2019 Recap Part I: OFAC Sanctions Enforcement

OFAC Fines Apple After Internal Screening Doesn't Catch Customer's Addition to SDN List

On the same day that OFAC added SIS to its SDN List, Apple’s sanctions screening tool did not discover SIS was added to the SDN list, the notice said. Apple said this was due to its sanctions screening tool’s “failure to match the upper case name ‘SIS DOO’ in Apple’s system with the lower case name ‘SIS d.o.o.’” Apple’s screening system also did not catch Savo Stjepanovic, the director and majority owner of SIS, because he was listed as an “account administrator” in Apple’s system, and its screening tool only identified individuals labeled as “developers.” Although Apple’s listed address for SIS matched the address published by OFAC, Apple did not “identify” SIS as a sanctioned company until two years later, OFAC said.

After SIS was sanctioned, Apple continued to “host software applications and associated content (‘apps’) owned by SIS on the App Store,” allowing downloads, sales and receiving payments from App Store downloaders. The downloads and sales allowed SIS to sell its apps to two other developers, which OFAC called the “Second Company” and the “Third Company.” The owner of the Third Company “took over the administration of SIS’s App Store account and replaced SIS’s App Store banking information with his own banking information,” OFAC said. “These actions were all conducted without personnel oversight or additional screening by Apple.”

Apple discovered that SIS was a sanctioned party after improving its sanctions screening tool in 2017, OFAC said. Apple stopped all payments related to SIS, which was “administered by the Third Company, and whose owner was receiving payments from Apple,” the agency said. But Apple continued to make payments to the Second Company for the “blocked SIS apps” it had received in 2017, the notice said. Apple made 47 payments associated with the blocked apps, earning more than $1.15 million over 54 months.

Apple voluntarily disclosed the violations, which constituted a non-egregious case, OFAC said. Mitigating factors included that the “volume and total amount of payments” was “not significant” compared to Apple’s annual transactions, the fact that Apple had not committed a violation within the last five years, and the fact that Apple responded to OFAC requests in a “prompt manner.” Apple also improved its compliance measures, including increasing the role of its sanctions compliance senior manager in the “escalation and review process”; reconfiguring its primary sanctions screening tool to “fully capture spelling and capitalization variations and to account for country-specific business suffixes”; and expanding sanctions screening to app developers, their “designated payment beneficiaries” and associated banks. Apple also updated its sanctions compliance employee instructions and introduced mandatory employee training on export and sanctions regulations.

Aggravating factors included the number of violations, the “multiple points of failure within the company’s sanctions compliance program,” Apple’s “reckless disregard” for U.S. sanctions, and the fact that Apple’s payments “conferred significant economic benefit” to SIS and its owner. OFAC also considered Apple a “large and sophisticated organization” with experience in international transactions and said that, in certain instances, Apple “failed to take corrective actions in a timely manner” after discovering SIS was a sanctioned party.

OFAC said the penalty highlighted the benefits of a comprehensive SDN screening list that “utilizes all of the information on the SDN List.” The agency also said companies should “anticipate potential vulnerabilities” in their compliance programs and “include preventative measures that alert and react to sanctions evasion warning signs.”

Florida Aviation Company Settles With OFAC on Sudanese Sanctions Violations

A Florida-based aviation investment management company was fined about $210,000 after it committed 12 violations of U.S. sanctions against Sudan, Treasury’s Office of Foreign Assets Control said in a Nov. 7 notice. The company, Apollo Aviation Group, which has since been bought by The Carlyle Group and is now Carlyle Aviation Partners, committed the violations in transactions involving the lease of three aircraft engines, the notice said. Apollo allegedly leased the engines to a United Arab Emirates company, which subleased the engines to a Ukrainian airline, which installed the engines on an aircraft wet leased to Sudan Airways.

At the time of the sale, U.S. people and companies were blocked from doing business with Sudan’s government or exporting items to Sudan, OFAC said. Although Apollo included in its contract with the UAE company that the engines were barred from being shipped to countries sanctioned by the U.S., Apollo “did not ensure the aircraft engines were utilized in a manner that complied with OFAC’s regulations.” The company did not “periodically monitor” or verify the lessee’s and sublessee’s “adherence to the lease,” OFAC said. “As a result, Apollo learned where its engines had actually flown only after the engines were returned to Apollo at the end of the lease.”

