Last month, by way of presidential executive order, the United States blocked all property and interests in property of the government of Venezuela that are in the United States, that come within the United States, or that come within the possession or control of the United States. Banks, financial services firms, companies and individuals, both in the U.S. and worldwide, especially those engaged in international business, need to understand the order’s significance and how to avoid costly violations.
Over the past two decades, the United States has found an increasingly effective foreign policy tool in the use of economic sanctions. The new executive order places the Venezuelan government among other heavily sanctioned regimes, including North Korea and Iran.
The order blocks all property of the Venezuelan government, its subdivisions and its agencies, including the Central Bank of Venezuela and the state-owned oil company Petróleos de Venezuela, S.A., known commonly as PDVSA, from entering, being withdrawn from, or even passing through the United States. This would include U.S. dollar transactions being conducted between individuals or entities located outside the United States but using the correspondent banking system.
The order also blocks the property and interests in property of any individual or entity determined to have materially assisted any “Specially Designated National.” As of the date of this writing, the Department of Treasury’s Office of Foreign Assets Control (OFAC) has designated more than 200 individuals or entities as “Specially Designated Nationals” under its Venezuela programs.
The costs associated with violations of U.S. sanctions are significant. Depending on the facts and on how the violations were committed, consequences may include a civil money penalty, forfeiture, corporate criminal liability, or individual criminal liability. U.S. banks, financial services firms, companies and individuals, as well as non-U.S. individuals and entities transacting business in U.S. dollars, need to understand the risks associated with sanctions violations and need to be aware of the steps they can take to protect themselves. Indeed, an investment in a sanctions compliance program will be minimal compared to the consequences of an otherwise avoidable violation.
Earlier this year, OFAC published “A Framework for OFAC Compliance Commitments,” outlining five components of an effective sanctions compliance program — management commitment, risk assessment, internal controls, testing and auditing, and training. The framework is not an off-the-shelf sanctions compliance program, just as what is written here is not legal advice. Rather, the framework is an outline for designing a program based on an organization’s unique risks.
1. Management commitment: Arguably, the most important part of any sanctions compliance program is management commitment and that commitment must be real.
Management commitment was exemplified by banks and companies engaged in international business following the imposition of Ukraine-related sanctions in 2014. After Russia’s annexation of Crimea, President Obama issued several executive orders blocking property of certain persons contributing to the situation in Ukraine and prohibiting certain transactions. The leadership of banks and companies, inside and outside Russia, became preoccupied, on a daily basis, not only with not violating the sanctions, but also with not engaging in conduct which could subject the bank or the company, or its principals, to being blocked as a “Specially Designated National.”
Management should review and approve the organization’s sanctions compliance program, ensure employees understand why it is important, assign a person or department ownership of the program, and ensure that person or department has the authority, independence and resources necessary.
2. Risk assessment: Because the program should be risk-based, an assessment will be necessary to identify those risks to which the organization is exposed. The framework recommends examining the organization’s products and services, customers, supply chain, intermediaries and counterparties, as well as their locations and the location of the organization itself. A risk assessment will be necessary to develop the program, and risk assessments should continue to be conducted, especially when new relationships are formed, such as during onboarding of new customers or vendors, or during mergers or acquisitions.
3. Internal controls: Based on its risk assessment, a company should set out, and enforce, written policies and procedures unique to its need to prevent conduct which could expose the company to legal, commercial, geopolitical and reputation harm for sanctions violations.
4. Auditing and testing: Policies and procedures should be independently audited and tested on a periodic basis. Deficiencies should be promptly remediated, and companies should confer with counsel and consultants on whether disclosures are required.
5. Training: Finally, a company should ensure that all its personnel receive adequate training on why sanctions compliance is important, and the responsibilities of each employee based on his or her role and location. Training should occur at least once per year and should convey to each employee that he or she will be held accountable.
A sanctions compliance program, if well-implemented, will help companies mitigate the risk of costly violations, and minimize the consequences for violations that do occur.
Jarrett Wolf, based in Miami and New York, is the president of Wolf Global, an advisory and consulting firm focused on corporate investigations, crisis management, risk mitigation and strategy, for U.S. and international clients and their counsel. He can be reached at firstname.lastname@example.org.
▪ This opinion piece was written for Business Monday of The Miami Herald. The views expressed are those of the writer and not necessarily those of the newspaper.