United States: OFAC Crystallizes Expectations For Sanctions Compliance

On March 27, 2019, the Office of Foreign Assets Control (OFAC) announced a settlement agreement with US-based Stanley Black & Decker, Inc., (Stanley Black & Decker) and its foreign subsidiary, Jiangsu Guoqiang Tools Co., Ltd. (GQ), in which Stanley Black & Decker agreed to pay $1,869,144 on behalf of GQ for the subsidiary's unauthorized export of various tools and related parts to Iran. OFAC published a public version of the settlement agreement.

The enforcement action and ensuing settlement agreement are particularly notable for two reasons. First, on the settlement agreement, OFAC has provided significant guidance on what it appears to consider to be best practices in maintaining a risk-based sanctions compliance program.1 Although it was unusual for OFAC to communicate that guidance in a settlement agreement, we expect that OFAC's compliance and enforcement guidance will increasingly take that form. Second, the action hints at the trends that OFAC enforcement actions may follow in 2019.

New Guidance on Compliance

The settlement agreement describes in relative detail OFAC's expectations for an effective compliance program. While these expectations are cast as specific undertakings by GQ—in the form of GQ's "compliance commitments"—they effectively set out the elements of compliance that OFAC would expect of companies subject to its jurisdiction. These elements have been identified by OFAC before, through publications and other public outreach, but this settlement agreement effectively crystallizes OFAC's expectations for sanctions compliance in an integrated, organized fashion. Notably, the latest guidance flows from and is an important complement to OFAC's enforcement guidelines issued nearly a decade ago,2 and, like the latter, aims to create a more transparent and predictable standard for compliance for a regulated community that consistently seeks greater certainty from the agency about its expectations for compliance.

OFAC identified five overarching elements that are the pillars of an effective compliance program, though companies will likely vary in how they implement these expectations under the risk-based approach to sanctions compliance:3

i. Management Commitment – The company's senior management should demonstrate and communicate its commitment to compliance. Ways to demonstrate such commitment include ensuring that compliance units are delegated sufficient authority, autonomy and resources, and by promoting a "culture of compliance" throughout the organization.

ii. Risk Assessment – The compliance program should be tailored to the level of sanctions-specific risk posed, based on the company's activities, products and services, and customers, among other factors. The risk assessment should be conducted "in a manner, and with a frequency, that adequately accounts for potential risks,"4 and it should be based on a methodology for identifying, analyzing and addressing such risks.

iii. Internal Controls – Internal controls should be implemented to detect, escalate, report and record activities that are prohibited under US sanctions. OFAC has identified a range of specific elements or actions for ensuring that adequate controls are in place. These include implementing written sanctions, compliance-related policies and procedures; maintaining clear and effective internal controls pertaining to the company's ability to identify, interdict, escalate and report relevant transactions; enforcing the compliance policies and procedures; appointing personnel to integrate such policies and procedures; and conducting adequate recordkeeping.

iv. Testing and Audit – Periodic testing and audits should be conducted on specific elements of the compliance program and across the organization to identify and address any potential gaps. Specifically, the testing or audit should, inter alia, be a function that is accountable to the board, independent of the audited activities or functions, and has sufficient resources and authority within the organization. In addition, the risk assessment and sanctions program in general should be updated on a "periodic basis" to correct any potential weaknesses or deficiencies.

v. Training – Personnel and stakeholders should be provided sufficient and tailored sanctions-related training. This includes OFAC-related training with a scope and frequency that accounts for the company's risk profile and activities; at a minimum, all relevant employees should receive training at least once a year.

The settlement agreement follows recent indications by Department of the Treasury officials that future settlement agreements will be similarly specific in setting out the compliance commitments that OFAC will seek from each apparent violator. In a December 2018 speech at the American Bar Association, Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker stated that "[t]o aid the compliance community in strengthening defenses against sanctions violations, OFAC will be outlining the hallmarks of an effective sanctions compliance program" in settlement agreements going forward.5

Companies should consider comparing their existing sanctions compliance program to the expectations set out in OFAC's settlement agreement with Stanley Black & Decker/GQ, as OFAC will likely consider these the standard for "best practices" going forward. A company implementing these best practices would also benefit in any future enforcement action because OFAC considers the adequacy of a compliance program as a factor in determining whether to impose penalties and, if so, the amount of penalty to impose. Finally, companies should continue watching the OFAC enforcement space for further guidance from the agency.

Enforcement Trends

OFAC's enforcement actions against Stanley Black & Decker/GQ is the third (of five) announced thus far in 2019 that penalizes a US parent company for the post-acquisition conduct of its foreign subsidiary involving Iran or Cuba.6 The action is also consistent with the general increase in the ratio of OFAC enforcement actions against non-financial institutions.7 We expect that these trends will continue in 2019, particularly in the context of the United States' escalation of pressure on Iran and parties that transact with Iran.

