Economic Sanctions Risk Assessments

One of the OFAC compliance products we provide for our clients is a sanctions risk assessment of different markets and regions in the context of a client’s industry. Many times, when clients are involved in international business for the first time, or even when they have been doing so for a while in small volume, they may not be aware of the sanctions risk associated with international business.

Often, clients may be involved in international business but they are not handling transactions in the markets where there is a high sanctions risk. As they begin to enter those markets, they reach out to our firm to help them understand the applicability of the sanctions to their industry, their business model, and the market in which they are interested. We provide this service, which is called a Risk Assessment.

The Risks of Strict Liability

Sanctions violations in the United States are strict liability offenses. A strict liability offense means that it does not matter whether you had intent to violate the sanctions and it does not matter whether you were aware of the rules of the sanctions.

As long as a transgression occurred, even if it was a freak accident that does not reflect on your compliance program, the company can be liable. That is different from the vast majority of other types of violations under federal law or even state law. For this reason, it is very important to have an assessment of your exposure to sanctions liability.

Examining the Risk of Exposure to Sanctions Liability in a Global Economy

Risk assessments examine the various sanctions regimes that may apply to the type of business in which a client is involved. This is important because sanctions programs can be very broad or very specific, and they apply differently to different types of industries.

There are certain sanctions regulations that apply to financial transactions, others that apply to imports and exports of goods, and there are certain types of goods which fall under certain exceptions. For instance, a client who is involved in publishing activities may have a very different analysis than a client involved in the export of auto parts or widgets.

For that reason, we take a close look at the client’s company to understand their business. We do this through a number of steps. When we begin a risk assessment, we speak with the client to get a brief understanding of the type of the business in which they are involved. We then draft a Request for Information (RFI) that contains a number of questions and request for documents. We need this information to better understand the client’s business, the type of transactions they engage in, the location of their operation centers, and the type of partners they work with—all so the risk assessment can accurately identify any risks to that client.

We examine all of the sanctions regimes, including country-based sanctions and law enforcement-focused sanctions programs (i.e., “smart sanctions”) such as the Kingpin Act, terrorism related statutes, and regulations against the proliferation of weapons of mass destruction. Our Risk Assessments explain the different tiers of risk involved and provide recommendations for the types of client business that is permitted under those regulations and those that are prohibited.

There is also a different aspect to risk assessments. Even if a country is not subject to a geographic- or regime-based blanket embargo, it is possible that there are powerful individuals who own large portions of the market and are subject to sanctions.

The Fifty Percent Rule and How It Impacts Risk Management

A sanctions violation can occur even if the person you are transacting with is not on the sanctions list and is not explicitly designated, so long as they are an entity that is owned or controlled by 50 percent or more by someone who is on the SDN list. Moreover, these “50 percent rule” violations are subject to that exact same strict liability standard.

That is to say, if a U.S. company is transacting with an entity controlled by a majority of directors or through management by an SDN person, then that company may be exposed to a strict liability violation. Similarly, it is a violation for a U.S. company to transact with an individual who is an agent of SDN persons.

For this reason, companies should conduct the necessary due diligence on all parties involved. In many ways, a smart compliance program can deal with sanctions regulations, help protect companies, and mitigate the risks. At the same time, it is also important to remember that the Office of Foreign Assets Control (OFAC) expects companies to understand the sanctions regulations and adopt compliance programs that meet the obligations of the sanctions regulations. This is another consideration that goes into our risk assessments.

Risk Profiles for Specific Parties and Markets

Other times, clients may ask us to do a risk assessment that is more specific. Perhaps it focuses on a very particular market, on a particular region, or on a particular set of actors. We provide this service as well. It is similar to a risk assessment and we call it a Risk Profile.

A risk profile involves a more in-depth analysis of the market, such as:

• The share of the market controlled by individuals who are sanctioned,
• Whether the US company is allowed to use financial institutions in the area, or whether payment must be structured in a certain way,
• The type of information companies must retain on anyone they may be doing business with so that they can properly screen parties through sanctions counsel or their own internal compliance program to protect themselves from sanctions liability.

A risk profile is designed to help U.S. and foreign companies make informed decisions about prospective business opportunities.