The Importance of a Sanctions Compliance Program
A Review of the Top 5 Mitigating Measures Highlighted by OFAC in 2023
📅 January 11, 2024
The U.S. Treasury’s Office of Foreign Assets Control (OFAC) in 2023 reached settlements with 17 companies, including well-known companies such as Microsoft, collecting more than $1.5 billion in penalties. Mitigating factors can help reduce the severity of penalties imposed by OFAC for sanctions violations and often involve significant remedial measures and enhancements to a company’s sanctions compliance program. The five most common mitigating factors of 2023, in order of prevalence, were:
Often, merely having a sanctions compliance program in place can spare companies significant penalties. For example, OFAC in May 2023 announced a settlement with online trading and settlement platform Poloniex, LLC, which agreed to pay nearly $7.6 million to settle its potential civil liability for tens of thousands of apparent violations of multiple sanctions programs. Poloniex did not have a sanctions compliance program when it first began operations in early 2014 and implemented one 16 months later without taking retroactive measures to ensure existing customers were not in violations of sanctions. OFAC determined that the lack of a sanctions compliance program for more than a year constituted an aggravating factor when it determined the company’s settlement amount.
OFAC considers various mitigating factors, and some mitigating factors have saved companies hundreds of thousands, if not millions, of dollars. In April 2023, Microsoft was given a nearly $3 million civil monetary penalty by OFAC due to Microsoft’s violations of multiple sanctions programs. OFAC determined that Microsoft had a robust sanctions compliance program in place at the time of the Apparent Violations, voluntarily self-disclosed the violations, and undertook significant remedial measures after a self-initiated lookback and comprehensive investigation into the causes of the violations. These mitigating factors decreased the penalty to less than one percent of the maximum penalty of over $400 million.
Mitigating factors played an even greater role in less severe penalties in 2023. OFAC in November 2023 issued a $206,213 penalty to financial services and payments firm DaVinci Payments for violating multiple sanctions programs. Mitigating factors decreased the fine from a maximum penalty of nearly $4.4 billion.
DaVinci Payments:
DaVinci Payments also voluntarily self-disclosed its Apparent Violations.
Although Binance, the world’s largest cryptocurrency exchange, was fined a record $968 million for egregious conduct that was not voluntarily self-disclosed, Binance undertook significant remedial measures and provided substantial cooperation to OFAC to reduce its maximum $592 billion statutory penalty, including agreeing to certain compliance commitments.
The mitigating factors highlighted in 2023 demonstrate a commitment to compliance with U.S. sanctions laws. OFAC encourages all businesses that operate within the United States and/or with U.S. persons or entities to employ and maintain a sanctions compliance program. According to OFAC’s Guidance, a sanctions compliance program should maintain five key elements:
OFAC will review a company’s sanctions compliance program when investigating apparent violations, and although there is no legal requirement for a company to have a formal compliance program, OFAC will favorably consider the existence of an effective and updated sanctions compliance program when determining possible penalties.
Organizations should take a risk-based approach when developing and implementing a sanctions compliance program, ensuring that it is tailored to the risk presented by the organization’s operations. A current and accurate risk assessment can help identify potential vulnerabilities, which will allow the organization to tailor its compliance program accordingly. Risk assessments should occur with frequency that properly accounts for significant developments and regulatory changes and should be used to develop and revise an organization’s sanctions compliance program, including its internal controls and scope, as well as employee training.
For more information on implementing an effective sanctions compliance program, visit the DOLFIN Library.