CSS Exam Prep Virtual Classroom Session 4 PDF
Document Details
Uploaded by ComplementaryConcertina2325
Natasha Bright
Tags
Summary
This document provides pre-virtual classroom assistance and outlines an agenda with topics such as housekeeping, introductions, components of the OFAC compliance framework, other guidance, programs, customer due diligence, considerations for specific industries, wrap up, and Q&A sessions. It also contains information about the use of VoIP and telephone for audio assistance, mobile access for attendees.
Full Transcript
WELCOME! Pre-Virtual Classroom Assistance 1. Audio help: Use VoiP (computer audio) OR Telephone You can select the audio in the control panel. See ”C” on the right. When dialing in by TELEPHONE, make sure you used both your Access Code (9 digit number) and personal audio pin (2 digit num...
WELCOME! Pre-Virtual Classroom Assistance 1. Audio help: Use VoiP (computer audio) OR Telephone You can select the audio in the control panel. See ”C” on the right. When dialing in by TELEPHONE, make sure you used both your Access Code (9 digit number) and personal audio pin (2 digit number). You can see your personal audio pin in the control panel, under audio – phone option. 2. Mobile access - Attendees can join sessions from iPhone, iPad or Android device. Download the GotoTraining App from Citrix and type in Training ID number. (meeting # is in your confirmation email). 3. At the bottom of the screen please make sure you are on mute (letter “D”) and your webcam is turned off (letter “E”.) GotoTraining Help: Toll-free: (877) 582-7011 or +1 805 617 7370 https://support.logmeininc.com/gototraining/contactus?p=0-0 ACSS helpdesk:[email protected] All rights reserved | ACSS 1 CSS Exam Prep Virtual Classroom Session 4 Elements of a Risk-Based Sanctions Compliance Program v11 All rights reserved | ACSS 2 Moderator Natasha Bright Association of Certified Sanctions Specialists (ACSS) [email protected] www.sanctionsassociation.org All rights reserved | ACSS 3 Agenda I Housekeeping & Introductions Components of the OFAC Compliance II Framework Other Guidance for Sanctions Compliance III Programs IV Customer Due Diligence & OFAC’s 50% Rule V Considerations for Specific Industries VI Wrap Up and Q&A All rights reserved | ACSS 4 Introduction All rights reserved | ACSS 5 Housekeeping 1. Audio help: Use VoiP (computer audio) or Telephone. Make sure you use your Access Code (9 digit) and then audio pin (2 digit). (marked “C”) 2. Mobile access - Attendees can join from iPhone, iPad or Android device. Download the GotoTraining App from Citrix and type in Training ID number. (meeting # is in your confirmation email). 3. Please make sure you are on mute and your webcam is off. Controls are on the bottom of your screen and marked here as “D” and “E”. 4. Download the slides and materials by clicking on the document icon in your control panel (marked “B”). 5. You will participate in “practice test questions” using the test tool and ”exercises”, using the chat box to submit your answers. These are not counted against you. 6. You can ask questions to the speaker via the chat function. (marked “A”). GotoTraining Help: Toll-free: (877) 582-7011 or +1 805 617 7370 https://support.logmeininc.com/gototraining/contactus?p=0-0 ACSS helpdesk:[email protected] 6 Using the Chat Box In which city are you based? Share your answer with the group using the chat box. All rights reserved | ACSS 7 Martijn Feldbrugge Scott Nance Speakers Director Business & Sanctions Consulting Network Principal Langley Compliance Consulting LLC web: www.bscn.nl email: [email protected] email: [email protected] All rights reserved | ACSS 8 Elements of a Risk- Based Sanctions Compliance Program All rights reserved | ACSS 9 Overview of Sanctions Compliance Programs Some sort of compliance program is necessary to comply with sanctions requirements. Neither the EU nor the US regulations or laws require such a system, but it is practically impossible to ensure compliance without one. While there are no legal requirements regarding the structure of a sanctions compliance program (“SCP”), the EU, the United States, and the Wolfsberg Group have provided useful guidance. All three agree that a system should be “risk-based” – it should reflect the specific sanctions risks the firm faces. All rights reserved | ACSS 10 A Framework for OFAC Compliance Commitment Issued by OFAC in May 2019 Five Essential Components of Compliance 1 2 3 4 5 Management Risk Assessment Internal Controls Testing and Audit Training Commitment All rights reserved | ACSS 11 Component 1: Management Commitment One of the most important factors in determining