$4M OFAC Sanctions Violations Fine Issued Due to Actions by Nasdaq’s Ex-Subsidiary

The Office of Foreign Assets Control (OFAC) issued Nasdaq a fine of over $4 million in 2023 for OFAC sanctions violations that occurred at an international subsidiary between 2012 and 2014.  

The international financial services enterprise acquired a Swedish company that operated the Armenian Stock Exchange (ASE) but failed to prevent providing services to a sanctioned party.  

OFAC noted 151 apparent sanction violations and calculated the base fine at $16 million, which was later reduced due to Nasdaq’s self-disclosure and implementation of an enterprise-wide sanctions compliance program (SCP). 

This case serves as a strong example of the necessity of sanctions screening that includes mergers and acquisitions and subsidiaries to avoid incurring steep fines. OFAC’s framework, along with effective tools, aims at preventing inadvertent OFAC sanction violations to avoid steep fines and penalties. 

Key Takeaways 

• Nasdaq’s former subsidiary was responsible for 151 apparent violations of OFAC sanctions during a two-year period. 
• The base-level fine was reduced due to Nasdaq’s self-disclosure and preemptive implementation of a robust SCP to comply with OFAC sanctions list search. 
• This enforcement action demonstrates the importance of performing OFAC screening against the activities of M&As and subsidiaries to avoid sanction violations. 

The OFAC enforcement release details the series of events that resulted in 151 violations calculated at a base level of $16 million, which are: 

1. Nasdaq acquired control over the Armenian Stock Exchange (ASE) in 2008 by acquiring the Swedish company OMX AB, renamed to Nasdaq OMX Armenia. 
   
   
2. In 2012, OFAC enacted sanctions against Iranian organizations, specifically targeting state-owned entities. 
   
   
3. Between 2012 and 2014, ASE continued to provide services to Mellat Armenia, a subsidiary of Bank Mellat, an Iranian state-owned financial institution which is covered by the OFAC sanctions list. 
   
   
4. Two internal audits in 2012 and 2013 identified the violation but did not take action to terminate services or report the violations. 
   
   
5. Nasdaq later self-disclosed the violations in 2014 and implemented corrective actions to prevent future violations. 
   
   
6. Nasdaq OMX Armenia was sold in 2018, but Nasdaq was still liable for prior violations. 

OFAC’s fine was originally calculated at $16 million but was reduced to $4 million after considering several mitigating and aggravating factors. The key factors in the reduction were self-disclosure and pre-emptive implementation of a robust SCP. 

These violations occurred at a sophisticated financial services corporation with resources and expertise to prevent them — it’s critical for every organization to enact effective programs. 

The enforcement release also included comments on the necessity for enterprises to apply robust OFAC screening processes throughout their entire organization, including subsidiaries. International subsidiaries are especially prone to sanctions violations that can result in steep fines, as was the case with Nasdaq. 

As OFAC screening complexities increase, organizations must create and refine effective sanctions compliance programs (SCP) to avoid violations. 

OFAC understands the complexity of compliance and has created a rough framework to help guide organizations in creating effective SCP programs. The high-level OFAC framework includes the following steps: 

• Management commitment is the foundation of an effective program. A compliance officer is recommended, along with new teams with experienced personnel focusing on preventing sanction violations. 
• An initial risk assessment should identify possible vulnerabilities that may enable sanction violations. Corrective actions should aim to mitigate or eliminate these vulnerabilities.  
• Internal controls must be created to continuously identify any possible or current violations, and then correct or report them if necessary. Written procedures should describe these controls along with assigning responsibilities and accountability. 
• Ongoing audits and testing should evaluate the effectiveness of the program to ensure its efficacy. Audits can focus on the entire SCP or focus on one specific aspect, with both being valuable. These internal tests and audits may also consider efficiency to discover opportunities to streamline operations. 
• Annual training programs, at a minimum, should enable the entire workforce to prevent sanction violations as relevant to their roles. Teams with a more direct possibility of enabling violations should have more frequent training sessions. 

While OFAC’s framework is intended to provide a one-size-fits-all approach with granular steps, it does demonstrate the overall steps most organizations will need to undertake to avoid sanctions breaches. Without a formalized program in place, sanction violations may occur for an extended period of time without being identified. 

Nasdaq’s case demonstrates the necessity of sanctions and denied party screening throughout international and domestic subsidiaries. It’s critical to have the right tools, people, and workflows in place to prevent violating current and future OFAC sanctions. 

Descartes’ denied party screening software solutions streamline OFAC sanctions list screening to avoid transacting with any restricted or denied parties. Our platform removes time-consuming manual processes while also ensuring you screen for new sanctions that may emerge. 

 
Is it time to strengthen or build a comprehensive OFAC compliance program? Learn more about how Descartes can protect your organization from OFAC sanctions, fines, penalties, and reputation damage.  

You can also check out what Descartes' denied party screening customers have to say on G2, a third-party software review site. Our ranking as one of the top 50 best software for enterprises is a testament to our commitment to helping businesses sail through the choppy waters of OFAC screening and trade compliance in general.