Lessons from OFAC Enforcement Actions of the first half of 2023
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has been significantly active in 2023. Beginning in March, there have been nine enforcement actions, resulting in penalties surpassing the mark of $556 million. Delving into the details of these sanctions, some key learnings surface that could shape corporate compliance measures in the future.
Sanctions compliance in non-core business lines: a close watch
In an intriguing case, a renowned U.S.-based Bank encountered a $97.8 million penalty. The issue? Inadequate oversight over a European Bank’s compliance risks, which inadvertently led to apparent U.S. sanctions violations against Iran, Syria, and Sudan. This serves as a potent reminder of the importance of oversight in ensuring sanctions compliance, even in smaller and non-core business lines.
Information is power: screening an auditing crucial for exporters
A leading U.S.-based software maker found itself settling a hefty $3.3 million for apparent violations of sanctions and export control laws. The root cause was a lack of complete or accurate customer information. The software maker, through its Irish and Russian subsidiaries, inadvertently provided prohibited software and services to sanctioned jurisdictions and individuals. This underscores the significance of gathering extensive customer information to spot potential red flags.
Management liability: high stakes for decision makers
Highlighting personal liability, an executive from a U.S.-based skincare company was faced with a $175,000 fine over alleged sanctions violations concerning Iran. The crucial takeaway is clear – company management may find themselves directly accountable for sanctions violations, emphasizing the gravity of each decision made.
Tools of the trade: geofencing and IP screening
In a unique case, a foreign bank settled for $3.4 million due to apparent violations of OFAC sanctions concerning Crimea. The bank’s customer, using an IP address from Crimea, sent payments through U.S. correspondent banks. This enforcement action serves as a reminder of the importance of geofencing and IP screening as pivotal compliance tools.
Beware of Red Flags: financial institutions must investigate
Financial institutions should treat customer assurances with caution. Relying on unsubstantiated information can lead to compliance breaches, as seen in the foreign bank’s case linked to Crimea. Instead of accepting customer claims at face value, a thorough investigation into potential red flags should be the norm.
The enforcement actions from the first half of 2023 emphasize the evolving nature of compliance and the paramount importance of proactive and thorough measures. Whether it’s extensive screening, regular audits, or ensuring personal accountability, a holistic approach to sanctions compliance is the need of the hour.