Lessons from OFAC Enforcement Actions

Lessons from OFAC Enforcement Actions of the first half of 2023

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has been significantly active in 2023. Beginning in March, there have been nine enforcement actions, resulting in penalties surpassing the mark of $556 million. Delving into the details of these sanctions, some key learnings surface that could shape corporate compliance measures in the future.

Sanctions compliance in non-core business lines: a close watch

In an intriguing case, a renowned U.S.-based Bank encountered a $97.8 million penalty. The issue? Inadequate oversight over a European Bank’s compliance risks, which inadvertently led to apparent U.S. sanctions violations against Iran, Syria, and Sudan. This serves as a potent reminder of the importance of oversight in ensuring sanctions compliance, even in smaller and non-core business lines.

Information is power: screening an auditing crucial for exporters

A leading U.S.-based software maker found itself settling a hefty $3.3 million for apparent violations of sanctions and export control laws. The root cause was a lack of complete or accurate customer information. The software maker, through its Irish and Russian subsidiaries, inadvertently provided prohibited software and services to sanctioned jurisdictions and individuals. This underscores the significance of gathering extensive customer information to spot potential red flags.

Management liability: high stakes for decision makers

Highlighting personal liability, an executive from a U.S.-based skincare company was faced with a $175,000 fine over alleged sanctions violations concerning Iran. The crucial takeaway is clear – company management may find themselves directly accountable for sanctions violations, emphasizing the gravity of each decision made.

Tools of the trade: geofencing and IP screening

In a unique case, a foreign bank settled for $3.4 million due to apparent violations of OFAC sanctions concerning Crimea. The bank’s customer, using an IP address from Crimea, sent payments through U.S. correspondent banks. This enforcement action serves as a reminder of the importance of geofencing and IP screening as pivotal compliance tools.

Beware of Red Flags: financial institutions must investigate

Financial institutions should treat customer assurances with caution. Relying on unsubstantiated information can lead to compliance breaches, as seen in the foreign bank’s case linked to Crimea. Instead of accepting customer claims at face value, a thorough investigation into potential red flags should be the norm.

The enforcement actions from the first half of 2023 emphasize the evolving nature of compliance and the paramount importance of proactive and thorough measures. Whether it’s extensive screening, regular audits, or ensuring personal accountability, a holistic approach to sanctions compliance is the need of the hour.

Latest Blog Posts
Blog, News
June 11, 2024
The challenge: Confirmation of Payee requires data from external source. Consequently, adherence to the GDPR regulations that protect personal data...
News, Events, Blog
June 9, 2024
On June 4 the annual EBA Seminar was held in Tel Aviv, Israel, for compliance officers and financial institutions senior...
News, Blog
June 5, 2024
Securing its spot in FinCrimeTech50 list by FinTech Global, Fincom demonstrated yet another achievement in combating financial crime. With its...
News, Blog
May 22, 2024
Recently, Finastra and Fincom held a joint webinar, discussing the issue and challenges of real-time compliance that needs to go...

Thank you for your interest!
Please leave your details