Skip to main content

White background

A five-step sanctions-control action plan for the telematics industry

Last updated on March 2, 2022 in Fleet Management by James Lay |  2 minute read


Recent U.S. sanctions enforcement action has lessons for telematics providers.

Do you have access to telematics data that keeps track of your customers and where they are from? Well, the U.S. federal government wants you to develop a risk-based Sanctions Control Program (SCP) that leverages that data.

Tech company pays fine for violating sanctions program

A California-based technology company recently paid a substantial fine to U.S. sanctions control authorities to settle allegations that the company failed to use IP addresses to identify the location of its customers. The U.S. Treasury’s Office of Foreign Asset Control (OFAC) fined BitGo, Inc. $98,830 and the reputational fallout will compound the company’s losses.

 

This decision is a significant one. It is the first time the U.S. has used its sanctions enforcement authority to require a private company to leverage information in its possession concerning its customers and where they are from.

 

BitGo provides “non-custodial, secure digital wallet management services.” Similar to many technology and Internet of Things (IoT) providers, BitGo tracked its customers’ Internet Protocol (IP) addresses for security purposes related to account logins. However, they failed to use the IP data to prevent customers from sanctioned countries accessing their services.

 

In the Enforcement Release, OFAC concluded that BitGo failed to prevent persons apparently located in the Crimea Region of Ukraine, Cuba, Iran, Sudan, and Syria from using its services. The fact that “BitGo had reason to know that some of its users were located in sanctioned jurisdictions based on those users’ IP address data, which it had separately obtained for security purposes,” was cited by OFAC as an aggravating factor in assessing the penalty.

 

The substantial fine reflected OFAC’s consideration of the General Factors under its Enforcement Guidelines. Notably, BitGo agreed to implement a new sanctions compliance policy, deploy heightened screening measures, and appoint a compliance officer “specifically responsible for implementing and providing guidance and interpretation on matters related to U.S. sanctions law.”

Start planning your own sanctions control program now

The BitGo decision is a wake-up call to both technology and IoT providers. Now, more than ever, industry actors (for example: global and multinational telematics companies like Geotab and their global Resellers and Partners) need to design and deploy a tailored, risk-based SCP to promote compliance and hedge against the possibility of a disruptive and costly violation of U.S. sanctions controls.

 

Before the BitGo decision, it was less clear to what extent OFAC would require technology companies to use available and accessible customer information  in furtherance of their compliance programs. Now, the industry must carefully design an approach to sanctions control based on knowledge of their customers and where they are from.

Framework outlines five key elements for program compliance

Under current OFAC guidance, companies must design a “risk-based” approach to sanctions compliance. The relevant Framework for OFAC Compliance Commitments identifies five elements of a fully compliant SCP:

  1. Management Commitment
  2. Risk Assessment
  3. Internal Controls
  4. Testing and Auditing
  5. Training

This article is the first in a series on the topic of government compliance. It’s critical that technology providers take the time to carefully assess and manage their risk of suffering an OFAC enforcement action. In the weeks ahead, we will review each of the five elements of a fully compliant SCP.


If you liked this post, let us know!


Disclaimer

Geotab's blog posts are intended to provide information and encourage discussion on topics of interest to the telematics community at large. Geotab is not providing technical, professional or legal advice through these blog posts. While every effort has been made to ensure the information in this blog post is timely and accurate, errors and omissions may occur, and the information presented here may become out-of-date with the passage of time.

Get industry tips and insights

Sign up for monthly news and tips from our award-winning fleet management blog. You can unsubscribe at any time.

Republish this article for free

Other posts you might like

Hands on a steering wheel

Four major benefits of telematics for risk management in the public sector

Data-powered decisions help fleet managers mitigate risk in the public sector, where safety and efficiency are paramount.

July 9, 2024

Dash cam front view image

What is video telematics?

Video telematics uses AI dash cams and telematics data to provide near real-time insights into fleet operations. This technology enhances safety, improves driver performance, streamlines incident management, and boosts operational efficiency by offering actionable data.

July 3, 2024

Aerial view of cars in a parking lot

Public sector leaders’ unique outlooks on driving utilization and policy enaction

During this year’s Connect event, the session titled “Driving Utilization: Backing Up Policy with Practice” offered actionable insights on utilization, why it’s important to monitor and effective ways to manage assets and vehicles.

June 26, 2024

Person looking at a computer screen with the refleciton in their glasses

Data security and privacy with Geotab Ace

Learn how Geotab Ace™ keeps your fleet data safe with advanced privacy and security measures, providing powerful AI-driven insights.

June 12, 2024

View last rendered: 07/13/2024 07:28:19