Building your sanctions compliance program framework: Management Commitment
Senior management can cultivate a compliance mindset through their actions.
In a recent post, we introduced the U.S. Treasury’s Office of Foreign Assets Control (OFAC) Framework for OFAC Compliance Commitments, a roadmap for a compliant sanctions compliance program (SCP). Pursuant to this guidance, industry actors (for example, global and multinational telematics companies like Geotab and their global Resellers and Partners) need to design and deploy a tailored, risk-based SCP to promote compliance and hedge against the possibility of a disruptive and costly violation of U.S. sanctions controls.
There are five elements to a SCP:
1. Management Commitment
2. Risk Assessment
3. Internal Controls
4. Testing and Auditing
This second article in the series on government compliance will discuss the first element, Management Commitment. It’s critical that technology providers take the time to carefully assess and manage their risk of incurring an OFAC enforcement action.
Demonstrating senior management’s commitment to sanctions compliance
OFAC recognizes that “Senior management’s commitment to, and support of, an organization’s risk-based SCP is one of the most important factors in determining its success.” Management’s commitment is critical. It ensures that the SCP receives adequate resources and is fully integrated into an organization’s daily operations. And it helps legitimize the program, empower its personnel, and foster a culture of compliance throughout the organization.
In particular, the Management Commitment element of the SCP displays the following characteristics:
I. Senior management has reviewed and approved the SCP
II. Senior management ensures that its compliance units are delegated sufficient authority and autonomy to effectively deploy its policies and procedures
III. Senior management has taken, and will continue to take, steps to ensure that the organization’s sanctions compliance function receives adequate resources
IV. Senior management promotes a culture of compliance throughout the organization
V. Senior management demonstrates recognition of the seriousness of apparent violations of the laws and regulations administered by OFAC
Senior management sets the organization’s course. By resolving to design and deploy a risk-based SCP, senior management demonstrates its commitment to cultivating a culture of compliance and reduces the risk of a costly and disruptive OFAC enforcement action.
Appointing your compliance officer
So, where to start? Like any important trip, you need to plan your route! First, OFAC recommends “the appointment of a compliance officer specifically responsible for implementing and providing guidance and interpretation on matters related to U.S. sanctions law.” This person can be an employee or an outside consultant, and he or she should display technical knowledge of, and expertise in, OFAC’s regulations, processes and actions.
Organizations should ensure that their compliance officer is fully resourced and imbued with sufficient authority to be successful in their role. To do this, establish direct reporting lines between the OFAC SCP function and members of senior management, including routine and periodic meetings between these two elements of the organization.
Once the SCP is completed, senior management should carefully review and approve it. Senior management’s deliberate adoption of the SCP sends a clear signal to the organization: it says, “we take our sanctions compliance obligations very seriously, and we will credit compliance and prevent prohibited activities.”
Much is written about a culture of compliance. Other than by appointing a compliance officer, resourcing this role, and directing the design of the SCP, how does an organization’s senior management successfully cultivate this critical mindset?
Developing a culture of compliance
The guidance identifies three possible criteria for successfully demonstrating a culture of compliance:
1. Senior management should ensure that its personnel feel free to report sanctions concerns without fear of reprisal.
2. Next, senior management should take actions that discourage misconduct and highlight the consequences of non-compliance.
3. Lastly, OFAC stresses the “ability of the SCP to have oversight over the actions of the entire organization, including but not limited to senior management, for the purpose of compliance with OFAC sanctions.”
Senior management must do more than pay lip service to their sanctions compliance activities; senior management needs to telegraph, through its actions, that it cares about this critical function and intends to resource and implement it. An effective culture of compliance will only result from a genuine, top-down commitment to an organization’s SCP.
As discussed in our previous post, a recent U.S. sanctions enforcement action raises the stakes for organizations in the telematics industry. It now appears that OFAC will require organizations that maintain customer location data to use that data in support of their sanctions program. Industry participants, including Geotab and their global Resellers and Partners, should act now to address and mitigate their risk.
Resolve today that you intend to design and implement a risk-based SCP that clearly demonstrates senior management’s commitment to developing a culture of compliance.
If you liked this post, let us know!
James Lay is Geotab's Compliance Officer for Trade and U.S. Government Services and the Managing Member of phalanx, a U.S.-based legal consultancy.
Geotab's blog posts are intended to provide information and encourage discussion on topics of interest to the telematics community at large. Geotab is not providing technical, professional or legal advice through these blog posts. While every effort has been made to ensure the information in this blog post is timely and accurate, errors and omissions may occur, and the information presented here may become out-of-date with the passage of time.
Subscribe to the Geotab Blog
Sign up for monthly news and tips from our award-winning fleet management blog. You can unsubscribe at any time.
Other posts you might like
Electric vehicles and geopolitics: A summary from The Economist’s Global Trade Virtual Week
Geotab participated in Global Trade Virtual Week’s panel to discuss EVs and geopolitics.
September 22, 2021
Create subscriptions to your telematics data securely with Geotab Extendable Services
Learn about Geotab's Extendable Services, how it works and why customers can benefit from it
September 22, 2021
Essential fleet safety program best practices
Set up your fleet for success with these best-in-class safety management practices.
September 21, 2021