November 12, 2024 • 20 mins
Welcome back to episode two! Here we discuss recent enforcement actions by OFAC and other major regulators, and what lessons compliance departments can learn from these. We also touch on insights from the recent ACSS Sanctions and Export Controls Conference in Washington D.C., and discuss possible outcomes for the sanctions landscape depending on the outcome of the U.S. election. Once again we are joined by special guests Saskia Rietbroek, Executive Director of the Association of Certified Sanctions Specialists, and Vincent Gaudel, Compliance Expert at LexisNexis Risk Solutions.
Learn more:
DISCLAIMER: The information provided in this podcast is for informational purposes only and is not intended to and shall not be used as legal advice. The views and opinions expressed in this podcast are solely those of the speakers and do not necessarily reflect the views or positions of LexisNexis Risk Solutions. LexisNexis Risk Solutions does not warrant that the information provided in this podcast is accurate or error-free.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Julia Thorn (00:12):
Welcome back to the RegTechPos podcast, where
industry experts are discussingthe latest trends in financial
crime compliance.
I'm your host, julia Thorne,and this is the second in our
two-part series around sanctions.
In today's episode, we're goingto be discussing some key OFAC
enforcements, new enforcementmechanisms, other regulator
activities and some of the keytakeaways from the recent ACSS
(00:35):
annual conference on sanctionsand export controls in
Washington DC.
We're also going to be lookingat what compliance professionals
can learn from enforcementactions and how they can use
these as lessons to improvetheir compliance responses.
Once again, I'm joined bySaskia Reitbrook, executive
Director of the Association ofCertified Sanction Specialists,
and Vincent Gordel, complianceExpert at LexisNexis Risk
(00:56):
Solutions.
Welcome back, both of you,thank you.
Vincent Gaudel (01:00):
Thank you.
Julia Thorn (01:01):
Okay, so let's jump straight in.
Vincent, we recently releasedan e-book around OFAC
enforcement.
So if you want to just diveinto some of those enforcement
actions that we've seen, some ofthe settlements, a little bit
of the focus area and what maybewe can expect to see from OFAC
in the future, Sure.
Vincent Gaudel (01:20):
Thanks, julia.
Ofac enforcement are alwaysapplications that are
scrutinized by the industry.
They are very important and animportant factor why OFAC
sanctions are really takenseriously, and what we have seen
recently in 2023 was really alandmark year for OFAC
enforcement, as we have shown inthe recent infographic that we
(01:40):
published.
2023 set a new yearly recordfor OFAC enforcement actions,
with a combined amount ofsettlement that exceeded 1.5
billion dollars.
So in aggregate, it was amilestone year, but we also saw
some landmark actions related todifferent types of companies.
We have seen the largestsettlement issued against
(02:02):
virtual currency firms close to1billion for the OFAC share of
these.
It was a combined penaltyacross several US regulatory
agencies, but for thesanctions-related breaches and
for OFAC's share of this action,it was already close to $1
billion.
And we also see an interestingnew record being broken last
(02:23):
year, and that was the fineissued against a corporate not a
financial institution, not avirtual currency firm, but
really a corporate whichreceives an enforcement of 508
million US dollars.
So the message is really clearwhen you look at the types of
companies that have been finedby OFAC recently is that there
(02:44):
is no sector that is immune fromthe risk of receiving an
enforcement action by OFAC.
We have seen various types ofsectors receiving enforcement,
so it's really a matter for allentities and all sectors to
closely consider.
Julia Thorn (02:59):
And Saskia.
Maybe when we talk, we'vetalked about these enforcement
actions.
What are some of the lessonsthat can be learned, I guess, in
terms of where people, whereorganizations, corporates,
financial institutions have gonewrong, so where OFAC has come
down on them.
What are some of the lessonsthat can be learned from those
settlements?
Saskia Rietbroek (03:15):
Yeah, let's talk through a couple of cases
that I think have someinteresting lessons for other
companies in the field.
Interesting lessons for othercompanies in the field.
There was one case last year ofa Eastern European bank that
got a settlement of 3.4 milliondollars from OFAC.
They had a client in themaritime shipping industry and
(03:39):
then that client owned threeso-called special purpose
vehicles that each had a bankaccount on their e-banking
platform and they wereconducting these clients were
conducting transactions from alocation in Crimea.
Ofac considers that you shouldbe monitoring for IP addresses
(04:00):
that are in sanctionedjurisdictions and this bank.
They processed several paymentsfor these customers in Crimea
in US dollar payments and OFACconsiders that it has
jurisdiction.
