June 2012 OFAC Settlement Highlights Importance of Proactive Compliance Monitoring BY SCOTT FLICKER, KEVIN PETRASIC AND AMANDA JABOUR The U.S. Department of the Treasury s Office of Foreign Assets Control ( OFAC ) recently announced a $619 million settlement to address apparent violations by a foreign bank of U.S. economic sanctions. 1 The settlement is the largest OFAC settlement of any kind and marks the end of OFAC s investigation into alleged manipulation by the bank of information regarding transactions with U.S.-sanctioned parties in more than 20,000 financial and trade transactions routed through banks located in the United States between 2002 and 2007. The apparent violations primarily involved the Cuban Assets Control Regulations, 2 but also include the Sudanese 3 and Burmese 4 Sanctions Regulations, the Iranian Transactions Regulations, 5 and the now-repealed Libyan Sanctions Regulations. 6 The OFAC settlement was part of a global settlement including the U.S. Attorney s Office for the District of Columbia, the Department of Justice, and the New York County District Attorney s Office. OFAC s Authority and Programs OFAC administers and enforces economic sanctions against targeted foreign countries, regimes, terrorists, international narcotics traffickers, and persons engaged in activities related to the proliferation of weapons of mass destruction, and certain related activities. OFAC has authority to impose controls on transactions and to freeze assets under U.S. jurisdiction. All U.S. persons are subject to OFAC s regulations and program requirements. This includes all U.S. citizens and permanent resident aliens regardless of where they are located, all persons and entities within the U.S., all U.S. incorporated entities and their foreign branches, and all U.S. financial institutions, including U.S. banks, bank holding companies and non-bank subsidiaries. In addition, with respect to certain programs, the foreign subsidiaries of a U.S. company must also comply with the OFAC regulations. Finally, certain OFAC programs require foreign persons in possession of U.S. origin goods to comply with OFAC s program requirements. 7 OFAC administers a number of different programs relating to U.S. economic sanctions and embargoes targeted at certain geographic regions, countries, groups, and/or governments. Country sanctions administered by OFAC are generally classified as comprehensive and non-comprehensive. Comprehensive country sanctions affect any transaction involving a certain country or person in such country, including an intermediary financial institution that may be processing the transaction. Noncomprehensive country restrictions relate to targeted activities, entities and/or individuals in certain countries. Generally, U.S. persons cannot conduct any transactions with a person/entity subject to comprehensive restrictions and, in many cases, transactions must be blocked by the person and the assets frozen. Similarly, U.S. persons are prohibited from engaging in certain types of transactions or with certain persons/entities in countries subject to non-comprehensive restrictions. 1 1
In addition, OFAC publishes and regularly updates a list of Specially Designated Nationals ( SDNs ) and Blocked Persons ("SDN List"). The SDN List includes names of companies and individuals who are connected to sanctions targets, and is not confined to a specific country or region but, rather, is intended to assist in tracking individuals and entities across country borders. Alleged OFAC Violations According to the settlement agreement with OFAC (the Settlement Agreement ), the alleged activity involved repeated violations of the Cuban Assets Control Regulations and other OFAC programs. These violations totaled more than $1.6 billion in funds routed through the United States. 8 The Settlement Agreement alleges that, beginning in the mid-1990s, bank employees, at the direction of senior bank management, began omitting references to Cuba in payment messages sent to the U.S. in order to prevent U.S. financial institutions from identifying and blocking prohibited transactions. 9 Employees allegedly screened information on payment instructions for Cuba-related references that might have resulted in wires becoming blocked in the U.S. Messages were then modified to eliminate or camouflage references to Cuba or other information that caused a compliance hit before sending the payment to unaffiliated U.S. banks without references that would cause the U.S. banks to identify transactions as involving a blocked Cuban interest. 10 On several occasions when U.S. institutions successfully interdicted Cuba-related payments, it is alleged that the bank s personnel made false statements to the U.S. institutions regarding the transactions. 