Two of the engines were wet leased -- an agreement whereby the lessor operates the aircraft on behalf of the lessee -- to Sudan for about four months in 2014 and 2015 before the lease expired and they were returned to Apollo, OFAC said. Apollo leased the third engine in May 2015 for about four months before it was “removed at the request of Apollo,” the agency said. The request came after Apollo discovered that its first two engines had been installed for Sudan Airways and soon realized its third engine was also being used in Sudan, the notice said. Apollo discovered the leasing information after receiving engine records after the lease for the first two engines expired in March 2015.

OFAC said Apollo was a company with “extensive technical knowledge” at the time of the violations, “with in-depth industry expertise, and longstanding presence in the mid-life commercial aviation sector.” The company was involved in “acquiring, refurbishing, marketing, and leasing” commercial jets and reportedly had $2.5 billion of “aviation assets” by the end of 2015 with offices in the U.S., Ireland and Singapore.

OFAC said the violations constituted a non-egregious case and said Apollo voluntarily self-disclosed the violations. The base civil penalty for the violations was $360,000, but the company was fined $210,600 due to several mitigating factors, including the fact that no Apollo personnel had “actual knowledge” of the violations, the fact that Apollo had not received a penalty in the previous five years and Apollo’s willingness to implement “remedial measures” and invest in “additional compliance personnel.” The company also provided OFAC with information in a “clear, concise, and well-organized manner.”

Aggravating factors included the fact that the violations harmed a U.S. sanctions program’s objectives, the fact that Apollo was a “large and sophisticated entity” and Apollo's failure to monitor customers’ compliance with the lease contract.

As part of the settlement agreement, Apollo confirmed to OFAC that it has stopped the conduct that led to the violations, took steps to “minimize the risk of recurrence” and improved its compliance program. Improvements include enhanced “Know-Your-Customer screening procedures,” improved employee training on U.S. export laws and a new practice of “obtaining U.S. law export compliance certificates from lessees and sublessees.”

OFAC said the enforcement notice highlights the importance of compliance by companies operating in “high-risk industries” and encouraged them to adopt “on-going, risk-based compliance measures, especially when engaging in transactions concerning the aviation industry.” The action also highlights the importance of “Know Your Customer screening procedures” and implementing compliance measures “that extend beyond the point-of-sale and function throughout the entire business or lease period.”

OFAC Announces $2.7 million Settlement With GE for Cuba Sanctions Violations

The Treasury’s Office of Foreign Assets Control announced a $2.7 million settlement with Boston-based General Electric for 289 violations of the Cuban Assets Control Regulations by three of GE’s current or former subsidiaries, OFAC said in an Oct. 1 notice. The subsidiaries -- Getsco Technical Services Inc., Bentley Nevada, and GE Betz -- accepted payments from The Cobalt Refinery Company, a U.S.-sanctioned company, “for goods and services provided to a Canadian customer” between 2010 and 2014, OFAC said.

Cobalt has been listed on OFAC’s Specially Designated Nationals and Blocked Persons List since 1995, OFAC said, and the Canadian customer was a corporation with “strong historic and then-current economic ties” to the Cuban mining industry and the Cuban government. GE maintained and renewed their relationship with the Canadian corporation at least 18 times since 1996 “despite the obvious sanctions risk posed by the relationship,” the notice said.

In 2014, GE discovered it had received “numerous payments” from Cobalt for invoices issued to the Canadian customer, OFAC said. Cobalt paid GE for more than 65 percent of the transactions between GE and the Canadian corporation despite GE negotiating and entering into contracts only with the corporation, the notice said. GE approved Cobalt as a “third-party payer,” failing to “appropriately recognize the significant and widely published relationship between Cobalt and their Canadian customer” and to “undertake sufficient diligence into their customer's activities,” OFAC said.

The GE companies deposited the checks from Cobalt, which listed Cobalt’s “full legal entity name as it appears on OFAC’s SDN List” as well as an acronym, into an account at a Canadian bank, OFAC said. But GE’s sanctions screening software did not catch Cobalt because it “screened only the abbreviation of the SDN’s name.” GE received 289 checks from Cobalt worth about $8 million, the notice said.

