[author: Michael Volkov]

In the summer of 2022, Deputy Attorney General Lisa Monaco – a veteran prosecutor and currently number two at the helm of the U.S. Department of Justice (DOJ) – began to describe the enforcement of sanctions regulations as the “new FCPA”. This sentiment is a not-so-subtle allusion to the DOJ’s relentless commitment over the past decade to ramp up enforcement of cases implicating the U.S. Foreign Corrupt Practices Act (FCPA).

While Monaco’s remarks seemed to generate additional angst among legal and compliance professionals, the DOJ’s commitment to sanctions enforcement is a logical extension of the federal government’s effort to use economic sanctions and trade controls as a means of depriving adversaries – particularly the regime of Vladmir Putin – of capital and resources needed to wage offensive operations.

The development of sanctions enforcement as the “new FCPA” has its roots firmly fixated in the decision by the Biden Administration to incrementally increase pressure applied on the Putin regime to cease and desist from participating in offensive military actions against the sovereign nation of Ukraine. Beginning in the spring of 2022, and continuing exponentially thereafter, the Biden Administration sanctioned a proverbial cornucopia of entities and individuals heavily associated with the ongoing Ukraine incursion.

In 2023, this trend continued, with the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) designating even more individuals and entities on its ubiquitous Specially Designated Nationals and Blocked Persons (SDN) List. Those on the recently expanded SDN List are primarily Russian oligarchs with close Putin affiliations and entities providing financial material support for the war effort.

To date, the inclusion of a massive number of Russian Federation parties on the SDN List substantially degraded the ability of individuals and organizations to profit from the war effort.

While foreign countries are not legally obliged to observe OFAC’s SDN determinations, the sheer influence of the United States as a major international power, combined with the implicit threat of secondary sanctions, often compel international organizations to observe prohibitions that would otherwise bind U.S. persons only.

Emphasis on automated sanctions screening

The advent of sanctions enforcement as the “new FCPA” requires organizations to adopt novel approaches to the management of sanctions risk overall. This is especially true in the area of third-party risk management (TPRM), which must now elevate sanctions risks as among the most important to be identified and remediated – especially for organizations operating at international scale.

Given the frequency with which organizations partner with third parties for a host of services and goods, it is imperative the company identify its highest risk areas from a geographic perspective. It must then ensure both an initial sanctions screening and daily rescreening are configured to provide the organization with actionable information. This information is needed to either evaluate the risk of entering into a prospective agreement with a new third party – or conversely, terminating an existing agreement with parties appearing on various international sanctions and watchlists.

While these processes may have been configured to operate manually in the past, an abrupt end to the days of lax enforcement now requires organizations to adopt automated solutions that can be used at scale to identify third parties posing a higher overall risk to the company. This includes, but is not limited to, NAVEX’s own RiskRate system, which cross-references a host of international sanctions and watch lists to identify a third party currently subject to sanctions. These systems have the added benefit of rescreening each of the organization’s third parties daily – ensuring recent additions to OFAC’s SDN List, for instance, are completely captured.

This is critical given OFAC’s relatively recent enforcement action against a small bank that failed to implement processes allowing existing customers to be screened against sanctions lists. According to a Finding of Violation released by OFAC, although the financial institution in question regularly screened new account holders, its review period of 30 days for existing customers was insufficient to satisfy its screening obligations. As a consequence, the bank in question processed a total of 34 payments for two individuals who were designated on OFAC’s SDN List.

The critical takeaway here is that organizations still reliant on manual processes – including spreadsheet updates and ad hoc screening – are virtually guaranteed to run afoul of OFAC’s sanctions regulations when engaged in activity abroad.

Even companies with a continuous screening solution should work proactively with their chosen vendor to ensure OFAC’s requirements – and the lessons of the recent OFAC enforcement action – are vigorously observed.

Expansion of screening responsibilities to ESG and due diligence

While the observance of sanctions regulations is certainly among the most important obligations of a company, 2023 saw a precipitous rise in activities that expanded sanctions screening to encompass a host of other issues outside of the sanctions space.

This includes, most prominently, a growing focus on environmental, social and governance (ESG) concerns like human trafficking and forced labor; egregious practices that some nations – including the People’s Republic of China (PRC) – exploit with impunity by enslaving ethnic minorities and political dissidents to work in squalid conditions for little or no pay. The issue of forced labor and human trafficking was brought into clearer focus when, on January 1, 2023, Germany’s Supply Chain Act (“_Lieferkettensorgfaltspflichtengesetz_” or “LkSG”) entered into force.

Among other things, the LkSG requires companies conducting business in Germany to identify, prevent or minimize the risks of human rights violations and damage to the environment with respect to both direct and indirect business partners. While the requirements for dealing with direct suppliers is more stringent – owing to the ability of the contracting party to use financial leverage as an incentive to encourage compliance with the LkSG’s goal of minimizing negative social and environmental impacts – the extension of certain requirements to an organization’s indirect suppliers is equally challenging.

According to that portion of the LkSG, even indirect suppliers must be reviewed by a company for adverse human rights or environmental impacts when that company has substantiated knowledge the indirect supplier may be perpetuating abuses like those mentioned above. The adoption of the LkSG is a clear signal of a new era with respect to TPRM practices. While it may have been sufficient for organizations to only screen for sanctions risk in the past, the evolving legal and regulatory frameworks around ESG concerns makes it imperative for organizations to move beyond basic screening to due diligence, where required.

But superficial scrutiny of an organization from an ESG perspective is becoming increasingly unwise, as legislators and regulators require a more robust assessment of ESG risks in concert with an organization’s due diligence process. In the past, information elicited from a due diligence questionnaire was primarily focused on anti-bribery and corruption, as well as sanctions issues for companies having dealings with governments abroad. Organizations must now revamp those questionnaires to include more targeted questions about the counterparty’s ESG practices, specifically in relation to human trafficking, modern slavery, forced labor and environmental degradation.

Since there is no commonly accepted definition of ESG concerns, let alone a centralized database of a company’s ESG reputation, it is incumbent on the organization to do their level best to substantiate the information furnished by the supplier using a variety of both proprietary and public sources. With respect to contractual assurances, for companies known to operate in areas with poor human rights records, it is particularly important to insist the company’s policies (not the counterparty’s) will control in any definitive agreement ultimately reached. Those policies, in turn, should be detailed enough to leave no doubt in the supplier’s mind as to the company’s steadfast commitment to ethical and legal business practices.

Prediction

In a highly volatile geopolitical climate, it is virtually impossible to make predictions about the importance of certain compliance topics over others with any degree of certainty. Nonetheless, the trends from 2023 related to the growing prominence of sanctions concerns and the associated expansion of traditional ESG factors are likely to continue unabated.

While many nations have stopped short of a complete embargo of the Russian Federation – opting instead to employ the diplomatic weapons of economic sanctions and stricter trade controls – it is virtually certain the current number of sanctioned Russian parties will increase until the war in Ukraine is over. OFAC’s recent actions also highlight the possibility that entities or individuals located outside of Russia may also be subject to sanctions, to the extent they contribute in any substantial way to Putin’s war effort.

In short, we can confidently predict OFAC and its foreign counterparts will have no shortage of work in maintaining and adding to the existing sanctions list. With respect to ESG concerns, we anticipate the realm of activities that historically constituted ESG concerns will only continue to grow, as consumers drive the demand for details about a company’s operations and its effect on the community at large.

Download now!

View original article at Risk & Compliance Matters