Recent changes to global sanctions regimes – along with some high-profile and costly sanctions violations – illustrate the importance of mitigating sanctions risks. Our recently-released eBook, “Better safe than sorry: The case for building a robust sanctions programme,” takes a closer look atthe costs of compliance failures and advises companies on how to implement a robust compliance programme.
Sanctions regimes can go on for years; the UN Security Council sanctions against North Korea have been in place for a little more than a decade, and U.S. sanctions against Cuba have continued for 50 years. Often geopolitical issues are at the heart of changes in sanctions – both in their strengthening or easing. Just this year (2017), we’ve seen clear evidence of this with a number of new or mooted sanctions by the UN, U.S. and EU.
– Just days ago, the UN adopted additional sanctions on North Korean officials –identified as specially designated nationals (SDNs) and entities in response to the country’s on-going missile and nuclear tests.
– Weeks earlier, the U.S. Senate Foreign Relations Committee approved legislation that would authorise the president to impose sanctions on people involved in Iran’s ballistic missile programme, and anyone who does business with them.
– The U.S. also imposed sanctions on the chief judge and seven other members of Venezuela’s Supreme Court, as punishment for annulling the opposition-led Congress earlier this year. All of those targeted will have US assets frozen and be denied travel to the United States, while American citizens will be barred from doing business with them.
Earlier this year, the EU passed a regulation to address financing of armed conflicts and terrorism through trade in conflict minerals. The EU also extended its sanctions over the violence in the Kasai Province of the Democratic Republic of Congo, imposing travel bans and asset freezes on nine senior security officials.
Given the dynamic sanctions landscape, mitigating the risk of a sanctions compliance violations is an on-going challenge – and not just for banking and financial services organisations.
Many industries are less prepared for sanctions compliance
In recent years, sanctions compliance violations indicate a worrying trend – companies across a broad range of industries are falling short because they lack the necessary sanctions compliance programmes to effectively mitigate risk. The costs of such lapses are significant. For example, the Chinese telecom company ZTE, who settled on a case with the U.S. Office or Foreign Assets Control (OFAC) earlier this year over sanctions violations in Iran. ZTE agreed to pay a $900 million fine with an additional $300 million fine if it fails to meet the terms of the resolution. It also reported a $342 million net loss, faces seven years suspended denial of export privileges, three years of probation, and it is required to implement a compliance and ethics programme with outside oversight.
What should companies do?
With increased compliance focus on companies outside of the banking and financial services, it is crucial for companies to implement a robust framework against costly sanctions violations. Because sanctions laws change frequently, all internal procedures and controls need to be regularly assessed to identify potential gaps. In such a dynamic environment, companies need tools to automate screening processes for in-the-moment insights that are unavailable with slower, manual processes.
Given the potential for criminal charges, substantial civil fines, debarment and other restrictions, the costs of sanctions compliance failures are significant. With a clear trend of enforcement actions against organisations beyond the traditional banking and financial services focus, any company conducting business across borders – whether through a subsidiary or via an extensive supply chain or third-party network – needs to have a rigorous sanctions risk mitigation strategy and process in place.
Finally to better assess sanctions compliance risk organizations’ need to be acquainted with KYC (Know Your Customer) risk assessment. Use the checklist below to see what should be on your risk assessment checklist: