The Importance of a Sanctions Compliance Program

A Review of the Top 5 Mitigating Measures Highlighted by OFAC in 2023

📅 January 11, 2024

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) in 2023 reached settlements with 17 companies, including well-known companies such as Microsoft, collecting more than $1.5 billion in penalties. Mitigating factors can help reduce the severity of penalties imposed by OFAC for sanctions violations and often involve significant remedial measures and enhancements to a company’s sanctions compliance program. The five most common mitigating factors of 2023, in order of prevalence, were:

The company had no penalty notices or Findings of Violation in the five years preceding the date of the earliest Apparent Violation;
The company cooperated with OFAC during its investigations of Apparent Violations;
The company undertook remedial measures;
The company improved its compliance measures and strengthened its compliance program;
The company voluntarily self-disclosed its Apparent Violations to OFAC.

Often, merely having a sanctions compliance program in place can spare companies significant penalties. For example, OFAC in May 2023 announced a settlement with online trading and settlement platform Poloniex, LLC, which agreed to pay nearly $7.6 million to settle its potential civil liability for tens of thousands of apparent violations of multiple sanctions programs. Poloniex did not have a sanctions compliance program when it first began operations in early 2014 and implemented one 16 months later without taking retroactive measures to ensure existing customers were not in violations of sanctions. OFAC determined that the lack of a sanctions compliance program for more than a year constituted an aggravating factor when it determined the company’s settlement amount.

OFAC considers various mitigating factors, and some mitigating factors have saved companies hundreds of thousands, if not millions, of dollars. In April 2023, Microsoft was given a nearly $3 million civil monetary penalty by OFAC due to Microsoft’s violations of multiple sanctions programs. OFAC determined that Microsoft had a robust sanctions compliance program in place at the time of the Apparent Violations, voluntarily self-disclosed the violations, and undertook significant remedial measures after a self-initiated lookback and comprehensive investigation into the causes of the violations. These mitigating factors decreased the penalty to less than one percent of the maximum penalty of over $400 million.

Mitigating factors played an even greater role in less severe penalties in 2023. OFAC in November 2023 issued a $206,213 penalty to financial services and payments firm DaVinci Payments for violating multiple sanctions programs. Mitigating factors decreased the fine from a maximum penalty of nearly $4.4 billion.

DaVinci Payments:

Had not been issued a penalty notice or Finding of Violation in the five years preceding the earliest transaction leading to the Apparent Violations;
Cooperated with OFAC during its investigation;
Undertook significant remedial measures;

DaVinci Payments also voluntarily self-disclosed its Apparent Violations.

Although Binance, the world’s largest cryptocurrency exchange, was fined a record $968 million for egregious conduct that was not voluntarily self-disclosed, Binance undertook significant remedial measures and provided substantial cooperation to OFAC to reduce its maximum $592 billion statutory penalty, including agreeing to certain compliance commitments.

The mitigating factors highlighted in 2023 demonstrate a commitment to compliance with U.S. sanctions laws. OFAC encourages all businesses that operate within the United States and/or with U.S. persons or entities to employ and maintain a sanctions compliance program. According to OFAC’s Guidance, a sanctions compliance program should maintain five key elements:

Management commitment;
Risk assessment;
Internal controls;
Testing and auditing;
And training.

OFAC will review a company’s sanctions compliance program when investigating apparent violations, and although there is no legal requirement for a company to have a formal compliance program, OFAC will favorably consider the existence of an effective and updated sanctions compliance program when determining possible penalties.

Organizations should take a risk-based approach when developing and implementing a sanctions compliance program, ensuring that it is tailored to the risk presented by the organization’s operations. A current and accurate risk assessment can help identify potential vulnerabilities, which will allow the organization to tailor its compliance program accordingly. Risk assessments should occur with frequency that properly accounts for significant developments and regulatory changes and should be used to develop and revise an organization’s sanctions compliance program, including its internal controls and scope, as well as employee training.

For more information on implementing an effective sanctions compliance program, visit the DOLFIN Library.

Recommended Blogs

The Convergence of Sanctions & AML

July 24, 2024

The convergence of sanctions and anti-money laundering efforts has significantly accelerated since Russia’s full-scale invasion of Ukraine in February 2022. FINTRAC in June 2024 released a special bulletin focusing on financial activity associated with suspected sanctions evasion. The report highlighted shared methodologies and insights to help compliance teams collaborate on best practices.

Targeting Russia’s IT Dependencies

July 16, 2024

Delve into the recent determination issued by OFAC, which imposes significant additional restrictions on the provision to Russia of IT consultancy and design services as well as IT support and cloud-based services of enterprise management and design and manufacturing software. Multinational tech corporations, financial institutions, and other companies still operating in Russia will likely require licenses to continue operating there.

Crypto Under the Microscope

July 11, 2024

In the fast-evolving digital assets market, compliance is not just a regulatory requirement—it's a strategic imperative. From Binance's multi-billion-dollar settlement to the dramatic collapse of FTX, recent enforcement actions have sent shockwaves through the industry, underscoring the critical need for a robust compliance system.

OFAC’s Compliance Guidance in Action

June 18, 2024

The Treasury Department’s Office of Foreign Assets Control (OFAC) five years ago published its Framework for OFAC Compliance Commitments. This guidance remains the most comprehensive articulation of OFAC’s compliance expectations to date. Although it notably stopped short of mandating a sanctions compliance program (SCP), recent enforcement actions demonstrate the implications of not having an SCP in place.

Types of Sanctions – A Vast and Varying Landscape

June 4, 2024

In the United States, most sanctions programs combine multiple types of designations that vary across multiple dimensions. U.S. designations are constantly changing, and more individuals, entities, vessels, and aircraft are being added to OFAC’s sanctions list. Explore the five primary types of sanctions in our latest article.

Russian Use of Crypto for Sanctions Evasion on the Rise

May 21, 2024

Experts agree there isn't enough liquidity in the virtual assets space to enable largescale sanctions evasion by Moscow, but sanctioned individuals and entities have used virtual currencies—most notably Tether—to access the global financial system and pay for restricted goods and technologies. Explore recent designations, how cryptocurrencies and other virtual assets are being leveraged to facilitate evasion as well as risk mitigation strategies for financial institutions in our latest article.

Fake News vs. Real News – The Importance of Media in Due Diligence

May 6, 2024

We exist in an age when mass media outlets are criticized for bias and manipulation, and when foreign disinformation efforts further erode trust in traditional journalism. Confidence in media reports not just as a compliance tool, but also as reliable news sources is likely at near record lows as well. However, adverse media reports are a critical compliance tool that can serve as a springboard for more extensive due diligence research and can help identify potential indicators of sanctions evasion and other financial crimes.

Counterproliferation Finance Detection and Deterrence – What Can Financial Institutions Do?

April 23, 2024

The U.S. Treasury recently identified proliferation networks operating on behalf of Russia, North Korea, China, Iran, Syria, and Pakistan as threats to U.S. national security. These networks exploited the U.S. financial system to finance the proliferation of weapons of mass destruction (WMD), including financing to procure WMD components and raising revenues to support efforts by these state actors to advance their WMD activities.

2024 National Proliferation Financing Risk Assessment

April 19, 2024

The U.S. Department of the Treasury published the 2024 National Proliferation Financing Risk Assessment in February 2024 providing an in-depth analysis of the threats and vulnerabilities related to proliferation financing (PF) and highlighting key countries and non-state actors working to gain access to weapons of mass destruction (WMDs) and their components and to conventional restricted weapons and technologies.