Many U.S. nonprofits provide vitally needed humanitarian assistance internationally, particularly against the backdrop of pressing medical needs, refugee crises in war-affected countries, and extensive poverty. In connection with any foreign grantmaking, foreign payments, or other overseas operations, nonprofits need to be mindful of their obligations to comply with United States sanctions programs, which are often more extensive and applicable than many nonprofit organizations understand.
Sanctions programs are often associated with large oil companies, terrorist groups, weapon manufacturers, and other international, commercial entities. In contrast, nonprofits or religious organizations are perceived as having little or no risk of sanctions violations. In reality, sanctions programs have considerable implications in the nonprofit sector. In fact, the sections of the U.S. Code addressing sanctions provide that humanitarian aid such as food, clothing, and medicine can be prohibited with respect to a certain region or entity if the President believes that such aid would impair his or her response to a national emergency. This “national emergency” block on humanitarian donations has been implemented regularly by both recent presidents, for example in President Obama’s North Korea related sanctions and in President Trump’s sanctions under the Human Rights Accountability Act. Without proper diligence, a well-intentioned charity can find itself in violation of applicable law. Such violations, even for nonprofits, carry considerable penalties, including fines up to $1 million and imprisonment for up to twenty years.
The United States Department of Treasury’s Office of Foreign Asset Control (“OFAC”) administers and enforces these international sanctions programs which restrict, or even completely prohibit, involvement with certain regions, governments, organizations, and individuals. The sanctions are generally broken into comprehensive sanctions, which apply to almost any interaction with an entire region, and selective sanctions, which apply to specific to sectors or specific entities. The OFAC regulations apply to US citizens and residents, wherever located, to entities organized under US law and their employees, as well as foreign branches of US entities. So how can a nonprofit engaged in international grantmaking or operations best comply with these often complicated systems?
On May 2, 2019, OFAC issued its “Framework for OFAC Compliance Commitments,” which is a helpful summary of best practices in compliance programs. As set forth in the Framework, an organization with ongoing foreign activities should have an international “sanctions compliance program” (SCP), which address the following five areas, with respect to ongoing foreign grant-making and operations: (1) management commitment; (2) risk assessment; (3) internal controls; (4) testing and auditing; and (5) training. In practical terms, an organization should thus develop and implement a SCP policy and related protocols containing the following elements.
- Compliance Officer. OFAC’s Framework emphasizes the importance of having an organizational “point person” who handles compliance oversight and reporting. The compliance officer should have direct contact with the board of directors for reporting areas of concern and opportunities for improvement. In turn, the board should be responsive to the compliance officer and should provide him or her with the technology and resources necessary to effectively execute the compliance procedures. The compliance officer should be responsible for keeping the board up to date on sanctions in jurisdictions where the nonprofit is operating. If applicable, the compliance officer should also be responsible for evaluating available OFAC licenses permitting the organization’s planned activities. “General licenses” are published by OFAC and can be relied on without notifying OFAC. “Specific licenses” are issued by OFAC through an application process. Careful records of both should be developed by the compliance officer and included in the corporate records.
- Ongoing Reviews. Because sanctions programs are established in response to world events, new entities are added or removed (and the scope of the activities permitted or prohibited are modified) based on political events. Consequently, the compliance officer should stay current on these changes and their implications, particularly for foreign jurisdictions in which the organization or its partners are operating. Any important developments should be reported to the board which should prepare and implement an appropriate response strategy. The sanctions lists are available on the OFAC website. Selective sanctions are posted on the Special Designated Nationals List, or SDN List,. Comprehensive sanctions are found on the Sanctions Programs and Country Information page.
- Risk Assessments. One of the most important aspects of an effective SCP is preemptively identifying areas of risk. To avoid transactions which would potentially result in violations, the compliance officer should conduct periodic risk assessments to identify any areas which are of potential concern and advise the board, so a response strategy can be developed. These risk assessments should take into account not only the specific type of OFAC sanction, but also the specifics of the organization’s presence in a foreign jurisdiction. For example, an international organization that oversees affiliates in foreign countries and is involved in the affiliate’s activities and governance may have a lower risk profile than a grant-making organization that provides funding to applicants previously unconnected with the US grantor. Likewise, an organization with long standing agreements and interactions with a foreign partner has a lower risk profile than an organization seeking to do business with vendors for the first time in connection with the opening of a new office in a foreign jurisdiction. Finally, an organization operating in a region subject to comprehensive sanctions, such as Iran or Crimea, will likely have a very high-risk profile regardless of the nature and history of its activities there.
- Trainings. OFAC’s Framework also articulates that training is key to the strength of a program. New employees and volunteers should receive copies of the SCP as well as contact information for reporting concerns.
- Records. Following OFAC-compliant procedures is important, but it is also critical that an organization can demonstrate such compliance. Accordingly, the compliance officer, or his or her delegates, should keep careful records of all risk assessments, trainings and communications, screenings, searches, international agreements, and related documents. These records should be kept for five (5) years after the date the document is created.
With a sanctions compliance policy and protocols containing these elements, a nonprofit engaged in international activity should be well equipped for minimizing the risks of OFAC sanctions noncompliance.
 https://obamawhitehouse.archives.gov/the-press-office/2015/01/02/executive-order-imposing-additional-sanctions-respect-north-korea; https://www.whitehouse.gov/presidential-actions/executive-order-blocking-property-persons-involved-serious-human-rights-abuse-corruption/
 See http://home.treasury.gov/news/press-releases/sm680. For the Framework itself, see here. For more information about OFAC generally, see here.