2.3 SISTEMA DE ENCENDIDO DEL MOTOR
2.3.2 Funcionamiento del sistema de encendido convencional
• Repeat errors
OFAC’s New Economic Sanctions Enforcement Guidelines: Impact on Internal Compliance Programs
Edward L. Rubinoff
2
What Is An Internal Compliance Program (“ICP”)
An ICP is a set of formalized policies and procedures developed to detect and prevent company violations of economic sanctions or export laws.
An effective ICP is like an insurance policy
An ICP is NOT an affirmative defense under the U.S. economic sanctions laws, however an effective ICP should:
Prevent inadvertent violations that could lead to enforcement actions by the OFAC;
Obtain mitigation of penalties in the event of an enforcement action; and
Demonstrate corporate responsibility to potential and existing business partners.
Is An Internal Compliance Program Required?
No Legal Requirement But Significant Legal Benefits
ICPs are not generally required by any of the primary statutes or regulations governing U.S. sanctions laws.
However, failure to develop an ICP can lead to severe consequences under the new OFAC Economic Sanctions Enforcement Guidelines (the “New Guidelines”).
OFAC’s Economic Sanctions Enforcement Guidelines
The existence and effectiveness of a compliance program is one of the General Factors that OFAC will consider in determining an appropriate response to a violation, and if a civil penalty is
warranted, in establishing the amount of that penalty. 73 Fed. Reg. 51933 (September 8, 2008).
4
General Principles In Creating And Implementing An ICP OFAC does not suggest policies or procedures that should be
included in an ICP. Therefore, companies have freedom to develop ICPs tailored to meet their needs and address their risks.
General ICP Principles
ICP Should Reflect the Company’s OFAC Risk Exposure
OFAC’s 2006 Economic Sanctions Enforcement Procedures for Banking Institutions (the “2006 Enforcement Procedures”) 71 Fed. Reg. 1971 (January 12, 2006) encouraged banks to rate their
products, services, customers and geographic reach as low,
medium or high risk and then to develop compliance polices and procedures based on their risk profile.
OFAC stated that in determining whether or not to impose a civil monetary penalty for a violation, it “will consider information … concerning the [banking] institution’s compliance program and the adequacy of that program based on its OFAC risk profile.”
OFAC indicated that this risk-based compliance approach would be extended to other business sectors, and it subsequently
General Principles In Creating And Implementing An ICP
Custom-Fit the ICP to Your Company
The elements on an ICP must be designed to operate within the structure, culture and resources of the company in order to be effective.
Maintain a Flexible, Evolving ICP
A company must maintain a dynamic approach to its ICP and remain alert to OFAC changes in order for a program to retain its effectiveness.
Keep the ICP Manageable
In most contexts, this requires a centralized system of detailed review of transactions screened or “red flagged” by lower-level employees.
Ensure Upper Management Support For the ICP
The most customized, dynamic and manageable ICP will not succeed if the corporate hierarchy is not committed to
6
Key Elements Of An Effective ICP
While various businesses have different risk areas, as a general rule, ICPs should contain a variant of each of the elements listed below:
Corporate Policy/Management Commitment
An ICP should include a corporate policy statement regarding the company’s approach and commitment to compliance with
sanctions laws. The ICP should be adopted and issued by management.
ICP Infrastructure and Delegation Authority
The presence of a centralized administrator of an ICP is a crucial element in making an ICP manageable. The benefits of a
centralized compliance decision making include:
Identifiable Resource
Coordination and Consistency
Efficient OFAC Monitoring
Key Elements Of An Effective ICP
Education and Training
In order to ensure effective personnel participation in an ICP, an ICP should, at a minimum, address:
The scope of the education and training program; Frequency of training; and
Training methods.
Due Diligence in Forming Counterparty Relationships (Screening of Counterparties and Transactions,
Background Checks as Appropriate)
The most important tool in avoiding OFAC violations is the proper screening of customers, business partners and other
counterparties and transactions. The ICP must also set out when to conduct counterparty and contract screening.
8
Key Elements Of An Effective ICP
Internal Audits
Internal audits serve as important tools for maintaining a dynamic ICP, and each ICP should provide for periodic auditing of the ICP and the company’s adherence to its conditions.