The US considers they do havejurisdictions as soon as you
start using the US dollarpayment.
So they imposed this, yeah,settled this case with this bank
(04:23):
for a pretty hefty amount ofmore than $3 million.
So I think the lesson here isthat you should be integrating
IP data into your sanctionscreening process.
Another case that I would liketo mention is a case involving a
US bank and this US bank.
(04:45):
They settled with OFAC for $7million and one of the
subsidiaries of this bank, whichwas actually not a bank, it was
a technology company.
They did business withcompanies that were owned by a
spare bank and VTB bank.
Those are Russian banks thatare covered by the sectoral
(05:06):
sanctions, and the sectoralsanctions also are covered by
the 50% rule.
So that means that subsidiariesof banks that are sanctioned
under the sectoral restrictionsare also you cannot do business
with them either.
And this technology companyaccepted payments, they issued
(05:26):
invoices, so they weren'tdealing in like the typical debt
right Securities, but they justissued invoices to these
subsidiaries of these sanctionedbanks for a communications
network that they sold to them.
And when an invoice is morethan 90 days, if you give your
client more than 90 days to payit, it becomes like issuing a
(05:48):
debt.
So it is, yeah, quite technicaland you wouldn't expect
sanctions to go that far.
But in this case, yeah, thatgot them into trouble and it was
a hefty penalty there.
And then one more case, goingback to Vincent's point, that is
not just financial institutionsthat can feel the wrath of OFAC
.
Very recently, only a couple ofweeks ago, in October of 2024,
(06:13):
a Vietnamese alcohol company hadto pay an $860,000 penalty
because of apparent violationsof the North Korea program, and
in this case, they were sellingalcohol to North Korean
companies, not directly, again,they were using a US dollar
payment.
They had no presence whatsoeverin the United States, but they
(06:34):
were using the US dollar intheir payments that they
accepted from these North Koreancompanies, and they weren't
direct payments, right, youwould think.
Well, everybody knows thatNorth Korea is sanctioned.
These payments were made byTurkish companies, hong Kong
companies, on behalf of theseNorth Korean entities.
So again, you're supposed to bedoing your due diligence on
(06:56):
companies that may have somesort of link to these North
Korean entities that are, ofcourse, sanctioned.
Vincent Gaudel (07:03):
North Korean entities that are, of course,
sanctioned.
To continue on some of thepoints that Saskia was making on
the need to take into accountIP addresses, I think it's a
really important area that hasbeen flagged in several I think
close to a dozen OFACenforcement in the last three to
four years.
Like really to leverage anydata point that you hold that
could be indicative of alocation, leverage that into
(07:25):
your sanctions compliancecontrol.
So what we have seen the mostoften referred to are IP
addresses, but OFAC also notedsome email addresses that are
the indication ofcomprehensively sanctioned
country website addresses, etc.
What we see in the enforcementaction is a clear focus from
OFAC to enforce thecomprehensively sanctioned
(07:46):
programs.
There are a handful ofcountries or territories that
are subject to comprehensivesanctions.
There is a clear focus onenforcing violations against
those programs.
And a quick note as well, wecontinue to see some enforcement
action that highlights prettysignificant breaches that are
related to inadequate screeningcontrols.
(08:06):
We continue to see companiesthat don't have the right tools
to do name matching, thatimplement excessively strict
screening tools and that are notable to raise hits on partial
correspondence that closecorrespondences.
The tools implemented need anexact match to raise a hit, and
(08:28):
OFAC has made it clear that thisis not acceptable and we also
continue to see severalsituations where the companies
don't leverage all informationthey have about their third
parties for their scanningcontrols.
They miss some hits becausethey don't leverage all
information they have.
So it's really important totake a close look at the type of
(08:50):
information that you have andthat could make sense for
screening purposes.
Julia Thorn (08:52):
So we've talked about location.
We've talked about sort of theongoing monitoring piece.
Are there any other areas inparticular which regulators are
focusing on?
We've heard a little bit aroundexport controls and trade
compliance.
We've talked about um.
I know we've heard the termaround um, micro embargoes and
addresses.
Would you be able to expand alittle bit on that, saskia?
Saskia Rietbroek (09:12):
Yeah, no, absolutely so.
One of the things that is newhere as well is that they're not
just names on the differentlists, but right now BIS, which
is sort of the sister agencyright of OFAC it's part of
Department of Commerce they havestarted to list companies'
addresses on their list.
