Financial institutions in the United States must comply with the Office of Foreign Assets Control (OFAC) economic and trade sanctions programs in the name of national security. Among other things, these sanctions programs prohibit financial institutions from processing transactions that either: (i) involve “blocked” persons (i.e., Specially Designated Nationals (SDNs) such as international narcotics traffickers); or, (ii) would otherwise result in a sanctions violation (i.e., exporting goods to Iran).
When a financial institution receives a request to process a prohibited transaction, it has an obligation to identify the transaction’s sanctions implications proactively and avoid processing the transaction. Depending on the circumstances, this may involve either “blocking” the transaction or “rejecting” it. Blocking and rejecting transactions are different procedures, and both are subject to mandatory reporting.
Financial institutions that fail to block or reject prohibited transactions – even inadvertently – can face severe consequences. This is especially true when a systemic failure leads to the processing of multiple prohibited transactions. For example, in May of 2023 an online trading platform in Boston agreed to a $7.5 million settlement with the Office of Foreign Assets Control after facing a maximum civil monetary penalty of more than $19.6 billion due to “65,942 apparent violations of multiple sanctions programs” over a five-year period.
“Financial institutions need to prioritize OFAC compliance. Processing transactions that violate OFAC sanctions can lead to substantial penalties as well as enhanced scrutiny from OFAC going forward. An effective compliance program is critical, and financial institutions must have the policies, procedures, and protocols that are necessary to proactively identify and block or reject prohibited transactions.” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C.
With this in mind, what do banks and businesses need to know about OFAC blocked transactions compliance in 2023? Here are some key considerations:
Businesses That Qualify as “Financial Institutions”
The first key consideration is understanding what types of businesses have an obligation to identify and block or reject prohibited transactions. While this obligation applies to “financial institutions,” this term has a broad definition under the federal Bank Secrecy Act (BSA). As defined in 31 U.S.C. Section 5312(a)(2), the term “financial institution” includes:
- FDIC-insured banks
- Commercial banks and trust companies
- Private bankers
- Branches of foreign banks that are located in the United States
- Credit unions
- Businesses that facilitate money transfers
- Securities and commodities brokers and dealers
- Investment banks and investment companies
- Currency exchanges
- Credit card system operators
- Insurance companies
- Loan and finance companies
- Travel agencies
- Automotive dealerships
This list is not exhaustive. In addition to other types of businesses listed specifically in Section 5312(a)(2), the definition of a financial institution also includes “[a]ny business or agency which engages in any activity which the Secretary of the Treasury determines, by regulation, to be an activity that is similar to, related to, or a substitute for any activity in which any business described in [Section 5312(a)(2)].” Thus, many types of businesses have OFAC compliance obligations—including the obligation to identify, block, reject, and report transactions that violate the Office of Foreign Assets Control (OFAC) sanctions programs.
Blocking Transactions that Violate the Office of Foreign Assets Control Sanctions Programs
Financial institutions are required to block many transactions that violate (or would violate) OFAC regulations or sanctions. As OFAC explains, blocking a transaction involves placing the originating party’s funds into an interest-bearing account. This can either be a separate, stand-alone account for the transaction at issue or an “omnibus account” used to hold multiple parties’ blocked funds. OFAC takes the position that, “[e]ither method is satisfactory, so long as there is an audit trail which will allow specific funds to be unblocked with interest at any point in the future.”
In most cases, the obligation to block a transaction arises when one of the parties involved is an SDN. An SDN may be an individual, business, or governmental entity. OFAC maintains a searchable list of SDNs, and notes that “[t]heir assets are blocked and U.S. persons are generally prohibited from dealing with them.”
This prohibition extends to facilitating transactions between SDNs as well as facilitating transactions between SDNs and other parties. Thus, not only must financial institutions block transactions originated by SDNs, but they must block transactions when the intended recipient is an SDN as well. OFAC makes this clear, noting that “property” which is subject to blocking includes “present, future or contingent interests.” Thus, in the case of a transaction that involves sending property to an SDN, the financial institution processing the transaction “will be holding blocked property upon the receipt of concrete instructions from its customer to send the funds” to the SDN.
Crucially, financial institutions’ obligation to block transactions extends not only to transactions involving SDNs, but also transactions involving related parties. Determining whether a party is related to an SDN involves applying OFAC’s 50 Percent Rule. This Rule states that, “the property and interests in property of entities directly or indirectly owned 50 percent or more in the aggregate by one or more blocked persons are considered blocked.”
Rejecting Transactions that Violate OFAC Sanctions
In some cases, it is not possible to block a transaction because the financial institution is not in possession of funds originating from (or intended to be sent to) an SDN or a related party. However, the transaction may still be prohibited under an OFAC sanctions program. In this scenario, the transaction must be “rejected” rather than “blocked.” As OFAC explains in its FAQ #36:
“In some cases, an underlying transaction may be prohibited, but there is no blockable interest (i.e., that of a Specially Designated National (SDN) or blocked person or government) in the transaction. In these cases, the transaction is simply rejected, or not processed and returned to the originator.”
To determine whether a transaction must be rejected, financial institutions must evaluate not only the parties involved, but also the intended purpose of the transaction. As an example of when a transaction may need to be rejected, OFAC provides that a financial institution would need to reject a transaction between two non-SDNs “involving an export to a company in Iran that is not otherwise subject to sanctions.” Even though there is no blockable interest involved in the transaction itself, the financial institution “cannot process the transaction because that would constitute a prohibited export of services to Iran pursuant to the Iranian Transactions and Sanctions Regulations (ITSR), unless authorized by OFAC or exempt from regulation.”
Since a financial institution will not be in possession of blocked assets in the case of a transaction that is subject to rejection, there is no obligation to hold either party’s assets in an interest-bearing account (and withholding a non-SDN’s assets in this scenario could potentially lead to civil liability). Instead, the financial institution must simply refuse to process the transaction—and document its refusal for reporting purposes.
Reporting Blocked and Rejected Transactions to OFAC
Under OFAC’s sanctions regulations, financial institutions have an obligation to report all blocked and rejected transactions. In fact, financial institutions have two separate reporting requirements for all relevant transactions.
The first reporting requirement applies to each individual transaction. Under 31 C.F.R. Parts 501.603 and 501.604, financial institutions must report all blocked and rejected transactions “within 10 business days of the date of the action.” OFAC provides an optional reporting form; and, regardless of the form in which a report is submitted, it must be accompanied by a copy of the original transfer instructions. Financial institutions can submit transaction reports and the related transfer instructions to OFAC’s Sanctions Compliance and Evaluation Division via email.
The second reporting requirement applies to blocked property. Financial institutions must file an Annual Report of Blocked Property with OFAC’s compliance division by September 30 of each year. OFAC provides a standardized reporting form and instructions for completing the form. While use of the standardized form is not mandatory, financial institutions must contact OFAC’s compliance division prior to submitting an annual report in an alternate format.
Implementing an Effective OFAC Compliance Program
Meeting OFAC’s transaction blocking, rejection, and reporting requirements requires a comprehensive and custom-tailored OFAC compliance program. To be effective, OFAC compliance programs must be tailored to a financial institution’s organizational structure and systems, and the financial institution must be able to efficiently implement the program in all aspects of its operations. While OFAC does not specifically mandate that financial institutions adopt economic and trade sanctions compliance programs, as a practical matter, implementing appropriate policies, procedures, and protocols is a necessity for national security and foreign policy.
There are numerous aspects to an effective OFAC sanctions compliance program. OFAC makes clear that financial institutions’ commitments to compliance should come from the top, labeling senior management’s commitment to compliance as one of the “five essential components” of an effective program. Other key elements of an effective OFAC sanctions compliance program include (but are not limited to):
- Customer due diligence (“know your customer” or “KYC”) policies and procedures
- Use of up-to-date sanctions screening software
- Appointment of an OFAC compliance officer and team
- Systems and documented protocols for identifying high-risk parties and transactions
- Systems and documented protocols for blocking, rejecting, and reporting prohibited transactions
Due to the risks of non-compliance, all financial institutions need to ensure that they have effective sanctions compliance programs in place. Ongoing documentation of compliance is critical as well, as financial institutions must be prepared to affirmatively demonstrate that they have complied with OFAC’s transaction blocking and rejection requirements when necessary.