The sanctions screening internal controls are developed and implemented by organizations to prevent the occurrence of sanctions risks and avoid regulatory non-compliance. An effective internal controls system, including policies and procedures, to identify, interdict, escalate, report, and keep records on activity that may be prohibited by the regulations and laws administered by authorities.
Sanctions Screening Internal Controls
The purpose of internal controls is to outline clear expectations, define procedures and processes for OFAC compliance, and minimize the risks identified by the organization’s risk assessments. Policies and procedures should be enforced, weaknesses should be identified and remediated, and internal and/or external audits and assessments of the program should be conducted periodically.
Given the dynamic nature of US economic and trade sanctions, a successful and effective sanction compliance program should be capable of adjusting rapidly to changes published by OFAC. These include:
- Updates to OFAC’s List of Specially Designated Nationals and Blocked Persons the SDN List, the Sectoral Sanctions Identification List, and other sanctions lists.
- New, amended, or updated sanctions programs or prohibitions imposed on targeted foreign countries, governments, regions, or persons, through the enactment of new legislation, the issuance of new Executive orders, regulations, or published OFAC guidance.
- The issuance of general licenses.
OFAC Compliance Program
OFAC compliance programs generally include internal controls, including policies and procedures, to identify, interdict, escalate, report, and keep records about activity that is prohibited by the sanctions programs administered by OFAC. The purpose of internal controls is to outline clear expectations, define procedures and processes for compliance, and minimize the risks identified by an entity’s risk assessments.
The organization has designed and implemented written policies and procedures outlining the SCP. These policies and procedures are relevant to the organization, capture the organization’s day-to-day operations and procedures, and are designed to prevent employees from engaging in misconduct.
The organization enforces the policies and procedures it implements as part of its OFAC compliance internal controls through internal and/or external audits.
The organization ensures that its OFAC-related recordkeeping policies and procedures adequately account for its requirements according to the sanctions programs administered by OFAC. The organization ensures that its internal controls about sanctions compliance, identify and implement compensating controls until the root cause of the weakness can be determined and remediated.
The organization has communicated the policies and procedures to all relevant staff, including personnel within the compliance program, as well as relevant business segments operating in high-risk areas, and to external parties performing SCP responsibilities on behalf of the organization.
The organization has appointed personnel for integrating the SCP’s policies and procedures into the daily operations of the company or corporation. This process includes consultations with relevant business units and confirms the organization’s employees understand the policies and procedures.
Sanctions screening refers to measures implemented within businesses that are intended to detect, prevent, or otherwise manage sanctions-related risks by detecting sanctioned individuals and/or organizations, as well as illegal activities to which these institutions may be exposed accidentally. The organization has implemented internal controls that adequately address the results of its risk assessment and profile. These internal controls should enable the organization to clearly and effectively identify, interdict, escalate, and report to appropriate personnel within the organization transactions and activities that may be prohibited by OFAC.