US companies should therefore ensure that they periodically and adequately audit or verify the activities of their foreign subsidiaries, even where these subsidiaries commit to refraining from conduct prohibited under US sanctions.


1 In the past, OFAC has included compliance "lessons" in press releases accompanying its enforcement actions, but these have been relatively limited in their level of depth and detail.

2 See 74 Fed. Reg. 57593 (Nov. 9, 2009).

3 See OFAC Press Release, Under Secretary Sigal Mandelker Remarks ABA/ABA Financial Crimes Enforcement Conference December 3, 2018 (Dec. 3, 2018) ("Under the risk-based approach, implementation of these compliance commitments will likely vary by institution. . . .").

4 Settlement Agreement Between OFAC and Stanley Black & Decker/GQ, at 5, dated March 14, 2019.

5 Under secretary Mandelker proceeded to identify the five components of compliance described above. See OFAC Press Release, Under Secretary Sigal Mandelker Remarks ABA/ABA Financial Crimes Enforcement Conference December 3, 2018 (Dec. 3, 2018).

6 The other two enforcement actions were against Kollmorgen Corporation and AppliChem GmbH.

7 For example, only two of OFAC's seven enforcement actions in 2018 involved financial institutions.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

To print this article, all you need is to be registered on Mondaq.com.

Click to Login as an existing user or Register so you can print this article.

Similar Articles
Relevancy Powered by MondaqAI
In association with
Related Topics
Similar Articles
Relevancy Powered by MondaqAI
Related Articles
Related Video
Up-coming Events Search
Font Size:
Mondaq on Twitter
Mondaq Free Registration
Gain access to Mondaq global archive of over 375,000 articles covering 200 countries with a personalised News Alert and automatic login on this device.
Mondaq News Alert (some suggested topics and region)
Select Topics
Registration (please scroll down to set your data preferences)

Mondaq Ltd requires you to register and provide information that personally identifies you, including your content preferences, for three primary purposes (full details of Mondaq’s use of your personal data can be found in our Privacy and Cookies Notice):

  • To allow you to personalize the Mondaq websites you are visiting to show content ("Content") relevant to your interests.
  • To enable features such as password reminder, news alerts, email a colleague, and linking from Mondaq (and its affiliate sites) to your website.
  • To produce demographic feedback for our content providers ("Contributors") who contribute Content for free for your use.

Mondaq hopes that our registered users will support us in maintaining our free to view business model by consenting to our use of your personal data as described below.

Mondaq has a "free to view" business model. Our services are paid for by Contributors in exchange for Mondaq providing them with access to information about who accesses their content. Once personal data is transferred to our Contributors they become a data controller of this personal data. They use it to measure the response that their articles are receiving, as a form of market research. They may also use it to provide Mondaq users with information about their products and services.

Details of each Contributor to which your personal data will be transferred is clearly stated within the Content that you access. For full details of how this Contributor will use your personal data, you should review the Contributor’s own Privacy Notice.

Please indicate your preference below:

Yes, I am happy to support Mondaq in maintaining its free to view business model by agreeing to allow Mondaq to share my personal data with Contributors whose Content I access
No, I do not want Mondaq to share my personal data with Contributors

Also please let us know whether you are happy to receive communications promoting products and services offered by Mondaq:

Yes, I am happy to received promotional communications from Mondaq
No, please do not send me promotional communications from Mondaq
Terms & Conditions

Mondaq.com (the Website) is owned and managed by Mondaq Ltd (Mondaq). Mondaq grants you a non-exclusive, revocable licence to access the Website and associated services, such as the Mondaq News Alerts (Services), subject to and in consideration of your compliance with the following terms and conditions of use (Terms). Your use of the Website and/or Services constitutes your agreement to the Terms. Mondaq may terminate your use of the Website and Services if you are in breach of these Terms or if Mondaq decides to terminate the licence granted hereunder for any reason whatsoever.

Use of www.mondaq.com

To Use Mondaq.com you must be: eighteen (18) years old or over; legally capable of entering into binding contracts; and not in any way prohibited by the applicable law to enter into these Terms in the jurisdiction which you are currently located.

You may use the Website as an unregistered user, however, you are required to register as a user if you wish to read the full text of the Content or to receive the Services.

You may not modify, publish, transmit, transfer or sell, reproduce, create derivative works from, distribute, perform, link, display, or in any way exploit any of the Content, in whole or in part, except as expressly permitted in these Terms or with the prior written consent of Mondaq. You may not use electronic or other means to extract details or information from the Content. Nor shall you extract information about users or Contributors in order to offer them any services or products.

