Despite Multimillion-Dollar Federal Penalties for OFAC and Other Sanctions Violations, Corporate Finance Departments Still Fail to Implement Simple Protections. Why?

How dismayed would you be if out of the blue you received notification from the U.S. Treasury that a subsidiary of your firm had bought manufacturing materials from a U.S. sanctioned company and that the base penalty for your violation was $3 million? That’s exactly what befell a Pacific Northwest supplier to the mining industry, whose subsidiary had inadvertently bought briquettes made of Cuban-origin nickel.

Despite recent overtures by the United States to strike trade and arms deals with Cuba and Iran, federal sanctions prohibiting business relationships with those countries remain in full force until they are officially rescinded.  Even if proposed agreements are brought to fruition, some sanctions could remain. As these and other international agreements are adopted, and as sanctions against thousands of other countries, individuals and organizations globally are added and lifted daily, all firms doing business in the U.S. face a shifting landscape of sanctions-related compliance obligations—and the threat of stiff penalties.

Ignorance Is No Excuse

Indeed, last year the U.S. Treasury assessed fines of $1.2 billion—ranging from $21,375 to $963,619,900—against violators of sanctions imposed through OFAC and related lists.  While the government levies its stiffest fines against firms it judges knew they were violating the sanctions, many penalties are for inadvertent violations, ignorance of which, suffice it to say, is deemed no excuse by Treasury investigators.

Responsibility for protecting companies from violations of the U.S. Treasury’s Office of Foreign Assets Control (OFAC) Specially Designated Nationals and Blocked Persons (SDN) list usually falls on corporate finance or compliance departments, which function as gatekeepers on firms’ buyer and seller relationships. In addition to the SDN program, government agencies, such as the Departments of Commerce and Health and Human Services, maintain some 20 additional lists that restrict U.S. business relationships with foreign or otherwise sanctioned entities or individuals.

Ironically, lists of sanctioned entities are freely or inexpensively available to businesses. However, checking vendors and buyers against all government sanctions lists can be tedious, expensive and time-consuming, since the government doesn’t centralize the lists and screening often must be implemented one by one.  On the other hand, a number of outside services now offer automated checks in bulk across all government “don’t touch” lists—including one, for example, that performs this screening as part of its online vendor on-boarding process.

What’s perhaps most surprising from a risk management standpoint, though, are recent surveys indicating that as many as 80 percent of financial executives don’t or don’t know if they adequately screen for federally sanctioned payees. In fact, many companies are simply unaware of the government’s lists of designated “don’t touch” entities, many don’t know how to efficiently check their suppliers against it, and most are unaware of the substantial civil and criminal penalties associated with violations.

Companies Large and Small Targeted

Most of the widely reported OFAC and related violations are committed by multinational financial institutions involved in global foreign transactions, some of which appeared to have “concealed” or “obscured” their relationships with sanctioned organizations.  Such global financial services firms are naturally vulnerable to such violations, since the nature and ownership of their clients’ businesses are often unclear or hidden.

Ultimately, however, no company large or small is exempt from federal scrutiny for sanctions violations.  A small New England-based software developer, for example, was fined $82,260 in July 2015 for having imported web development services valued at $205,650 from a sanctioned supplier.

Unfortunately, simply eyeballing a list of customers or vendors proves an inadequate screening measure. While some restricted entities have names that might raise an eyebrow, thousands are not obvious. Indeed, most sanctioned companies and individuals have names so innocuous they would never be suspected, even by the most alert accounts payable department.

OFAC’s Specially Designated Nationals list, as well as other sanctions lists and civil penalties levied against violators, can be found at the Treasury Department’s Office of Foreign Assets Control Resource Center.

Screening Technology and Procedures

The solution to this compliance threat for most companies is clearly the installation of adequate screening technology and procedures.  While anyone can access the SDN and other federal “don’t touch” lists online, screening using this approach is slow and tedious, since entities must be keyed into the government’s Sanctions List Search Tool individually.  Alternatively, some vendors offer more convenient, standalone OFAC compliance software, which can run individual or bulk checks against company databases.

However, the most likely solution for most companies will be delivered by emerging sanctions-checking software that is increasingly integrated into robust applications. For example, Financial Operations Networks’ InvoiceInfo vendor portal automatically checks a company’s suppliers against OFAC’s SDN and 21 other lists—including TIN matching—as part of the vendor on-boarding process and on a regular basis thereafter as changes are made to the various lists.

No Need to Risk Violations

Whichever solution a company chooses, there is certainly no need or justification for risking federal sanctions violations and the sometimes multimillion-dollar penalties that accompany them. Indeed, new screening solutions are abundant, relatively inexpensive and easily integrated into existing procedures.

Methodically checking—and periodically re-checking—a company’s sellers and buyers against OFAC and other sanctions lists should today be part of standard protocols for every corporate accounting and/or compliance department.