It enforces the U.S.’s economic and trade sanctions against persons, entities and countries deemed hostile to the nation —from drug kingpins to government regimes.
But the Office of Foreign Assets Control typically keeps a low public profile as it tends to the spade work of rooting out money laundering, terrorist financing and proliferation of weapons of mass destruction. It’s best known in South Florida as the agency that enforces the U.S. embargo against Cuba.
OFAC raised its visibility considerably in December, however, with its announcement of a combined $753 million in penalties, reached in settlements with banking giants Credit Suisse and Lloyd’s TSB over their dealings with sanctioned parties. The great majority of the transactions involved Iran.
That has drawn the attention of South Florida’s international banking community, whose organization has made OFAC a key topic of its annual anti-money laundering and compliance conference next month in Miami.
“If you were to compare total enforcement for 2009 versus 2008, it’s just incredible,” said Ivan Garces, director of forensic services at Kaufman Rossin in Miami. “The past year had total civil money penalties of close to $1 billion, where 2008 was somewhere in the neighborhood of $3.5 million to $5 million.”
While the two enforcement actions accounted for much of that increase and the actual number of actions remained steady, “it just goes to show you the magnitude of what these penalties can actually be and the importance of having a strong OFAC compliance program,” Garces said.
The Florida International Bankers Association’s Feb. 18-19 conference expects more than 1,000 bankers and regulators from more than 40 countries at the InterContinental Miami hotel. That includes strong participation from Latin America and the Caribbean, as well as parts of the U.S. with a strong international banking presence.
“Interestingly, the two fines in December were for violations which originated outside the U.S.,” said Patricia Roth, FIBA’s executive director. “Incomplete knowledge, a misunderstanding of the regulations, or failure to have a strong enterprise-wide compliance program can spell disaster, which is why OFAC must be center stage. Any bank engaged in international trade finance or international clearing needs to clearly understand OFAC’s expectations and the consequences of non compliance.”
FIBA has invited OFAC, bankers and other specialists to share their insights “so that we can be sure we have implemented a strong OFAC program globally across the enterprise,” Roth said.
Along with a dialogue of hot topics between bankers and regulators, the conference continues its traditional mission as the ongoing training for certified compliance personnel, “where we drill down into specific things that arise over time,” Roth said.
While bankers like to complain about the high costs of compliance and the need for additional employees and infrastructure, attorney Robert Targ, a partner at Diaz Reus & Targ, said many of them privately acknowledge that the measures often do work — keeping the bank and its customers free from risk that could lead to embarrassment, government measures or even seizures.
“Fraud detection and fraud avoidance are a higher priority than ever,” Targ said. “With Stanford, Madoff and Rothstein hanging out there, this is pretty timely.”
Targ, whose firm represents “a number of victims” in the Stanford matter, said fulfilling compliance obligations starts with knowing your customer. “If you know your customer and your customer’s business and you’re doing your site visits and your risk matrix and following their business activities, then any out-of-the-ordinary wire transfers, deposits or withdrawals should spark an inquiry,” Targ said.
Andres Fernandez, a banking lawyer and shareholder with Gunster in Miami, said OFAC compliance’s rise to the forefront began in 2005, when banks were already wrestling with Bank Secrecy Act and anti-money laundering regulations that had been beefed up in response to the Sept. 11, 2001 terrorist attacks.
Since 2005 or 2006, that BSA/AML compliance program has been expanded to, “Let me see your BSA/AML/OFAC compliance program,” said Fernandez, who will moderate a panel discussion on OFAC at the conference. “It’s now a triple-barrel shotgun that the banks are looking at.”
What happened, he explained, is that in 2005 federal regulators came out with the an examination manual, the road map that an examiner uses during a bank examination. OFAC had significant involvement in putting that document together and it includes a key chapter on OFAC.
“So now they are incorporating OFAC into their exams and the bank OFAC compliance into their exams,” Fernandez said. A year later, OFAC entered into a memorandum of understanding with all the federal regulators, creating a free flow of information between the federal regulators and OFAC.
“So if, for example, an OCC examiner is at the bank and finds a problem with OFAC compliance, or missed a transaction that was subject to OFAC, they’re going to pick up the phone and call OFAC,” Fernandez said.
Garces said it’s not just banks that are subject to OFAC regulation, “it’s all U.S. persons and businesses,” Garces said. “The reason it’s been principally banks is because a lot OFAC’s concentration has been on blocking and prohibiting transactions.”
While some transactions subject to OFAC oversight are extremely difficult to detect in real time, Fernandez said the sophistication of compliance operations in South Florida does allow for after-the-fact discoveries of deals that directly or indirectly involve an OFAC-sanctioned person or country. That could provide leads to prevent future transactions involving those parties.
“What you do in that situation is voluntarily self-disclose the transaction or the activity to OFAC,” Fernandez said. “The mitigating factor that OFAC weighs the heaviest is did the bank voluntarily self-disclose this? They’ll take into account the sophistication of your systems and internal controls, and determine if a penalty is justified in this situation.”
One challenge for financial institutions is that OFAC “is strict liability,” Fernandez said.
“If you process a transaction through your bank, whether directly or indirectly, that was for the benefit or by order of an OFAC- sanctioned person or country, that is a violation of the law, period,” he said. “OFAC could issue a sanction against the bank in the form of a fine or penalty.”
Other regulators could also get involved, he said.
“Was there a breakdown in the bank’s monitoring? In its controls? You need very strong customer due diligence. You need to know exactly what your customer is doing through your bank,” Fernandez said. “If your customer is an exporter, you need to know exactly where is your customer selling its products? To whom?”
OFAC has two prongs. The first is a list of specially designated nationals that it publishes and periodically updates, with thousands and thousands of persons and entities.
“These automated software systems are sophisticated enough that that system automatically uploads and screens every transaction in your customer base continuously,” Fernandez said. “OFAC also has country sanction programs, which are the sanctions against Cuba, or Iran. Those are at times more difficult to comply with, because they’re more ambiguous.”
For example, any financial transactions with Cuba are prohibited.
Any person that is a citizen or resident of Cuba after July 1963, is deemed a Cuban national even if they move to Spain.
“That is a prohibited person,” Fernandez said. “However, a bank is prohibited from conducting transactions with an Iranian while that Iranian is in Iran. If the Iranian moves to a third-party, non-sanctioned country, that person is no longer subject to OFAC sanctions. The compliance offices need to have the wherewithall to understand these distinctions.”
Nine times out of 10, Fernandez said, “the problems we see banks run into with OFAC are more related to the country sanctions programs versus an individual.”
For example, “We’ve also seen more Iranian persons and entities, companies controlled by the government of Iran now infiltrating the region — for example, Venezuela. We have seen a significant rise in OFAC compliance-related matters and questions.”
Garces said OFAC’s main requirements is “that you block accounts of specified countries, entities and individuals. There is the SDN list which OFAC has, which is your specifically designated narcotics traffickers. There have been enforcement actions taken against import exporters, insurance companies.”
“There’s not a specific regulation that says you need to do it this way, or that way,” Garces said. “You just have to have internal controls that are sufficient to meet those two objectives. Most banks purchase a software application to query transactions.”
Garces recommends that clients perform OFAC queries at account openings and as transactions occur.
One of the big issues is that sanction violators sometimes have inside help that can defeat internal controls.
“One of the things I look at is what is the culture at an institution, do they have an anti-fraud and ethics program, what’s the tone that I sense there?” Garces said. “If you don’t have that kind of a structure in an organization, you might have people that are easily corruptible.”