Upload
others
View
4
Download
0
Embed Size (px)
Citation preview
CLICK ON EACH FILE IN THE LEFT HAND COLUMN TO SEE INDIVIDUAL PRESENTATIONS.
If no column is present: click Bookmarks or Pages on the left side of the window.
If no icons are present: Click View, select Navigational Panels, and chose either Bookmarks or Pages.
If you need assistance or to register for the audio portion, please call Strafford customer service at 800-926-7926 ext. 10
OFAC's New Economic Sanctions Enforcement Guidelines
Compliance Strategies to Withstand Tougher Foreign Asset Control Oversight
presents
Today's panel features:
Ronald I. Meltzer, Partner, WilmerHale, Washington, D.C.
Greta Lichtenbaum, Partner, O'Melveny & Myers, Washington, D.C.
Edward L. Rubinoff, Partner, Akin Gump Strauss Hauer & Feld, Washington, D.C.
Thursday, June 11, 2009
The conference begins at:1 pm Eastern12 pm Central
11 am Mountain10 am Pacific
The audio portion of this conference will be accessible by telephone only. Please refer to the dial in instructions emailed to registrants to access the audio portion of the conference.
A Live 90-Minute Audio Conference with Interactive Q&A
OFAC Sanctions and New Enforcement Guidelines
Ronald I. Meltzer June 11, 2009
WilmerHale 1
Background
OFAC: US Treasury Department office responsible for administering/enforcing US economic sanctions against certain designated countries, entities and persons Broad statutory authority based on national security/foreign
policy
Unilateral and multilateral sanctions
Significant administrative/interpretative discretion
Wide variation in sanctions programs/regulations
Focused agency mandate and lack of transparency in major
respects
WilmerHale 2
Types of Sanctions Country-based programs
– comprehensive embargoes (e.g., Cuba, Iran and Sudan)
– limited sets of sanctions (e.g., Burma, North Korea and Syria)
List-based programs– terrorism, narcotics trafficking, WMD proliferation,
regional destabilization, discredited regimes SDNs: specially-designated nationals & blocked
persons (http://www.treas.gov/ofac/t11sdn.pdf) Increased use of list-based programs to target
sanctions and avoid collateral effects
WilmerHale 3
OFAC JurisdictionOFAC sanctions regulations apply to US persons: All US citizens and permanent residents anywhere in
the world Companies organized in the United States Foreign branches of US companies. Any person, entity or property located in the United
States Cuba and North Korea: any entity owned or controlled
by US persons (i.e., foreign subsidiaries of US companies)
Iran and Sudan: non-US persons in reexport transactions involving certain items controlled under the EAR
WilmerHale 4
Scope of Prohibitions Prohibited transactions can extend to all types of
commercial/financial dealings (direct and indirect) with designated countries, entities and persons
– exports, imports, services, financing, investments, payments, dealings in property and travel (Cuba)
– facilitation and approval
Certain exempted, generally-authorized and specifically-licensed transactions
Blocking requirements for SDNs and certain country-based programs
WilmerHale 5
Penalties
October 2007 IEEPA Enhancement Act: steep increase in possible civil and criminal penalties
– civil penalties of up to $250K per violation, or twice the value of transaction at issue
– criminal penalties of up to $1MM per violation and/or 20 years imprisonment
Increased penalty levels impact compliance strategies and management of OFAC issues
WilmerHale 6
Economic Sanctions Enforcement Guidelines
New guidelines effective as of September 8, 2008
Supersede 2003 and 2006 enforcement guidance, including OFAC’s Interim Final Rule for Banks
Excludes pending enforcement cases (between October 2007 and September 8,2008) and certain violations under the CACR
Prompted by implementation of new penalty levels
WilmerHale 7
Enforcement Guidelines: Overview
Three main components:
Enforcement responses available to OFAC
General Factors for determining appropriate enforcement response
New framework for determining civil penalty amounts
WilmerHale 8
OFAC Enforcement Responses
Types of Outcomes
No Action
Request for Additional Information (e.g., 602 Letter)
Cautionary Letter (new OFAC option)
Finding of Violation (new OFAC option)
Civil Monetary Penalty
Criminal Referral
Other Administration Actions (e.g., cease and desist orders, license denial, suspension)
WilmerHale 9
New OFAC Enforcement Responses
Cautionary Letter Finding of a violation is not warranted or
substantiated by sufficient information, but underlying conduct could lead to violation in other circumstances
Not a final agency action; puts recipient on notice
Finding of Violation OFAC determines that violation occurred, but
monetary penalty not appropriate
Final enforcement response; recipient can respond
WilmerHale 10
General Factors
Eleven general factors in determining appropriate enforcement response
Replaces former mitigating and aggravating factors
No reference to OFAC risk assessments or risk-based approach to compliance (key focus of 2006 Interim Final Rule for Banks)
OFAC: final version of new guidelines will endorse risk-based approach
WilmerHale 11
General Factors (cont.)