the success of SCP. Essential to ensure SCP receives adequate resources and is fully integrated into the organization’s daily operations The term “senior management” may differ among various organizations, but typically the term should include senior leadership, executives, and/or the board of directors. All rights reserved | ACSS 12 Steps Necessary to Demonstrate Senior Mgt. Commitment Include: Senior management reviews and approves the SCP. Direct reporting lines between SCP function and senior management. Senior management assures SCP has adequate resources/human capital. There is a designated OFAC compliance officer. Sanctions compliance team has necessary knowledge/expertise. There is a “culture of compliance.” All rights reserved | ACSS 13 Component 2: Risk Assessment Risks = Potential threats or vulnerabilities that, if ignored or not properly handled, can lead to violations of OFAC regulations and negatively affect an organization’s reputation and business. OFAC recommends a risk-based approach when designing or updating an Sanctions Compliance Program (SCP) All rights reserved | ACSS 14 What Should the RA Exercise Entail? Holistic view Allows the organization to identify (1) customers, supply chain, potential areas in which it may No one size fits all intermediaries and counter parties engage with OFAC prohibited (2) Products and services entities, parties, countries or regions (3) Geographic locations International Size and stability of Volume and value of exposure customer base transactions All rights reserved | ACSS 15 Recognizing Risk Transactions to Consider: Any business transaction or service could potentially violate OFAC. There is no minimum dollar amount. HOWEVER, certain transactions may pose a higher risk. Examples: Initiated from foreign countries Cash only, especially for large or luxury items that are easily liquidated International wire transfers involving international parties Trade finance Real estate deals, especially where the borrower or seller isn’t personally known Loan transactions, especially if the proceeds go to a third party With entities known to conduct business in sanctioned countries With a party who is anonymous or attempts to conceal his identity or location All rights reserved | ACSS 16 Example Excerpt from OFAC risk Matrix Source: Annex to Appendix A to 31 CFR Part 501, OFAC’s Economic Sanctions Enforcement Guidelines https://www.law.cornell.edu/cfr/text/31/appendix-A_to_part_501 All rights reserved | ACSS 17 Component 3: Internal Controls Detailed policies and procedures how you mitigate sanctions risks and addresses specific situations. Guidelines : 1. The organization has designed written policies and procedures outlining the SCP. 2. The organization has implemented controls that address the results of its OFAC risk assessment and profile. 3. The organization enforces the policies and procedures through internal and/or external audits. All rights reserved | ACSS 18 Internal Controls (cont.) 4. recordkeeping policies and procedures adequately account for its OFAC requirements 5. Upon learning of a weakness in its internal controls pertaining to OFAC compliance, it will take immediate and effective action 4. The organization has clearly communicated the SCP’s policies and procedures to all relevant staff 4. The organization has appointed personnel for integrating the SCP’s policies and procedures into the daily operations of the company or corporation. All rights reserved | ACSS 19 Three Lines of Defense First Line: The Business Second Line: Compliance Third Line: Audit Initially reviews customers Reviews decisions by the business; Regularly reviews the and transactions for operation of the entire possible sanctions issues, Answers questions and responds sanctions compliance and for making the initial to requests for guidance; system. decision about whether to proceed with a customer Periodically reviews compliance or transaction. decisions by the business; and Creates, maintains and updates the organizations sanctions policies and procedures. All rights reserved | ACSS 20 Compliance Policy Statement of corporate intent. Usually adopted by the Board of Directors or Senior Management of the organization. Purpose: to communicate to the organization its stance towards sanctions compliance. Generally includes: o A purpose statement o An applicability and scope statement; o An effective date o A responsibilities section All rights reserved | ACSS 21 Practice Test 1 What is the First Line of Defense when applied to internal controls? a. The business b. The auditors c. The compliance team The test tool will appear in a moment so you can submit your