So you shouldn't just bemonitoring for names, but also
(09:36):
addresses is something that canbe on the list.
Julia Thorn (09:39):
And we focus very much on OFAC and, vincent, maybe
I can bring this back to youBeyond OFAC, obviously, they
have the big global reach andthey're always the ones that we
tend to focus on first.
What are some of the activitiesthat we're seeing from other
regulators, or are there otherregulators that are taking that
extraterritorial approach likeOFAC has taken in the past?
Vincent Gaudel (09:58):
Yeah, indeed.
So exactly how Saskia wasmentioning about the BIS being
the sister company of OFAC, Ithink it's interesting to see
the expanding reach of exportcontrol measures and trade
sanctions all of thoseregulations that are enforced by
the BIS.
Interestingly, until now theBIS has only issued enforcement
(10:19):
action against exporters orcorporates.
We have never seen a financialinstitution receiving an
enforcement action from the BIS,but this might actually change
because we have seen the BISrecently issuing what could be
understood as a warning to thefinancial sector by clarifying
all the expectations onfinancial institutions to comply
(10:40):
with the Export AdministrationRegulations, the EAR.
So it should be expected thatmore enforcement will come from
the BIS and potentiallyenforcement action against
financial institutions.
But outside of the US, we alsosee other jurisdictions scaling
up their sanctions enforcementmechanisms, the prime example
(11:04):
for that being the UK.
I think it was earlier thismonth, in October 2024, they
established the Office for TradeSanctions Implementation, the
OTC, which complements the OFCfor the financial sanctions
implementation.
It had been announced a whileback, but now the OTC is
(11:24):
established and that's anotherindication that more enforcement
capacity is granted in the UKand we should expect more
enforcement actions to come fromthe UK bodies as well, and
lastly, on the European side ofthings, we have seen
groundbreaking regulatorychanges, but more on the IML
side of things, with the IMLpackage coming into life in the
(11:48):
summer, and among this IMLpackage we now have an EU-wide
IML supervisor, the.
AMLA which will be operatingfrom Frankfurt, and there are
possibilities for AMLA to havesome enforcement
responsibilities in some areas,because now we have in European
regulations we have seen somerequirements related to
(12:10):
sanctions being merged into theAML text.
There is now a clearrequirement on AML-obliged
entities to set up policies,procedures and controls in
relation to sanctions.
So there is a possibility thatas part of the supervisory
function the AMLA could enforceagainst entities that did not
(12:30):
implement the right set ofpolicies and controls.
Policies and controls.
Saskia Rietbroek (12:34):
And if I can add a little bit about the
extraterritoriality.
You know, traditionally it wasmainly the US right that always
had the extraterritorial reachwith their sanctions.
I think there's been aninteresting development as well
in Europe in that respect.
Traditionally the EU sanctionsdon't, and still don't, apply to
(12:55):
foreign persons that areoperating outside the EU, but
since this summer EU operatorsor businesses are obliged
legally to give their bestefforts to ensure that their
foreign subsidiaries outside theEU act in a manner that is
aligned with the goals of theEuropean sanctions.
(13:17):
So there's been a lot of talkabout that, how that will be
enforced, etc.
But I think it is a major shiftin the reach of European
sanctions outside Europe.
Julia Thorn (13:32):
So not necessarily getting any easier for companies
in the coming years.
Saskia, maybe just a couple offinal points from you.
I know that you came back, lastweek I think, from the ACSS
Sanctions and Export ControlsConference in Washington DC.
I wondered if you wanted toshare some of the insights that
you had, some of the highlightsfrom that conference, with
(13:52):
listeners.
Saskia Rietbroek (13:53):
Yeah, no, absolutely.
With listeners.
Yeah, no, absolutely.
The ACSS conference inWashington DC was last week, on
October 23 and 24.
And it was a very gooddiscussion, very high-level
discussion, because we hadseveral regulators as speakers
there, high-level officials fromdifferent agencies, including
BIS, ofac, department of State,and I think one of the takeaways
(14:18):
from the conference was thatBIS is broadening the circle.
Like Vincent mentioned, they'vebeen focused a lot in all their
enforcement actions so far onthe industry, the global
exporters, the exporters, butright now, with the recent
guidance that came out from BISto financial institutions on
(14:40):
best practices for compliancewith the EAR, it looks like
they're bringing in thefinancial sector on topics
related to export controls tothe EAR.
This recent guidance reallyputs things on paper.
It brought a lot of clarity forthe financial institutions, but
they're still scratching theirheads right how to comply with
(15:02):
this.
