Jackson Wood, Director of Strategy, GTI, Descartes

Jackson Wood

Director, Industry Strategy, Global Trade Intelligence

Rising geopolitical tensions continue to fuel unprecedented legislation aimed at mitigating perceived international security risks like cybersecurity attacks and espionage. U.S. sanctions, imposed by agencies like the Department of Treasury’s Office of Foreign Assets Control (OFAC), against Russian entities have increased since the outbreak of the Russia-Ukraine war. The recent set of OFAC sanctions targets a Moscow-based multinational antivirus and cybersecurity company. These sanctions signal the need for organizations to reexamine their third-party risk management strategies and establish protocols for ongoing denied party screening.  

In this article we will explore the events that triggered these sanctions, how they impact international trade compliance, and share steps that businesses can take to help mitigate risks and prevent sanctions violations. 

Key Takeaways

  • The U.S. has imposed new and unprecedented OFAC sanctions on a Russian multinational cybersecurity and anti-virus software provider. 
  • These Russia-related sanctions have broad implications for business and global trade compliance. 
  • Organizations must be aware of and act on the latest OFAC sanctions and cybersecurity regulations to ensure OFAC compliance. 
  • Organizations engaged in global trade should incorporate robust denied-party screening and third-party risk management software solutions into their sanctions compliance programs.  

Now, let’s summarize the situation with this cybersecurity software company and why it is relevant to all organizations.

Overview of OFAC Designations Against the Cybersecurity and Antivirus Company 

Recently, the U.S. Department of Commerce’s Bureau of Industry and Security (BIS) “issued a Final Determination prohibiting the cybersecurity firm and its affiliates, subsidiaries, and parent companies from engaging in transactions involving the provision of certain cybersecurity and anti-virus products and services to U.S. persons.”  

Additionally, BIS added three entities related to the Russian cybersecurity company to the Entity List. Following this, the Department of the Treasury added “twelve individuals in executive and senior leadership roles” to the OFAC Specially Designated Nationals List (SDN List).   

“Today’s action against the leadership of Kaspersky Lab underscores our commitment to ensure the integrity of our cyber domain and to protect our citizens against malicious cyber threats,” said Brian E. Nelson, Under Secretary of the Treasury for Terrorism and Financial Intelligence, adding “The United States will take action where necessary to hold accountable those who would seek to facilitate or otherwise enable these activities.” 

Previous directives predate the latest set of restrictions placed on the Russian cybersecurity company. In 2017, the Department of Homeland Security already banned federal agencies from using the company’s software. The recent OFAC sanctions reflect ongoing concern over its alleged ties to Russian intelligence. 

The Impact of OFAC Sanctions and BIS Entity List Additions on The Russian Antivirus Company 

The comprehensive approach taken by OFAC and BIS to disrupt Russia’s cybersecurity threats, prevent the company from selling or updating its antivirus software in the U.S. and to U.S. entities. Additionally, by designating 12 executives and senior leaders on the OFAC SDN List, the U.S. assets of these individuals are blocked, and they are restricted from transacting with any U.S. individual or company.  

The sanctions not only limit the company’s ability to operate in the U.S. but also pose substantial reputational risks and potential financial losses on a global scale. This move by OFAC underscores the broader geopolitical tensions and concerns about cybersecurity threats, affecting businesses and their compliance strategies. 

BIS stated that imposing the ban on the Russia-based cybersecurity firm was the most appropriate action to secure U.S. national interests, as the security risk involved was too significant to be effectively managed “through mitigation measures.”    

How These OFAC Sanctions Affect Global Trade Compliance 

In view of recent global trade trends, especially in the context of U.S.-Russia relations and cybersecurity, businesses should anticipate more OFAC sanctions and refine in-house trade compliance measures. Sanctions will continue to serve as the preferred tool by governments to restrict the activities of foreign organizations, individuals, or countries that threaten their interests, thereby reducing potential harm.  

For organizations dealing with the sanctioned Russian cybersecurity firm, its products or any related entities, these OFAC sanctions necessitate a careful review of their supply chains and partnerships to ensure compliance with U.S. regulations and export controls.  

The situation highlights the importance of robust sanctions compliance measures to navigate the complexities of international trade and cybersecurity concerns. Companies can expect an increase in the risk and complexity of doing business.  

For example, the aforementioned Executive Order on securing the ICT supply chain impacts businesses in several ways, including, but not limited to: 

  • Increased compliance requirements 
  • Increased need for risk management strategies 
  • Increased supplier restrictions 
  • Increased need for cyber security enhancements 
  • Increased market uncertainty 
  • Increased digital economy impact 

 How can global organizations make OFAC compliance a top priority? For starters, U.S. persons and entities must comply with all sanctions, including the latest OFAC sanctions and BIS Entity List regarding the Moscow-based cybersecurity provider. As of July 20, 2024, no U.S. person is authorized to be a party to a transaction involving the sanctioned Russian company’s cybersecurity products or anti-virus software, including white-labeled products designed by them and resold by a third party.

