providing commercial services and software that were subject to US jurisdiction to certain airline customers that were “specially designated global terrorists” (SDGTs).
The incidence of fines on non-financial services companies in the past decade underlines the importance for companies of assessing their exposures to sanctions compliance risk. This is not an issue for banks alone.
What do companies need to do to remain compliant?
Companies should have an effective sanctions compliance programme to manage their risk, which addresses legal, technological, operational and cultural aspects to ensure ongoing compliance with all relevant sanctions imposed by various governments and other bodies. Companies should carry out a risk analysis to assess their sanctions-related exposures, identify potential root causes, and implement mitigating procedures and controls. The results of the exercise should be incorporated into their wider internal compliance framework to ensure appropriate emphasis and attention from management.
How can Deloitte help?
Our team of subject matter experts can assist your organisation to ensure compliance with sanctions regulations, in any of the following ways:
- Conducting a risk analysis to understand potential exposures in your business activities, particularly with regard to US sanctions
- Evaluating your current procedures and controls to identify gaps, and define and develop mitigating measures to address the identified risks
- Upgrading your internal compliance programme to ensure that risk mitigating controls are effective and that the company has the necessary commitment and competency to manage the compliance programme
- Assessing the underlying data management framework to understand the availability, quality and processing of the data that is required to implement the defined controls efficiently (see also our related article Data management: Why it matters for effective sanctions screening).