And I mean, if you want to, ifsomeone in compliance in a bank,
you typically didn't deal withthe export controls, but there's
now this message saying thatfinancial institutions should be
doing more to detect controlledgoods, to detect evasion
related to controlled goods.
So this broadening of thecircle means that sanctions
(15:25):
compliance officers can nolonger say well, you know export
and controls is more of myclient's problem.
It is a problem that the bankitself needs to worry about.
Julia Thorn (15:36):
Thanks, saskia Vincent.
I wondered if we could maybeclose with you, and I know that
I haven't prepared you for this,but is there any kind of
closing thought that you wantedto share, based on the data that
we've seen from OFAC in 2023,some of the regulations that
we've seen in 2024 and thesanctions activity that we've
seen so far, any kind of advice,I guess, for compliance
professionals based on whatwe've been seeing, how they can
(15:59):
maybe prepare for the future?
Vincent Gaudel (16:01):
I guess the takeaway is that you should
really pay close attention tothe adequacy and effectiveness
of your compliance programs.
Actually, ofac is consistentlyreferencing a document that they
issued back in 2019, which iscalled the Framework for
Compliance Commitments, and thatdocument should really be taken
as the blueprint at a highlevel for what a compliance
(16:25):
program should look like.
There are five key componentsto this framework.
The first one is the managementcommitment, the tone from the
top.
There must be a clearcommitment by the senior
management on sanctionscompliance.
The second one and I thinksomething that we must emphasize
, especially considering thecomplexity of sanctions and the
(16:45):
dynamic nature of sanctions, isthe risk assessment.
It's really important to have acomprehensive and up-to-date
risk assessment to really mapout your exposure to potential
sanctions risk.
That risk assessment is alsocritical to really inform the
design of your program.
And that's the next keycomponent in NOFAX framework the
(17:08):
internal controls.
With that risk assessment, youneed to be able to design the
right set of controls and thosecontrols need to be checked.
That's the fourth pillar rightthe testing and auditing of
internal controls to make surethey are adequate and
effectively working.
And, last but not least, againit's back on the kind of the
human components to compliance.
(17:29):
It's about training.
You need to deliver stafftraining throughout the
organization to clearly have theexpectation, the good practices
, and for everyone in theorganization to have that
culture of compliance andunderstand the stakes of
sanctions regulations and thestakes of not complying.
(17:49):
Potentially, as we have seen,it can be a steep price to pay.
Julia Thorn (17:54):
All right and, saskia, I know that you don't.
None of us has a crystal ball.
When this episode is releasing,it will be basically on or
around quite a major eventhappening the US election.
I wondered if you wanted togive any kind of speculation as
to how different results of thatelection may impact sanctions
policy going into 2025.
Saskia Rietbroek (18:17):
Yeah, it's always hard to predict, right,
and this is something that wetalked about at the ACSS
conference last week as well.
You know what will happen afterthe election.
What can we expect, and thesewere just some comments that I
heard.
In terms of working with allies, right, working with the
European Union, the UK, the G7.
(18:38):
Harris will probably continue,will pursue a continued
plurilateral approach.
You know, on sanctions andexport controls, trump will
probably be like will be fine todo it, so that in terms of
working with allies and in termsof tariffs tariffs there was
also some discussion they willprobably stay under both but
(19:01):
grow under trump.
Then, with respect to exportcontrols, there was a discussion
on key technologies.
You know the key technologiescontinue to be ratched up.
You know the controlssurrounding that, but under
trump it will probably be moreon key economic actors through
the entity list.
Then, in terms of human rightssanctions, we talked about that
(19:25):
at the conference and it willprobably what people expect that
there will be more of a focusunder Harris on those types of
sanctions compared to Trump.
And semiconductors both want tomake more in the US, both want
to focus the production in theUS of those semiconductors, so
that will not make a difference,whoever wins.
(19:48):
So those are some of the thingsthat were discussed on the
post-election aftermath forpeople in our sanctions and
export controls community.
Julia Thorn (19:58):
We'll wait and see.
Thanks, saskia.
That brings us to the end ofthis episode, the two-part
series on sanctions.
Vincent Saskia, thank you somuch for joining and sharing
your insights here.
Saskia Rietbroek (20:09):
Thank you very much for having me in this
podcast and looking forward toseeing you all in real life
again soon.
Vincent Gaudel (20:15):
Thank you very much and thanks for soon.
Thank you very much and thanksfor listening and goodbye
everyone.
