Sanctions Compliance Policy: A Must-Have for New Zealand Businesses

As the global landscape of economic sanctions continues to evolve, it’s more crucial than ever for New Zealand businesses to have a comprehensive Sanctions Compliance Programme (SCP) in place. In this article, we’ll outline the essential components of an SCP and provide guidance on how to develop or refine your organization’s policy.

Recordkeeping: A Critical Aspect

An SCP should detail the organization’s recordkeeping requirements, including:

• Retention of transactional data
• Screening results
• Compliance documentation

Best practice suggests keeping DD and EDD records for a minimum of five years from the date of the last transaction or the end of the business relationship, whichever is later.

Response, Corrective Actions, and Reporting: A Plan for Potential Violations

The SCP should define the organization’s response plan in the event of a potential sanctions violation, including:

• Procedures for escalating consideration of a potential sanctions violation
• Conducting an internal investigation
• Implementing corrective actions
• Disclosing a potential violation to the relevant regulatory authorities, as necessary or advantageous

Testing and Auditing: Ensuring Programme Effectiveness

An SCP should establish processes for regular internal audits and testing of the program, including:

• Periodic reviews of internal controls
• Screening processes
• Employee adherence to policies and procedures
• Remedial actions to be taken in response to audit findings

Continuous Monitoring and Updates: Staying Ahead of Changing Regulations

The SCP should stress the need for ongoing monitoring of sanctions laws, regulations, and regulatory guidance, which can be subject to frequent and sudden change. It should establish mechanisms to review and update the policy and associated procedures regularly, ensuring alignment with evolving regulatory expectations.

Third-Party Relationships: Managing Compliance Risks

If applicable, an SCP should address the organization’s approach to managing compliance risks associated with third-party relationships, including:

• Seeking representations or warranties from third parties that they do not present sanctions risks
• Taking reasonable steps to ensure their ongoing compliance with sanctions

Bank Relationships: Aligning with Sanctions-Related Undertakings

An SCP should align with any sanctions-related undertakings the organization has made to its banks, financiers, or others, including:

• Public aspects of bank’s SCP
• Sanctions-related terms and conditions governing the use of accounts and facilities

Seeking Expert Guidance

If you would like assistance to develop or refine your organization’s SCP, please do not hesitate to contact one of our experts. We have extensive experience advising on sanctions compliance and enforcement-related matters.

How We Can Help

Our team can assist clients in:

• Developing or refining sanctions compliance programs
• Producing obligations registers
• Conducting compliance assessments
• Undertaking customer and transaction due diligence and screening processes
• Structuring low-risk transactions

Footnotes

[1] New Zealand businesses may also want to seek guidance from New Zealand Standard NZS/AS 3806:2006 on Compliance Programmes, which is of general application.

[2] OFAC’s A Framework for OFAC Compliance Commitments remains the best starting point for any company looking to establish or refine an SCP.

[3] For example, the Wolfsburg Group’s Guidance on Sanctions Screening provides more comprehensive DD recommendations for financial institutions.

[4] For example, MFAT’s Guidance Note: Due Diligence, Guidance Note: Banking Transactions and other guidance notes for exporters and importers provide recommendations for New Zealand persons contemplating dealings involving Russia.

[5] Screening can be done manually or expedited with the help of automated technology solutions. Our clients recommend Refinitiv World-Check, Dow Jones Risk Center, LexisNexis Firco Continuity and SymphonyAI NetReveal.

[6] Some sanctions regulators publish guidance on their reporting expectations. For example, MFAT’s Guidance Note: Duty Holder Reporting informs ‘duty holders’ about their reporting obligations under the Russia Sanctions Act 2022 and Russia Sanctions Regulations 2022.

[7] MinterEllisonRuddWatts, Banks may terminate services to entities associated with sanctioned individuals, available here.