The Office of Foreign Assets Control, OFAC, has cleverly implemented an Interim Final Rule which will, in effect, require ALL companies that buy or sell goods and services to foreign entities or individuals to create, and maintain, an effective AML/CFT compliance program. While the Rule does not specifically require such a program, the only prudent response to its impact is to create one forthwith, to protect your company, not just those engaged in the delivery of financial services.
The previous law required any US company or person, to file a report with OFAC, when any transaction was blocked, due to OFAC sanctions. This usually means wire transfers, payment orders, or other types of payment. Now, if a US company decides to cancel, withdraw, or decline any business because the foreign party is OFAC-sanctioned, a mandatory report must be filed as well.
This means that OFAC will be alerted, and may review prior transactions with that foreign party, and could impose a Civil Penalty for violations. In that case, the absence of en effective AML/CFT compliance program is a major factor in possible mitigation or even elimination of a large fine; a company's failure to have, in place, a compliance program is always specified in the "Name & Shame" public notices that OFAC published on the Treasury website, under Civil Fines and Penalties.
You can review the complete text of the Interim Rule here.
Therefore, prudence demands that, if your company provides ANY services to foreign nationals or entities, you had best have a working compliance program in place at this time. Programs that meet Banking Best Practices are the ones to emulate. They feature:
(1) A designated compliance officer.
(2) A written compliance program.
(3) Regular training of staff and officers on the program.
(4) An outside audit, performed regularly, to insure that the program is operating properly.
Treasury is to be commended for its ingenious method of insuring that all relevant industries create a compliance program, with one simple regulation.