On 30 December 2022, US Treasury’s OFAC announced its settlement with Danish company Danfoss A/S for causing US financial institutions to violate US sanctions on Iran, Syria and Sudan. The settlement was for over $4 million which was negotiated down from a statutory maximum of almost $22 million as a result of Danfoss’ extensive cooperation and material changes to their controls and operations.
The violations happened as a result of Danfoss’ UAE subsidiary, Danfoss FZCO, who was engaged in business with customers in Iran, Syria and Sudan. In particular, Danfoss FZCO directed customers to make payments to Danfoss’s account at a UAE branch of a US bank, and Danfoss FZCO made payments to Iran and Syria from the same account via third party payment providers.
Amongst the aggravating factors in the case, US Treasury’s OFAC found that Danfoss lacked the procedures necessary to identify potential sanctions risks related to Danfoss FZCO’s activities and the sufficient understanding of US sanctions. US Treasury also viewed Danfoss’ size and global operations as an aggravating factor.
Below are the the key takeaways which will help Nordic companies avoid similar mistakes as Danfoss.
- Monitor and Review your Subsidiaries
- The findings of the case highlight that parent companies are responsible for the activities of their subsidiaries and parents need to apply constant and appropriate monitoring of the activities of the subsidiaries, particularly when resources are shared across a group of companies. This is best addressed through regular and consistent testing and monitoring of the business activity, operations, and controls, of subsidiaries either in-house or with the support of third parties.
- For more information on how to approach monitoring and reviewing subsidiaries and operations, review our Sanctions Program 101 post on Testing and Auditing
- Tailor Controls for Your Company’s Risk
- A critical deficiency by Danfoss is that they did not have in place controls that regularly were tailored to Danfoss FZCO’s operations in the Middle East region, to include independent monitoring of the operations of Danfoss FZCO and monitoring of the financial transactions for business activity of Danfoss FZCO.
- As US Treasury has highlighted, this lack of tailored controls meant that Danfoss A/S could not identify potential sanctions violations unless reported by Danfoss FZCO, which wasn’t happening because of the lack of control and Danfoss FZCO’s use of third party providers in non-sanctioned jurisdictions to facilitate payments from sanctioned jurisdictions. These types of back-to-back/chain/linked payments through third parties are prohibited by sanctions regulations because they do provide benefit to prohibited parties and should always be treated as a major red flag of sanctions risk.
- As we have written before, the best internal controls are those that are tailored to your company’s risks and that consider the regions your company and your subsidiaries operate and your specific activities. For more information on how to approach understanding your company’s risk and applying appropriate controls, review our Sanctions Program 101 post on Risk Assessment and Internal Controls.
- Tailor Training for Roles and Risk
- US Treasury’s OFAC found that Danfoss personnel including senior management did not have adequate training on US sanctions, including how to detect possible sanctions violations and who to escalate violations to, leading to a delayed response in stopping the transactions. Danfoss FZCO was on multiple occasions informed by different actors that conducting payments with certain jurisdictions using a US financial institution could be prohibited and was informed that their activity caused concern for violating sanctions. But in the end, Danfoss FZCO did not change their use of the US branch account when conducting payments with sanctioned jurisdictions such as Syria and Iran.
- With adequate training in place, employees would have known how to detect potential sanctions violations, and how to escalate concerns which could have led to avoiding the sanctions violations. An essential component of successful sanctions compliance is that employees receive training on a regular basis, updated with the lates sanctions regulations and tailored to their specific role and responsibilities. For more information on the importance of and how to approach implementing appropriate training, review our Sanctions Program 101 post on Training