Sanctions compliance is becoming increasingly important, on par with FCPA anti-bribery and corruption compliance, due to recent geopolitical events and trends in international enforcement actions. Companies should keep that in mind and rethink their approach to compliance framework by incorporating a clear focus on sanctions. Regulatory guidance in multiple jurisdictions sets expectations for having an appropriate risk-based program that includes appropriate checks for avoiding a breach of sanctions legislation or asset freeze provisions.
The US Department of Justice (DoJ) has elevated sanctions enforcement by making sanctions evasion and export-control violations apriority of its white-collar enforcement, which is likely to lead to the increase in criminal prosecutions. Other federal regulators, such as the Office of Foreign Assets Control (OFAC) has broadened the scope of its sanctions enforcement actions against companies in all sectors of the economy, and not just the financial sector. By strengthening its sanctions enforcement efforts, the DoJ and OFAC expect companies to incorporate and prioritize sanctions compliance in its overall approach to compliance.
Thus, companies need to review their existing compliance programs to ensure that they have the right tools to identify sanctions-related risks and to implement efficient sanctions controls. In addition, companies should be aware that they could significantly mitigate potential penalties if they can show they had strong sanctions compliance program in place at the time violation has been committed. Self-disclosure and cooperation remain critical, also when it comes to sanctions violations.
Companies may need to adopts new approaches to risk assessment and internal controls procedures, when it comes to managing new risks posed either by Russian sanctions program or economic and international security measures with respect to China. For instance, companies may want to revise its risk appetite for clients with Russian nexus or separate them in a category that would address broader sanctions risk. Businesses should also be more aware of trade-based money laundering risks and focus on transactions that may involve dual use and prohibited goods, or sanctioned ports and vessels. In general, companies should upgrade their due diligence or “know your customer” procedures to encompass thorough review of ownership and control of non-sanctioned entities, to limit potential exposure.
Israeli companies should enhance their sanctions compliance as follows:
- Mapping out jurisdictional touchpoints: if the company has operations in multiple countries, or deals with intermediaries or other third parties in other jurisdictions, it may need to be mindful of sanctions regulations existing in each one of those jurisdictions. US jurisdictional powers are very broad and any link to the US (for example, by having a subsidiary, use of the US financial system, reliance on US-originated technology) mean that the company should pay close attention to US sanctions enforcement and be mindful of any potential Russia exposure.
- Assessing indirect exposure: companies should have increased sensitivity towards verifying ultimate beneficial ownership of non-sanctioned entities. They should also perform due diligence on high-risk suppliers and distributors to ensure there are no indirect ties to sanctioned entities. To this end, businesses should have a well-functioning third-party compliance program, ensuring also that suppliers and distributors have their own risk mitigation practices.
- Paying attention to industry-focused sanctions and export control regulations: companies should be aware of specific regulations affecting their respective business activities. We have recently written on limitations within semiconductor industry in China. Other industries may be similarly affected in the near future and companies should constantly be updated on changes in sanctions and export control regulations, affecting their industry.
The US Department of Justice (DoJ) has elevated sanctions enforcement by making sanctions evasion and export-control violations apriority of its white-collar enforcement, which is likely to lead to the increase in criminal prosecutions. Other federal regulators, such as the Office of Foreign Assets Control (OFAC) has broadened the scope of its sanctions enforcement actions against companies in all sectors of the economy, and not just the financial sector. By strengthening its sanctions enforcement efforts, the DoJ and OFAC expect companies to incorporate and prioritize sanctions compliance in its overall approach to compliance.
Thus, companies need to review their existing compliance programs to ensure that they have the right tools to identify sanctions-related risks and to implement efficient sanctions controls. In addition, companies should be aware that they could significantly mitigate potential penalties if they can show they had strong sanctions compliance program in place at the time violation has been committed. Self-disclosure and cooperation remain critical, also when it comes to sanctions violations.
Companies may need to adopts new approaches to risk assessment and internal controls procedures, when it comes to managing new risks posed either by Russian sanctions program or economic and international security measures with respect to China. For instance, companies may want to revise its risk appetite for clients with Russian nexus or separate them in a category that would address broader sanctions risk. Businesses should also be more aware of trade-based money laundering risks and focus on transactions that may involve dual use and prohibited goods, or sanctioned ports and vessels. In general, companies should upgrade their due diligence or “know your customer” procedures to encompass thorough review of ownership and control of non-sanctioned entities, to limit potential exposure.
Israeli companies should enhance their sanctions compliance as follows:
- Mapping out jurisdictional touchpoints: if the company has operations in multiple countries, or deals with intermediaries or other third parties in other jurisdictions, it may need to be mindful of sanctions regulations existing in each one of those jurisdictions. US jurisdictional powers are very broad and any link to the US (for example, by having a subsidiary, use of the US financial system, reliance on US-originated technology) mean that the company should pay close attention to US sanctions enforcement and be mindful of any potential Russia exposure.
- Assessing indirect exposure: companies should have increased sensitivity towards verifying ultimate beneficial ownership of non-sanctioned entities. They should also perform due diligence on high-risk suppliers and distributors to ensure there are no indirect ties to sanctioned entities. To this end, businesses should have a well-functioning third-party compliance program, ensuring also that suppliers and distributors have their own risk mitigation practices.
- Paying attention to industry-focused sanctions and export control regulations: companies should be aware of specific regulations affecting their respective business activities. We have recently written on limitations within semiconductor industry in China. Other industries may be similarly affected in the near future and companies should constantly be updated on changes in sanctions and export control regulations, affecting their industry.