Geographic Risk a factor in vetting 3rd-party suppliers
Achieving Compliance in an environment of global trade and myriad 3rd-party suppliers remains a tough task. A California cosmetics company discovered just how tough when it realized that it had run afoul of U.S. sanctions against North Korea–over eyelashes.
The company, e.l.f. Cosmetics, had imported numerous fake-eyelash kits over a span of five years from a supplier in China, according to a report in the Wall Street Journal. Unbeknownst to the American company, the Chinese supplier had sourced materials from North Korea.
The cosmetics company discovered the violation in one of its internal audits, and it self-reported to U.S. authorities. Prior to this 3rd-party supplier issue, the company had focused its Compliance attentions on quality assurance. And while it had a broader compliance program with supplier audits, the North Korean sourcing by the Chinese vendor had not yet caught anyone’s attention.
In the Treasury Department’s enforcement details, authorities describe the shipment values at about $4.5 million over the five-year span. They noted too that “throughout the time period in which the apparent violations occurred, e.l.f.’s OFAC compliance program was either non-existent or inadequate. The company’s production review efforts focused on quality assurance issues pertaining to the production process, raw materials, and end- products of the goods it purchased and/or imported.”
OFAC noted the self-reporting of the supply-chain issue, but noted too that as a large company e.l.f. engages in substantial volume of international trade, and yet it fell short of its obligation to “have exercised sufficient supply chain due diligence while sourcing products from a region that poses a high risk” of violating sanctions against North Korea.
In addition to paying a fine, the cosmetics company agreed to implement enhanced supply-chain audits, adopt new procedures that require suppliers to acknowledge compliance with U.S. regulations, and enhance training for employees regarding sanctions regulations and Compliance requirements.
The Treasury in its statement notes companies’ risks and responsibilities related to supply chains: “This enforcement action highlights the risks for companies that do not conduct full-spectrum supply chain due diligence when sourcing products from overseas, particularly in a region in which the DPRK, as well as other comprehensively sanctioned countries or regions, is known to export goods. OFAC encourages companies to develop, implement, and maintain a risk-based approach to sanctions compliance and to implement processes and procedures to identify and mitigate areas of risks.”