11 It is further alleged that, in 2004, an employee of the bank, upon learning of the above conduct, brought the apparent violations of U.S. law to the attention of internal legal and compliance staff; however, it appears that the employee s concerns were dismissed. 12 This, perhaps, proved to be one of the more critical factors in the size and scope of the ultimate settlement with OFAC. Complicating the situation, it is alleged that other foreign branches of the bank also employed the practice of removing and omitting references to prohibited transactions. 13 Additionally, it is alleged that certain senior bank management authorized the use of, and provided, fraudulent endorsement stamps for use by Cuban financial institutions in processing travelers checks, which disguised the involvement of Cuban banks when the transactions were processed through the U.S. 14 Between 2002 and 2007, over 20,000 funds transfers, trade finance transactions, and travelers checks in which Cuba and Cuban-related entities had an interest were allegedly processed. In the aggregate, transactions exceeding $1.6 billion were processed through financial institutions located in the U.S. in apparent violation of the prohibition against [a]ll transfers of credit and all payments between, by, through, or to any banking institution or banking institutions wheresoever located, with respect to any property subject to the jurisdiction of the United States. 15 Approximately $20 million in additional funds was allegedly routed through the U.S. in apparent violations of the Burma, Iran, Sudan, and now-repealed Libya sanctions programs. 16 OFAC did note, as factors in mitigation of more severe penalties, that all but one of the alleged violations were voluntarily disclosed to the agency by the bank, and the bank had cooperated substantially with OFAC s investigation following the disclosures. Compliance Concerns for Financial Institutions The settlement is notable for its size (representing the largest civil penalty settlement ever by OFAC), and it has clear implications for all companies engaging in cross-border transactions subject to U.S. jurisdiction, including a wide range of financial transactions that may involve Cuba, Iran, Syria or other targets subject to U.S. sanctions. In particular, the scope of the OFAC and related investigations and the large financial penalty imposed by OFAC underscore the importance of having an effective OFAC compliance program. 2 2 2
All U.S. persons, including corporations, insured depository institutions ( IDIs ) and other financial institutions, have a responsibility to ensure that they are not engaging in OFAC-prohibited transactions. Every transaction that a U.S. person engages in is subject to OFAC review, and compliance takes on a higher level of importance when engaging in overseas and cross-border transactions. The appropriateness of a compliance program depends on the entities involved in a business relationship, and financial institutions must be vigilant in reviewing and maintaining the adequacy of their compliance programs with respect to existing OFAC sanctions. As underscored by the OFAC settlement, a primary concern for IDIs is their role as intermediaries in international payment transactions. In that role, IDIs cannot omit, delete, or alter information in payment messages or orders for the purpose of avoiding detection of information by any other financial institution in the payment process, and must be vigilant in maintaining compliance programs that protect against such activity. Further, and perhaps most important, IDIs must cooperate with other financial institutions in the payment process when requested to provide information about the parties involved. This poses an obligation on an IDI to know the parties and true nature of the financing or payment relationship before consummating a transaction. IDIs may not be able to immediately recognize whether the party to a transaction is an SDN or subject to other sanctions, so they should not conduct a transaction before the OFAC analysis is completed. OFAC generally recommends that IDIs consult with their primary federal bank regulator, and review the risks presented by relationships with third-party payment processors and other service providers, regarding the suitability of OFAC compliance programs. What constitutes an adequate compliance program depends, in part, on who an IDI s customers are and what type of business it conducts. Certain areas of bank operations, such as international wire transfers and trade finance, present higher risk for OFAC violations than others. In addition to OFAC compliance, IDIs are subject to additional compliance risk in international financial transactions. IDI compliance requires a multi-faced approach, including: An effective BSA/AML compliance effort, to include a compliance program, risk assessment, suspicious activity monitoring and reporting systems, and the level and extent of automated BSA/AML systems; Compliance with the statutory and regulatory