news.cuna.org/articles/115987-compliance-ofac-publishes-framework-for-compliance-commitments

Compliance: OFAC publishes framework for compliance commitments

May 6, 2019

The Treasury’s Office of Foreign Assets Control (OFAC) published A Framework for OFAC Compliance Commitments last week to provide guidance on the essential components of an effective sanctions compliance program (SCP).

A recent CUNA CompBlog post delves into the framework.

Essential SCP components include:

  • Management commitment;
  • Risk assessment;
  • Internal controls;
  • Testing and auditing; and
  • Training.

The 12-page document outlines how OFAC may incorporate these components into its evaluation of apparent violations and resolution of investigations resulting in settlements.

When applying OFAC’s Economic Sanctions Enforcement Guidelines to a given factual situation, the agency will consider favorably subject persons that had effective SCPs at the time of an apparent violation.

For example, “OFAC may consider the existence, nature, and adequacy of an SCP, and when appropriate, may mitigate a civil monetary penalty (CMP) on that basis. Subject persons that have implemented effective SCPs that are predicated on the five essential components of compliance may also benefit from further mitigation of a CMP pursuant to General Factor F (remedial response) when the SCP results in remedial steps being taken.”

The guidance also includes an appendix that offers a brief analysis of some of the root causes of apparent violations that OFAC has identified during its investigative process (see page 9). 

Some of the root causes of violations mentioned include:

  • Lack of a formal OFAC SCP;
  • Misinterpreting or failing to understand the applicability of OFAC’s regulations;
  • Facilitating transactions by non-U.S. persons, especially through overseas subsidiaries or affiliates;
  • Processing financial transactions that involve an OFAC-sanctioned country, region, or person;
  • Failing to update sanctions screening software;
  • Decentralized compliance functions and inconsistent application of an SCP throughout branches, business units, etc.

In addition to the CompBlog, CUNA’s Compliance Community contains discussion boards and a number of other resources for credit union compliance professionals around the country.