By September 29, 2024, no U.S. entities are authorized to resell, license, or integrate cybersecurity or anti-virus software from the sanctioned Russian company into other products and services. Furthermore, it is also prohibited to transact with any of the 12 executives that have been designated on the OFAC SDN list. This includes doing business with any entities owned wholly or in part, directly or indirectly, 50% or more by one or more of these listed parties. 

Businesses should note that engaging with sanctioned entities or entities that are a part of the global network of OFAC sanctions evaders may lead to serious legal, financial, and criminal consequences. 

Still, trade compliance goes far beyond simply avoiding transactions with sanctioned entities. What global trade compliance best practices should be on your organization’s radar, especially regarding mitigating third-party risks? 

OFAC Compliance Guidelines for Third-Party Risk Management 

Entities involved in global trade should establish rigorous and dynamic internal policies to ensure international trade compliance and third-party risk mitigation. It is important to note that suppliers and vendors are not the only third parties to be concerned about, the list includes business partners, customers, resellers, agents, contract workers, employees, and even visitors. 

Here are some vital elements of an effective OFAC compliance program with an emphasis on third-party risk management:

  • Identify Third-Party Risks: Thoroughly vet all third parties before engagement. This includes screening them against OFAC’s SDN and other sanctions lists like the BIS Entity List. 
  • Implement Continuous and Ongoing OFAC Sanctions Screening Procedures: Institute a comprehensive process for ongoing monitoring to track any changes with third parties This is vital in quickly identifying any new sanctions or changes to an entity’s compliance status that may pose a sanctions violation risk. 
  • Take a Risk-Based Approach to OFAC Compliance: Assess the risk level of third parties based on factors like their geographic location, industry, ownership structure and history. Prioritize and tailor your compliance efforts on high-risk third parties. 
  • Ensure Screening Lists Are Updated and Comprehensive: Regularly confirm that you are using the latest OFAC sanctions lists and other relevant watchlists. Based on your risk profile, verify if you need additional screening content to uncover sanctioned ownership structures. This will help identify entities that may be controlled by or affiliated with sanctioned parties and prevent sanctions violations. 
  • Leverage Advanced Denied Party Screening Software: Choose a solution that can easily integrate with existing compliance and risk management systems. It should automate OFAC sanctions screening procedures as much as possible to minimize manual efforts, increase efficiency, and ensure consistent compliance across all touchpoints. 
  • Build Resiliency into your Technology Supply Chain: Explore alternative business tools and software options to replace those potentially compromised by regulatory restrictions and other geopolitical situations. 
  • Include Contractual Protection: When contracting third parties, add robust OFAC compliance clauses that require third parties to comply with relevant regulations and provide assurance that they are not dealing with sanctioned entities. 
  • Stay Informed of the Most Recent Regulations: Keep up to date on evolving regulations and best practices regarding sanctions compliance and third-party risk management. 

Still, as with any trade, these rigorous processes can be particularly challenging without the right tools at your disposal. Thankfully, Descartes offers a viable and effective solution. 

Simplify OFAC Compliance with Descartes Denied Party Screening 

Effectively managing third-party risks and maintaining compliance with the dynamic nature of OFAC sanctions especially in the wake of the Russia-Ukraine conflict can be a complex and resource draining process. The trade compliance solutions that Descartes provides simplify and streamline your due diligence and risk management process, safeguarding business growth. 

For example, our robust suite of trade compliance and OFAC screening solution include: 

  • Denied Party Screening: Our denied party screening tool helps you avoid dealing with denied entities, mitigating the legal, reputational, and financial risks of non-compliance.  
  • OFAC Compliance: This powerful tool allows you to screen entities against OFAC watch lists, including Specially Designated Nationals, Blocked Persons, and others, before engaging in trade.  
  • Sanctioned Party Ownership Screening: Our ownership screening solution simplifies the process of abiding by OFAC’s “50 Percent Rule” and uncovering ownership structures to identify which entities are eligible for business transactions.   

Beyond our software solutions, you can explore our Russia-Ukraine resource center, curated with expert insights to help your organization stay up-to-date and effectively tackle the myriad Russia sanctions that are affecting global trade.   

If you would like to take a closer look at our OFAC compliance technology or need to enhance your screening capability, you can simply contact us or request a demo.  

Find out what our customers are saying about Descartes Denied Party Screening on G2 – an online third-party business software review platform. Additionally, you can read this essential buyer’s guide to denied party screening to help you select a solution that fits your needs.