The Heart of AML Compliance: Sanctions Violations
The increase in AML enforcement has focused on sanctions violations. The problem continues to plague financial businesses which have yet to adapt to the United States’ ability to enforce US sanctions laws and regulations against conduct which occurs outside the United States. Short-sighted compliance programs fail to integrate a global perspective on compliance.
Standard Chartered was forced to pay fines and penalties for stripping Iranian identifiers from transactions, and HSBC was forced to plead guilty for similar conduct.
In two recent enforcement actions, American Express Travel Related Services Company, Inc. (“TRS”) settled with the Office of Foreign Asset Control and paid $5.2 million for violation of the Cuban Assets Control Regulations (“CACR”). TRS issued nearly 15,000 tickets for travel between Cuba and countries other than the United States, many of which had blocked compliance with the CACR, which is prohibited by OFAC. Under the penalty formula used by OFAC, TRS was cited for a number of aggravating circumstances, including the fact that TRS violated the same regulations in 1995; TRS had an inadequate compliance program; and TRS continued to violate the regulations after it voluntarily disclosed the matter in 2010.
In a second recent case, Intesa Sanpaolo S.p.A., an Italian bank, settled OFAC violations for $2.9 million for violations of the Cuban Assets Control Regulations (“CACR”), the Sudanese Sanctions Regulations (“SSR”), and the Iranian Transactions Regulations (“ITR”). Intesa engaged in a long-time business relationship with Irasco S.r.l (“Irasco”), an Iranian company controlled by the Iranian government, and based in Italy. Intesa processed a number of transactions for Irasco that terminated in the United States. In addition, Intesa processed approximately 120 transactions to or through the United States that involved Cuba or Sudan.
Financial institutions continue to struggle with sanctions compliance. It is not the easiest of tasks for compliance professionals. Sanctions lists are continuing to expand and businesses need to keep their screening lists and procedures current. Many businesses purchase and rely on software services to screen potential customers and transactions. A screening procedure is just one aspect of a sanctions compliance program since there are many legal wrinkles to sanctions compliance.
As with all compliance strategies, companies need to conduct an initial audit and risk assessment to measure the risks they face in the sanctions world. A single audit examination will provide an important measure of sanctions risks and the controls which may be needed to reduce those risks.
The OFAC lists are regularly changed, as frequently as four times a week on average. Keeping up with the list is impossible without some technological support. As many as 50,000 names are included on the major lists (HM Treasury, OFAC, UN and EU), and screening possible names and permutations of the same name can be a challenging process.
The challenge for companies trying to comply with the vast set of sanctions and prohibited persons is not limited to the screening process but includes difficult legal definitions and issues under the sanctions regulations. Broad terms and equally general definitions can make compliance a complicated and difficult process. The key is to make sure that legal guidance is integrated into the sanctions compliance program to ensure that difficult legal issues are handled consistently.