Company that Used Shell Companies to Facilitate Sanctions Violations Pays More than $665K in OFAC Settlement

September 21, 2020 by Mark Dunn

Company that Used Shell Companies to Facilitate Sanctions Violations Pays More than $665K in OFAC Settlement

Organisations can't afford to let their guard down when it comes to implementing risk-aligned due diligence and third-party risk monitoring processes. That message came through loud and clear when the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) announced a settlement agreement with Essentra FZE and its subsidiaries worldwide. The company, which is incorporated in the United Arab Emirates, was accused of violating North Korea Sanctions on three occasions with wire transfers totalling $333,272 at the foreign branch of a U.S. financial institution.

How did the transactions slip through the cracks?

According to the settlement agreement, the company purposely obscured the ultimate destination of the payments by addressing invoices to a shell company and identifying the recipient of the goods as a Chinese company-despite knowing that both had links to a North Korean national and business.

Under the terms of the settlement, Essentra FZE has agreed to more than the $665,112 fine. The company must also:

  • Establish and maintain sanctions compliance measures to minimize the risk of similar conduct for the next five years.
  • Cooperate fully with OFAC "in any and all matters related to the Apparent Violations" until it submits its fifth Annual Certification to OFAC.
  • Commit to senior management review and approval of the compliance programme, as well as providing adequate human, technology, and financial resources to meet this commitment.
  • Ensure that senior leadership and the board of directors actively support the OFAC compliance programme.

The company must also undertake a review of the sanctions compliance programme and receive approval for "new and enhanced policies and procedures for OFAC compliance," and appoint a senior manager that will receive training on sanctions compliance and spearhead compliance moving forward. Moreover, the company must appoint a Global Compliance Director and replacement OFAC Compliance Officer to ensure consistent application of the compliance programme across the organisation.

Establishing Due Diligence & Risk Monitoring Processes

On top of the above requirements, the company must secure access to a third-party due diligence platform and other appropriate resources to assist in "day-to-day sanctions risk assessments for new and existing customers and suppliers." This includes conducting OFAC risk assessments as frequently as needed to meet potential risks related to customers, suppliers and other third parties, products and services, transactions, and geographies. The company must also provide quarterly updates based on these risk assessments.

What best practices should companies consider when it comes to sanctions compliance? Many of the settlement requirements align with the following 10 steps:

  1. Take a top-down approach to compliance.
  2. Maintain up-to-date policies and procedures, including disclosure requirements, based on guidance provided by the UN Security Council, individual countries, and enforcement agencies.
  3. Clearly communicate policies and procedures to employees and external third parties.
  4. Provide compliance training to employees and suppliers and other third parties.
  5. Implement a sanction screening process that is aligned with risk-based on industry, organisation size, customer profiles, products and services offered, countries of operation and delivery channels.
  6. Include sanction screening, watchlists and PEP checks in your due diligence.
  7. Ensure employees understand who to contact to report violations.
  8. Conduct periodic internal audits of your due diligence and risk monitoring processes to ensure they remain aligned to changing sanctions regimes.
  9. Have policies and procedures independently audited annually
  10. Don't wait for enforcement as a trigger to implement the above actions.

But sanctions compliance isn't the only lesson learned from this settlement. The use of a shell company in the violations highlights another important consideration for entity due diligence: beneficial ownership. Identifying the ultimate beneficial owners of companies is a critical component of any organisation's compliance programme. Too often, beneficial owners remain hidden, enabling financial crime and corrupt business practices. By choosing the right technology for conducting due diligence and ongoing third-party risk monitoring, organisations can conduct business with confidence that they are also meeting the standards of regulators around the world—whether it's the Department of Justice's Office of Foreign Asset Control in the U.S., HM Treasury's Office of Financial Sanctions Implementation in the UK, or the laws established by the European Commission and individual EU member states. Could your current process for managing sanctions compliance stand up to scrutiny?