Screening the Use of Screening Software for OFAC Sanctions Compliance

On November 27, the Treasury Department’s Office of Foreign Assets Control (“OFAC”) announced a settlement agreement with a Virginia-based global technology and services company operating in the aviation, electronics, communications and defense sector. The settlement concerned apparent violations of the Ukraine Related Sanctions Regulations, 31 C.F.R. part 589. According to the settlement agreement, the company had shipped products through its distributors in Canada and Russia to an entity in Russia that, although not identified on the OFAC’s List of Specially Designated Nationals and Blocked Persons (“SDN List”), was majority owned by an SDN entity. The company relied on third-party software to screen its counterparty, but the software failed to generate an alert for the subsidiary. OFAC’s announcement appears intended to raise a number of compliance lessons relating to the use of and reliance on third-party screening software for OFAC sanctions compliance.

First, the decision makes clear that screening software must be sufficiently robust to screen the counterparty as well as entities on its corporate structure against the SDN List (including potential matches to persons/entities with close name variations). Under OFAC guidance (the “50% Rule”), an entity that is not listed on the SDN List but is majority owned, either directly or indirectly, in the aggregate, by a designated person or entity (or group of sanctioned parties) is also subject to blocking sanctions. U.S. persons are prohibited from dealing with such an entity. The screening software should also screen for any designated individuals acting as an officer or director of the counterparty, even if the counterparty is unlisted. If such designated persons are involved in the transaction, the transaction could be subject to OFAC sanctions.

Second, however good the software may be, an exclusive reliance on automation is not a sufficient compliance strategy. OFAC took note that the company failed to recognize “warning signs” when exporting the goods to “the subsidiary of a blocked person with nearly the same name as the blocked person.” [Emphasis added.] The near-identical name between the counterparty and its designated parent, in OFAC’s view, should have raised red flags to the export control specialist reviewing the transaction, particularly since the company was “large and sophisticated” with prior violations of OFAC sanctions. Thus, the settlement argues that in-house export control professionals should understand not only the functionality, but also the risks of relying on third-party screening software.

Finally, the OFAC settlement encourages a risk-based approach, using business intelligence tools to conduct enhanced due diligence on high-risk transactions. The additional cost of employing such enhanced due diligence can be justified for high-value transactions involving high-risk jurisdictions such as Russia, Syria and Venezuela. In that regard, OFAC’s expectation is that a company’s compliance unit will receive adequate resources, including human capital, IT and other resources as appropriate. But here again, software is not a total solution. Where there are signals that a company may be related to a sanctioned party, OFAC plainly expects U.S. trading partners to inquire further. Nor is a party necessarily in the clear because a sanctioned party’s interest in a potential trading partner falls short of 50%. In such cases, it may well make sense to take additional steps to ensure that the sanctioned party will have no role in, and will not benefit from the transaction. Absent such assurances, the prudent course may be to walk away. 

This article is for general information purposes only. It is not intended as legal advice, and you should not consider it as such.