Recordkeeping
OFAC programs generally require the retention of all records relating to a transaction covered by OFAC regulations for five years. At a
minimum, an ICP should require the OFAC compliance officer or office to archive business records relating to transactions concluded under a specific or general OFAC license, as well as transactions relating to “red-flagged” transactions.
Notification and Reporting
The ICP should provide procedures to deal with violations once they are discovered. The ICP should provide guidelines for confidential reporting of violations internally. The ICP should also provide
guidelines regarding reporting of violations to OFAC and gathering mitigating evidence for the potential OFAC investigation.
Risk-Based Compliance ICPs and the New Guidelines
The New Guidelines explicitly superseded the 2006
Enforcement Procedures and made no reference to risk assessment and corresponding risk-based compliance
programs. Therefore, commenters expressed concern over what they perceived as OFAC’s move away from previously established policy and uncertainty regarding what OFAC now deems to be the correct approach to compliance.
In determining what sort of enforcement action to take under the New Guidelines, OFAC continues to look at a company’s individual characteristics, including its commercial
sophistication, size and financial condition, volume of
transactions, history of violation and compliance program. OFAC has not removed the risk matrices posted on its
website in sections providing industry-specific compliance guidance for charities and financial institutions.
10
Risk-Based Compliance ICPs and the New Guidelines
On November 6, 2008, OFAC published on-line guidance (arguably not enforcement procedures) for the securities industry in which the agency encouraged companies to develop proactive, risk-based compliance programs.
The agency also stated that “the cornerstone of an effective OFAC compliance program is an assessment of the risks presented by a firm’s customer base, specific products/services, and the
geographic locations in which it conducts business.”
These indicators imply that OFAC retains a risk-based, industry specific approach to compliance under the New Guidelines. Indeed, in public forums it has stated that it has not abandoned risk-based compliance principles.
Nevertheless, the New Guidelines have created confusion, uncertainty and concern, so OFAC should formally issue a clarification.
Evaluating ICPs Against the New Guidelines
According to the New Guidelines, when OFAC deems the imposition of a civil penalty to be appropriate, the agency will calculate the
proposed penalty based on two factors: voluntary self-disclosure and classification of the violation as egregious or non-egregious.
Effective risk-based compliance programs are the best way to
encourage voluntary self disclosure and avoid conduct that could be classified as egregious.
Classification of a violation as egregious or non-egregious depends on analysis of the first four General Factors:
Willful or Reckless Violation;
Awareness of Conduct;
Harm to Sanctions Program Objectives; and
The Individual Characteristics of the Subject Person
However, OFAC’s analysis will place greater weight on whether the violation was willful or reckless and whether the Subject Person was aware or should have been aware of the conduct at issue in making this decision.
12
Evaluating ICPs Against the New Guidelines
Address elements of the first two General Factors (Willfulness and Awareness/Reason to Know) in the ICP by ensuring:
Effective and consistent oversight by management
Increased auditing and testing of compliance controls
Additional training
Encouraging a culture of compliance
Voluntary Self-Disclosures
The ICP should take into account that voluntary self-disclosure is a significant mitigating factor (generally at least 50% deduction). Note that failure to report an ongoing transaction that violates OFAC restrictions may lead to the conclusion that the violation was “willful”.
The ICP should provide specific guidance regarding the necessity for immediate remedial action in response to a violation and when and how a violation is reported to OFAC.
Evaluating ICPs Against the New Guidelines
In cases of egregious violations, the base amount of the civil penalty potentially can be astronomical. Even in non-
egregious cases, the use of transaction value as the base penalty can produce large fines.
Accordingly, ICPs should ensure that adequate compliance procedures are applied to high-value and high-volume
14
Evaluating ICPs Against the New Guidelines
In summary, for companies that already have an effective
ICP, the New Guidelines do not necessarily suggest a change in approach. One of the primary objectives of an ICP is to prevent inadvertent violations that could lead to enforcement actions by the OFAC, and that continues to be the case.
However, the New Guidelines have implications for
encouraging ICPs and they highlight factors that companies ought to pay particular attention to when establishing or
reviewing compliance programs in order to minimize OFAC’s response to apparent violations.