August 18, 2022

Volume XII, Number 230

Advertisement
Advertisement

August 17, 2022

Subscribe to Latest Legal News and Analysis

August 16, 2022

Subscribe to Latest Legal News and Analysis

August 15, 2022

Subscribe to Latest Legal News and Analysis

Check It Once, Check It Twice: OFAC Requests Daily Screenings of SDN List for Sanctions Compliance

A recent OFAC enforcement action against MidFirst Bank highlights the five essential components of an effective sanctions compliance program that will serve to mitigate exposure in the event of a violation:

  • Senior management commitment to developing a culture of compliance
  • Thorough and routine risk assessment
  • Defined internal controls and recordkeeping
  • Comprehensive testing and auditing of transactions
  • Periodic training for company personnel

On July 21, 2022, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) issued a Finding of Violation (“FOV”) to MidFirst Bank for violations of the Weapons of Mass Destruction Proliferators Sanctions Regulations. OFAC’s decision to issue an FOV to MidFirst, in place of steep civil penalties that are typical of OFAC enforcement, was based on a variety of mitigating factors that OFAC has vowed to consider in imposing penalties for U.S. sanctions violations. Among these factors, a risk-based sanctions compliance program consisting of both preventative as well as remedial measures in the event of a violation is imperative for companies engaged in international business to avoid large fines.

The FOV issued to MidFirst was the result of 34 transfers facilitated by the Oklahoma-based bank on behalf of two individuals newly sanctioned pursuant to Executive Order 13382.1 Like most sanctions programs, the executive order, which initially blocked the assets of eight specified entities, authorizes OFAC to designate other proliferators and supporters to the SDN list at any time. Pursuant to this authority, OFAC designated two existing account holders at the bank. Despite MidFirst’s two-pronged sanctions compliance program, which consisted of both outsourced and internal screenings of transactions, the bank failed to detect the change until 14 days after the designation. In that time, the bank facilitated five transactions totaling over $610,000 on behalf of the newly designated SDNs, in violation of U.S. sanctions.

The violations resulted from MidFirst’s misunderstanding of the frequency of existing-customer screenings under its sanctions compliance program. Instead of screening existing customers daily, the program screened existing customers only once every 30 days, which proved insufficient given OFAC’s now daily updates to over 30 country-specific sanctions programs. Despite the violation, OFAC cited the bank’s immediate efforts to remediate the insufficiencies, which included increasing the frequency and quality of screenings as well as cooperating with OFAC, to justify its decision not to impose a civil penalty.

In its response to MidFirst, OFAC requests that companies review its Framework for OFAC Compliance Commitments, which lists the primary features of an effective sanctions compliance program as well as certain red flags that often lead to compliance breakdowns. A formal sanctions compliance program, though not required, is highly recommended and will serve to mitigate potential liability in the event of a violation.

When it comes to compliance programs, one size does not fit all. Instead, the adequacy of a program will turn on a variety of factors, including the company’s size and sophistication, products and services, customers and counterparties, and geographic locations. Despite these variations, OFAC has identified five essential components of any compliance program: management commitment, risk assessment, internal controls, testing and auditing, and training.

OFAC notes that a top-down commitment to compliance is vital to allocate the necessary resources to implement a robust sanctions compliance program. Risk assessments and testing should occur at regular intervals, include a thorough review of clients, products, services, and geographic locations, and allow for opportunities to adjust and tailor a company’s approach. Finally, internal controls should provide trained staff with streamlined policies and procedures that inform responses to potential prohibited activity.

OFAC’s response to MidFirst Bank’s violation is an instructive development in its assessment of compliance measures, and an encouraging result for companies similarly working to comply with OFAC’s guidelines. In addition, the Framework affords companies clear guidelines and an opportunity to customize sanctions compliance programs that fit the needs of their organizations. Such a strategy best positions companies to face a mitigated response should an OFAC violation occur despite best efforts to comply.

_____________________________________________________

1. Executive Order 13382 blocks the property of persons engaged in proliferation activities and their support networks. The program initially applied to eight organizations in North Korea, Iran, and Syria. Exec. Order No. 13382, 70 Fed. Reg. 38567 (Jun. 28, 2005).

Industries

Media Contact

To request information about Bracewell or to interview one of our lawyers, please contact Bracewell’s media relations team.

Jay Plum
Senior Director, Communications


© 2022 Bracewell LLPNational Law Review, Volume XII, Number 212
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Seth DuCharme Insurance Lawyer Bracewell LLP
Partner

Seth DuCharme draws on his 14 years of experience as a senior-level law enforcement officer to advise companies and individuals on cases involving cybersecurity and breach response, Foreign Corrupt Practices Act (FCPA) diligence and litigation, export controls, sanctions compliance and anti-money laundering.

Seth served in the United States Attorney’s Office for the Eastern District of New York from 2008 through 2021. He held various positions at the Eastern District, including Chief of the Criminal Division, Chief of the National Security & Cybercrime Section, and Acting United...

212-508-6165
Anissa L. Adas Commercial Litigation Lawyer Bracewell
Associate

Anissa Adas focuses her practice on complex commercial litigation and appeals, compliance reviews and white collar criminal defense. During law school, she served as a judicial intern for the Honorable Marian Blank Horn of the United States Court of Federal Claims.

Anissa has also handled pro bono matters involving immigration and criminal defense.

1.212-938-6403
Advertisement
Advertisement
Advertisement