The ever evolving sanctions landscape
The past years’ money laundering revelations and scandals have shattered the financial sector in Europe and resulted in an even greater focus and eye on sanctions controls and compliance. Also, with the new US administration in place, and the recent launch of the “UK independent sanctions policy” this past July due to Brexit, additional updates and changes in the sanctions sphere are expected. While in the past most focus has been on the financial sector, recent developments have shown a shift in interest the corporate sector as well, with OFAC targeting and fining corporates for failure to comply with sanctions regulations*.
Economic sanctions are imposed by governments and multi-national organisations – with the United Nations, the European Union and the United States being the three main bodies – to impose sanctions to advance foreign policy objectives, apply pressure to stop violation of law or act as a moral “red flag”. Sanctions restrict the individuals, entities and/or countries that are subject to those sanctions from accessing financial resources and markets. Until recently, focus has been mostly on financial institutions, but all individuals and companies are required to comply with sanctions regulations in the jurisdictions that they operate and do business in, and failure to do so can result in substantial fines.
Achieving compliance and staying compliant is a complex process. The increase of regulatory scrutiny, as well as the inconsistent nature of global regimes, is putting even higher pressure on companies to raise their bar for sanctions compliance and awareness. Only limited guidance is available from the regulators and authorities themselves. However, OFAC’s compliance framework, published in 2019, provides guidance on five pillars that a compliance programme should have as a cornerstone in order to have an effective sanctions compliance in place:
- Management commitment – the OFAC framework emphasises management commitment and having a “culture of compliance” at the top and throughout the organisation
- Risk assessment – the framework recommends that the company’s sanctions compliance programme should be based on a risk-based approach
- Internal controls – calling for the sanctions compliance programme to include and incorporate appropriate internal controls in order to identify, address, escalate and report any potential prohibited activity
- Testing and auditing – ensuring the effectiveness of a sanctions programme, independent testing and auditing are essential to identify any weaknesses and shortcomings
- Training – having an effective training programme that provides continuous and periodic training for relevant employees.
Ultimately, the responsibility for interpreting and implementing sanctions regimes rests with businesses. As the regimes and lists are continually evolving – including the creation of new sanctions and the lifting of old ones – it is important for businesses to stay on top of the latest trends and developments.
Failure to comply with sanctions can not only have serious reputational damage, but legal and financial damage as well. Therefore, having an effective sanctions compliance programme in place, as well as adequate sanctions awareness within the organisation, is a must to meet the requirements and expectations from relevant regulators and authorities.
Deloitte’s Forensic specialists have extensive knowledge and unparallel experience within this area, and we have assisted clients around the world in this matter.
At Deloitte, we can assist you in, among others:
- Sanctions screening effectiveness testing
- Sanctions look-back reviews following regulatory orders, targeted investigations
- Sanctions risk assessment, policies and procedures and investigative due diligence
- Sanctions compliance review
*Of all fines OFAC issued in 2019, approx. 60% of the fines were in the corporate sector. In 2020, approx. 75% of the fines were in the corporate sector.