1. Willful or reckless violation of law (willful misconduct or deliberate intent to violate, and any concealment, pattern of misconduct, prior notice of violation, and management involvement)
2. Awareness of conduct at issue (actual knowledge or “reason to know” about violation and management involvement)
WilmerHale 12
General Factors (cont.)
3. Harm to sanctions program objectives, e.g., benefit of violation to target country, entity or individual, implication for US policy, eligibility for a license, support for humanitarian action
4. Characteristics of subject person: commercial sophistication, size and financial condition, volume of transactions, and history of violations
WilmerHale 13
General Factors (cont.)
5. Existence and nature of subject person’s compliance program
6. Remedial responses to apparent violation
7. Nature and extent of cooperation with OFAC
8. Timing of the apparent violation in relation to the imposition of sanctions
9. Other enforcement action taken by federal, state or local agencies for same/similar violation
WilmerHale 14
General Factors (cont.)
10. Deterrence effect of response against the subject person and others in same industry
11. Other relevant factors determined on a case-by-case basis
WilmerHale 15
Civil Penalties Prior to imposing penalty, OFAC will issue a
pre-penalty notice
- Describes alleged violation, relevant General Factors, proposed penalty and maximum penalty
- Subject person will have opportunity to respond prior to issuance of final notice
Settlements still available, but negotiated in accordance with new guidelines
Penalties based on:
1. Transaction Value
2. Egregious or non-egregious nature of violation
3. Whether violation was voluntarily self-disclosed
WilmerHale 16
Civil Penalties (cont.)
Egregious cases
Most serious violations, based on General Factors, with focus on willfulness or recklessness, awareness of conduct, harm to sanctions program objectives, and individual characteristics of violator
Non-egregious cases
Most cases will involve non-egregious violations
WilmerHale 17
Civil Penalties (cont.)
Voluntary Self Disclosure
Subject person self-initiates disclosure of apparent violation before discovery by OFAC or other government (federal, state or local) agency/official
Earns 50 percent reduction in otherwise applicable base penalty amount
WilmerHale 18
Civil Penalties (cont.)
Statutory Cap $250K/violation
Applicable schedule amount (seven categories from $1K to $250K based on transaction value)
No VSD
½ of Statutory Cap$125K/violation
½ of transaction value(capped at $125K/violation)
VSD
EgregiousNon-Egregious
Base Penalty Amounts
WilmerHale 19
Civil Penalties (cont.)
Base penalty amount may be adjusted based on evaluation of General Factors
Substantial cooperation with OFAC results in 25-40 percent reduction of base penalty
First violation generally results in reduction of up to 25 percent of base penalty
WilmerHale 20
Civil Penalties (cont.)
Additional penalties
Failure to furnish requested information:
– Up to $20K for transactions ≤ $500K
– Up to $50K for transactions > $500K
Penalties for late filings of up to $2,500
Failure to maintain required records
– Up to $5K for first failure to maintain required records
– Up to $10K for each additional violation
WilmerHale 21
Key Questions/Issues
Will OFAC change it approach to risk-based compliance?
Are VSDs effectively ruled out for many regulated industries, including financial services?
Does reliance on transaction value distort outcomes and disadvantage certain industries?