requirements for the Customer Identification Program; Effective customer due diligence programs and Suspicious Activity Reporting identification and reporting procedures; and Heightened recordkeeping requirements for certain types of accounts and transactions. In addition, IDIs must maintain strong and adequate compliance with other applicable laws and regulations. Similarly, non-idis must also be aware of OFAC restrictions and implement appropriate compliance procedures. Although IDIs tend to be the highest-risk institutions due to their combined OFAC and bank regulatory concerns, all other U.S. persons, including corporate entities, remain subject to OFAC regulations. Any transaction and particularly cross-border transactions that may implicate OFAC s country-specific or person-specific restrictions should be monitored for compliance with OFAC rules. Conclusion The recent OFAC settlement underscores the crucial nature from a business, financial, and reputational risk perspective of having an adequate and effective OFAC compliance program. More importantly, the settlement underscores the need for vigilance, particularly for IDIs, in overseeing, 3 3 3
monitoring and maintaining an up-to-date OFAC compliance program that incorporates all aspects of OFAC s economic and trade sanctions. A particularly significant aspect of such a program should emphasize ongoing monitoring and review, and foster a culture of self-reporting violations and inquiring to assess the scope of possible violations or program exposure. This is a key issue for OFAC in connection with the manner in which it conducts its enforcement efforts, and typically will enable an entity to forego more punitive action by self-reporting and working with OFAC and, in the case of IDIs, their federal bank regulators to address existing issues and program vulnerabilities. Paul Hastings attorneys regularly advise IDIs, financial institutions and other U.S. persons on matters involving cross-border transactions and OFAC compliance. If you have any questions concerning OFAC compliance issues, or if you are interested in working with Paul Hastings lawyers to review your existing compliance program or to address particular areas of concern, please do not hesitate to contact any of the following: Atlanta Chris Daniel 1.404.815.2217 chrisdaniel@paulhastings.com Todd W. Beauchamp 1.404.815.2154 toddbeauchamp@paulhastings.com Kevin Erwin 1.404.815.2312 kevinerwin@paulhastings.com Diane Pettit 1.404.815.2326 dianepettit@paulhastings.com Palo Alto Cathy S. Beyda 1.650.320.1824 cathybeyda@paulhastings.com San Francisco Thomas Brown 1.415.856.7248 tombrown@paulhastings.com Stanton R. Koppel 1.415.856.7284 stankoppel@paulhastings.com Shanghai Ananada Martin 86-21-6103-2742 anandamartin@paulhastings.com Washington, DC V. Gerard Comizio 1.202.551.1272 vgerardcomizio@paulhastings.com Scott M. Flicker 1.202.551.1726 scottflicker@paulhastings.com Kevin L. Petrasic 1.202.551.1896 kevinpetrasic@paulhastings.com Erica Berg-Brennan 1.404.815.2294 ericaberg@paulhastings.com Lawrence D. Kaplan 1.202.551.1829 lawrencekaplan@paulhastings.com Michael A. Hertzberg 1.202.551.1797 michaelhertzberg@paulhastings.com Amanda M. Jabour 1.202.551.0376 amandajabour@paulhastings.com Helen Y. Lee 1.202.551.1817 helenlee@paulhastings.com Scott Lieberman 1.202.551.1751 scottlieberman@paulhastings.com 4 4 4
1 See Press Release, U.S. Department of the Treasury, U.S. Treasury Department Announces $619 Million Settlement with ING Bank, N.V. (June 12, 2012). 2 31 CFR Part 515. 3 31 CFR Part 538. 4 31 CFR Part 537. 5 31 CFR Part 560. 6 31 CFR Part 550. 7 See OFAC Resource Center, Frequently Asked Questions and Answers ( OFAC FAQs ), online at http://www.treasury.gov/resource-center/faqs/sanctions/pages/answer.aspx#9. 8 See Settlement Agreement at 4. 9 Id. at 1. 10 Id. at 2. 11 Id. 12 Id. 13 Id. at 3-4. 14 Id. at 3. 15 31 CFR 515.201(a). 16 See Settlement Agreement at 5. 18 Offices Worldwide Paul Hastings LLP www.paulhastings.com StayCurrent is published solely for the interests of friends and clients of Paul Hastings LLP and should in no way be relied upon or construed as legal advice. The views expressed in this publication reflect those of the authors and not necessarily the views of Paul Hastings. For specific information on recent developments or particular factual situations, the opinion of legal counsel should be sought. These materials may be considered ATTORNEY ADVERTISING in some jurisdictions. Paul Hastings is a limited liability partnership. Copyright 2012 Paul Hastings LLP. IRS Circular 230 Disclosure: As required by U.S. Treasury Regulations governing tax practice, you are hereby advised that any written tax advice contained herein or attached was not written or intended to be used (and cannot be used) by any taxpayer for the purpose of avoiding penalties that may be imposed under the U.S. Internal Revenue Code. 5 5