Rapid growth, which usually indicates a positive step for businesses, comes with potential downsides, as the cautionary tale of Toll Holdings shows.
The Office of Foreign Asset Controls (OFAC) has fined more than $6.13 million on Toll Holdings (“Toll”), a 134-year-old Melbourne, Australia-based freight and logistics company , for nearly 3,000 self-reported violations of US sanctions policy. OFAC said the violations stemmed from “rapid” expansion “with no required increase in compliance resources.” Think about this statement. When businesses grow rapidly, it’s not uncommon for compliance and other fundamental services to lag behind as the business realigns its core support structures.
In Toll’s case, the company began acquiring regional freight carriers in 2007 and had amassed nearly 600 “billing, data, payment and other systems applications spread across its various business units.” Unfortunately, compliance programs and monitoring have not kept pace as business operations have become increasingly complex. As a result, between January 2013 and February 2019, Toll and its affiliates “made or caused to receive” 2,958 illegal payments related to shipments to and from North Korea, Iran and Syria worth nearly of $50 million. These transactions took place primarily through Toll’s foreign units.
Toll received several warnings from one of his banks starting in May 2015, which led to the bank freezing his US dollar account and threatening to end his relationship. In February 2017, nearly two years after the initial red flag, Toll implemented “strict controls” in its systems to disable country and location codes for ports and cities in sanctioned countries. While breaches decreased significantly, 105 breaches still occurred.
In addition to its system upgrades, Toll also introduced sanctions training for all employees, ended its franchise business model, and created improved onboarding for agents. Toll also identified and fired the employees involved in the violations.
Take away food
First, self-disclosures are worth it. OFAC calculated the maximum penalty for Toll’s violations to be over $826 million. However, the ultimate fine was $6.13 million, less than 1% of the potential fine, due to several mitigating and aggravating factors.
Second, robust corrective actions mitigate fines and prevent future violations. For example, Toll conducted a “risk mapping exercise to identify the root causes of compliance failures” and restructured its compliance division. Third, don’t close your eyes to the warnings. They can become aggravating factors. For example, OFAC determined that Toll had “reason to know” that he was committing sanctions violations for reasons such as bank warnings. Additionally, OFAC pointed to Toll’s “reckless disregard for U.S. economic sanctions laws” despite the company’s existing compliance policy.
Finally, when considering mergers and acquisitions or organic growth, companies must keep compliance at the forefront. If needed, bring in temporary additional expertise to bolster your compliance teams. It may not be enough to set aside funds to address unknown compliance issues. You can also add new risks to your organization. If OFAC had opened an investigation before the voluntary self-disclosure, the fine could have been higher.
Thomas Knudsen, Managing Director of Toll Group, focused on the positive outcome and violations in connection with “payments through the US financial system related to otherwise authorized shipments”. However, the story would have been different had the shipments not been permitted under US regulations. The results may have been reminiscent of the two cases with Fokker and Schlumberger in 2015.