Sanctions Monitorships

The issuance and structure of sanctions monitorships is often similar to other types of monitorships. Regulators and law enforcement agencies are increasingly reliant on independent monitorships as part of enforcement actions following the identification of misconduct or potential corporate crime. The specific nature of sanctions laws and regulations, the binary context of sanctions compliance, the technology systems required to maintain compliance, inconsistencies across geographies and the evolving financial landscape, are unique factors that require specific attention.

This chapter sets forth the legal and historical contexts of sanctions monitorships, recent enforcement actions, the regulatory bodies and other influential organisations involved in the issuance and enforcement of sanctions laws, and specific challenges for institutions placed under a sanctions monitorship.

Legal context of a sanctions monitorship

Sanctions law and regulation are implemented by numerous countries and governing bodies throughout the world. Sanctions can be considered an extension or application of a country’s foreign policy, which can be unique to a single country (unilateral sanctions) or jointly applied by multiple countries (multilateral sanctions). Generally, the majority of sanctions are implemented by the United States, the United Nations and the European Union.

US sanctions law, dictated by presidential executive orders and through acts of Congress, requires compliance by the following groups and entities:

• US citizens and permanent residents, regardless of present location;
• companies and other entities established under US law;
• people and organisations located within the United States, regardless of origin; and
• branches of US companies and other entities outside the United States.

Sanctions compliance within the United States is applied through the concept of strict liability. All individuals and entities subject to US sanctions law are required to comply regardless of an explicit awareness of non-compliance or a provable intent to evade the law. In the event of a violation or non-compliance with sanctions law, the competent regulatory body or law enforcement agency may choose to pursue civil and criminal action. The extent of penalties often depends on the severity of the infraction and other extenuating circumstances, such as whether the conduct is considered wilful or reckless. In the case of criminal prosecution, penalties against an individual may include a prison sentence, although fines are the most common penalty. In addition to monetary penalties, companies and organisations may be required to commit to remediation efforts or enforcement actions by a regulator or law enforcement, which can include the implementation of business restrictions or the appointment of an independent monitor.

The United States Department of Justice (US DOJ) or other US regulatory bodies may issue various enforcement actions as a result of non-compliance with US sanctions law. These enforcement actions may result from external investigations or proactive disclosures. The Office of Foreign Assets Control (OFAC) and the US DOJ encourage companies to voluntarily self-disclose all potentially wilful violations of the statutes implementing the US government’s primary export control and sanctions regimes. If a company (1) voluntarily self-discloses export control or sanctions violations, (2) fully cooperates and (3) remediates the violations appropriately and in a timely manner, there is a presumption that the company will receive a non-prosecution agreement (NPA) and pay a limited or, potentially, no fine. The US DOJ may enforce criminal resolutions, such as a deferred prosecution agreement (DPA) or guilty plea if the violations exhibit aggravating factors, such as the export of particularly sensitive items, repeated violations, the involvement of senior management and significant profit. In these instances, the US DOJ will issue, or recommend to a sentencing court, a monetary fine, but will not require the appointment of a monitor if the company provides evidence of an established and effective compliance programme being in place at the time of resolution.

The US DOJ continues to evolve its policy and enforcement priorities focusing on white-collar and corporate crime and wrongdoing. In October 2021, the US Deputy Attorney General announced three current priorities and actions the US DOJ is implementing to strengthen the department’s efforts to combat corporate crime. The first priority pertains to reinforcing accountability and ensuring all individuals involved in misconduct are held responsible. The second priority focuses on assessing historical misconduct when determining the appropriate resolution, and the record of misconduct speaks to a company’s commitment to compliance programmes and instituting the appropriate culture to disincentivise criminal activity. Last, the US Deputy Attorney General explained that the department will modify prior guidance and its stance on the use of corporate monitors. Specifically, she states: ‘Instead, I am making clear that the department is free to require the imposition of independent monitors whenever it is appropriate to do so in order to satisfy our prosecutors that a company is living up to its compliance and disclosure obligations under the DPA or NPA.’ The US Deputy Attorney General’s reinforced efforts to combat corporate crime should serve as a strong indicator to financial institutions and corporations of the likelihood of a required monitorship following the identification of potential criminal activity or significant compliance violations.

Between 2018 and 2021, OFAC issued 69 enforcement actions, including penalties and settlements. Historically, regulators and law enforcement agencies have focused most enforcement actions and monitorships resulting from sanctions violations towards financial institutions. In recent years, however, corporations and financial technology (fintech) companies have been the subject of increased scrutiny and penalties following the discovery of sanctions violations.

In 2021, Mashreqbank agreed to a joint agency resolution with the Federal Reserve System, the New York State Department of Financial Services (NYDFS) and OFAC resulting from confirmed violations of Sudanese sanctions between 2005 and 2009. Overseas branches of Mashreqbank were confirmed to have processed US-dollar denominated funds involving parties subject to OFAC regulations. As part of the cease and desist order, the Federal Reserve System required Mashreqbank to engage an independent external party to perform an annual OFAC compliance assessment for the extent of the terms of the order.

In November 2015, Deutsche Bank and the NYDFS agreed to a consent order as a result of the bank’s historical dollar clearing transactions processed on behalf of Iranian, Libyan, Syrian, Burmese and Sudanese financial institutions and other entities. As part of the consent order, the NYDFS required Deutsche Bank to engage an independent monitor to perform a comprehensive review of the bank’s Bank Secrecy Act (BSA) and anti-money laundering (AML) and OFAC sanctions compliance programmes, policies and procedures.

The Amended DPA between the US DOJ and Standard Chartered Bank (SCB) describes the bank’s historical violations, including ‘knowingly and willfully conspiring, in violation of Title 18, United States Code, Section 371, to engage in transactions with entities associated with sanctioned countries, including Iran, Sudan, Libya, and Burma’ and further states that ‘the 2014 DPA Amendment required SCB to retain an independent compliance monitor’.

BNP Paribas entered into a plea agreement with the US DOJ on 27 June 2014 for conspiring to violate the International Emergency Economic Powers Act (IEEPA) and the Trading with the Enemy Act (TWEA), both sanctions laws imposed by US Congress, through the illegal processing of transactions for countries subject to US economic sanctions. The plea agreement discusses the total forfeiture amount, or fine, levied against BNP Paribas, which takes into account the bank’s related settlements imposed by the New York County District Attorney’s Office, the Board of Governors of the Federal Reserve System and the NYDFS. In addition, a stipulation of the plea agreement required BNP Paribas to engage a compliance consultant or monitor.

HSBC entered into a DPA with the US DOJ, which acknowledges the bank’s wilful violation of the IEEPA and the TWEA. The DPA required HSBC to retain an independent compliance monitor to evaluate the effectiveness of the bank’s internal controls, policies and procedures as regards continuing compliance with the IEEPA, the TWEA and applicable anti-money laundering laws.

In December 2020, BitGo Inc, a California-based company that offers its users security and scalability platforms and digital wallet management services, agreed to a monetary settlement with OFAC for sanctions violations as a result of deficiencies regarding its sanctions compliance procedures and internal controls. Specifically, BitGo allegedly processed digital currency transactions on behalf of individuals located in Crimea, Cuba, Iran,…