How to be sanctions compliant in a shifting sanctions landscape

March 2020  |  SPECIAL REPORT: MANAGING RISK

Financier Worldwide Magazine

March 2020 Issue

A recent tweet by US secretary of state Mike Pompeo announced new sanctions against entities in China, Hong Kong and the United Arab Emirates (UAE) which did business with Iran. “Maximum pressure on the Iranian regime will continue,” said Mr Pompeo, “until its behaviour changes”. Earlier that same week, Israeli prime minister Benjamin Netanyahu called for allies to impose sanctions against the International Criminal Court (ICC) and prosecutors, who are considering war crimes changes against Israel.

These two instances, which occurred within a couple of days of each other, reveal three things. The first is that sanctions are today unquestionably the first tool reached for by states and governments looking to influence the behaviour of entities and regimes. The second is the incredible variation in entities that sanctions are now directed toward (sanctions against the ICC for pursing war crimes charges being particularly unusual, and, though only hinted at by Netanyahu, could be an indication of the strange path sanctions are heading down).

Third, and most importantly for firms, is the speed at which sanctions are proposed, imposed and then (perhaps) withdrawn. The third point is a direct consequence of points one and two. US sanctions against firms doing business with Iran is, of course, unsurprising. A politician swerving the press and using Twitter to release news is now also commonplace. Yet the announcement, and specifically the fact that it was on Twitter, inadvertently cuts to the heart of sanctions: tweets are short, quick and disposable, and like sanctions, have an increasingly ‘here today, gone tomorrow’ feeling about them.

Worse, there is the different approaches used by countries or political bodies. European and US attitudes towards sanctioning Iran offer an apt example. President Trump’s withdrawal of the US from the Joint Comprehensive Plan of Action (JCPOA), something he pledged throughout his 2016 election campaign, suddenly opened a chasm between the US and the Europeans party to the agreement. This is a rift that still has not been healed, resulting in a great deal of confusion and stymied business.

It places firms, which are naturally looking to operate safely in an unsettled environment, in a tricky position. How should they react to the now near-constant potential imposition of sanctions on that which was previously unsanctioned, and how should they deal with the uncertainty this gives birth to? Business strategies are harder to follow when they can be left impotent after a single tweet by the US secretary of state or the president. The long-reaching arm of the US Office of Foreign Assets Control (OFAC), already extensive, also poses challenges for firms.

A good example of the difficulties faced by financial services firms’ compliance departments is the update OFAC announced in June 2019. The ‘Amendment of the Reporting, Procedures and Penalties Regulations’ built upon prescriptive guidelines announced by OFAC a month prior, which included, among other things, senior management promoting a culture of compliance and approving their organisation’s sanctions compliance programme.

The amendment, however, went further than these (now rather well-known) procedures. It stipulated that any transaction type, including rejected funds transfers, would need to be reported. Further, it applied this rule to all US entities and persons. This puts a greater strain on firms and the individuals within them. Given that we know that OFAC does not shirk from imposing big penalties when necessary, the risk is higher than ever before.

What can compliance do?

Businesses have to ask themselves: how do we make sure we are compliant with sanctions without our business suffering? How can we avoid sanctions exposure? Automation processes are an aid upon which compliance can to some extent rely, but such technology comes with its own problems, and will only be fully reliable (if ever) when sanctions monitoring technology develops further. In the meantime, a great deal of sanctions compliance comes down to risk assessment.

Risk assessments should be made the bedrock of any sanctions compliance programme. Products and services that are high-risk should be identified. Geographic risk should be an obvious place to start, too, and the level of risk posed by counterparties and intermediaries should also be taken into consideration. Bribery and corruption risks should also be weighed. Countries that have sanctions imposed against them will likely also have issues with bribery and corruption. Taking these significant steps would do much to mitigate the risk of sanctions exposure.

In relation to OFAC, commitment from senior management is also fundamental. Senior management support for compliance and compliance officers gives legitimacy to compliance across the business, demonstrating its importance to all employees and helping develop a strong culture of compliance. It also helps bring in resources for compliance to use at their disposal. Similarly, training should be available for all employees so that they understand what is expected in terms of sanctions compliance. This, too, will help foster a compliance culture and will lower the risk of a sanctions breach.

The future of sanctions

Sanctions have been used for centuries, but never at the rate or with the complexity seen today. Through social media, a government and its officials can communicate high-profile sanctions with greater ease and to a wider audience. Naturally, nothing is ever as wholly good and straightforward as that, and sanctions announcements on social media come with a big, fat asterisk – especially from the Trump administration. Take as an example the confusion in March last year when a tweet by president Trump seemed to announce the withdrawal of sanctions on North Korea. This turned out to not be the case. But it did show why it is misleading and irresponsible to brandish the sanctions threat cheaply. Sanctions are likely to continue being an indispensable tool of governments and will probably rise in this new decade. Awareness of the everyday steps that firms can take (senior management support, risk assessments and training, for instance) will make an unsettled landscape that bit less intimidating – and protect firms from penalties and fines.

Jake Plenderleith is editorial manager at the International Compliance Association. He can be contacted on +44 (0)121 355 0900 or by email: jake.plenderleith@int-comp.org.

© Financier Worldwide

BY

Jake Plenderleith

International Compliance Association

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.