Building your sanctions compliance program framework: Management Commitment

Published on May 27, 2021 in Fleet Management by James Lay |  3 minute read

Senior management can cultivate a compliance mindset through their actions.

In a recent post, we introduced the U.S. Treasury’s Office of Foreign Assets Control (OFAC) Framework for OFAC Compliance Commitments, a roadmap for a compliant sanctions compliance program (SCP). Pursuant to this guidance, industry actors (for example, global and multinational telematics companies like Geotab and their global Resellers and Partners) need to design and deploy a tailored, risk-based SCP to promote compliance and hedge against the possibility of a disruptive and costly violation of U.S. sanctions controls.


There are five elements to a SCP:


1. Management Commitment


2. Risk Assessment


3. Internal Controls


4. Testing and Auditing


5. Training


This second article in the series on government compliance will discuss the first element, Management Commitment. It’s critical that technology providers take the time to carefully assess and manage their risk of incurring an OFAC enforcement action.

Demonstrating senior management’s commitment to sanctions compliance

OFAC recognizes that “Senior management’s commitment to, and support of, an organization’s risk-based SCP is one of the most important factors in determining its success.” Management’s commitment is critical. It ensures that the SCP receives adequate resources and is fully integrated into an organization’s daily operations. And it helps legitimize the program, empower its personnel, and foster a culture of compliance throughout the organization.


In particular, the Management Commitment element of the SCP displays the following characteristics:


I.       Senior management has reviewed and approved the SCP


II.      Senior management ensures that its compliance units are delegated sufficient authority and autonomy to effectively deploy its policies and procedures


III.     Senior management has taken, and will continue to take, steps to ensure that the organization’s sanctions compliance function receives adequate resources


IV.    Senior management promotes a culture of compliance throughout the organization


V.     Senior management demonstrates recognition of the seriousness of apparent violations of the laws and regulations administered by OFAC


Senior management sets the organization’s course. By resolving to design and deploy a risk-based SCP, senior management demonstrates its commitment to cultivating a culture of compliance and reduces the risk of a costly and disruptive OFAC enforcement action.

Appointing your compliance officer

So, where to start? Like any important trip, you need to plan your route! First, OFAC recommends “the appointment of a compliance officer specifically responsible for implementing and providing guidance and interpretation on matters related to U.S. sanctions law.” This person can be an employee or an outside consultant, and he or she should display technical knowledge of, and expertise in, OFAC’s regulations, processes and actions.


Organizations should ensure that their compliance officer is fully resourced and imbued with sufficient authority to be successful in their role. To do this, establish direct reporting lines between the OFAC SCP function and members of senior management, including routine and periodic meetings between these two elements of the organization.


Once the SCP is completed, senior management should carefully review and approve it. Senior management’s deliberate adoption of the SCP sends a clear signal to the organization: it says, “we take our sanctions compliance obligations very seriously, and we will credit compliance and prevent prohibited activities.”


Much is written about a culture of compliance. Other than by appointing a compliance officer, resourcing this role, and directing the design of the SCP, how does an organization’s senior management successfully cultivate this critical mindset?

Developing a culture of compliance

The guidance identifies three possible criteria for successfully demonstrating a culture of compliance:


1. Senior management should ensure that its personnel feel free to report sanctions concerns without fear of reprisal.


2. Next, senior management should take actions that discourage misconduct and highlight the consequences of non-compliance.


3. Lastly, OFAC stresses the “ability of the SCP to have oversight over the actions of the entire organization, including but not limited to senior management, for the purpose of compliance with OFAC sanctions.”


Senior management must do more than pay lip service to their sanctions compliance activities; senior management needs to telegraph, through its actions, that it cares about this critical function and intends to resource and implement it. An effective culture of compliance will only result from a genuine, top-down commitment to an organization’s SCP.


As discussed in our previous post, a recent U.S. sanctions enforcement action raises the stakes for organizations in the telematics industry. It now appears that OFAC will require organizations that maintain customer location data to use that data in support of their sanctions program. Industry participants, including Geotab and their global Resellers and Partners, should act now to address and mitigate their risk.


Resolve today that you intend to design and implement a risk-based SCP that clearly demonstrates senior management’s commitment to developing a culture of compliance.


See Also: A five-step sanctions-control action plan for the telematics industry

If you liked this post, let us know!


Geotab's blog posts are intended to provide information and encourage discussion on topics of interest to the telematics community at large. Geotab is not providing technical, professional or legal advice through these blog posts. While every effort has been made to ensure the information in this blog post is timely and accurate, errors and omissions may occur, and the information presented here may become out-of-date with the passage of time.

Get industry tips and insights

Sign up for monthly news and tips from our award-winning fleet management blog. You can unsubscribe at any time.

Republish this article for free

Other posts you might like

Two women in a business meeting sitting in front of charts and a laptop

Empowering Success: Unleashing the Domino Effect of Connected Women

Insights from Women in Fleet Leadership at Geotab Connect

February 16, 2024

Construction worker looking over at something

Routes to riches – Geotab Routing and Optimization drives operational efficiency and cost management

Geotab's Routing and Optimization software blends economic intelligence with operational strategy, reshaping fleet management for improved cost and resource efficiency.

February 15, 2024

Person standing behind a container with signal illustration

How asset tracking drives risk management and lower insurance costs

Learn how asset trackers improve risk management and reduce insurance costs in transportation and logistics, featuring expert insights from Marsh, a leader in insurance and risk advice.

February 15, 2024

multiple vehicles on the road

What is ADAS?

ADAS are in-vehicle technologies designed to enhance vehicle safety and assist the driver in better controlling the vehicle.

January 12, 2024