Our world is becoming more interconnected than ever. Accordingly, fraud and foreign threats have expanded their reach, and the United States is concerned about their impact on federally funded programs, such as healthcare, military, and financial institutions. The Office of Foreign Assets Control (OFAC) updates and maintains lists of these foreign individuals and entities designated as threats and prohibits U.S. based companies and individuals from conducting business, directly or indirectly, with them.
Since the recent aggressions and attacks against Ukraine starting in February 2022, many Russian entities and individuals have been added to OFAC’s SDN List as part of the United States’ overall effort to cripple Russia’s economy and military with financial sanctions. However, because OFAC is not specifically tied to healthcare, some healthcare companies overlook screening their employees, providers, vendors, and third parties against the SDN List. This puts many healthcare companies at risk for major fines and penalties as they and/or their vendors and third parties may be engaging with sanctioned companies and individuals whether they know it or not.
Is it possible your company or one of your vendors or third parties is conducting business with a newly sanctioned Russian financial institution, business, or individual? We’ll explain what the recent U.S. sanctions on Russia mean for your healthcare organization and how you can avoid fines and penalties by staying OFAC compliant.
Understanding the role of OFAC and the SDN List
The Office of Foreign Assets Control (OFAC) exists so that the U.S Department of Treasury can administer and enforce economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, and more. OFAC adds these individuals and companies owned or controlled by, or acting on behalf of, targeted countries to their Specially Designated Nationals and Blocked Individuals (SDN) List and block their assets. Tasked with maintaining the SDN List which has a sanctions list search tool, OFAC must also ensure that no U.S. based individuals or companies engage with these sanctioned individuals and entities.
As OFAC’s lists have grown over time, screening employees, vendors, and third parties against their lists has become more commonplace for U.S. companies as a part of their compliance program/plan. However, because the SDN List is not updated based on a predetermined schedule but instead upon revolving U.S. foreign policies, it can be challenging to know when to search the list to see if names have been added or removed.
See our post to learn more about OFAC and how to do an OFAC sanction search.
Keeping up with the latest U.S. sanctions against Russia
February 21, 2022:
As a swift response to Russia’s war actions against Ukraine, The Biden Administration imposed its “first tranche” of sanctions against Russia to weaken Russia’s economy and military. These full blocking sanctions specifically target two state-owned Russian financial institutions that provide key services and funds to Russia’s military. As a result, their U.S. assets are frozen and they cannot access the American dollar. On the other side of the imposed sanctions, U.S. businesses and individuals are prohibited from conducting business or commerce through transactions with these Russian entities. Additionally, U.S. individuals and firms may not participate in secondary markets for new debt issued by major Russian banks and financial agencies of the Russian Federation. Five Russian elites and their families were also fully blocked from the United States’ first round of sanctions.
February 28, 2022:
OFAC released a press release to announce that persons in the U.S. are prohibited from engaging in transactions with the Central Bank of the Russian Federation, the National Wealth Fund of the Russian Federation, and the Ministry of Finance of the Russian Federation. The purpose of these particular sanctions are to immobilize any assets held by these entities in the United States. Three entities critical to managing one of Russia’s key sovereign wealth funds were also designated by OFAC to the SDN List.
March 24, 2022:
In this press release, OFAC designated dozens of Russian defense companies, 328 members of the Russian State Duma, and the head of Russia’s largest financial institution.
With more sanctions against Russia continuing to come, there are now more chances that one of your vendors or third parties is engaging with a person or company on the OFAC Specially Designated and Blocked Individuals List.
You can stay up to date with all of the Russia-Ukraine sanctions by visiting OFAC’s Ukraine and Russia related sanctions page.
What do the sanctions mean for U.S. healthcare providers?
Your organization is likely already aware of and conducting monthly OIG exclusion list checks, but is it also including monthly or quarterly OFAC searches on your vendors and third parties? You probably haven’t had reason to worry about it in the past but with the world so interconnected, there may be a chance that one of your old vendors or that new third party you just started contracting with was recently added to the OFAC SDN List.
Another question these sanctions raise is whether you have effective vendor enrollment policies and procedures to ensure that you know exactly who you are doing business with. You should always request this information from your vendors:
- Name of Business
- FEIN
- Business Owners of 5% or greater
- State of Incorporation
- Business address
- Subsidiaries
- Business Associate Agreements (if handling PHI)
Add SDN List searches to your exclusion monitoring process
When effective and frequent SDN List checks are added on top of your OIG and SAM.gov exclusion list monthly monitoring, you further mitigate risk by ensuring your healthcare organization, including its vendors and third parties, is not doing business with any sanctioned individuals or entities. The small price to pay to maintain OFAC compliance greatly outweighs the cost of a severe fine or penalty from the government. And don’t forget about all the time, costs, and human errors you’d eliminate by not having to manually search the SDN List. Allow ProviderTrust to automate your OFAC monitoring!