answers All rights reserved | ACSS 22 Component 4: Testing and Audit ESSENTIALS: covers sanctions compliance, and fulfills certain basic criteria, as identified by OFAC: A. accountable to senior management; B. independent, and C. sufficient authority, and resources. appropriate to level and sophistication of its SCP. upon learning of a confirmed negative testing result or audit finding pertaining to its SCP, it will take immediate and effective action All rights reserved | ACSS 23 Component 5: Training provides adequate information and instruction to employees and, as appropriate, stakeholders scope that is appropriate frequency that is appropriate based on its OFAC risk assessment and risk profile. easily accessible resources and materials available to all applicable personnel. Upon learning of a confirmed negative testing result or audit finding, or other deficiency pertaining to its SCP, take immediate and effective action All rights reserved | ACSS 24 Training (cont.) An organization should consider these four categories of training, at a minimum: 1 2 3 4 General sanctions training Specialized training for Detailed training for all Sanctions training for top for all employees employees with compliance staff management. responsibilities that may require them to make sanctions decisions. NOTE: It is important to keep complete records of sanctions training All rights reserved | ACSS 25 Short exercise/Case study As the sanctions compliance officer at your U.S. company, you have overseen the recent deployment of your company’s first sanctions screening tool. You are called into a meeting with your boss to congratulate you on this achievement. The boss mentions that now that this “screening thing” is working, you should be free to work on other areas of compliance now since the company should be fully compliant with OFAC now. What should you convey – diplomatically, of course – to help them understand what else needs to be done? Submit your answers in the chat box. Please number them. All rights reserved | ACSS 26 Other Guidance For Sanctions Compliance Programs All rights reserved | ACSS 27 EU Sanctions Guidance on Best Practices for “Internal Compliance Programmes” The EU guidance is technically directed toward compliance programs for organizations exporting dual use products, however, the guidance addresses sanctions compliance as well. Practically, all of the principles and recommendations are applicable to sanctions compliance programs as well. The main components of a compliance program under the EU guidance are: 1. Top-level management commitment to compliance 2. Organization structure, responsibilities and resources commensurate to the entity’s risk profile 3. Training and awareness raising 4. Transaction screening process and procedures 5. Performance review, audits, reporting and corrective actions 6. Recordkeeping and documentation 7. Physical security All rights reserved | ACSS 28 Wolfsberg Guidance on Sanctions Screening The Wolfsberg Guidance on Sanctions Screening focuses on the role of screening customers and transactions at banks to detect and prevent sanctions violations. The guidance notes, that screening is simply one component of a larger sanction program. The components of such a program should include: 1. Policies and procedures 2. Responsible person 3. Risk assessment 4. Internal controls 5. Testing All rights reserved | ACSS 29 FFIEC BSA/AML Examination Manual Though OFAC regulations do not fall under the scope of AML (anti-money laundering) laws, evaluation of OFAC compliance is frequently included in AML examinations. The Bank Secrecy Act (BSA): - U.S. federal law that requires banks and other financial institutions to bring large cash transactions and other dubious activity to the attention of regulators. - also requires FIs to have complex controls in place to detect any criminal activity, including an AML program. All rights reserved | ACSS 30 FFIEC BSA/AML Examination Manual (cont.) In order to assess compliance with the BSA, and AML laws, an assessment by the regulator is conducted called the BSA/ AML Examination. U.S. FFIEC AML/BSA Examination Manual: Available online at https://bsaaml.ffiec.gov/manual The Manual provides vital information on what to expect from the examiner with respect to their review of an institution’s OFAC/sanctions compliance program. Even though OFAC is not part of the FFIEC, it assists in the development of the sections of the manual that relate to OFAC reviews. Federal banking agencies also often have a duty to inform OFAC when they spot problematic behavior, for example involving transactions to or from sanctioned countries or a lack