Do new guidelines ignore key compliance issues?– Repeat errors– “Grace period” following M&A transactions
New OFAC Enforcement Guidelines:Penalty Process and Industry Reaction
Greta L.H. Lichtenbaum
2
Civil Penalties Process Prior to imposing penalty, OFAC will issue a pre-penalty notice
- Describes alleged violation, relevant General Factors, proposed penalty and maximum penalty
- Subject person will have opportunity to respond prior to issuance of final notice
Settlements still available, but negotiated in accordance with new guidelines
Penalties based on:
1. Transaction Value
2. Egregious or non-egregious nature of violation
3. Whether violation was voluntarily self-disclosed
3
Civil Penalties – 2 Categories
• Egregious cases
– Most serious violations, based on General Factors, with focus on willfulness or recklessness, awareness of conduct, harm to sanctions program objectives, and individual characteristics of violator
• Non-egregious cases
– Most cases will involve non-egregious violations
4
Civil Penalties – Voluntary Self Disclosure
• Voluntary Self Disclosure Narrowly Defined
– Only VSD if:
• subject person self-initiates disclosure of apparent violation before discovery by OFAC or other gov’t agency and
• No other party is REQUIRED to disclose same or similar violation
– Earns 50 percent reduction in otherwise applicable base penalty amount
5
Calculation of Civil Penalties
Statutory Cap $250K/violation
Applicable schedule amount (seven categories from $1K to $250K based on transaction value)
No VSD
½ of Statutory Cap$125K/violation
½ of transaction value(capped at $125K/violation)
VSD
EgregiousNon-Egregious
Base Penalty Amounts
6
Calculation of Civil Penalties
• Base penalty amount may be adjusted based on evaluation of General Factors
• Substantial cooperation with OFAC results in 25-40 percent reduction of base penalty
• First violation typically results in reduction of up to 25 percent of base penalty
7
Calculation of Civil Penalties
• Additional penalties
– Failure to furnish requested information:
• Up to $20K for transactions ≤ $500K
• Up to $50K for transactions > $500K
– Penalties for late filings of up to $2,500
– Failure to maintain required records
• Up to $5K for first failure to maintain required records
• Up to $10K for each additional violation
8
Industry Reaction – 11/07/08 Comments
• Primarily financial institutions commented• They urge OFAC to retain prior practice of
having an industry approach for financial institutions
• Comments reflect confusion about whether OFAC still maintains a “risk-based” approach
9
Industry Reaction -- VSD Definition
• Wide-spread concern re: narrow VSD definition• focus on language: no VSD if “a third party is
required to notify OFAC of the apparent violation or substantially similar apparent violation because a transaction was blocked or rejected by that third party (regardless of whether or when OFAC actually receives such notice from the third party and regardless of whether the Subject Person was aware of the third party’s disclosure.)”
• Also concern that voluntary disclosure credit is inadequate in egregious cases – starting from such a high penalty amount, such that 50% mitigation doesn’t do enough
10
Industry Reaction
• Wide-spread concern about tying the General Factor of “cooperation with OFAC” to an agreement to waive the statute of limitations
• ABA concern about whether guidelines undermine of attorney client privilege when companies required to submit “all relevant information”
11
Industry Reaction
• Many proposals for amendments or supplements to General Factors– OFAC should recognize the “rogue employee”
scenario– Make clear that careful, good faith – yet erroneous
-- legal analysis will never be viewed as reckless or willful conduct
– When assessing whether there is a “history of violations,” OFAC should take into account if those violations were caused by clerical errors
12
Some Questions/Issues
– What will OFAC do in response to concerns about VSDs, since narrow definition may rule out VSDsin many cases, particularly if a U.S. financial institution involved?
– Not raised in Comments, but -- does reliance on transaction value distort outcomes and disadvantage certain industries and situations?
– Are new guidelines equitable for those with particular compliance challenges?
• Repeat errors• “Grace period” following M&A transactions
OFAC’s New Economic Sanctions Enforcement Guidelines: Impact on Internal Compliance Programs
Edward L. RubinoffAkin Gump Strauss Hauer & Feld, LLP
June 11, 2009
2
What Is An Internal Compliance Program (“ICP”)
An ICP is a set of formalized policies and procedures developed to detect and prevent company violations of economic sanctions or export laws.
