While OFAC may not be included in the top 10 issues facing your company, how familiar are you with the requirements? Are you confident that your company’s OFAC program is robust or, at least, meeting minimum requirements?
OFAC, an office of the U.S. Treasury, administers and enforces economic and trade sanctions based on U.S. foreign policy and national security goals, and it acts under Presidential wartime and national emergency powers to impose controls on transactions and to freeze assets under U.S. jurisdiction.
All U.S. persons, must comply with OFAC’s regulations. Financial regulators evaluate OFAC compliance programs to ensure compliance with the sanctions. In the creation and implementation of an OFAC compliance program, a risk-based approach is what is expected. The basic requirements are to block accounts and other property of specified countries, entities, and individuals and prohibit or reject unlicensed trade and financial transactions with specified countries, entities, and individuals.
Of special note, in2009, OFAC issued a final rule entitled “Economic Sanctions Enforcement Guidelines” to provide guidance by explaining the procedures that OFAC follows in determining the appropriate enforcement response to apparent violations of its regulations. As noted in the FFIEC BSA/AML Examination Manual (2014), “some enforcement responses may result in the issuance of a civil penalty that, depending on the sanctions program affected, may be as much as $250,000 per violation or twice the amount of a transaction, whichever is greater. The Guidelines outline the various factors that OFAC takes into account when making enforcement determinations, including the adequacy of a compliance program in place within an institution to ensure compliance with OFAC regulations.”
As we commonly see in compliance news, OFAC issues penalties for noncompliance and the outcomes are financially and reputationally damaging. Remember that violations can result in criminal penalties for willful violations and fines may range up to $20 million and imprisonment of up to 30 years. Take special note of the following:
Civil penalties for violations of the Trading With the Enemy Act can range up to $65,000 per violation;
Civil penalties for violations of the International Emergency Economic Powers Act can range up to $250,000 or twice the amount of the underlying transaction for each violation; and
Civil penalties for violations of the Foreign Narcotics Kingpin Designation Act can range up to $1,075,000 for each violation.
So, knowing all of this, there are pitfalls to avoid. Being familiar with OFAC requirements is good; however, a comprehensive understanding of how OFAC intersects with your company’s operations is something else. And, this ‘something else’ is where we should be or heading towards. Take a look at the list below and see if your company’s OFAC compliance program needs any fine tuning.
Responsibility: Has your company defined and documented roles and responsibilities to specific staff members? Have appropriate noncompliance consequences been documented and communicated to appropriate staff members?
Policies and procedures: Yes, you’re hearing this once again. Does your company have an established OFAC policy as well as procedures and processes to adequately meet OFAC compliance program requirements?
Monitoring: This process needs to occur internal and external to your company. Internally, how often is your company measuring its risk appetite with OFAC? How often is the OFAC risk assessment reviewed, updated, and presented to the Board? From an external perspective, how often does your company evaluate the effectiveness of any vendors that assist with OFAC compliance?
Connection to other BSA requirements or elements: Important crossovers exist, such as:
CIP: How effective and comprehensive are OFAC processes within the CIP process at your company?
Beneficial Ownership Rule: Have procedures and processes been updated to include the identification of beneficial owners of your company’s business entity clients in the OFAC process?
Independent reviews/audits: Whether an internal or external review is performed, how thorough is the audit in determining your company’s compliance with OFAC requirements?
Avoiding the pitfalls is crucial. Taking the right steps will help:
Proper oversight by the Board and senior management. Tone from the top and adequate employee training are must haves.
Strong BSA compliance policy and effective internal controls aid in compliance with OFAC requirements.
Since much of BSA is a risk-based approach, review and update at least annually the BSA and OFAC risk assessments and adjust the compliance programs accordingly.
Keep current with changes to the SDN list and sanctions communicated by OFAC. Do not rely on vendors at face value. Due diligence is a must.
Like Mortgage Compliance Magazine and the weekly “NewsLINES”? Tell your friends and colleagues about us! Send them this link for their free subscription.
Around the Industry:
The Fed, FDIC, and OCC jointly issued a statement detailing rules and associated reporting requirements that are immediately affected by the enactment of the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA). The Fed also issued a statement describing how the Board will not take action to enforce certain regulations and reporting requirements for firms with less than $100 billion in total consolidated assets.