All third parties doing business with your firm need to be reviewed for OFAC/PEP sanctions prior to Contracting...
That because, in some cases, just signing a contract with a sanctioned entity may expose you to non-compliance.
I think the only risk you have of not running an OFAC check; is if they entity is actually on the sanctions list.
In that case you are open to fines for violating OFAC... but if the entity isn't no the sanctions list. Your risk is I/A or Examiners give you a finding.
You can't cure something that happened or didn't happen in the past. But you'll need to take some corrective action to demonstrate that you won't do it again. :-)
Good luck
------------------------------
Bradley Martin
bradleymartin.net
------------------------------
Original Message:
Sent: 08-04-2022 10:16 AM
From: Anonymous Member
Subject: OFAC
This message was posted by a user wishing to remain anonymous
Hello All,
We run an OFAC check on our new and existing vendors when we conduct our due diligence. My question is, more precisely our internal audit:
What is the risk of not running an OFAC check (we forgot) on a Credit Reporting Agency vendor? We only ran OFAC on CEO.
Your feedback will be greatly appreciated.