OFAC said the violations constituted a non-egregious case and said GE voluntarily self-disclosed the violations. Aggravating factors included the GE companies’ failure to “take proper or reasonable care” of U.S. sanctions obligations, “particularly given GE’s commercial sophistication; the fact that GE’s actions caused “substantial harm” to the Cuban sanctions program; and the fact that the “substance” of GE’s disclosures and other communications with OFAC “leave substantial uncertainty about the totality of the benefits conferred to” Cobalt. OFAC also said GE did not “provide its primary submissions to OFAC in a clear and organized manner” and the submissions “contained numerous inaccuracies,” which placed a “substantial resource burden” on OFAC’s investigation.

Mitigating factors included that no GE companies received a penalty during the previous five years, and that GE introduced remedial measures, improved its compliance procedures and cooperated with OFAC by “executing and extending multiple statute of limitations tolling agreements.”

OFAC said the settlement highlights the risk U.S. companies face when they accept payments from third parties and do business in a foreign currency or at a foreign bank. “Additionally, this action demonstrates the importance of conducting appropriate due diligence on customers and other counter-parties when initiating and renewing customer relationships,” OFAC said. “Ongoing compliance measures should be taken throughout the life of commercial relationships.”

ExxonMobil Asks Court to Set Aside $2 Million Penalty for Sanctions Violations

ExxonMobil is requesting that a court vacate a $2 million penalty imposed by the Office of Foreign Assets Control for doing business with Rosneft, a Russian oil company, according to a brief filed Aug. 26 with the U.S. District Court for the Northern District of Texas.

OFAC imposed the penalty in 2017 after saying ExxonMobil violated the Ukraine-Related Sanctions Violations by doing business with Igor Sechin, Rosneft’s sanctioned CEO. OFAC said ExxonMobil violated U.S. sanctions by signing “eight legal documents related to oil and gas projects” with Sechin.

In its lawsuit, ExxonMobil argues that it did not deal with Sechin -- only his company. It also said the 2014 executive order that imposed the Ukraine-related sanctions did not include Rosneft and only blocked transactions with Sechin’s “personal” assets and property. The sanctions did not target companies Sechin manages, ExxonMobil said.

“In imposing penalties on ExxonMobil, OFAC relied on a flawed premise: that ExxonMobil executed these documents, and thereby entered into prohibited transactions, with Sechin, who was the subject of sanctions,” the motion said. “But Rosneft, not Sechin, was the party to each of those documents, and Rosneft was indisputably not subject to sanctions at that time.”

ExxonMobil also said that OFAC’s penalty contradicted statements and positions held by the administration and the Treasury Department. Treasury had specifically said that business deals with Rosneft were allowed and that U.S. businesses “could interact with Sechin in his capacity as a Rosneft board member” as long as discussions did not involve Sechin’s “personal” business.

“The Treasury Department has expressly endorsed the very principle OFAC rejects here: that business dealings with Sechin in connection with Rosneft are permissible,” ExxonMobil said.

The motion said that OFAC has “crafted its alternative interpretation” of U.S. sanctions to say that “the involvement of a specially designated national, regardless of who owned the property at issue, is restricted -- out of whole cloth without any basis in the text of the regulations.” ExxonMobil argued that Sechin “was acting exclusively in a representative capacity on behalf of a non-blocked entity.”

The oil company also said the penalty should be vacated on the basis that OFAC violated the Fifth Amendment's due process clause by failing to provide “fair notice of the regulatory requirement that ExxonMobil allegedly violated.” ExxonMobil said OFAC did not provide “‘ascertainable certainty’ of the agency’s interpretation,” because reviewing OFAC regulations and public statements “would not have enabled the public to ‘identify ... the standards with which [OFAC] expects parties to conform.’”

ExxonMobil requested that the court set aside the penalty and declare OFAC’s penalty notice “unlawful.” Along with OFAC, ExxonMobil also named Treasury Secretary Steven Mnuchin and OFAC Director Andrea Gacki as defendants.

