Geographic Risk a factor in vetting 3rd-party suppliers
Achieving Compliance in an environment of global trade and myriad 3rd-party suppliers remains a tough task. A California cosmetics company discovered just how tough when it realized that it had run afoul of U.S. sanctions against North Korea–over eyelashes.
The company, e.l.f. Cosmetics, had imported numerous fake-eyelash kits over a span of five years from a supplier in China, according to a report in the Wall Street Journal. Unbeknownst to the American company, the Chinese supplier had sourced materials from North Korea.
The cosmetics company discovered the violation in one of its internal audits, and it self-reported to U.S. authorities. Prior to this 3rd-party supplier issue, the company had focused its Compliance attentions on quality assurance. And while it had a broader compliance program with supplier audits, the North Korean sourcing by the Chinese vendor had not yet caught anyone’s attention.
In the Treasury Department’s enforcement details, authorities describe the shipment values at about $4.5 million over the five-year span. They noted too that “throughout the time period in which the apparent violations occurred, e.l.f.’s OFAC compliance program was either non-existent or inadequate. The company’s production review efforts focused on quality assurance issues pertaining to the production process, raw materials, and end- products of the goods it purchased and/or imported.”
OFAC noted the self-reporting of the supply-chain issue, but noted too that as a large company e.l.f. engages in substantial volume of international trade, and yet it fell short of its obligation to “have exercised sufficient supply chain due diligence while sourcing products from a region that poses a high risk” of violating sanctions against North Korea.
In addition to paying a fine, the cosmetics company agreed to implement enhanced supply-chain audits, adopt new procedures that require suppliers to acknowledge compliance with U.S. regulations, and enhance training for employees regarding sanctions regulations and Compliance requirements.
The Treasury in its statement notes companies’ risks and responsibilities related to supply chains: “This enforcement action highlights the risks for companies that do not conduct full-spectrum supply chain due diligence when sourcing products from overseas, particularly in a region in which the DPRK, as well as other comprehensively sanctioned countries or regions, is known to export goods. OFAC encourages companies to develop, implement, and maintain a risk-based approach to sanctions compliance and to implement processes and procedures to identify and mitigate areas of risks.”
RegTech Platform and AML Ecosystem boost AML Compliance and every GRC effort
With AML Partners’ platform technology for RegTech, AML and GRC software solutions are easier, faster, and so much more efficient. Contact us today to learn how platform technology and our end-to-end AML Ecosystem SURETY Eco and the SURETY modules –powered by the RegTech One platform–can transform the efficiency and effectiveness of your unique AML Compliance efforts. SURETY Eco includes fully integrated modules for CDD/KYC on-boarding, behavior/transaction monitoring, and sanctions screening. And AML Partners simplifies your end-to-end fully integrated AML Compliance efforts even further with an optional Subpoena Search module for FinCEN 314a and similar subpoena searches. Contact us today to learn more or schedule a demo of SURETY Eco, the AML Ecosystem powered by the RegTech One platform. With extraordinary configurability and built for API extensibility, the RegTech One platform powers not only an end-to-end AML ecosystem but also CECL workflows, vendor management, cyber risk workflows, FCPA workflows, and so much more.