Julia Thorn (20:21):
This was the RegTech Pulse podcast brought to
you by LexisNexis RiskSolutions.
Thank you so much for tuninginto this two-part series on
sanctions.
If you missed the first one, goback and take a listen.
If you'd like to access any ofthe materials referenced in
these podcasts the SanctionsPulse e-book and the OFAC
Enforcements ebook we will beposting links in the show notes.
We hope you enjoyed thisinsightful discussion and we
(20:43):
hope that you join us again soonon the RegTech Pulse.
Welcome back to the RegTechPos podcast, where
industry experts are discussingthe latest trends in financial
crime compliance.
I'm your host, julia Thorne,and this is the second in our
two-part series around sanctions.
In today's episode, we're goingto be discussing some key OFAC
enforcements, new enforcementmechanisms, other regulator
activities and some of the keytakeaways from the recent ACSS
(00:35):
annual conference on sanctionsand export controls in
Washington DC.
We're also going to be lookingat what compliance professionals
can learn from enforcementactions and how they can use
these as lessons to improvetheir compliance responses.
Once again, I'm joined bySaskia Reitbrook, executive
Director of the Association ofCertified Sanction Specialists,
and Vincent Gordel, complianceExpert at LexisNexis Risk
(00:56):
Solutions.
Welcome back, both of you,thank you.
Vincent Gaudel (01:00):
Thank you.
Julia Thorn (01:01):
Okay, so let's jump straight in.
Vincent, we recently releasedan e-book around OFAC
enforcement.
So if you want to just diveinto some of those enforcement
actions that we've seen, some ofthe settlements, a little bit
of the focus area and what maybewe can expect to see from OFAC
in the future, Sure.
Vincent Gaudel (01:20):
Thanks, julia.
Ofac enforcement are alwaysapplications that are
scrutinized by the industry.
They are very important and animportant factor why OFAC
sanctions are really takenseriously, and what we have seen
recently in 2023 was really alandmark year for OFAC
enforcement, as we have shown inthe recent infographic that we
(01:40):
published.
2023 set a new yearly recordfor OFAC enforcement actions,
with a combined amount ofsettlement that exceeded 1.5
billion dollars.
So in aggregate, it was amilestone year, but we also saw
some landmark actions related todifferent types of companies.
We have seen the largestsettlement issued against
(02:02):
virtual currency firms close to1billion for the OFAC share of
these.
It was a combined penaltyacross several US regulatory
agencies, but for thesanctions-related breaches and
for OFAC's share of this action,it was already close to $1
billion.
And we also see an interestingnew record being broken last
(02:23):
year, and that was the fineissued against a corporate not a
financial institution, not avirtual currency firm, but
really a corporate whichreceives an enforcement of 508
million US dollars.
So the message is really clearwhen you look at the types of
companies that have been finedby OFAC recently is that there
(02:44):
is no sector that is immune fromthe risk of receiving an
enforcement action by OFAC.
We have seen various types ofsectors receiving enforcement,
so it's really a matter for allentities and all sectors to
closely consider.
Julia Thorn (02:59):
And Saskia.
Maybe when we talk, we'vetalked about these enforcement
actions.
What are some of the lessonsthat can be learned, I guess, in
terms of where people, whereorganizations, corporates,
financial institutions have gonewrong, so where OFAC has come
down on them.
What are some of the lessonsthat can be learned from those
settlements?
Saskia Rietbroek (03:15):
Yeah, let's talk through a couple of cases
that I think have someinteresting lessons for other
companies in the field.
Interesting lessons for othercompanies in the field.
There was one case last year ofa Eastern European bank that
got a settlement of 3.4 milliondollars from OFAC.
They had a client in themaritime shipping industry and
(03:39):
then that client owned threeso-called special purpose
vehicles that each had a bankaccount on their e-banking
platform and they wereconducting these clients were
conducting transactions from alocation in Crimea.
Ofac considers that you shouldbe monitoring for IP addresses
(04:00):
that are in sanctionedjurisdictions and this bank.
They processed several paymentsfor these customers in Crimea
in US dollar payments and OFACconsiders that it has
jurisdiction.
The US considers they do havejurisdictions as soon as you
start using the US dollarpayment.
So they imposed this, yeah,settled this case with this bank
(04:23):
for a pretty hefty amount ofmore than $3 million.
So I think the lesson here isthat you should be integrating
IP data into your sanctionscreening process.
Another case that I would liketo mention is a case involving a
US bank and this US bank.
(04:45):
They settled with OFAC for $7million and one of the
subsidiaries of this bank, whichwas actually not a bank, it was
a technology company.