of written controls to comply with sanctions laws. This duty is usually derived from an agreement made with OFAC called a “Memorandum of Understanding” (MOU). All rights reserved | ACSS 31 NYDFS Superintendent’s Banking Regulations of the New York Division of Financial Services (NYDFS) concerning transaction screening. NYDFS has played a major role in defining the obligations of banks with respect to compliance systems. On June 30, 2016, the New York Department of Financial Services (DFS) issued a final rule on BSA/AML transaction monitoring and OFAC filtering and screening. All rights reserved | ACSS 32 NYDFS (cont.) Effective as of January 1, 2017. Annual mandated submission by the Board of Directors or a Senior Officer certifying compliance with the regulations and the measures taken to achieve it. Applies to all banks, trust companies, savings banks, and savings and loan associations chartered pursuant to the NY Banking Law…AND all branches and agencies of foreign banking corporations licensed to conduct banking operations in New York. Key Performance Indicators (KPIs): should be a regular item on Board agendas!! Top management should routinely receive information showing effectiveness of company’s SCP, including: o Transactions and customers rejected; and o Any violations. All rights reserved | ACSS 33 Due Diligence All rights reserved | ACSS 34 Customer Due Diligence OFAC’s 50% Guidance Because OFAC’s lists are not exhaustive. Issued February 2008, revised August 2014. Guidance on OFAC licensing policy information should be included on each OFAC Sanction Program’s page - https://home.treasury.gov/policy- issues/financial-sanctions/sanctions-programs-and-country-information An Entity that is owned 50% or greater by a sanctions target is treated as a sanctions target. Underscores the need for thorough due diligence OFAC’s 50% rule speaks only to ownership and not control. Also applies to SSI 50% rule doesn’t always apply, as with the case of Chinese Military Companies Sanctions - https://home.treasury.gov/policy-issues/financial- https://www.treasury.gov/resource- sanctions/faqs/topic/5671 center/sanctions/Documents/licensing_guidance.pdf All rights reserved | ACSS 35 OFAC 50 Percent Guidance: Terms Direct ownership: One or more blocked persons own shares in an entity. Indirect ownership: One or more blocked persons' ownership of shares of an entity through another entity or entities that are 50 % or more owned in the aggregate by the blocked person(s). All rights reserved | ACSS 36 OFAC 50% Guidance and Indirect Ownership in Complex Ownership Structures Example SDN: Company A SDN: Mr. X AGGREGATE DIRECT 50% 15% 40% Company C Company B INDIRECT 50% Company D B, C, D and E are considered to CASCADE 50% be blocked. Company E All rights reserved | ACSS 37 Exercise 1: OFAC 50% Guidance Which companies are considered to be blocked. Explain your answer. SDN: Mr. X 50% 50% Company A Company B 25% 25% Company C Submit your answers in the chat box. Please number them. All rights reserved | ACSS 38 39 Exercise 2: OFAC 50% Guidance Which companies are considered to be blocked. Explain your answer. SDN: Mr. X 50% 10% Company A 40% Company B Submit your answers in the chat box. Please number them. Compliance Considerations for Specific Industries All rights reserved | ACSS 40 Finance OFAC has released the following matrix showing the risks associated with particular types of customers and transactions that financial institutions can use to evaluate their sanctions compliance systems. While this risk matrix was developed specifically for financial institutions, the same principles and conclusions may apply to other industries as well. All rights reserved | ACSS 41 Practice Test 2 Your customer is a stable, well known, local company, with no high-risk customers. They do, however, have one foreign branch located in the UK. How would you place this customer on the financial risk matrix? The test tool will appear in a. High risk a moment so you can b. Moderate risk submit your answers c. Low risk All rights reserved | ACSS 42 Securities OFAC has identified a number of risk factors for securities transactions: 1. International transactions, including wire transfers; 2. Foreign customers/accounts; 3. Foreign broker-dealers who are not subject to OFAC regulations; 4. Risks of investments in foreign securities; 5. Personal investment by corporations or personal holding companies; 6. Very high net worth institutional accounts, hedge funds, funds of hedge funds and other alternative investment funds (private equity, venture capital funds) and intermediary relationships; 7. Omnibus accounts/use of intermediaries; 