Check the OFAC list
Companies that check sanctions lists aren’t just fulfilling their legal obligations – they’re also avoiding risks to their business and safeguarding their public image. The longer-term aim is to combat terrorist activities worldwide. Aside from EU sanctions lists, European companies should also take note of US sanction lists. For many companies, including the OFAC list in their audit is rightly regarded as essential to ensure maximum safety and security.
What is a sanctions list?
A sanctions list is a publicly accessible directory of companies, organizations, or individuals upon whom economic and/or legal restrictions have been imposed. It is prohibited to do business with companies, organizations, or individuals under sanction. The purpose of sanctions lists is to combat international terrorism by depriving individuals, organizations and institutions associated with terrorist activity of funds and economic resources. Economic resources include services, goods, rental arrangements, and the transfer of property or technology. Counter-terrorism sanctions were intensified in the wake of the September 11 terror attacks. Companies, organizations, and individuals suspected of having links to terrorism have been subject to increased checks since this time.
What is the OFAC list?
The OFAC Sanctions List is released by the Office of Foreign Assets Control (OFAC). The OFAC is a supervisory authority of the United States Department of the Treasury, which administers and enforces economic trade sanctions against states, organizations and individuals. These sanctions are based on current US foreign policy and national security objectives. The OFAC list safeguards US foreign policy objectives while protecting international trade both within the US and abroad from terrorist acts and illegal trading in arms and drugs.
Sanctioned persons, companies, or organizations are described by OFAC as Specially Designated Nationals (SDNs) and included in the SDN list. The assets of SDNs are frozen and doing business with them is also prohibited. The current SDN list can be accessed via the OFAC website.
Perform due diligence:
Who is obliged to check sanctions lists?
Every company, regardless of its size or industry, is obliged to make reasonable efforts to prevent terrorism. In line with these due diligence obligations, every company must carry out checks on its business partners. This applies not just to new business relationships (onboarding due diligence), but also long-standing business relationships (ongoing due diligence). This must be logged accordingly.
Why do sanctions lists have to be checked?
A sanctions list check is required to perform business transactions in a legally compliant manner. Failure to carry out these checks may have legal consequences. If sanctions lists are ignored and sanctioned persons, companies, or organizations go on to receive financial or economic resources, this can lead to heavy fines or even imprisonment. The managers of a company are the primary subjects of such fines or sentencing in the event of a transgression. In some cases, the people responsible for exports within the company may be threatened with such a fine or sentence.
There are also economic and financial risks to your company in the event of non-compliance, meaning that that sanction list checks are also part of effective risk management. The extent of this risk can be demonstrated by the case of Deutsche Forfait AG. In February 2014, the company, and Ulrich Wippermann in particular (a member of the publicly listed company’s board of directors), was accused of having conducted oil transactions with the National Iranian Oil Company (NIOC) – a company already subject to sanctions. As a result, many customers considered it too risky to work with Deutsche Forfait AG, as there was a high risk of being added to the OFAC list themselves. The non-compliance with Iran sanctions led to an estimated financial loss of €150 to 200 million for the company, which is also why the company filed for insolvency in September 2015. Aside from non-compliance with the company’s legal obligations, the company’s public image will also be damaged by any violation.
Ensure compliance at all times: When do sanctions lists have to be checked?
Your company is obliged to check sanctions lists when entering into a new business relationship. However, it is also essential to review existing business relationships on an ongoing basis to ensure that no financial or economic resources end up in the hands of sanctioned persons.
How often do sanctions lists have to be checked?
The obligation to check does not include any indication of how often sanctions lists must be checked. Nevertheless, a general principle applies: In both economic and technical terms, reasonable effort must be made to prevent sanctioned companies, organizations, or individuals from obtaining financial or economic resources. This is why it is important that you check sanctions lists on an ongoing basis, as these are regularly expanded and updated. The ideal solution would be for sanctions lists checks to run automatically in the background of your ERP or CRM system. This ensures full checks are carried out to minimize your risks.
Regardless of whether you find something during the check, it is important to keep a record of your due diligence checks to show that you have fulfilled your due diligence obligations. It is also essential to keep a log of the checks performed and results generated for your records.
Which sanctions lists need to be checked?
According to EU regulations and the Foreign Trade and Payments Act, every company that is resident or economically active within the EU is obliged to check the European Common Foreign and Security Policy (CFSP) list. The CFSP lists individuals, organizations, and companies against whom the EU has imposed financial sanctions. This list combines all the lists of names associated with counter-terrorism directives as well as the country-specific embargo regulations. The CFSP is the most important sanctions list for companies based in or economically active within the EU. The current CFSP list is available online.
On top of this, companies based in the EU are also expected to observe US sanctions lists. The United States demands global compliance with its export control legislation, which is why you must check whether your company’s activities are subject to US jurisdiction. Where this is the case, you must include US sanctions lists in your checks – also to exclude negative economic consequences, since US sanctions are the most wide-reaching in economic terms. You can check whether your business activities fall under US jurisdiction by asking yourself the following four questions:
- Are you handling US products (either directly or indirectly)? For example, do you use US products in the manufacturing of your goods, or do you trade products originating from the United States?
- Are your products subject to US export control legislation?
- Does your company have a US-based subsidiary, or are you a US-based subsidiary of another company?
- Are US citizens responsible for your company’s exports?
How can sanctions lists be checked?
There are no legal stipulations regarding how you should check sanctions lists. As a company, however, you face the challenge of finding a means to check the various sanctions lists in a way that is both thorough and cost-effective, and without disrupting your day-to-day business. The high number off sanctions lists to be checked means that manual checks would be complex and time-consuming. It makes sense to find an automated solution to perform these compulsory checks.
BatchNameCheck offers the ability to batch check names against lists, allowing you to meet your due diligence obligations both when entering into new business relationships (onboarding due diligence) and on an ongoing basis (ongoing due diligence). BatchNameCheck automatically generates daily results reports for checks run against lists of people and companies you work with or intend to work with. This enables you to identify risky business partners and comply with national and international compliance legislation and guidelines. Automated checking of sanctions lists protects your company and minimizes compliance risks. When onboarding or ongoing due diligence screenings reveal individual negative hits, these can be examined more closely using the Nexis Diligence® online tool as part of your enhanced due diligence processes.
Rolling out a tool to verify business partners is a vital step towards meeting your legal obligation to check sanctions lists. But for true compliance, it is equally important to raise awareness of sanctions lists among all employees. OFAC itself underlines this aspect in its Framework for OFAC Compliance Commitments. This sets out five key components that OFAC believes every compliance program should meet.\
- Management commitment
Management must support a risk-based compliance program and exemplify correct behavior, setting the tone from the top. Appointing an OFAC sanctions officer is recommended.
- Risk analysis
Third-party inspections must be carried out at regular intervals. Customers, suppliers, products, services and geographical locations must all be assessed for potential risk.
- Internal compliance requirements and checks
Guidelines and checks set out appropriate procedures and minimize risks.
- Independent tests and audits
Regular audits should identify and remedy weaknesses in the program.
Training employees – and, where appropriate, customers and suppliers – ensures proper understanding of the risks of disregarding sanctions lists among all involved.
This article is provided solely for information purposes. LexisNexis makes no guarantees as to its completeness or accuracy.