This is the final episode of a five-part series with Tom Fox and the FCPA Compliance Report on navigating an increasingly complex sanctions landscape. The series will consider the current sanctions landscape, discuss how to build a sanctions compliance program, walk listeners through what happens when a sanctions breach or potential breach is discovered, consider new sanctions exposure, and conclude with a look in that veiled land of the future by considering issues on the horizon.
When it comes to sanctions, what can entities do to prepare for the unknown? That’s the $64,000 question.
Internalizing Compliance Risk Management
Preparing for the future starts with training and communicating with staff to make sure all in an organization understand their sanctions risk and the importance of complying with the organization’s sanctions obligations. There are two important components to this first step. The first is ensuring that senior management sets the tone from the top. This is critical to having to each person internalize their ownership of sanctions risks. The second component is helping staff stay up to date with the fast-moving sanctions landscape. This means keeping abreast of developments in the news and industry and ensuring that there are adequate resources to address these risks.
It is also essential to explore internalization of sanctions compliance risk management by having each employee manage the sanctions risk in front of them, whether it be clients, customers, third parties, or others. This is the very essence of operationalizing compliance: driving risk management to the front lines of an organization. Enhancing this process enables an organization to respond more quickly and nimbly to risks as they arise. It also means that risks can be identified more quickly and pushed up the line to the compliance function to bring additional resources or expertise to bear, if needed. To the extent entities can get each person at the ground level to understand what the sanctions risk is of their activity or their product, it can only benefit the organization. While every organization will always need a compliance department as a critical line of defense, buy-in from all employees will strengthen an organization’s compliance posture.
Watching Trends in Sanctions Compliance
Keeping up with trends in sanctions compliance helps both organizations and professionals identify and strengthen potential compliance gaps. One trend that will likely continue to accelerate is the overlap of multiple sanctions programs, both list-based and country-based. For example, the Office of Foreign Assets Control (OFAC) has recently looked at targeting Chinese entities under the Iran sanctions program, or Russian entities under the Venezuela program. As a result, entities and enforcement agencies are beginning to see how everything is interconnected, and how they can no longer look at organizational sanctions programs in isolation. This has also manifested in how OFAC, and indeed the U.S. government, is expanding sanctions enforcement and scrutiny beyond the traditional financial institutions. Renewed focus has been placed on commercial operations (such as those in the maritime and shipping industries), insurers, port operators, and others who may not have previously considered such potential sanctions risks.
In the immediate term, there are three trends to keep top of mind:
- Regulators are showing no sign of decreasing scrutiny or enforcement of sanctions, or financial crime more broadly, in the current environment that is exacerbated by the financial crisis and COVID-19 pandemic. Even with the ever-present pressure to cut costs, now is not the time for compliance programs to slow down, or let down their guard.
- While no organization or compliance program can be perfect, to the extent that entities can demonstrate a strong program and a strong track record, it will be looked favorably by the regulators in the event a penalty must be levied for violation. As the old adage goes, an ounce of prevention is worth a pound of cure.
- Sanctions and sanctions enforcement are expanding beyond the traditional industries and financial institutions where they have been focused in the past. The maritime, shipping, and insurance sectors are now directly in the regulators’ sights and they need to get their compliance programs up to speed to manage these new risks.
To listen to our podcast series from the beginning, please click here.