How the ACSS Sanctions Toolkit Helps You Create a Compliance Program
By Scott Nance
February 26, 2022
Creating a sanctions program, especially from scratch, can be daunting. To assist organizations, the Association of Certified Sanctions Specialists (ACSS) has developed a toolkit that identifies the major components sanctions compliance systems need, explains what each component must cover, and provides templates for key documents.
The precise shape of the sanctions compliance system depends on the organization’s structure and business – there is no “one size fits all.” Still, the toolkit can be invaluable. Following are the main components of an effective program.
Sanctions Readiness Assessment
The first step in establishing a sanctions program, or in upgrading your current one, is to review your company’s position. This includes studying or revisiting applicable sanctions laws, revising or creating a sanctions policy, and appointing someone to be primarily (although not solely) responsible for sanctions compliance. The ACSS sanctions toolkit provides a draft questionnaire for guidance.
Compliance Basics
Unless your organization is unusually sophisticated, it is likely that few, if any, of your colleagues know much about economic sanctions. Before you can design and implement an effective program, you need to educate those responsible, including top management, about the fundamentals of sanctions. This includes what sanctions are, who must comply with them, and how your organization can get into trouble if it does not comply.
The sanctions toolkit provides a brief but thorough overview of the basics in the form of a short video suitable for employees at all levels.
Identifying the Applicable Sanctions Regimes
The core of a sanctions program is the sanctions laws applicable to your organization. These will always include the laws of your home country, as well as any countries in which you do business.
The laws may also include countries from which you import goods or services, especially the United States, as its sanctions may continue to apply to US-origin products even after they have been exported. The sanctions toolkit walks you through the process of identifying which sanctions regimes may apply to your organization.
Sanctions Compliance Structure
A compliance system requires an organizational structure. This should reflect the key components of a sanctions compliance program. These components include:
Your sanctions compliance system must be able to fulfill each of these functions. The ACSS sanctions toolkit describes all of them and provides suggestions for organizational structures for compliance. It recognizes this will vary depending on how large and complex your organization is, among other considerations. The toolkit addresses the role of senior management in sanctions compliance in particular and even provides a draft job description for the organization’s sanctions officer.
Risk Assessment
A good assessment of the sanctions risks your organization faces is vital to the effectiveness of your compliance system. The ACSS toolkit provides a comprehensive guide to performing a risk assessment. The main steps in a risk assessment, as laid out in the toolkit, are:
Recommended by LinkedIn
Internal Controls
Internal controls are the measures an organization takes to eliminate or, at least, reduce sanctions risks. These measures include policies, procedures and work instructions. The internal controls that are necessary will depend on the results of the risk assessment. In general, though, organizations will implement forms of the following controls. The ACSS toolkit contains models for each.
Training
Even the best-designed sanctions compliance system will not operate properly if no one knows what they are supposed to do. For this reason, training is a key component of an effective compliance system.
To be effective, training must be tailored to provide each member of the organization the information needed to perform their roles. Therefore it may be necessary to have different types and levels of training.
All employees should receive training on the basics of sanctions laws, as well as their overall responsibilities. Employees with specific duties should receive training on the procedures they must follow.
Persons working in the sanctions compliance function need detailed knowledge, both of sanctions laws and the procedures followed throughout the organization. Finally, customized training for senior management not only acquaints them with their role in sanctions compliance, but also sends a strong signal to the rest of the organization about management’s commitment. The ACSS toolkit describes the general requirements for training and provides a sample presentation for general sanctions training.
Testing and Audit
Key components of the sanctions compliance system, such as transaction screening, should be subject to ongoing testing to ensure they are functioning properly.
In addition, the entire system should undergo a complete audit periodically. The ACSS toolkit includes a detailed description of testing and audit, including an identification of the processes that should be subject to regular testing.
Final Thoughts
Sanctions compliance programs can be elaborate or simple, depending on the size and nature of the organization. A program that includes all of the above components, organized in a manner that responds to the organization’s sanctions risks, is likely to do an effective job of mitigating sanctions risks. The ACSS sanctions toolkit provides valuable guidance to organizations with no sanctions program and to those seeking to upgrade their system.
Scott Nance of Langley Compliance Consulting is an attorney in the Washington DC area, specializing in economic sanctions and anti-money laundering. He is a member of the ACSS Editorial Task Force.