It’s been another busy quarter for the Office of Foreign Assets Control (OFAC) after they sanctioned three banks for failing to comply with current denied party screening and compliance regulations.

According to OFAC, the breaches occurred due to fundamental deficiencies in internal compliance systems and human error. What we know is clear: banks, like all businesses, are responsible for their own OFAC compliance and must conduct OFAC sanctions searches regularly. 

So, what can we learn from this? In this article, we’ll explore what happened so companies across industries can avoid similar violations by strengthening their compliance policies, processes, and infrastructure.

Misunderstanding of Screening Policies Leads to a Finding of Violation

An OFAC sanction was recently enforced on a bank for the apparent violation of the Weapons of Mass Destruction Proliferators Sanctions Regulations (WMDPSR). The bank in question processed multiple payments for two individuals only recently added to OFAC’s List of Specially Designated Nationals (SDN) and Blocked Persons.

How the Violation Occurred

The violation was due to a miscommunication between the company and its sanctions screening vendor. The business falsely believed that its vendor screened its entire customer base for SDN violations daily, but those comprehensive screenings only happened once a month. The vendor’s daily screenings checked only for new customers and existing ones with recent account changes.

These screening frequencies were not sufficient for OFAC compliance. While the vendor notified the bank about the SDN list update, it did so two weeks after OFAC blocked the entities. The bank had already completed the transactions at that point.

Penalties, Remediation Steps, and What We Can Learn

OFAC issued a Finding of Violation (FOV) rather than a monetary fine. This ruling comes with several implications:

  • Banks must take a risk-based approach to OFAC compliance.
  • If a financial institution chooses to outsource its compliance services, it must ensure that the vendor can handle its unique risk profile.
  • Every bank’s situation is unique. No one approach to sanctions screening can apply to all businesses, as they all have their own risk profiles and approaches to compliance.

The bank instituted new manual processes for screening the entire customer base after any OFAC sanctions list update, and the vendor upgraded the frequency of its own screening solution. Thanks to the bank’s cooperation with OFAC and its previous good compliance standing, OFAC considered these “mitigating factors” when deciding on a penalty.

Working with Individuals Involved in Drug Distribution and Money Laundering

OFAC also hit a major payment card services provider with a violation of its Kingpin sanctions law for processing transactions on behalf of a supplemental card holder who acted in connection with illegal drug distribution and money laundering schemes.

How the Violation Occurred

A combination of human error and a deficient OFAC compliance program led to this mistake. The company provided service to an individual on the SDN List, which was in apparent breach of Foreign Narcotics Kingpin Sanctions Regulations (FNKSR). This foreign national received a supplemental card on an account handled by a U.S. citizen.

Despite the “high confidence” alert generated by the business’s internal sanctions list screening tools, an analyst at the company closed the alert and ignored a second-level review as mandated by internal policy.

When the company received a ruling to suspend the account, the employee entering the suspension code failed to mention that it was due to a sanction. A customer service representative consequently removed the suspension immediately after the account’s U.S. owner called to ask about it.

In a third case of negligence, the bank failed to comply with another ruling to suspend the account, as an employee issued the incorrect suspension code, resulting in more transactions going through the account illegally.

Penalties, Remediation Steps, and What We Can Learn

OFAC issued a $430,500 monetary penalty to settle the company’s civil liability. The business began enhancing its internal policy in response by:

  • Centralizing the controls over account suspensions to minimize the risk of human error and negligence.
  • Consistently applying compliance measures across the company to prevent one department or individual from overriding a sanctions-related suspension.
  • Training staff members to mitigate future risks.

OFAC considered these responses constructive steps and “mitigating factors” when deciding on a penalty.

Delay in Updating Screening Protocols Speeds Up International Sanctions Violations

A bank in Puerto Rico was also in the crosshairs of OFAC sanctions regarding U.S. sanctions that at the time had been recently imposed against Venezuela.

How the Violation Occurred

The bank processed transactions for two employees of the Government of Venezuela. While the company planned to review its accounts potentially impacted by the new sanctions, the efforts were too late, as the executive order in question came into force 14 months before the bank got around to blocking the accounts.

Penalties, Remediation Steps, and What We Can Learn

OFAC decided on a settlement amount of $255,937 based on several factors. While it was a moderately-sized bank with the capabilities to adhere to denied party screening obligations, the business did take remedial action in response to the violations:

  • Introducing enhanced sanctions screening training for employees
  • Developing additional resources on sanctions alert review
  • Implementing new sanctions policies
  • Adding new staff specifically for OFAC compliance

The Key Takeaways

Banks need a robust compliance system for not only OFAC compliance but also Sarbanes-Oxley compliance, a U.S. federal law mandating financial record keeping, and other best practices for businesses. However, the deficiencies and shortcomings uncovered in these three cases can occur in any business.

All organizations, not just banks, need to reevaluate their stances on OFAC compliance rulings. While you may think your current system is enough, mistakes can slip through for any reason, from human error to a lack of sufficient policy.

It’s important to audit these systems continually, making sure that you’re always working with the up-to-date OFAC compliance lists and that your staff has enough training and resources to avoid incidents caused by negligence and human error.

Depending on aggravating and mitigating factors, OFAC will adjust its penalties accordingly. Simply showing that you are making a genuine effort to adhere to regulations will help minimize the damage of potential incidents.

Another takeaway is that companies must rely on robust software solutions for sanctions list screening to stay ahead of the curve. The examples above illustrate that manual screening methods can result in human error and a slow screening frequency. The automation of these platforms solves these issues and provides other operational efficiency benefits.

How Descartes Can Help with OFAC Compliance

Descartes is a provider of an industry-leading suite of denied party screening3rd party risk management solutions, as well as trade content for leading business systems, that is utilized by companies across industries, not just banks.

Descartes Visual Compliance and Descartes MK solutions are flexible and modular, allowing organizations to pick the specific and exact functionality and content they need for their particular compliance needs and scale up later as and when necessary.

By utilizing our robust solutions, organizations can strengthen their compliance processes, including with regards to OFAC compliance, and enhance their competitive edge, as well as increase sales velocity.

Looking to talk to an expert?

Written by Jackson Wood

Director, Industry Strategy, Global Trade Intelligence, Descartes