A five-step sanctions-control action plan for the telematics industry
Recent U.S. sanctions enforcement action has lessons for telematics providers.
Do you have access to telematics data that keeps track of your customers and where they are from? Well, the U.S. federal government wants you to develop a risk-based Sanctions Control Program (SCP) that leverages that data.
Tech company pays fine for violating sanctions program
A California-based technology company recently paid a substantial fine to U.S. sanctions control authorities to settle allegations that the company failed to use IP addresses to identify the location of its customers. The U.S. Treasury’s Office of Foreign Asset Control (OFAC) fined BitGo, Inc. $98,830 and the reputational fallout will compound the company’s losses.
This decision is a significant one. It is the first time the U.S. has used its sanctions enforcement authority to require a private company to leverage information in its possession concerning its customers and where they are from.
BitGo provides “non-custodial, secure digital wallet management services.” Similar to many technology and Internet of Things (IoT) providers, BitGo tracked its customers’ Internet Protocol (IP) addresses for security purposes related to account logins. However, they failed to use the IP data to prevent customers from sanctioned countries accessing their services.
In the Enforcement Release, OFAC concluded that BitGo failed to prevent persons apparently located in the Crimea Region of Ukraine, Cuba, Iran, Sudan, and Syria from using its services. The fact that “BitGo had reason to know that some of its users were located in sanctioned jurisdictions based on those users’ IP address data, which it had separately obtained for security purposes,” was cited by OFAC as an aggravating factor in assessing the penalty.
The substantial fine reflected OFAC’s consideration of the General Factors under its Enforcement Guidelines. Notably, BitGo agreed to implement a new sanctions compliance policy, deploy heightened screening measures, and appoint a compliance officer “specifically responsible for implementing and providing guidance and interpretation on matters related to U.S. sanctions law.”
Start planning your own sanctions control program now
The BitGo decision is a wake-up call to both technology and IoT providers. Now, more than ever, industry actors (for example: global and multinational telematics companies like Geotab and their global Resellers and Partners) need to design and deploy a tailored, risk-based SCP to promote compliance and hedge against the possibility of a disruptive and costly violation of U.S. sanctions controls.
Before the BitGo decision, it was less clear to what extent OFAC would require technology companies to use available and accessible customer information in furtherance of their compliance programs. Now, the industry must carefully design an approach to sanctions control based on knowledge of their customers and where they are from.
Framework outlines five key elements for program compliance
Under current OFAC guidance, companies must design a “risk-based” approach to sanctions compliance. The relevant Framework for OFAC Compliance Commitments identifies five elements of a fully compliant SCP:
- Management Commitment
- Risk Assessment
- Internal Controls
- Testing and Auditing
This article is the first in a series on the topic of government compliance. It’s critical that technology providers take the time to carefully assess and manage their risk of suffering an OFAC enforcement action. In the weeks ahead, we will review each of the five elements of a fully compliant SCP.
If you liked this post, let us know!
James Lay is Geotab's Compliance Officer for Trade and U.S. Government Services and the Managing Member of phalanx, a U.S.-based legal consultancy.
Geotab's blog posts are intended to provide information and encourage discussion on topics of interest to the telematics community at large. Geotab is not providing technical, professional or legal advice through these blog posts. While every effort has been made to ensure the information in this blog post is timely and accurate, errors and omissions may occur, and the information presented here may become out-of-date with the passage of time.
Subscribe to the Geotab Blog
Sign up for monthly news and tips from our award-winning fleet management blog. You can unsubscribe at any time.
Republish this article for free
Other posts you might like
How government agencies can use telematics to increase transparency and accountability
With Geotab’s newly released Citizen Insights, government agencies can add a public face to increase communication and engagement with their constituents.
October 19, 2021
Protecting the lifeblood of off-road fleets with an effective filtration system
Geotab and Donaldson Filter Minder™ Connect provide fleets with a world-class filtration system and the ability to monitor and manage that system from a single dashboard.
October 15, 2021
Fleet Latam Conference: International fleet management, simplified
Read the highlights from this year’s Fleet Latam Conference, hosted on September 21, 2021.
October 14, 2021