8. Third party introduced business; and 9. Confidential accounts All rights reserved | ACSS 43 Maritime Shipping Shipping industry faces especially complicated sanctions risks. For sanctions purposes, the “shipping industry” includes, not just companies operating ships, but all the related services, including chartering, insurance, freight forwarding, loading and unloading, bunkering, and repair services. Along with the normal risks factors, such as the identity of the parties to transactions and the origin and destination of goods, the nature of the commodities being shipped can pose a particular sanctions risk. Examples of commodities that may pose particular sanctions (and export control) risks include: Military items; Dual-use items, including nuclear, biochemical, WMD, missile technology; Drug precursors and certain general chemicals; and/or Otherwise bulk standard generic items that become an issue because of a targeted sanction on a single country. All rights reserved | ACSS 44 Shipping (cont.) Sample contractual sanctions clause OFAC has identified a number of measures the “ANY TRADE IN WHICH THE VESSEL IS EMPLOYED shipping industry can take to mitigate these risks. UNDER THIS CHARTERPARTY WHICH COULD EXPOSE THE VESSEL, ITS OWNERS, MANAGERS, Insurance CREW OR INSURERS TO A RISK OF SANCTIONS Verify cargo origin IMPOSED BY THE UNITED STATES, UNITED Strengthen AML/CFT compliance NATIONS OR THE EU, SHALL BE DEEMED Monitor for AIS manipulation UNLAWFUL AND OWNERS SHALL BE ENTITLED, Contractual clauses AT THEIR ABSOLUTE DISCRETION, TO REFUSE TO Review all applicable shipping documentation CARRY OUT THAT TRADE. IN THE EVENT THAT SUCH RISK ARISES IN RELATION TO A VOYAGE Know Your Customer (KYC) THE VESSEL IS PERFORMING, THE OWNERS Clear communication with international partners SHALL BE ENTITLED TO REFUSE FURTHER Leverage available resources PERFORMANCE AND THE CHARTERERS SHALL BE OBLIGED TO PROVIDE ALTERNATIVE VOYAGE ORDERS.” All rights reserved | ACSS 45 Commercial Insurance The (re)insurance market provides significant support to the global maritime industry. For this reasons, there is a risk to this sector of exposure to prohibited or sanctionable activity. Obtaining commercial insurance is not likely to be the primary goal of those involved in the movement of illicit goods, but it can be exploited to obtain the necessary permits to initiate voyages and enter ports to transfer prohibited goods. All rights reserved | ACSS 46 Commercial Insurance Risk Assessment Source: Lloyd’s Market Bulletin Ref Y5246 of April 2019 All rights reserved | ACSS 47 Commercial Insurance Risk Assessment Source: Lloyd’s Market Bulletin Ref Y5246 of April 2019 All rights reserved | ACSS 48 Commercial Insurance Risk Assessment Source: Lloyd’s Market Bulletin Ref Y5246 of April 2019 All rights reserved | ACSS 49 Exporters/Importers Companies involved in international trade, such as exporters and importers are particularly vulnerable for sanctions violations. Case Study: 2018 OFAC’s $1.5M Fine on Epsilon A U.S. car audio and video equipment manufacturer Provides vital lessons for U.S. exporters whose products may be found in sanctioned countries Epsilon broke the law by selling audio and video equipment to Asra International, LLC. In Dubai, UAE, despite having reason to know that this company would more than likely distribute the goods to Iran. All rights reserved | ACSS 50 Exporters/Importers (cont.) Actual delivery of U.S. origin products to Iran is not required for the regulation to be violated. Instead, court said that it’s sufficient that exporter knows or should know that a third country specifically intends to re-export the goods to Iran, regardless of whether the goods ultimately arrive in Iran. While an exporter may satisfy themselves that its exports to a third country are not specifically intended for Iran, some due diligence is required to demonstrate the exporter had no “reason to know” that a customer was exclusively or predominantly doing business with Iran. Case underscores the importance of proper due diligence with regard to foreign distributors that are not similarly restricted under their local law in doing business with Iran. All rights reserved | ACSS 51 Wrap Up and Q&A All rights reserved | ACSS 52 What we covered Five Elements of an OFAC Sanctions Compliance Program Customer Due Diligence OFAC 50% Rule Additional Guidance Compliance Considerations for Specific Industries All rights reserved | ACSS 53 Q&A Please submit any questions in the chat box. All rights reserved | ACSS 54 Thank You! Next Session is Next Week - Tuesday 12:00 – 2:00 pm ET Visit Us Here : www.sanctionsassociation.org