Proving compliance: Do you have the right tools?
So much energy goes into meeting regulatory requirements that stakeholders are often after a simple metric: avoiding penalties for sanctions violations. But what happens when sanctions do hit? Strong tools are just as important when there are gaps in compliance. Because let’s be honest — it’s impossible to cover 100% of potential risk factors. What you can do is have all the tools in place to prove that everything that could’ve been done, was done.
A sanctions compliance case in the news
Between July 2015 and November 2016, Cameron International Corporation violated Directive 4 of the Ukraine-Russia sanctions regulations. Starting in July 2015, US senior managers approved approvals from the Cameron Romania personnel for contracts with Gazprom-Neft Shelf – the only company extracting oil from the Arctic shelf of Russia.
Cameron had established compliance policies, but they did not address the involvement of US persons in the activities of Cameron’s foreign subsidiaries. In June 2017, Cameron notified OFAC of the violations and submitted an additional report in December 2017. But OFAC determined that Cameron’s submissions did not constitute a voluntary self-disclosure. Further, they stated that US senior managers at Cameron should have known that the contracts violated Directive 4.
A tricky argument
According to OFAC, organizations’ accountability for sanctions violations depends on the preventive steps, policies, and processes implemented to mitigate them. So if two companies violate sanctions in the exact same way, fines are often based on the comprehensiveness of their compliance programs. In other words, if one company has a comprehensive CDD process, and the other only does traditional list screening, the fallout could be different.
In Cameron’s case, senior employees attended trainings and received multiple email alerts, clearly stating that they were breaching company policy. Nevertheless, that obviously wasn’t enough. So even when they ultimately reported the violations, it was a little too little. But what if they had had a strong system in place?
With one platform that provides insights and explanations behind every sanctions risk factor, compliance doesn’t have to be a game of chance.
Why does it matter?
Amid sanctions investigations, the best thing for your business is that you can prove your due diligence efforts. But implementing effective compliance programs for multinational corporations operating across multiple subsidiaries and with global employees is a huge challenge. Further, as regulations continually change, an adaptive approach is as critical as ever. Directive 4 is a great example — amended in 2017 to include more restrictions against supplying Russian oil projects.
So compliance procedures expire, and the same rules that might have been enough before could now be exposing your business. This is why standard list matching tools are simply not enough. Compliance is a long-term game, and the tools you have today need to protect you against future risk. Windward provides a comprehensive risk overview of company risk and ownership, in addition to associated sanctioned regimes, vessels, and blacklists. Each building block is there to support decisioning. Most importantly, our models predict the sanctions risk level for you – so you can act before the damage is done.
Compliance solutions are often a black box.
But without visibility and actionable insights, effective due diligence will continue to lag. Ultimately, the action you take will depend on your risk appetite. But the right tools and insights can help protect your brand and bottom-line, no matter the regulatory environment.
Contact our team to learn how you can empower your teams with a strong risk management solution.