Australian Sanctions Office’s approach to compliance

6 May

This post discusses the Australian Sanctions Office’s (ASO) approach to sanctions compliance. This is relevant because from next year, you must not commence providing a designated service to a customer if you have not established, on reasonable grounds, whether the customer, any beneficial owner of the customer, and any person acting on behalf of the customer is a person designated for targeted financial sanctions.

Sanctions and Compliance

I talk more about targeted financial sanctions in another post. In short, targeted financial sanctions are an instrument of foreign policy that do not involve the use of armed force. Australia implements both United Nations Security Council sanctions and Australian autonomous sanctions. Targeted financial sanctions require you to check if an activity involves directly or indirectly making assets available to, or for the benefit of, a person or entity identified in the Consolidated List; and checking if an activity involves using or dealing with assets owned or controlled by a person or entity identified in the Consolidated List.

In practice, you will need to assess your direct and indirect exposure risks to sanctioned countries, persons and entities. After that, you will need to establish your Sanctions Compliance Program (for small reporting entities, this can be included in your AML/CTF Program). A Sanction Compliance Program includes senior management commitment along with the provision of the necessary resources; ongoing risk assessments; a screening program for customers, transactions, and third-party service providers; ongoing employee training on sanctions; internal monitoring and assurance reviews; and external audits.

ASO’s Approach

For sanctions compliance failure, ASO can refer matters to the Australian Federal Police or Australian Border Force for investigation, which can lead to reputational damage, financial penalties ($825k for individuals and $3.3 mil for body corporate or three times the value of the transaction(s)), and criminal prosecution (up to 10 years in prison for an individual).

It should be noted that sanctions offences are strict liability offences for bodies corporate, meaning that it is not necessary to prove any fault element (intent, knowledge, recklessness or negligence). However, bodies corporate can prove that they undertook reasonable precautions and exercised due diligence to avoid contravening sanctions laws as a defence. What constitutes ‘reasonable’ precautions depends on the size and nature of your business, the complexity of your transactions, and the specific geographic regions and sanctions regulations involved.

In a recent statement, ASO states that the agency applies a ‘graduated risk-based approach’, under which, ASO may decide not to pursue compliance or enforcement action to deal with a perceived breach of Australian sanctions law, on the basis of the severity of the breach and the circumstances surrounding the breach, the interests of and impact on the broader sanctions framework, and Australia's national interest and foreign policy priorities.

According to the graduate risk-based approach, ASO can also take low- and medium-risk enforcement actions, including outreach, informal warning, and assistance to prevent future breaches; and formal warning, increased monitoring, and imposition of restrictive conditions.

ASO aims to uphold the sanctions regimes “without unduly impeding legitimate business and people's activities.” To do so, ASO engages with the community to enhance awareness, knowledge and understanding of sanctions. Following the ASO's graduated risk-based approach to sanctions compliance, the ASO works with the community to identify the causes of non-compliance to prevent future recurrences.