The Department of the Treasury’s Office of Foreign Assets Control (OFAC) is published A Framework for OFAC Compliance Commitments. OFAC wants to provide organizations its perspective on the essential components of a sanctions compliance program.
“As the United States continues to enhance our sanctions programs, ensuring that the private sector implements strong and effective compliance programs that protect the U.S. financial system from abuse is a key part of our strategy.”
Sigal P. Mandelker, Under Secretary for Terrorism and Financial Intelligence.
The United States has increasingly used its financial system to penalize countries it dislikes as well as drug kingpins and terrorists. The dollar has been the standard for international business. That may change if the US continues to weaponize the dollar against countries it disfavors.
OFAC has decided to coin the initialism “SCP” for Sanctions Compliance Program. An SCP has five essential components:
1. Management Commitment
- Senior management has reviewed and approved the SCOP
- Senior management delegate sufficient authority and provided direct reporting lines
- Senior management has given adequate resources to the SCP
- Senior management promotes a culture of compliance
- Senior management recognizes the seriousness of deficiencies and violations
2. Risk Assessment
- Organization has conducted an OFAC risk assessment
- Organization has a methodology to identify and address the risks it identifies
3. Internal Controls
- Written policies and procedures
- Internal controls based on risk assessment
- Enforces policies and procedures
- Adequate record-keeping
- Corrects discovered weaknesses
- Communicates policies and procedures to relevant staff
- Personnel appointed to integrate policies and procedures into corporate operations.
4. Testing and Auditing
- Testing and auditing is accountable to senior management
- Testing and auditing are appropriately sophisticated
- Takes corrective actions after a negative result.
5. Training
- OFAC Training provides adequate information
- Training scope is appropriate
- Training frequency is appropriate based on risk profile
- Updates training after a negative result
- Training provides easily accessible resources.
The Framework includes a short appendix that offers some analysis of some of the causes of sanctions violations that OFAC identified during its investigative process.
Sources: