Blocked person X owns 50 percent of Entity A and 25 percent of Entity B. Entities A and B each own 25 percent of Entity C. Is Entity C considered to be blocked?
About Tiffany Archer
Tiffany Archer leads ethics and compliance in North America, Latin America, and Europe for Panasonic Avionics Corporation.
She is experienced in regulatory and reputational risk management, trade compliance and sanctions, third-party risk management, and cross-border internal investigations. Archer is working toward certification as a global sanctions specialist through the Association of Certified Anti-Money Laundering Specialists.
Archer is slated to speak at CW’s National Conference in Washington D.C. in May 2020.
This question isn’t a hypothetical scenario written for an LSAT prep book. It represents a plausible predicament that any business might encounter if they do business internationally. The Department of the Treasury’s Office of Foreign Assets Control (OFAC) holds all U.S. persons and entities accountable to OFAC compliance, regardless of size or industry, and their primary rule is simple: Do not conduct business with anyone OFAC has placed on its Specially Designated Nationals and Blocked Persons (SDN) list.
OFAC’s rules of compliance, however, quickly grow confusing when considering the complexities of determining ownership levels in international business dealings, particularly as they relate to OFAC’s 50 Percent rule. That’s where the above scenario involving Entities A, B, and C comes in. And if you get the answer wrong and mistakenly conduct business with a blocked person or property, you and your company could pay dearly.
By the way, the answer is no, Entity C is not a blocked entity. But OFAC would caution against doing business with Entity C anyway. “Such entities may be the subject of future designation or enforcement action by OFAC,” Treasury’s revised guidance reads.
OFAC’s 50 Percent rule speaks only to ownership and not to control, the latter being an even murkier study. Furthermore, OFAC doesn’t publish a list of majority SDN-owned entities so it’s up to compliance teams to screen and perform enhanced due diligence on potential counterparties’ complex business structures to determine ownership.
Compliance Week spoke to Tiffany Archer, regional ethics and compliance officer and corporate counsel at Panasonic Avionics Corporation, to demystify the rule.
Q: Why are companies still struggling to figure out the OFAC 50 Percent rule?
A: Determining ownership is often more of an art than a science. The two common questions companies struggle with are: “How many layers deep into an ownership structure do I need to go to identify who would be subject to the OFAC 50 Percent rule?” and ”How do I get comfortable knowing I have all the necessary information to determine whether that entity is truly blocked under the rule?”
All of this comes down to due diligence—having a robust, technology-driven screening process—which is very expensive. Many companies and industries don’t have this type of technology at the ready, so that’s one barrier to entry.
“To whatever extent possible, invest in technology. Buttressing your manual work with automated functionality will allow your compliance program to work more efficiently. The manual interaction is always going to be required, but technological tools and thoughtful algorithms can help elevate the information that’s most important for your compliance officers to review.”
Tiffany Archer, Regional Ethics and Compliance Officer, Panasonic Avionics
In addition, the due diligence process is time-intensive and may not always bear fruit. There is a lot of reviewing, re-reviewing, and analyzing that must be done to figure out whether a company has gotten through each potential ownership layer. Even if a company gets down to that last layer, they may not have success in identifying the names of owners and related parties, which is the critical component to do the aggregate calculation of 50 percent or more ownership. For example, compliance practitioners may encounter a shell company that owns another shell company and then are unable to identify the owners’ names. Some jurisdictions don’t require the names of shareholders, and some business contracts don’t require the names of owners. The lack of transparency makes it a very complicated process.
Because companies don’t know how many layers down they must go—and because they don’t always know if they have the final names needed to put into the aggregate calculation—the uncertainty makes people fearful. They’re just not sure, and they don’t want their company to be subject to penalties, fines, and reputational harm. It’s a paralysis of sorts.
Q: How can companies better wrap their heads and hands around the OFAC 50 Percent rule?
A: Some practical tips:
- Take a risk-based approach to third-party relationships. Companies should risk-rank their customers and perform associated diligence based on their risk-rankings. Make sure your company is utilizing comprehensive third-party due diligence questionnaires, which allows your company to ask targeted questions and delve deep into the third party’s ownership structure.
- Reprioritize funds to set up screening systems and associated algorithms. These tools will help companies feel more confident that they know what they need to know, and that an entity is either blocked or not under the 50 Percent rule.
- Hire compliance professionals who are equipped to appreciate the nuances of the OFAC 50 Percent rule.
- Engage with the stakeholders at the forefront of business dealings, who are the primary contacts for your company’s third-party vendors. Because of their relationship and open lines of communication with the third party, they have access to real-time updates. They might happen to hear critical information that should be brought back to the compliance program. For instance, have there been any changes to the third party’s ownership structure that compliance officers need to be aware of that would require the company to block the relationship? Are there other metrics the compliance program needs to know? Oftentimes, these answers won’t come up in a screening, no matter how robust your company’s technology. There is nothing better than one-to-one communication with the person giving you that information.
Q: How did the 2014 revised guidance change the OFAC 50 Percent rule?
A: The 2014 requirement of understanding ownership in the aggregate is what triggered a tremendous undertaking for companies.
To satisfy regulators’ expectations regarding an effective sanctions compliance program, the company must look back at the universe of historical third-party and related-party relationships, assess the ownership structures, and determine whether they meet the third-party aggregate ownership of 50 percent or more. That revised guidance really caused a tremendous burden to determine whether a company was doing business with someone on the SDN list.
In addition, while the focus of the 2014 revised guidance was on ownership, the guidance pertaining to control is far less explicit. Control, on its face, is not a trigger, but if those who are in control are ever placed on the SDN list, that changes the analysis. Then, that entity that you thought was not blocked becomes blocked. While control is not a de facto trigger for blocking, it’s something you need to watch.
Another area of concern is where the aggregate ownership of a non-blocked entity is less than 50 percent. OFAC’s 2014 revised guidance has explicitly stated that companies should be especially cautious in these circumstances. Proactive monitoring is key, as OFAC states, because that entity may become the subject of future designations. Once it flips and becomes blocked, your company is then responsible for being aware of that designation.
Q: What are the best ways to avoid violating OFAC’s 50 Percent rule?
A: A lot of it boils down to ongoing monitoring. You must have your finger on the pulse of all the changes: legislation, regulations, new sanctions review changes, and individuals added to the SDN list. There are many moving parts and many places to check. That’s why your compliance program must be mindful of your company’s risk appetite and what level of risk it’s willing to absorb.
Again, to whatever extent possible, invest in technology. Buttressing your manual work with automated functionality will allow your compliance program to work more efficiently. The manual interaction is always going to be required, but technological tools and thoughtful algorithms can help elevate the information that’s most important for your compliance officers to review.
There’s also the option to outsource. If your company doesn’t have enough internal resources, bring in analysts from a forensic accounting firm that focuses on trade compliance and sanctions regimes. They can help your organization weed through the first cut of data so that you can turn over the more salient data to your more senior level compliance officers.
Q: What should you do if you have violated OFAC’s 50 Percent rule?
A: If the unfortunate situation arises where a company discovers they’re working with a blocked entity, they should freeze any further activity and disclose the relationship to OFAC.
Companies are responsible for implementing a framework for OFAC compliance that incorporates the five essential components, including management commitment, risk assessment, strong internal controls, testing and auditing, and training—as well as ongoing monitoring. The burden is on the company to be vigilant and to undertake reasonable efforts to understand the third party’s ownership structure. Should there be a situation where the company becomes aware they’re working with a blocked entity, or if the government determines it, cooperation with OFAC may lead to leniency.
It’s all about being proactive: administering third-party questionnaires; taking the proactive step of reviewing a third party’s policies and procedures; and assessing their internal compliance programs and OFAC exposures. This process should be undertaken during onboarding and again over the course of the relationship. It’s not just about your company’s effort; you really want to be sure that you’re doing business with organizations that also have protocols in place that address these same concerns. An OFAC violation is only going to trickle up if proactive monitoring doesn’t trickle down.