They did business withcompanies that were owned by a
spare bank and VTB bank.
Those are Russian banks thatare covered by the sectoral
(05:06):
sanctions, and the sectoralsanctions also are covered by
the 50% rule.
So that means that subsidiariesof banks that are sanctioned
under the sectoral restrictionsare also you cannot do business
with them either.
And this technology companyaccepted payments, they issued
(05:26):
invoices, so they weren'tdealing in like the typical debt
right Securities, but they justissued invoices to these
subsidiaries of these sanctionedbanks for a communications
network that they sold to them.
And when an invoice is morethan 90 days, if you give your
client more than 90 days to payit, it becomes like issuing a
(05:48):
debt.
So it is, yeah, quite technicaland you wouldn't expect
sanctions to go that far.
But in this case, yeah, thatgot them into trouble and it was
a hefty penalty there.
And then one more case, goingback to Vincent's point, that is
not just financial institutionsthat can feel the wrath of OFAC
.
Very recently, only a couple ofweeks ago, in October of 2024,
(06:13):
a Vietnamese alcohol company hadto pay an $860,000 penalty
because of apparent violationsof the North Korea program, and
in this case, they were sellingalcohol to North Korean
companies, not directly, again,they were using a US dollar
payment.
They had no presence whatsoeverin the United States, but they
(06:34):
were using the US dollar intheir payments that they
accepted from these North Koreancompanies, and they weren't
direct payments, right, youwould think.
Well, everybody knows thatNorth Korea is sanctioned.
These payments were made byTurkish companies, hong Kong
companies, on behalf of theseNorth Korean entities.
So again, you're supposed to bedoing your due diligence on
(06:56):
companies that may have somesort of link to these North
Korean entities that are, ofcourse, sanctioned.
Vincent Gaudel (07:03):
North Korean entities that are, of course,
sanctioned.
To continue on some of thepoints that Saskia was making on
the need to take into accountIP addresses, I think it's a
really important area that hasbeen flagged in several I think
close to a dozen OFACenforcement in the last three to
four years.
Like really to leverage anydata point that you hold that
could be indicative of alocation, leverage that into
(07:25):
your sanctions compliancecontrol.
So what we have seen the mostoften referred to are IP
addresses, but OFAC also notedsome email addresses that are
the indication ofcomprehensively sanctioned
country website addresses, etc.
What we see in the enforcementaction is a clear focus from
OFAC to enforce thecomprehensively sanctioned
(07:46):
programs.
There are a handful ofcountries or territories that
are subject to comprehensivesanctions.
There is a clear focus onenforcing violations against
those programs.
And a quick note as well, wecontinue to see some enforcement
action that highlights prettysignificant breaches that are
related to inadequate screeningcontrols.
(08:06):
We continue to see companiesthat don't have the right tools
to do name matching, thatimplement excessively strict
screening tools and that are notable to raise hits on partial
correspondence that closecorrespondences.
The tools implemented need anexact match to raise a hit, and
(08:28):
OFAC has made it clear that thisis not acceptable and we also
continue to see severalsituations where the companies
don't leverage all informationthey have about their third
parties for their scanningcontrols.
They miss some hits becausethey don't leverage all
information they have.
So it's really important totake a close look at the type of
(08:50):
information that you have andthat could make sense for
screening purposes.
Julia Thorn (08:52):
So we've talked about location.
We've talked about sort of theongoing monitoring piece.
Are there any other areas inparticular which regulators are
focusing on?
We've heard a little bit aroundexport controls and trade
compliance.
We've talked about um.
I know we've heard the termaround um, micro embargoes and
addresses.
Would you be able to expand alittle bit on that, saskia?
Saskia Rietbroek (09:12):
Yeah, no, absolutely so.
One of the things that is newhere as well is that they're not
just names on the differentlists, but right now BIS, which
is sort of the sister agencyright of OFAC it's part of
Department of Commerce they havestarted to list companies'
addresses on their list.
So you shouldn't just bemonitoring for names, but also
(09:36):
addresses is something that canbe on the list.
Julia Thorn (09:39):
And we focus very much on OFAC and, vincent, maybe
I can bring this back to youBeyond OFAC, obviously, they
have the big global reach andthey're always the ones that we
tend to focus on first.
What are some of the activitiesthat we're seeing from other
regulators, or are there otherregulators that are taking that
extraterritorial approach likeOFAC has taken in the past?
Vincent Gaudel (09:58):
Yeah, indeed.