An effective ICP is like an insurance policy An ICP is NOT an affirmative defense under the U.S. economic
sanctions laws, however an effective ICP should: Prevent inadvertent violations that could lead to enforcement
actions by the OFAC; Obtain mitigation of penalties in the event of an enforcement
action; and Demonstrate corporate responsibility to potential and existing
business partners.
3
Is An Internal Compliance Program Required?
No Legal Requirement But Significant Legal Benefits ICPs are not generally required by any of the primary statutes or
regulations governing U.S. sanctions laws. However, failure to develop an ICP can lead to severe
consequences under the new OFAC Economic Sanctions Enforcement Guidelines (the “New Guidelines”).
OFAC’s Economic Sanctions Enforcement Guidelines The existence and effectiveness of a compliance program is one
of the General Factors that OFAC will consider in determining anappropriate response to a violation, and if a civil penalty is warranted, in establishing the amount of that penalty. 73 Fed. Reg. 51933 (September 8, 2008).
4
General Principles In Creating And Implementing An ICP
OFAC does not suggest policies or procedures that should be included in an ICP. Therefore, companies have freedom to developICPs tailored to meet their needs and address their risks.
General ICP Principles ICP Should Reflect the Company’s OFAC Risk Exposure OFAC’s 2006 Economic Sanctions Enforcement Procedures for
Banking Institutions (the “2006 Enforcement Procedures”) 71 Fed.Reg. 1971 (January 12, 2006) encouraged banks to rate their products, services, customers and geographic reach as low, medium or high risk and then to develop compliance polices and procedures based on their risk profile. OFAC stated that in determining whether or not to impose a civil
monetary penalty for a violation, it “will consider information … concerning the [banking] institution’s compliance program and the adequacy of that program based on its OFAC risk profile.” OFAC indicated that this risk-based compliance approach would
be extended to other business sectors, and it subsequently issued similar guidance for charities and the securities industry.
5
General Principles In Creating And Implementing An ICP
Custom-Fit the ICP to Your Company The elements on an ICP must be designed to operate within the
structure, culture and resources of the company in order to be effective.
Maintain a Flexible, Evolving ICP A company must maintain a dynamic approach to its ICP and
remain alert to OFAC changes in order for a program to retain its effectiveness.
Keep the ICP Manageable In most contexts, this requires a centralized system of detailed
review of transactions screened or “red flagged” by lower-level employees.
Ensure Upper Management Support For the ICP The most customized, dynamic and manageable ICP will not
succeed if the corporate hierarchy is not committed to ensuring OFAC compliance.
6
Key Elements Of An Effective ICP
While various businesses have different risk areas, as a general rule, ICPs should contain a variant of each of the elements listed below: Corporate Policy/Management Commitment
An ICP should include a corporate policy statement regarding thecompany’s approach and commitment to compliance with sanctions laws. The ICP should be adopted and issued by management. ICP Infrastructure and Delegation Authority
The presence of a centralized administrator of an ICP is a crucial element in making an ICP manageable. The benefits of a centralized compliance decision making include: Identifiable Resource Coordination and Consistency Efficient OFAC Monitoring Institutional Knowledge
7
Key Elements Of An Effective ICP
Education and TrainingIn order to ensure effective personnel participation in an ICP, an ICP should, at a minimum, address: The scope of the education and training program; Frequency of training; and Training methods.
Due Diligence in Forming Counterparty Relationships (Screening of Counterparties and Transactions, Background Checks as Appropriate)The most important tool in avoiding OFAC violations is the proper screening of customers, business partners and other counterparties and transactions. The ICP must also set out whento conduct counterparty and contract screening.
8
Key Elements Of An Effective ICP
Internal AuditsInternal audits serve as important tools for maintaining a dynamic ICP, and each ICP should provide for periodic auditing of the ICP and the company’s adherence to its conditions.
Recordkeeping OFAC programs generally require the retention of all records relating to a transaction covered by OFAC regulations for five years. At a minimum, an ICP should require the OFAC compliance officer or office to archive business records relating to transactions concluded under a specific or general OFAC license, as well as transactions relating to “red-flagged” transactions.
