Conducting due diligence research to ensure trade compliance across the supply chain has always been a complex challenge but the task has become even more complicated for companies in recent months. Whether adapting to forced labor legislation, monitoring intensifying sanctions against Russia, or navigating an increasingly challenging OFAC 50 Percent Rule, the compliance stakes are high—and many businesses are struggling to build and execute reliable compliance practices that can adequately map their third-party relationships to mitigate risk.
UFLPA due diligence complexities
In an effort to prevent goods from being made with forced labor, President Biden signed the Uyghur Forced Labor Prevention Act (UFLPA) into law in December 2021, prohibiting goods produced or sourced in the Xinjiang region of China from entering the U.S. economy. Given that UFLPA asserts an assumption of guilt, the burden of proof falls on companies to demonstrate that every tier of their supply chain—manufacturers, sourcing agents, raw material providers—is free from forced labor.
But with the increasing complexity of the global supply chain, many companies—especially small and mid-size enterprises (SMEs) without sufficient compliance expertise or due diligence resources—are having difficulty proving they’re not in violation of UFLPA. Indeed, federal officials have seized $961 million worth of goods over suspected ties to forced labor since June, with only about one third of those shipments released to date—a costly proposition for many companies.
Escalating Russian sanctions
In response to Russia’s war on Ukraine, the United States, in coordination with other allies, levied sanctions targeting Russia’s financial and energy sectors, aerospace and shipping, and access to western technology. Sanctions also target the wealth and economic activity of individuals close to the Putin regime, Russia’s elites and decision-makers and those facilitating Russia’s invasion of Ukraine, including actors in third countries. This torrent of sanctions makes Russia the most sanctioned country in the world, with more than 14,000 current sanctions and more sanctions on the horizon as the global coalition works to prevent Russia from circumventing economic penalties.
Trade compliance with respect to Russian sanctions became even more complex for U.S. companies this past February, as Washington imposed further sanctions against more than 200 additional Russian individuals and entities, adding to the roster of more than 2,000 banks, companies, government officials and corporate officers.
With sanctions lists evolving so quickly and broadly, companies relying on manual third-party due diligence practices are simply unable to keep pace with vetting the often tens of thousands of business transactions and multitude of suppliers and third parties in the business ecosystem.
Sanctioned ownership risk exposure
Enforcement of sanctioned ownership regulations, such as the Treasury Department’s Office of Foreign Asset Control (OFAC)’s 50 Percent Rule, helps prevent “bad actors” from obscuring their relationship with denied or restricted parties through shifting corporate ownership and control structures. Pursuant to OFAC’s 50 Percent Rule, companies are subject to sanctions if they are directly or indirectly owned 50% or more, in aggregate, by one or more blocked parties.
As part of the expansive package of OFAC sanctions against Russia announced in February, numerous parties were named to the Specially Designated Nationals and Blocked Persons (SDN) List. Yet if transactions are screened solely against the SDN list while ignoring ownership considerations, companies can quickly run into compliance issues in violation of the OFAC Fifty Percent Rule. Indeed, shareholding and control structures change can change suddenly (e.g., aggregation of ownership by two or more restricted parties or adjustments in complex minority ownership structures), creating compliance issues overnight.
Where it gets even more complicated for companies is the process of having to do their own due diligence research to vet third parties against the OFAC 50 Percent criteria; OFAC does not aggregate ownership interests or publish exhaustive lists, which means businesses are responsible for the complex task of mapping third parties across many intricate networks, languages, and geographies.
The cost of non-compliance
Denied and restricted party violations are costly on multiple levels. On the financial front, OFAC and the Bureau of Industry and Security (BIS) identified sanction violations and imposed fines against non-compliant entities. In 2022, penalties imposed by OFAC totaled $38,284,196—83% more than the previous year.
Compliance penalties are not slowing down in 2023.
While monetary fines and penalties dominate the headlines, compliance violations can also result in:
- Business disruption
- Hefty legal fees
- Tarnished trust and reputation
- Degradation of business opportunities
- Impact on productivity and long-term revenue
Mitigating compliance risk
The surge of Russian sanctions over the past year has reinforced the need for comprehensive due diligence research and sanctions screening to help companies reduce the risk of inadvertently transacting business with sanctioned or denied parties. Enterprises with sprawling supply chains and a complex network of third- and fourth-party partners must take additional precautions to identify any sanctioned entities.
Given the volume and velocity challenge of the rapidly evolving sanctions lists, companies should assess their compliance strategy to ensure they:
1. Map third-party relationships to build a full picture of their exposure
2. Understand international corporate networks and ownership structures
3. Have access to the right content (e.g., building due diligence data sets that complement lists published and maintained by government regulators and international bodies)
4. Have the tech capabilities and the sanctions-related content to execute dynamic screening at scale
5. Consider integrating screening into business infrastructure systems, such as enterprise resource planning (ERP), customer relationship management (CRM) and e-commerce sites
As the list of Russian sanctions and export controls continues to grow, automation and digitization of third-party due diligence practices becomes critical for minimizing the risk of human error and subsequent non-compliance penalties. Given the extensive nature of regulatory instruments and the sheer number and speed of changes to sanctions lists over the past 12 months, it is simply not possible to rely on manual reviews.
Maintaining a smooth-running supply chain and minimizing compliance risk moving forward will depend on an enterprise’s ability to leverage technology to enable proactive compliance at scale—from automated, integrated dynamic denied party screening—and rescreening—to timely access to the most up-to-date intelligence on ownership and shareholding structures involving parent companies and their subsidiaries and associated entities.