A Framework for OFAC Compliance Commitments
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) administers and enforces U.S. economic and trade sanctions programs against targeted foreign governments, individuals, groups, and entities in accordance with national security and foreign policy goals and objectives.
OFAC strongly encourages organizations subject to U.S. jurisdiction, as well as foreign entities that conduct business in or with the United States, U.S. persons, or using U.S.-origin goods or services, to employ a risk-based approach to sanctions compliance by developing, implementing, and routinely updating a sanctions compliance program (SCP). While each risk-based SCP will vary depending on a variety of factors—including the company’s size and sophistication, products and services, customers and counterparties, and geographic locations—each program should be predicated on and incorporate at least five essential components of compliance: (1) management commitment; (2) risk assessment; (3) internal controls; (4)...
1) OFAC's Framework for OFAC Compliance Commitments guidance marks a notable shift in the agency's prior, longstanding policy of not explicitly recommending any particular type of compliance program, but only suggesting what might be appropriate in given situations through enforcement actions. In general, all enforcement actions based on diligence failures constitute a view on the part of OFAC that the alleged violator had a reason to know of the facts and circumstances underlying the violation, so fact-specific diligence expectations can be inferred from the fact that OFAC fined a given entity.
Here, while OFAC maintains its position that "each risk-based SCP will vary depending on a variety of factors," there is a never-before-seen degree of specificity regarding what OFAC views as the essential components of all compliance programs. The suggestion seems to be that many of the same sort of compliance program...