CSI Resources

four thumbs up

An OFAC Best Practices Guide for Non-Traditional Financial Institutions

  • by Michael Brown
  • Apr 11, 2017

After the attacks of Sept. 11, 2001, the U.S. Treasury Department broadened the term “financial institution,” under the USA PATRIOT Act, to include industries that, by their very nature, are at higher risk for money-laundering violations.

Because of this, companies that previously were relatively unaffected by government sanctions found themselves neck-deep in financial regulations. OFAC violations, in particular, are on a rising trend, with a sizable target on the backs of what the agency now deems non-traditional financial institutions.

What Are OFAC Regulations?

The Office of Foreign Assets Control (OFAC) is an enforcement agency under the U.S. Department of the Treasury that regulates trade sanctions and enforces national security objectives. In the context of businesses, OFAC is known specifically for its enforcement of USA PATRIOT Act watch list compliance, which states: 

“Every U.S. citizen, permanent resident alien and company, as well as any overseas branch of the same, is prohibited from doing business with those targeted on OFAC’s Specially Designated Nationals (SDN) List, which includes terrorists, narcotics traffickers and those controlled by or acting on behalf of sanctioned countries.”

To traditional financial institutions, OFAC regulations are nothing new, and most have developed protocols and best practices that have been perfected over time. To other businesses, however, such regulations are still somewhat new, and OFAC is cracking down on them.

By the Numbers

From 2006 to 2016, OFAC imposed $4.2 billion in civil money penalties (CMPs). And although traditional banks still bear the lion’s share of the total dollar amount each year, non-traditional financial institutions are being fined far more frequently.

In 2016, 89% of all fines were issued to companies outside of the traditional financial industry; a drastic increase from 67% the previous year. Inexplicably, in 2016 less than half of all violators had an OFAC compliance program in place. This indicates that, although OFAC’s enforcement policy has placed great emphasis on these non-traditional financial institutions, they seem almost blind to the increase in scrutiny.

Non-Traditional Financial Institutions Hit the Hardest

Money Services Businesses

In 2016, fines for MSBs ranged from $8,000 to $40,000.

Because traditional banks typically have extensive OFAC compliance software in place, many criminals seeking to finance their exploits turn instead to MSBs for credit or easy transfers of funds. If a Specially Designated National, or SDN, opens a credit card or moves money using an app, OFAC violations will be flagged. 

Insurance

Processing claims without a license for persons in a sanctioned country cost one insurer $348,000.

Since insurance is a widely distributed industry with billions of customers, its OFAC compliance can be particularly cumbersome. Providing coverage to sanctioned individuals or carrying out policies in sanctioned countries have cost the insurance industry millions in fines. 

Transportation and Logistics Providers

A major shipping line was fined $3.08 million for providing unlicensed shipping services to sanctioned countries.

While this industry is not included in the non-traditional financial institution category, its sanctions compliance is no less important. Cooperation between freight forwarders, shippers, and other transportation and logistics providers with OFAC sanctions programs help stop goods from getting in the hands of sanctioned countries or individuals. There is also the question of the “end use” of any products traded internationally, i.e., will the product be used for legitimate purposes or could it be used for terrorism, narcotics trafficking or in the proliferation of WMDs?

Considering “other businesses” are disproportionally represented in the total number of fines issued, education on OFAC and implementation of a watch list screening program should be a top concern. And while it is true that each industry will ultimately have its own unique methodology when dealing with OFAC regulations, there are certain best practices of which every American business should be aware.   

OFAC Best Practices

  • Automate the Process
  • Any attempt to manually screen the OFAC SDN list carries with it enormous operational costs, but more importantly, it increases risk exponentially. Even for smaller businesses, manually checking every transaction against these watch lists can be a grueling process, and the risk of human error is prevalent. Automation is the only operationally effective way to ensure compliance.

  • Add The Extras

    Simply using watch list screening software isn’t enough for many in the above mentioned industries. Those that provide enhanced search and report capabilities, as well as integration into web-based applications, can streamline management of OFAC regulations.

  • Take It to the Cloud

    Cloud-based technologies have enabled businesses around the world to access their data from anywhere. Using such a system allows further automation and the ability to check a company’s compliance status from outside the office.

  • Outsource List Updates

    Since OFAC’s watch list is updated frequently. Using a third-party provider to update the list in a usable format greatly reduces the effort of checking the list manually. 

  • Advanced Word Matching
  • SDN lists are full of initials, acronyms and other name variations. This results in a multitude of false positives (names that are flagged but do not directly match the watch list). False positives prove to be operational nightmares, because it takes a hefty amount of due diligence to weed out the false positives from the true matches. Having a screening system that uses an algorithm to reduce false positives allows staff to focus on reporting true matches.

OFAC’s vigorous trend toward fining non-traditional financial institutions means that companies in this arena, both large and small, must have a set program in place to avoid financial losses. With these best practices as a guide, companies can implement OFAC compliance in a streamlined and cost-effective way. 

 

Michael Brown is vice president of product strategy for CSI Regulatory Compliance. With nearly two decades of IT and project management experience, he leads strategic product development for a wide variety of risk management solutions. Michael holds several industry certifications, including CAMS Certified Anti-Money Laundering Specialist, PMI-ACP Agile Certified Practitioner, PMI PMP Project Management Professional, and Oracle Certified Associate.