Multinational Firm’s Ineffective Compliance Program Led to Sanctions Violations, OFAC Says

Danfoss committed 225 sanctions violations when it caused the U.S. bank to “facilitate prohibited financial transactions and export financial services to sanctioned jurisdictions,” OFAC said, adding that the violations in part stemmed from “deficiencies” in Danfoss’ global sanctions compliance program. Danfoss disclosed the violations to OFAC after the agency was already aware of the transactions, so OFAC didn’t give the company credit for a voluntary self-disclosure.

The Danish company’s subsidiary, United Arab Emirates-based Danfoss FZCO, sold cooling and heating equipment to customers in Sudan, Syria and Iran from November 2013 to August 2017, OFAC said. Employees at the subsidiary told customers to send payments to at least three accounts at UAE banks, including Danfoss’ U.S. branch account, the notice said. The customers used third-party agents, including “money exchangers” in non-sanctioned jurisdictions, to pay Danfoss FZCO at this account. Danfoss FZCO also used third-party payers to transfer payments from its U.S. branch account to parties in Syria and Iran, OFAC said.

The use of third-party payers “disguised the originator or beneficiary of these transactions,” the agency said, allowing the payments to slip through the bank’s “transactional screening filters." OFAC said the total value of the transfers was $16,959,683.

While OFAC said it “found no evidence” Danfoss “willfully” used the third-party payers to evade sanctions, it said Danfoss FZCO was aware since at least 2011 that using a U.S. bank to send or receive payments to and from sanctioned jurisdictions could be illegal. The agency said Danfoss FZCO “received communications” from Danfoss, “as well as from various financial institutions,” that its banking activity could give “rise to sanctions concerns, including rejected transactions.”

In one instance in 2011, OFAC said Danfoss’ U.S. bank rejected a payment connected to Iran. In another instance in 2016, the company’s compliance department found that an Iranian customer was invoiced in U.S. dollars, and compliance employees told Danfoss FZCO “such activity was impermissible,” OFAC said. “Despite these communications, Danfoss FZCO continued to use its U.S. Branch Account to collect payments from customers in sanctioned jurisdictions.”

The violations stemmed from Danfoss’ ineffective compliance program, OFAC said, adding that the company didn’t have procedures to “regularly monitor” Danfoss FZCO’s activities to look for potential sanctions issues. “As a result, Danfoss lacked the means to know when problems arose unless Danfoss FZCO proactively contacted Danfoss’ Compliance Program Manager,” OFAC said.

The agency also said Danfoss FZCO’s employees, including its regional finance director, didn’t have “substantive training” on U.S. sanctions and didn’t consult with Danfoss’ compliance program manager on the transactions. “This insufficient understanding of U.S. sanctions left the Regional Finance Director with a lack of urgency to address Danfoss FZCO’s banking issues and substantially contributed to the delay in stopping the violative transactions,” OFAC said.

The agency said the U.S. bank notified Danfoss of the sanctions violations in May 2017. Although Danfoss disclosed the violations to OFAC in October of that year, the agency already knew about the violations and “assessed that Danfoss’ submission did not qualify as a voluntary self-disclosure.”

The maximum civil penalty for Donfass was more than $71 million, but OFAC fined the company $4,379,810 due to several mitigating factors, including because the violations were non-egregious. OFAC also said Danfoss hadn’t received a penalty notice in the previous five years, was “highly cooperative” during OFAC’s investigation and took “quick action to ascertain the root causes of the conduct at issue” and implemented several new compliance controls.

The new controls included a new procedure for monitoring and documenting payments to U.S. bank accounts to “identify true originators and reject any payments that originate from a sanctioned jurisdiction.” The company also updated its export control standards and export control manual to specify the sanctions compliance roles and responsibilities of all employees and released new “documentation” to “reinforce” its employees’ understanding of U.S. export controls and sanctions. Danfoss also created a sanctions compliance manual for its UAE subsidiary to “make clear their obligations under U.S. sanctions and the risks specific to doing business in the Middle East.”

OFAC also pointed to several aggravating factors, including Danfoss’ failure to “exercise a due degree of caution or care in complying with U.S. sanctions requirements” and its failure to “recognize warning signs” it was committing sanctions violations. The company also had “actual knowledge” that it was dealing in payments with customers from sanctioned countries and “prevented the foreign branch of a U.S. financial institution from appropriately screening and rejecting these transactions.” OFAC also said Danfoss is a “commercially sophisticated entity” that serves customers in more than 100 countries.

The case highlights the risks for multinational companies that use the U.S. financial system for payments involving sanctioned jurisdictions, OFAC said. “Commercial activity that might not otherwise violate OFAC regulations -- such as the sale of non-U.S. goods by a non-U.S. person to an entity in an OFAC sanctioned country -- can nonetheless cause a violation when the financial transactions related to that activity are processed through or involve U.S. financial institutions,” the agency said.

OFAC said companies need to “train key staff,” including senior management, to “identify and escalate potential violations of U.S. sanctions” to compliance personnel. “It is particularly important to implement controls specific to the risks posed by the regions in which subsidiaries operate, and any risks stemming from specific business practices,” the agency said, “such as accepting payments from third parties.”