The Importance of Compliance Strength During Rapid Growth

By Linenea Deeds, Director of Educational Services 

Rapid growth, which usually indicates a positive stage for companies, comes with potential downsides, as seen in the cautionary tale of Toll Holdings.


The Office of Foreign Asset Controls (OFAC) fined Toll Holdings (“Toll”), a 134-year-old freight and logistics company based in Melbourne, Australia, over $6.13 million for nearly 3,000 self-disclosed violations of U.S. sanctions policy. OFAC stated the violations stemmed from “rapid” expansion “without a requisite increase in compliance resources.” Think about that statement. When companies grow rapidly, it is not unusual for compliance and other foundational services to lag while the company realigns its core support structures.

In Toll’s case, the company began acquiring regional freight forwarding companies in 2007 and had amassed almost 600 “invoicing, data, payment, and other system applications spread across its various business units.” Unfortunately, compliance programs and oversight didn’t keep pace while the business operations grew in complexity. As a result, between January 2013 and February 2019, Toll and its affiliates “originated or caused to be received” 2,958 illegal payments connected with shipments to and from North Korea, Iran, and Syria worth nearly $50 million. These transactions happened primarily through Toll’s overseas units.

Toll received multiple warnings from one of its banks beginning in May 2015, resulting in the bank freezing its U.S. dollar account and threatening to terminate its relationship. In February 2017, almost two years after the initial red flag, Toll implemented “hard controls” into their systems to disable country and location codes for ports and cities in sanctioned countries. While violations significantly decreased, 105 violations still occurred.

In addition to its system upgrades, Toll also introduced sanctions training for all employees, terminated its franchise business model, and created enhanced on-boarding for agents. Toll also identified and removed the employees involved with the violations.


First, self-disclosures are worth it. OFAC calculated the maximum penalty for Toll’s violations to be over $826 million. However, the ultimate fine was $6.13 million, less than 1% of the potential fine, due to several mitigating and aggravating factors

Second, robust corrective actions both mitigate fines and prevent future violations. For example, Toll conducted a “risk-mapping exercise to identify the root causes of the compliance lapses” and restructured its compliance division.

Third, don’t turn a blind eye to warnings. They can become aggravating factors. For example, OFAC determined that Toll had “reason to know” it was committing sanction violations for reasons including bank warnings. Further, OFAC pointed out Toll’s “reckless disregard for U.S. economic sanctions laws” despite an existing company compliance policy.

Finally, when considering mergers and acquisitions or organic growth, companies must keep compliance on the front burner. If needed, bring on additional, temporary expertise to shore up your compliance teams. It may not be enough to put aside funds to resolve unknown compliance issues. You may also be adding new risks to your organization. Had OFAC begun an investigation before the voluntary self-disclosure, the fine may have been higher.

Thomas Knudsen, Toll Group’s managing director, focused on the positive outcome and the violations occurring as part of “payments through the U.S. financial system related to otherwise permissible shipments.” However, the story would have been different if the shipments were not permissible under U.S. regulations. The outcomes may have been reminiscent of the two cases with Fokker and Schlumberger in 2015.