ST0666
While there is no “one-size-fits all” risk assessment, the exercise should generally consist of a holistic review of the organization from top-to-bottom and assess its touchpoints to the outside world. This process allows the organization to identify potential areas in which it may, directly or…
Plain-language summary
What it actually means.
Plain-language summary forthcoming. Source text below.
Source text
As written.
While there is no “one-size-fits all” risk assessment, the exercise should generally consist of a holistic review of the organization from top-to-bottom and assess its touchpoints to the outside world. This process allows the organization to identify potential areas in which it may, directly or indirectly, engage with OFAC-prohibited persons, parties, countries, or regions. For example, an organization’s SCP may conduct an assessment of the following: (i) customers, supply chain, intermediaries, and counter-parties; (ii) the products and services it offers, including how and where such items fit into other financial or commercial products, services, networks, or systems; and (iii) the geographic locations of the organization, as well as its customers, supply chain, intermediaries, and counter-parties. Risk assessments and sanctions-related due diligence is also important during mergers and acquisitions, particularly in scenarios involving non-U.S. companies or corporations.
Assessed by HEXDI
What HEXDI assesses.
- M2
1 — PROGRAM SETUP AND ADMINISTRATION
Program is developed using a reasoned methodology that is based on a thorough analysis and identification of risks pertaining to company…
- M2
2 — PROGRAM SETUP AND ADMINISTRATION
Methodology includes monitoring, collecting, and reporting of information on the number of exports/imports, nature and number of…
- M2
3 — PROGRAM SETUP AND ADMINISTRATION
Senior Management, with the assistance of legal counsel and/or compliance personnel, takes responsibility for determining the significance…
- M2
4 — PROGRAM SETUP AND ADMINISTRATION
Risk analysis and identification occurs at Senior Management meetings as part of short- and long-term forecasting and strategic planning.
- M2
5 — PROGRAM SETUP AND ADMINISTRATION
Risk analysis and identification considers customer base, countries of exports/import activities, and product lines.
- M2
6 — PROGRAM SETUP AND ADMINISTRATION
Risk analysis and identification considers risks posed by interactions with third parties, to include suppliers, brokers, contractors,…
Related
Other DOT standards.
Source & revisions
- First mapped
- Jun 8, 2022
- Last updated
- May 26, 2026 (29m ago)
- Source
- Framework for OFAC Compliance Commitments