So exactly how Saskia wasmentioning about the BIS being
the sister company of OFAC, Ithink it's interesting to see
the expanding reach of exportcontrol measures and trade
sanctions all of thoseregulations that are enforced by
the BIS.
Interestingly, until now theBIS has only issued enforcement
(10:19):
action against exporters orcorporates.
We have never seen a financialinstitution receiving an
enforcement action from the BIS,but this might actually change
because we have seen the BISrecently issuing what could be
understood as a warning to thefinancial sector by clarifying
all the expectations onfinancial institutions to comply
(10:40):
with the Export AdministrationRegulations, the EAR.
So it should be expected thatmore enforcement will come from
the BIS and potentiallyenforcement action against
financial institutions.
But outside of the US, we alsosee other jurisdictions scaling
up their sanctions enforcementmechanisms, the prime example
(11:04):
for that being the UK.
I think it was earlier thismonth, in October 2024, they
established the Office for TradeSanctions Implementation, the
OTC, which complements the OFCfor the financial sanctions
implementation.
It had been announced a whileback, but now the OTC is
(11:24):
established and that's anotherindication that more enforcement
capacity is granted in the UKand we should expect more
enforcement actions to come fromthe UK bodies as well, and
lastly, on the European side ofthings, we have seen
groundbreaking regulatorychanges, but more on the IML
side of things, with the IMLpackage coming into life in the
(11:48):
summer, and among this IMLpackage we now have an EU-wide
IML supervisor, the.
AMLA which will be operatingfrom Frankfurt, and there are
possibilities for AMLA to havesome enforcement
responsibilities in some areas,because now we have in European
regulations we have seen somerequirements related to
(12:10):
sanctions being merged into theAML text.
There is now a clearrequirement on AML-obliged
entities to set up policies,procedures and controls in
relation to sanctions.
So there is a possibility thatas part of the supervisory
function the AMLA could enforceagainst entities that did not
(12:30):
implement the right set ofpolicies and controls.
Policies and controls.
Saskia Rietbroek (12:34):
And if I can add a little bit about the
extraterritoriality.
You know, traditionally it wasmainly the US right that always
had the extraterritorial reachwith their sanctions.
I think there's been aninteresting development as well
in Europe in that respect.
Traditionally the EU sanctionsdon't, and still don't, apply to
(12:55):
foreign persons that areoperating outside the EU, but
since this summer EU operatorsor businesses are obliged
legally to give their bestefforts to ensure that their
foreign subsidiaries outside theEU act in a manner that is
aligned with the goals of theEuropean sanctions.
(13:17):
So there's been a lot of talkabout that, how that will be
enforced, etc.
But I think it is a major shiftin the reach of European
sanctions outside Europe.
Julia Thorn (13:32):
So not necessarily getting any easier for companies
in the coming years.
Saskia, maybe just a couple offinal points from you.
I know that you came back, lastweek I think, from the ACSS
Sanctions and Export ControlsConference in Washington DC.
I wondered if you wanted toshare some of the insights that
you had, some of the highlightsfrom that conference, with
(13:52):
listeners.
Saskia Rietbroek (13:53):
Yeah, no, absolutely.
With listeners.
Yeah, no, absolutely.
The ACSS conference inWashington DC was last week, on
October 23 and 24.
And it was a very gooddiscussion, very high-level
discussion, because we hadseveral regulators as speakers
there, high-level officials fromdifferent agencies, including
BIS, ofac, department of State,and I think one of the takeaways
(14:18):
from the conference was thatBIS is broadening the circle.
Like Vincent mentioned, they'vebeen focused a lot in all their
enforcement actions so far onthe industry, the global
exporters, the exporters, butright now, with the recent
guidance that came out from BISto financial institutions on
(14:40):
best practices for compliancewith the EAR, it looks like
they're bringing in thefinancial sector on topics
related to export controls tothe EAR.
This recent guidance reallyputs things on paper.
It brought a lot of clarity forthe financial institutions, but
they're still scratching theirheads right how to comply with
(15:02):
this.
And I mean, if you want to, ifsomeone in compliance in a bank,
you typically didn't deal withthe export controls, but there's
now this message saying thatfinancial institutions should be
doing more to detect controlledgoods, to detect evasion
related to controlled goods.
So this broadening of thecircle means that sanctions
(15:25):
compliance officers can nolonger say well, you know export
and controls is more of myclient's problem.
It is a problem that the bankitself needs to worry about.
Julia Thorn (15:36):
Thanks, saskia Vincent.
