By: Danielle Hatch

On May 2, 2019, the Office of Foreign Assets Control (OFAC) released a 12-page document outlining their perspective of the essential components of a good sanctions compliance program. The document, “A Framework for OFAC Compliance Commitments” provides details on what it believes are the 5 essential components of compliance:

  1. Management Commitment
  2. Risk Assessments
  3. Internal Controls
  4. Testing and Auditing
  5. Training

The document also provides how OFAC may incorporate these 5 components into its evaluation of apparent violations and resolutions to investigations resulting in settlements. The last few pages of the document provide some recent enforcement actions (organization names removed) and what OFAC believes caused these to occur. The list is not exhaustive, but the goal here is to provide some common violations and the root cause of them so that organizations can possibly learn from other’s mistakes.

The biggest takeaway from this framework is that OFAC says it, “will consider favorably subject persons that had effective sanctions compliance programs (SCP) at the time of an apparent violation.” They will also consider the existence of an effective SCP at the time of an apparent violation as a factor in its analysis as to whether a case is deemed “egregious.” This documented framework from OFAC means that it can (and likely will) tie a company’s enforcement outcome to how well they meet OFAC’s components within their SCP. It’s also likely that the next case involving a company violating the OFAC regulations and not meeting the framework guidelines will have increased exposure and penalties to show that OFAC is serious about the new guidelines.

Full Framework Report: