CNMC fines Spanish Electricity Market Particpant EUR 1.1million
The CNMC fined Neuro Energía €1.1M for manipulating Spain's intraday electricity market by submitting non-genuine bids to distort supply-demand dynamics.
The Office of Foreign Assets Control (OFAC) fined a digital asset trading platform for sanctions violations in allowing customers based in sanctioned jurisdictions to transact on their platform.
For those firms who operating in the digital assets space, this enforcement action provides insights into OFAC's expectations for compliance programmes related to this asset class referencing the OFAC Sanctions Compliance Framework.
Compliance programmes should be predicated on and incorporate at least five essential components of compliance – benchmarking your organization against these components is strongly recommended.
OFAC announced a settlement with Poloniex, a digital assets trading platform, for sanctions violations allowing customers apparently located in sanctioned jurisdictions to engage in online digital asset-related transactions consisting of trades, deposits, and withdrawals.
The enforcement decision (click here) provides insights into the violations and mitigating factors that Poloniex provided to reduce the overall settlement amount. In addition, OFAC provides guidance for Sanctions Compliance Programs (SCP), specifically for the Virtual Currency industry as well as wider OFAC sanctions compliance programmes more generally.
Overall Sanctions Compliance Considerations – applicability to energy and commodity firms. OFAC reminds readers of its SCP resources it previously published specifically noting its ‘Framework for OFAC Compliance Commitments' (click here) which provides organizations with OFAC’s perspective on the essential components of a sanctions compliance programme.
Root Causes of OFAC Sanctions Compliance Programme Breakdowns or Deficiencies. OFAC provides a non-exhaustive list of general themes based on previous public enforcement actions where it identified deficiencies or weaknesses within an organisation's SCP as follows:
For those firms who are operating in the Digital Assets space, we recommend reading the enforcement decision in its entirety for further insights into OFAC's expectations for compliance programmes related to Digital Assets.
As many energy and commodity firms operate under OFAC’s sanction regime, the OFAC Sanctions Compliance Framework is a helpful guide in understanding OFAC’s expectations of an effective Sanctions Compliance Programme (SCP).
We review the OFAC Sanctions Compliance Framework below and where appropriate, we recommend benchmarking with your existing sanctions compliance programme.
For those who are active in the digital assets space, we provide additional summary analysis of the enforcement decision below.
OFAC’s ‘A Framework for OFAC Compliance Commitments’ which was published in May 2019 provides organizations subject to U.S. jurisdiction, as well as foreign entities that conduct business in or with the United States or U.S. persons, or that use goods or services exported from the United States, with OFAC’s perspective on the essential components of a sanctions compliance programme.
The Framework also outlines how OFAC may incorporate these components into its evaluation of apparent violations and resolution of investigations resulting in settlements. The Framework includes an appendix that offers a brief analysis of some of the root causes of apparent violations of U.S. economic and trade sanctions programmes OFAC has identified during its investigative process.
OFAC strongly encourages organizations subject to U.S. jurisdiction, as well as foreign entities that conduct business in or with the United States, U.S. persons, or using U.S.-origin goods or services, to employ a risk-based approach to sanctions compliance by developing, implementing, and routinely updating a sanctions compliance programme (SCP).
Each programme should be predicated on and incorporate at least five essential components of compliance:
OFAC notes that management commitment is a critical factor in determining the success of an SCP. Effective management support includes the provision of (i) adequate resources to the compliance unit(s) and (ii) support for compliance personnel’s authority within an organization.
Management Commitment Checklist. The following is a summary list of actions senior management should perform within a SCP.
OFAC recommends that organizations take a risk-based approach when designing or updating an SCP. One of the central tenets of this approach is for organizations to conduct a routine, and if appropriate, ongoing “risk assessment” for the purposes of identifying potential OFAC issues they are likely to encounter. The results of a risk assessment are integral in informing the SCP’s policies, procedures, internal controls, and training in order to mitigate such risks.
The exercise should generally consist of a holistic review of the organization from top-to-bottom and assess its touchpoints to the outside world. This process allows the organization to identify potential areas in which it may, directly or indirectly, engage with OFAC prohibited persons, parties, countries, or regions.
For example, an organization’s SCP may conduct an assessment of the following:
Conducting a Sanctions Risk Assessment checklist. The purpose of a risk assessment is to identify inherent risks in order to inform risk-based decisions and controls. Below is a list of risk assessment actions recommended by OFAC.
An effective SCP should include internal controls, including policies and procedures, in order to identify, interdict, escalate, report (as appropriate), and keep records pertaining to activity that may be prohibited by the regulations and laws administered by OFAC.
Given the dynamic nature of U.S. economic and trade sanctions, a successful and effective SCP should be capable of adjusting rapidly to changes published by OFAC. These include the following:
Internal Controls Checklist. Effective OFAC compliance programmes generally include internal controls, including policies and procedures, in order to identify, interdict, escalate, report (as appropriate), and keep records pertaining to activity that is prohibited by the sanctions programmes administered by OFAC. Below is a list of internal control actions recommended by OFAC.
Audits assess the effectiveness of current processes and check for inconsistencies between these and day-to-day operations. A comprehensive and objective testing or audit function within an SCP ensures that an organization identifies programme weaknesses and deficiencies, and it is the organization’s responsibility to enhance its programme, including all programme-related software, systems, and other technology, to remediate any identified compliance gaps.
Testing and Auditing checklist. A comprehensive, independent, and objective testing or audit function within an SCP ensures that entities are aware of where and how their programmes are performing and should be updated, enhanced, or recalibrated to account for a changing risk assessment or sanctions environment, as appropriate. Below is a list of testing and auditing actions recommended by OFAC.
An effective training programme is an integral component of a successful SCP. The training programme should be provided to all appropriate employees and personnel on a periodic basis (and at a minimum, annually) and generally should accomplish the following:
Training checklist. An adequate training programme, tailored to an entity’s risk profile and all appropriate employees and stakeholders, is critical to the success of an SCP. Below is a list of training actions recommended by OFAC.
Analysis of Enforcement Decision – Virtual Currency Platform sanction violations.
Aggravating factors leading to the fine. OFAC determined the following to be aggravating factors against Poloniex:
Mitigating factors reducing overall fine. OFAC acknowledged mitigating factors which supported a lower overall fine.
Specifically, Poloniex was acquired by Circle, another digital asset platform. Circle implemented its own compliance measures for the Poloniex Trading Platform, which further improved Poloniex’s sanctions compliance programme. Those measures, in addition to other subsequent remedial measures, included:
Sanctions Compliance Considerations– Virtual Currency Industry. OFAC notes that the fine is a reminder of the responsibilities bestowed on online digital asset companies - like all financial service providers – to ensure that they do not engage in transactions prohibited by OFAC sanctions, such as providing services to persons in comprehensively sanctioned jurisdictions. To mitigate such risks, online digital asset companies should develop a tailored, risk-based sanctions compliance programme.
OFAC’s Sanctions Compliance for the Virtual Currency Industry explains that it strongly encourages a risk-based approach to sanctions compliance predicated on and incorporating five essential components of compliance: