Western Independent Banker - January/February 2008 - (Page 25)

By Kathlyn L. (Lyn) Farrell, CRCM, CAMS Common OFAC Errors and How to Avoid Them OFFICE OF FOREIGN Assets Control (OFAC) regulations are perhaps the most misunderstood piece of the overa l l Ba n k S ec rec y Ac t /A nt i-Mone y Laundering (BSA/AML) compliance requirements. OFAC enforces 10 separate federal statutes and a number of different executive orders. These laws are not uniform and, unlike most banking laws, they are not limited—they apply to all transactions, without any thresholds. OFAC compliance is reviewed during the BSA/AML regulatory examination by the federal regulatory agencies; in accordance with the FFIEC’s BSA/AML Examination Manual. The banking agencies can issue enforcement actions for non-compliance that include requirements to improve an institution’s OFAC program. OFAC itself can issue civil money penalties for violations. In 2007 OFAC issued civil money penalties to five financial institutions, with fines up to $100,000. OFAC takes into account mitigating factors when they issue penalties. Actions like selfreporting violations and implementing interdiction software can substantially reduce penalties. Most OFAC errors can be avoided with a strong compliance program. The following is a list of common OFAC errors and how to avoid them. Failure to Block or Reject a Transaction All of the 2007 OFAC civil money penalties involving banks were caused by the failure to block or reject a transactions. Blocking a transaction means the bank freezes the funds in its possession. Rejecting the transaction means that the bank refuses to process the transaction and returns the funds to the customer. If a banker rejects a transaction instead of blocking it, funds will be improperly released. Transactions involving persons on the Specially Designated Nationals (SDN) list should be blocked—the funds should be frozen. Blocked transactions must be reported to OFAC within 10 business days. If no SDNs are involved but the transaction violates one of the OFAC laws, the transaction must be rejected. The following are examples: a. A bank customer orders a wire transfer to pay a person in Sudan. The Sudanese beneficiary is on the SDN list. The funds should be blocked and a report sent to OFAC. This transaction should be blocked because the payee was on the SDN list. b. A bank customer orders a wire transfer to pay a Russian supply company through the Moscow branch of Bank Saderat, an Iranian government-owned bank. Neither the customer, nor the wire beneficiary is on the SDN list. However, the transaction should be rejected because the payment would violate the law against promoting trade with Iran. Since no SDN is paying or receiving the funds, it does not have to be blocked. If a SDN attempts to open an account and the bank checks the SDN list prior to receiving a deposit, the bank can reject the account. However, if the bank already has the opening deposit in its possession—whether or not it has been credited—the bank is obligated to block the funds and report it to OFAC. The best defense against this potentially costly error is training. All appropriate employees should be trained on blocking and rejecting transactions. Failure to Document an OFAC Risk Assessment The requirement to create an OFAC risk assessment is not found in a law or regulation. But, according to the FFIEC Examination Manual, it is a “fundamental element of a sound OFAC program.” One of the specific examination procedures requires the examiner to determine if the bank’s OFAC policy is based on a risk assessment. Enforcement actions can name the failure to conduct an OFAC risk assessment as an examination deficiency. Preparing an OFAC risk assessment is not difficult. It should be documented and include three assessment criteria: an institution’s products, customer base and previous OFAC actions. Appendix M of the FFIEC Examination Manual covers the factors mentioned in the OFAC risk Western Independent Banker January/February 2008 25

Table of Contents for the Digital Edition of Western Independent Banker - January/February 2008

Western Independent Banker - January/February 2008
A Message from the President
Compliance Administration
Four Realities of Data Security Policy, Enforcement
Managing Internet Banking Risks
Understanding Data Breach Notification Laws
The Effect of Business Continuity Management on Compliance Programs
Bridging the GAAP
Top 10 Compliance Fitness Steps for De Novo Banks
Common OFAC Errors and How to Avoid Them
The Intersection of Equal Credit Opportunity and Sub-Prime Loans
Location-Based Tax Credits for Banks
Protect Your Bank and Your Customers
WIB Calendar
Welcome New Members
Index to Advertisers

Western Independent Banker - January/February 2008