Notification and ReportingThe ICP should provide procedures to deal with violations once they are discovered. The ICP should provide guidelines for confidential reporting of violations internally. The ICP should also provide guidelines regarding reporting of violations to OFAC and gathering mitigating evidence for the potential OFAC investigation.
9
Risk-Based Compliance ICPs and the New Guidelines
The New Guidelines explicitly superseded the 2006 Enforcement Procedures and made no reference to risk assessment and corresponding risk-based compliance programs. Therefore, commenters expressed concern over what they perceived as OFAC’s move away from previously established policy and uncertainty regarding what OFAC now deems to be the correct approach to compliance.
In determining what sort of enforcement action to take under the New Guidelines, OFAC continues to look at a company’s individual characteristics, including its commercial sophistication, size and financial condition, volume of transactions, history of violation and compliance program.
OFAC has not removed the risk matrices posted on its website in sections providing industry-specific compliance guidance for charities and financial institutions.
10
Risk-Based Compliance ICPs and the New Guidelines
On November 6, 2008, OFAC published on-line guidance (arguably not enforcement procedures) for the securities industry in which the agency encouraged companies to develop proactive, risk-based compliance programs. The agency also stated that “the cornerstone of an effective OFAC
compliance program is an assessment of the risks presented by a firm’s customer base, specific products/services, and the geographic locations in which it conducts business.”
These indicators imply that OFAC retains a risk-based, industry specific approach to compliance under the New Guidelines. Indeed, in public forums it has stated that it has not abandoned risk-based compliance principles.
Nevertheless, the New Guidelines have created confusion, uncertainty and concern, so OFAC should formally issue a clarification.
11
Evaluating ICPs Against the New Guidelines
According to the New Guidelines, when OFAC deems the imposition of a civil penalty to be appropriate, the agency will calculate the proposed penalty based on two factors: voluntary self-disclosure and classification of the violation as egregious or non-egregious.
Effective risk-based compliance programs are the best way to encourage voluntary self disclosure and avoid conduct that could be classified as egregious.
Classification of a violation as egregious or non-egregious depends on analysis of the first four General Factors: Willful or Reckless Violation; Awareness of Conduct; Harm to Sanctions Program Objectives; and The Individual Characteristics of the Subject Person
However, OFAC’s analysis will place greater weight on whether the violation was willful or reckless and whether the Subject Person was aware or should have been aware of the conduct at issue in making this decision.
12
Evaluating ICPs Against the New Guidelines
Address elements of the first two General Factors (Willfulness and Awareness/Reason to Know) in the ICP by ensuring: Effective and consistent oversight by management Increased auditing and testing of compliance controls Additional training Encouraging a culture of compliance
Voluntary Self-Disclosures The ICP should take into account that voluntary self-disclosure is
a significant mitigating factor (generally at least 50% deduction). Note that failure to report an ongoing transaction that violatesOFAC restrictions may lead to the conclusion that the violation was “willful”. The ICP should provide specific guidance regarding the necessity
for immediate remedial action in response to a violation and when and how a violation is reported to OFAC.
13
Evaluating ICPs Against the New Guidelines
In cases of egregious violations, the base amount of the civil penalty potentially can be astronomical. Even in non-egregious cases, the use of transaction value as the base penalty can produce large fines. Accordingly, ICPs should ensure that adequate compliance
procedures are applied to high-value and high-volume transactions that might involve sanctions targets.
14
Evaluating ICPs Against the New Guidelines
In summary, for companies that already have an effective ICP, the New Guidelines do not necessarily suggest a change in approach. One of the primary objectives of an ICP is to prevent inadvertent violations that could lead to enforcement actions by the OFAC, and that continues to be the case. However, the New Guidelines have implications for encouraging ICPs and they highlight factors that companies ought to pay particular attention to when establishing or reviewing compliance programs in order to minimize OFAC’s response to apparent violations.
15
Edward L. RubinoffAkin Gump Strauss Hauer & Feld, LLP1333 New Hampshire Ave. N.W. Washington, DC 20036Tel: (202) 887-4026Fax: (202) [email protected]