In your use of the Website and/or Services you shall: comply with all applicable laws, regulations, directives and legislations which apply to your Use of the Website and/or Services in whatever country you are physically located including without limitation any and all consumer law, export control laws and regulations; provide to us true, correct and accurate information and promptly inform us in the event that any information that you have provided to us changes or becomes inaccurate; notify Mondaq immediately of any circumstances where you have reason to believe that any Intellectual Property Rights or any other rights of any third party may have been infringed; co-operate with reasonable security or other checks or requests for information made by Mondaq from time to time; and at all times be fully liable for the breach of any of these Terms by a third party using your login details to access the Website and/or Services

however, you shall not: do anything likely to impair, interfere with or damage or cause harm or distress to any persons, or the network; do anything that will infringe any Intellectual Property Rights or other rights of Mondaq or any third party; or use the Website, Services and/or Content otherwise than in accordance with these Terms; use any trade marks or service marks of Mondaq or the Contributors, or do anything which may be seen to take unfair advantage of the reputation and goodwill of Mondaq or the Contributors, or the Website, Services and/or Content.

Mondaq reserves the right, in its sole discretion, to take any action that it deems necessary and appropriate in the event it considers that there is a breach or threatened breach of the Terms.

Mondaq’s Rights and Obligations

Unless otherwise expressly set out to the contrary, nothing in these Terms shall serve to transfer from Mondaq to you, any Intellectual Property Rights owned by and/or licensed to Mondaq and all rights, title and interest in and to such Intellectual Property Rights will remain exclusively with Mondaq and/or its licensors.

Mondaq shall use its reasonable endeavours to make the Website and Services available to you at all times, but we cannot guarantee an uninterrupted and fault free service.

Mondaq reserves the right to make changes to the services and/or the Website or part thereof, from time to time, and we may add, remove, modify and/or vary any elements of features and functionalities of the Website or the services.

Mondaq also reserves the right from time to time to monitor your Use of the Website and/or services.


The Content is general information only. It is not intended to constitute legal advice or seek to be the complete and comprehensive statement of the law, nor is it intended to address your specific requirements or provide advice on which reliance should be placed. Mondaq and/or its Contributors and other suppliers make no representations about the suitability of the information contained in the Content for any purpose. All Content provided "as is" without warranty of any kind. Mondaq and/or its Contributors and other suppliers hereby exclude and disclaim all representations, warranties or guarantees with regard to the Content, including all implied warranties and conditions of merchantability, fitness for a particular purpose, title and non-infringement. To the maximum extent permitted by law, Mondaq expressly excludes all representations, warranties, obligations, and liabilities arising out of or in connection with all Content. In no event shall Mondaq and/or its respective suppliers be liable for any special, indirect or consequential damages or any damages whatsoever resulting from loss of use, data or profits, whether in an action of contract, negligence or other tortious action, arising out of or in connection with the use of the Content or performance of Mondaq’s Services.


Mondaq may alter or amend these Terms by amending them on the Website. By continuing to Use the Services and/or the Website after such amendment, you will be deemed to have accepted any amendment to these Terms.

These Terms shall be governed by and construed in accordance with the laws of England and Wales and you irrevocably submit to the exclusive jurisdiction of the courts of England and Wales to settle any dispute which may arise out of or in connection with these Terms. If you live outside the United Kingdom, English law shall apply only to the extent that English law shall not deprive you of any legal protection accorded in accordance with the law of the place where you are habitually resident ("Local Law"). In the event English law deprives you of any legal protection which is accorded to you under Local Law, then these terms shall be governed by Local Law and any dispute or claim arising out of or in connection with these Terms shall be subject to the non-exclusive jurisdiction of the courts where you are habitually resident.

You may print and keep a copy of these Terms, which form the entire agreement between you and Mondaq and supersede any other communications or advertising in respect of the Service and/or the Website.

No delay in exercising or non-exercise by you and/or Mondaq of any of its rights under or in connection with these Terms shall operate as a waiver or release of each of your or Mondaq’s right. Rather, any such waiver or release must be specifically granted in writing signed by the party granting it.

If any part of these Terms is held unenforceable, that part shall be enforced to the maximum extent permissible so as to give effect to the intent of the parties, and the Terms shall continue in full force and effect.

Mondaq shall not incur any liability to you on account of any loss or damage resulting from any delay or failure to perform all or any part of these Terms if such delay or failure is caused, in whole or in part, by events, occurrences, or causes beyond the control of Mondaq. Such events, occurrences or causes will include, without limitation, acts of God, strikes, lockouts, server and network failure, riots, acts of war, earthquakes, fire and explosions.

By clicking Register you state you have read and agree to our Terms and Conditions