OFAC Compliance Overview and Recent Trends Frederick E. Curry III Deloitte Transactions and Business Analytics LLP December 2015 Institute of International Bankers & Conference of State Bank Supervisors
Table of Contents I. OFAC Overview II. III. IV. Components of an OFAC Compliance Program OFAC and Bank Examinations Penalties for Violating OFAC Regulations V. Recent Enforcement Trends VI. VII. Factors Considered in Determining OFAC Penalties Resources -1-
I. OFAC Overview U.S. economic and trade sanctions are enforced by the Office of Foreign Assets Control ( OFAC ), which is an office of the U.S. Department of the Treasury These sanctions are enforced by imposing controls on transactions and assets under U.S. jurisdiction in order to further U.S. foreign policy and national security goals by targeting: Certain foreign countries and regimes Terrorists International narcotics traffickers Those engaged in the proliferation of weapons of mass destruction Specially Designated Nationals ( SDNs ) The SDN List is published by OFAC to identify U.S. targets and reflect U.N. and other international mandates -2-
I. OFAC Overview U.S. Interagency Coordination on Sanctions National Security Council Department of Homeland Security Law Enforcement The President Department of the Treasury Office of Foreign Assets Control Department of State Federal Bureau of Investigation Central Intelligence Agency Department of Commerce Department of Justice -3- Federal Regulators
I. OFAC Overview Key Things to Know about OFAC OFAC requires compliance with all U.S. sanctions laws and regulations OFAC is a strict liability issue penalties can accrue with no knowledge of the violations An OFAC compliance program should be tailored to each institution s OFAC risk profile -4-
I. OFAC Overview The following individuals and entities are required to comply with OFAC regulations: All U.S. persons regardless of where they are located All persons and entities located within the U.S. Includes U.S. branches of foreign banks All U.S. incorporated entities and their foreign branches All foreign subsidiaries owned or controlled by U.S. companies Only applies for certain sanctions programs (e.g., North Korea and Cuba) -5-
I. OFAC Overview Blocking Assets should be blocked or frozen if they are held by or on behalf of a party identified on the SDN List or go through a blocked country Title to the property remains with the target Rejecting Transactions should be rejected when the parties to the transaction do not have a blockable interest For example, a transaction between two non-sdn parties involving an export to a blocked country should be rejected Reporting When a transaction is blocked or rejected, it must be reported in writing to OFAC within 10 days An annual report of blocked property must also be submitted to OFAC by September 30 th of each year (interdictions as of June 30 th ) Certain states may also require reporting on OFAC blocked accounts -6-
II. Components of an OFAC Compliance Program Risk Assessment Identifies an institution's OFAC risks including Customer base Geographies Products Size and business Risk Assessment Training Training Tailored to the specific institution Reflects the institution s risk tolerance, policies and procedures Higher risk areas Be required and deployed on a regular basis Independent Testing Tests the effectiveness of the OFAC compliance program, including Internal controls Screening systems Remediation plans Testing OFAC Compliance Officer Designated to oversee OFAC compliance and has authority to effectively implement the program Compliance Officer -7- Internal Controls Internal controls Policies and procedures that reflect the institution s OFAC risk tolerance Corporate governance structure that includes escalation and reporting
III. OFAC and Bank Examinations OFAC administers and enforces sanctions requirements, and bank regulators examine for OFAC compliance. The FFIEC Examination Manual incorporates the concept of risk-based compliance and transaction monitoring to evaluate the adequacy of a bank s OFAC compliance program. Areas of focus may include: Appropriateness of a bank s compliance program for its unique OFAC risks, considering its: Products and services Customer base Transaction types Delivery channels Geographic locations Whether board and senior management have developed policies, procedures and processes based on the bank s risk assessment -8-
III. OFAC and Bank Examinations Examiners typically consider the following when assessing a bank s OFAC compliance program: Extent of and method for conducting OFAC searches How responsibility for OFAC is assigned Timeliness for obtaining and updating OFAC lists or filtering criteria Appropriateness of filtering criteria to reasonably identify matches Process to investigate potential matches, including escalation Process for blocking and rejecting Process for informing management of blocked or rejected transactions Adequacy and timeliness of reporting to OFAC Process to manage blocked accounts (reporting and payment of interest) Record retention Adequacy of independent testing (audit) and follow-up procedures Adequacy of OFAC training program based on risk assessment Whether bank has adequately addressed weaknesses or deficiencies identified by OFAC, auditors or regulators -9-
IV. Penalties for Violating OFAC Regulations Complying with OFAC regulations is a strict liability issue. Violations can jeopardize U.S. foreign policy and national security goals; therefore, fines can be substantial. Criminal penalties for willful violations range up to $20 million and 30 years in prison Civil penalties for violations range up to $1 million for each violation or twice the value of certain transactions, depending on the type of violation A civil penalty assessed against a foreign subsidiary of a U.S. entity is applied to the U.S. parent company -10-
V. Recent Enforcement Trends OFAC penalties reached record levels totaling over billions of dollars and included the largest OFAC settlement to date. Regulators are coordinating investigations and aggressively prosecuting and targeting: Systemic violations of OFAC laws and regulations Willful violations; e.g., wire stripping Large financial institutions In addition to penalties, financial institutions also face substantial costs related to: Remediation costs Potential legal costs Monitorships Ongoing cost of compliance -11-
VI. Factors Considered in Determining OFAC Penalties Certain factors OFAC takes into consideration when determining responses to OFAC violations and amounts of civil monetary penalties. Willful or reckless violation of the law Awareness of conduct issues Harm to OFAC program objectives Individual characteristics OFAC compliance program Remedial response Cooperation with OFAC Timing of apparent violation in relation to imposition of sanctions Enforcement actions by other Federal, State or local agencies Future compliance/deterrence effect Self-disclosure Other relevant factors on case-by-case basis -12-
VII. Resources OFAC Guidance -13- http://www.treasury.gov/about/organizational-structure/offices/pages/office-of-foreign-assets- Control.aspx
VII. Resources Bank Regulatory Guidance FFIEC BSA/Anti-Money Laundering Examination Manual Transaction monitoring, OFAC risk assessment, policies & procedures Memoranda of Understanding ( MOU ) between OFAC and state bank regulators New York State Banking Department ( NYSBD ) 1, December 2006 The Department of Commerce, Bureau of Industry and Security ( BIS ) 1 Now New York State Department of Financial Services -14-
This publication contains general information only and Deloitte Transactions and Business Analytics LLP is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This publication is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your business. Before making any decision or taking any action that may affect your business, you should consult a qualified professional advisor. Deloitte Transactions and Business Analytics LLP shall not be responsible for any loss sustained by any person who relies on this publication. -15-
Contact Information Deloitte Transactions and Business Analytics LLP 555 12th St NW Ste 500 Washington, DC 20004-1207 USA Frederick Curry Principal Global Anti-Money Laundering and Sanctions Practice Tel +1 202 378 5171 Fax +1 202 661 1371 fcurry@deloitte.com www.deloitte.com -16-
. About Deloitte As used in this document, Deloitte means Deloitte Transactions and Business Analytics LLP, an affiliate of Deloitte Financial Advisory Services LLP. Deloitte Transactions and Business Analytics LLP is not a certified public accounting firm. Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries. Certain services may not be available to attest clients under the rules and regulations of public accounting.