I was recently reviewing a partner contract which mandated that any customer that we resell the partner product to must not be an entity included on a government “prohibited to do business with” list, such as Office of Foreign Assets Control (OFAC), and further they are not involved in credit fraud or other unethical business practices. It got me thinking about how we go about fulfilling such a mandate. I would have assumed that I could simply ask the customer to certify to the above. It would be sufficient to show that the customer self-certified to those facts.
As I started mulling over this some more, it became clear to me that while it may in fact be sufficient when it comes to fulfilling the requirement for the partner: it is not black and white when there is in fact an OFAC prohibition against that entity. It could put my business in the cross hairs of Office of Foreign Assets Control that enforces these violations. It could lead to debilitating fines or worse. If requiring a customer self-certification is not the answer, that puts a level of burden on our sales organization to gain a deep understanding of the customer prior to a sale. It means giving them access to tools and data solutions that they can use to make informed decisions like “Will my business be safe and in compliance?”
A keen understanding of the OFAC rules is now important when it comes to selection of the tools you use to provide the pertinent details to make an intelligent decision on the risk associated with a business relationship. Rigorous OFAC screening requires not just a match against an OFAC list for the entity, but also requires a screening of all the owners of a business ownership (Ultimate Beneficiary Ownership) can be complex, with direct and indirect ownerships of any corporation. For example, majority shares of a company can be owned by five. individuals and two corporations. Further, the two corporations that have ownership stake in the main corporation could have their own ownership structure.
OFAC rules require that all business owners (individuals and businesses) must be screened to determine if any OFAC flags exist for a corporation. Furthermore, Office of Foreign Assets Control also published the OFAC 50 rules that determine an OFAC violation if one or more individuals/companies that collectively own a controlling stake in a company constitutes an OFAC violation of that company. So, even if the company is not directly blocked by an OFAC sanction, ownership in that company can play a part in determining an OFAC violation.
Further, we also need to consider the ongoing changes to the OFAC lists, as well as changes in ownership to ensure ongoing compliance with OFAC and other trade sanctions.
As the scenario above clearly illustrates, the maze and intricate level of these relationships can get confusing very quickly and lead to negative results if an organization does not have the tools to make sense of it all.
Today market pressures, trade tensions, supply chain disruptions make, OFAC screening management a concern requiring strict attention and clear ownership of this data within an organization. The screening of all direct and indirect owners in the company and the numerous complex calculations based on shareholding structures and percentages is also critical and requires the ability to adjudicate false matches. Furthermore, the information must remain current for the life of the relationship to ensure compliance.
This detailed level of process and compliance can place a heavy burden on organizations since it forces people, systems, and processes to maintain compliance. This burden is now mandatory for organizations of all sizes. Please share what your organization is doing to stay Compliant.