Global Sanctions Compliance
International sanctions compliance, including but not limited to US Office of Foreign Assets Control (OFAC) restrictions, is an increasingly complex area of risk for global organizations.
The applicability of international sanctions compliance requirements is not limited to financial institutions. Any large organization conducting transactions in restricted markets or strategic industries (such as technology or energy) can be exposed to potentially costly violations. Sanctions compliance risk is further expanded by the fact that the universe of restricted countries, entities, and individuals is a constantly moving target.
In 2019, the US Treasury Department issued detailed guidance setting expectations for an adequate Sanctions Compliance Program (SCP):
- Management commitment: Senior management must delegate sufficient authority and provide adequate resources to the compliance function to execute the program as designed.
- Risk assessment: The SCP should include a “holistic review” of the global organization to identify the scope and nature of its interactions with external entities.
- Internal controls: The SCP should include internal controls such as policies, procedures, regular audits, and adequate recordkeeping.
- Testing and auditing: The SCP should be tested by an audit function that is directly accountable to senior management, independent of the function being reviewed, and technically qualified to review the activities in its audit scope.
- Training: The SCP should be communicated via a broadly accessible global training program that communicates job-specific sanction compliance responsibilities and evaluates compliance awareness.
BRG professionals are industry leaders in addressing the full range of sanctions compliance challenges to both prevent and respond to potential violations. They bring decades of experience as in-house compliance professionals, former senior regulators and law enforcement professionals, internal auditors, and technology specialists.
BRG’s Sanctions Risk Management Services include:
- Global sanctions enterprise risk assessment and modeling
- SCP assessment and operational design
- Sanctions compliance data rationalization and enhancement
- Sanctions compliance technology consulting and implementation
- Transaction risk model design
- Global enhanced due diligence (EDD) support
- Internal compliance audit co-sourcing
- Global compliance training design and delivery
- Internal investigation/look-back exercises
- Program remediation
- Post-settlement compliance monitorships
- De-listing petitions