A U.S. company has been fined $1.4 million for more than 2,000 apparent sanctions violations largely caused by deficiencies in its compliance program, according to an announcement from the Office of Foreign Assets Control.
Over a five-year period the company processed 2,260 transactions for parties in sanctioned jurisdictions and regions and 19 for persons on OFAC’s list of specially designated nationals and blocked persons. The company’s policies and procedures specified that transactions involving such parties were prohibited, but the testing and auditing conducted to verify that these policies and procedures were being implemented failed to identify the deficiencies that led to the apparent violations. According to OFAC, these included (1) weak algorithms that allowed close matches to SDN list entries not to be flagged by its filter, (2) failure to screen for business identifier codes even when SDN list entries contained them, (3) during backlog periods, allowing flagged and pended payments to be automatically released without review, and (4) lack of focus on sanctioned locations, especially Crimea, because it was not monitoring IP addresses or flagging addresses in sanctioned locations.
The statutory maximum civil monetary penalty in this case is $666.1 million and the base penalty amount is $3.9 million. OFAC said aggravating factors included the company’s failure to exercise “a minimal degree of caution or care for its sanctions compliance obligations” and the fact that its customers’ billing, shipping, and IP addresses gave the company reason to know they were located in sanctioned areas. However, mitigating factors included the company’s quick action to self-disclose some of the apparent violations and the remedial measures it took, such as hiring new compliance positions focused specifically on testing, enhancing screening software, and enabling the screening of names, shipping and billing addresses, and IPR information associated with account holders.
OFAC states that this case highlights companies’ responsibility to ensure they do not engage in prohibited transactions and the importance of developing a tailored, risk-based sanctions compliance program. While individual programs will vary, each should be predicated on and incorporate at least these five components: management commitment, risk assessment, internal controls, testing and auditing, and training.
For more information on effective sanctions compliance programs, please contact attorney Kristine Pirnia via email.
Copyright © 2021 Sandler, Travis & Rosenberg, P.A.; WorldTrade Interactive, Inc. All rights reserved.