I wondered if we could maybeclose with you, and I know that
I haven't prepared you for this,but is there any kind of
closing thought that you wantedto share, based on the data that
we've seen from OFAC in 2023,some of the regulations that
we've seen in 2024 and thesanctions activity that we've
seen so far, any kind of advice,I guess, for compliance
professionals based on whatwe've been seeing, how they can
(15:59):
maybe prepare for the future?
Vincent Gaudel (16:01):
I guess the takeaway is that you should
really pay close attention tothe adequacy and effectiveness
of your compliance programs.
Actually, ofac is consistentlyreferencing a document that they
issued back in 2019, which iscalled the Framework for
Compliance Commitments, and thatdocument should really be taken
as the blueprint at a highlevel for what a compliance
(16:25):
program should look like.
There are five key componentsto this framework.
The first one is the managementcommitment, the tone from the
top.
There must be a clearcommitment by the senior
management on sanctionscompliance.
The second one and I thinksomething that we must emphasize
, especially considering thecomplexity of sanctions and the
(16:45):
dynamic nature of sanctions, isthe risk assessment.
It's really important to have acomprehensive and up-to-date
risk assessment to really mapout your exposure to potential
sanctions risk.
That risk assessment is alsocritical to really inform the
design of your program.
And that's the next keycomponent in NOFAX framework the
(17:08):
internal controls.
With that risk assessment, youneed to be able to design the
right set of controls and thosecontrols need to be checked.
That's the fourth pillar rightthe testing and auditing of
internal controls to make surethey are adequate and
effectively working.
And, last but not least, againit's back on the kind of the
human components to compliance.
(17:29):
It's about training.
You need to deliver stafftraining throughout the
organization to clearly have theexpectation, the good practices
, and for everyone in theorganization to have that
culture of compliance andunderstand the stakes of
sanctions regulations and thestakes of not complying.
(17:49):
Potentially, as we have seen,it can be a steep price to pay.
Julia Thorn (17:54):
All right and, saskia, I know that you don't.
None of us has a crystal ball.
When this episode is releasing,it will be basically on or
around quite a major eventhappening the US election.
I wondered if you wanted togive any kind of speculation as
to how different results of thatelection may impact sanctions
policy going into 2025.
Saskia Rietbroek (18:17):
Yeah, it's always hard to predict, right,
and this is something that wetalked about at the ACSS
conference last week as well.
You know what will happen afterthe election.
What can we expect, and thesewere just some comments that I
heard.
In terms of working with allies, right, working with the
European Union, the UK, the G7.
(18:38):
Harris will probably continue,will pursue a continued
plurilateral approach.
You know, on sanctions andexport controls, trump will
probably be like will be fine todo it, so that in terms of
working with allies and in termsof tariffs tariffs there was
also some discussion they willprobably stay under both but
(19:01):
grow under trump.
Then, with respect to exportcontrols, there was a discussion
on key technologies.
You know the key technologiescontinue to be ratched up.
You know the controlssurrounding that, but under
trump it will probably be moreon key economic actors through
the entity list.
Then, in terms of human rightssanctions, we talked about that
(19:25):
at the conference and it willprobably what people expect that
there will be more of a focusunder Harris on those types of
sanctions compared to Trump.
And semiconductors both want tomake more in the US, both want
to focus the production in theUS of those semiconductors, so
that will not make a difference,whoever wins.
(19:48):
So those are some of the thingsthat were discussed on the
post-election aftermath forpeople in our sanctions and
export controls community.
Julia Thorn (19:58):
We'll wait and see.
Thanks, saskia.
That brings us to the end ofthis episode, the two-part
series on sanctions.
Vincent Saskia, thank you somuch for joining and sharing
your insights here.
Saskia Rietbroek (20:09):
Thank you very much for having me in this
podcast and looking forward toseeing you all in real life
again soon.
Vincent Gaudel (20:15):
Thank you very much and thanks for soon.
Thank you very much and thanksfor listening and goodbye
everyone.
Julia Thorn (20:21):
This was the RegTech Pulse podcast brought to
you by LexisNexis RiskSolutions.
Thank you so much for tuninginto this two-part series on
sanctions.
If you missed the first one, goback and take a listen.
If you'd like to access any ofthe materials referenced in
these podcasts the SanctionsPulse e-book and the OFAC
Enforcements ebook we will beposting links in the show notes.
We hope you enjoyed thisinsightful discussion and we
(20:43):
hope that you join us again soonon the RegTech Pulse.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.