Sanctions Essentials - What is Management Commitment?
An organization’s Sanctions Compliance Program (SCP) should be a seamless part of a broader ethics and compliance strategy. However, an SCP should address specific sanctions risks, understand how those risks are defined, and implement improvements based on their understanding. OFAC provides a basic framework that provides an initial starting point for any sanction’s compliance practitioners. It codifies a way in which to assist organizations to be sanctions compliant.
As such, OFAC:
“strongly encourages organizations subject to U.S. jurisdiction, as well as foreign entities that conduct business in or with the United States, U.S. persons, or using U.S.-origin goods or services, to employ a risk-based approach to sanctions compliance by developing, implementing, and routinely updating a sanctions compliance program (SCP).”
OFAC does this by outlining five essential components of compliance.The first of the OFAC five essential components of an SCP is: ‘Management Commitment’
Senior management commitment to supporting an organization’s SCP is viewed a critical factor in determining the success of the SCP. This means that there must be adequate resources allocated for the SCP and that it is integrated into an organization’s daily activities. The view is that an SCP should be both empowered and promoted by senior management.
“Management” here is defined broadly as including senior leadership, executives, and the board of directors. Some of the measures to ensure effective senior management support for an SCP are as follows:
- The review and approval of the organizations SCP, by senior management.
- Ensuring that there is the delegation of sufficient authority and autonomy to any defined compliance personnel or business units. This means that they can deploy any policies and procedures of an SCP, and make sure there are direct reporting lines to senior management with regular meetings.
- Making sure that there is an allocation of adequate resources (human capital, expertize, IT etc) to those responsible for sanctions compliance. This can also include the implementation of a dedicated OFAC sanctions compliance officer. It should also be ensured that these units or individuals are in an appropriate position in an organization and are capable and knowledgeable in applying OFAC regulations, processes and actions to the business.
- Senior management should also promote a “culture of compliance”. This should include a companywide ability to report any potential misconduct without any fear. Senior management should also provide messaging about potential repercussions from sanctions violations. The SCP should also have oversight over the actions of the entire organization, including senior management.
- There needs to be demonstrated recognition of any sanctions compliance faults and implementation of necessary measures to reduce future occurrences, including through addressing root causes and implementing solutions.
The most significant part of the ‘Management Commitment’ is that the board or senior executives review and approve the SCP. OFAC view this commitment as one of the most important factors in determining the success of a SCP. Its integration into the daily operations and workings of an organization will assist in the legitimization of such a program, especially in the eyes of regulatory bodies like OFAC.