US Company Settles With OFAC on Apparent Violations of Foreign Narcotics Kingpin Sanctions

A trade credit insurer will settle for about $345,000 after it violated the Foreign Narcotics Kingpin Sanctions Regulations, the Treasury’s Office of Foreign Assets Control said in an Aug. 16 enforcement notice. The company, Maryland-based Atradius Trade Credit Insurance, allegedly completed transactions with sanctioned entities.

In 2016, OFAC said, ATCI was assigned to collect a $5.7 million debt owed by Grupo Wisa, a U.S.-sanctioned entity, by a U.S. cosmetics company. ATCI filed a claim in Panama as a creditor and received a $4 million payment from the liquidation of Grupo Wisa’s assets in Panama, OFAC said. By completing the transaction, ATCI “appears to have dealt in property or interests in property” of a designated narcotics trafficker, the notice said. ATCI did not voluntarily self-disclose the violations.

OFAC said aggravating factors included the fact that ATCI “did not undertake any meaningful analysis or otherwise seek confirmation” from OFAC that the transactions were prohibited and that ATCI is a “sophisticated global trade credit insurance and collections conglomerate.” The agency said mitigating factors included the fact that ATCI has not received a penalty or violation notice from OFAC in the previous five years, and the facts that ATCI began an internal review of the conduct, provided OFAC documents from the review for the investigation and “took voluntary remedial action” to address the cause of the violations. The company also agreed to “undertake certain compliance commitments” to strengthen its compliance program, OFAC said.

“This enforcement action draws particular attention to transactions related to the assignment of [a Specially Designated National’s] debt and highlights the importance of obtaining a specific license before engaging in activity that is not otherwise authorized,” OFAC said.

US Company Found in Violation of OFAC Regulations After Providing False, Misleading Statements

The Treasury’s Office of Foreign Assets Control said a Virginia-based company violated OFAC’s Reporting, Procedures and Penalties Regulations after providing the agency false or misleading statements during an OFAC investigation, according to an Aug. 8 enforcement notice. The violation stems from DNI Express Shipping Company’s sale of farm equipment to Sudan, which OFAC said violated the Sudanese Sanctions Regulations.

OFAC said it issued a 2015 “administrative subpoena” to DNI to investigate the company’s sales to Sudan, saying its “apparent violations” of U.S. sanctions “warranted an administrative response.” OFAC said some of DNI’s responses to the subpoena “were contradictory, false, materially inaccurate, incomplete, and contained misleading statements.” OFAC sent a letter to DNI’s lawyers asking for clarification on DNI’s response, the notice said, and again received a misleading response. OFAC also said the second response “introduced new information” that was in response to the first subpoena, but was not included in DNI’s first response.

OFAC said aggravating factors included DNI’s “reckless disregard” for U.S. sanctions, the fact that it had “actual knowledge” its responses were false or misleading, DNI’s failure to correct its false statements and its failure to fully cooperate with OFAC’s investigation. OFAC said mitigating factors included the fact that DNI is a small business, the fact that it has no prior sanctions history and the fact that some of DNI’s responses “appear to have been filtered through DNI’s outside attorney.”

US Company Found in Violation of Reporting Regs for Not Complying With OFAC Subpoena

The Treasury's Office of Foreign Assets Control found a U.S. company in violation of OFAC’s Reporting, Procedures and Penalties Regulations for failing to provide information about a sale to Iran after being subpoenaed, OFAC said in an Aug. 8 enforcement notice. The violations stem from Southern Cross Aviation’s sale of helicopters to an Iranian businessman in Ecuador, OFAC said.

OFAC said it issued Southern Cross, which has offices in Florida and North Carolina, a subpoena in July 2016 requesting “detailed information, descriptions, and documents” regarding its sale to the Iranian businessman. Southern Cross’ president denied the sale and said it had no documents to provide, the notice said. Days later, the company sent a letter to OFAC saying it employed a sales representative in Ecuador who sent “technical details to an Ecuadorian group for a potential sale of helicopters to an Iranian group for operation in Ecuador,” the notice said. The company only gave OFAC a copy of its export management manual, the agency said.

After OFAC sent another subpoena in October 2016 requesting information about the sale, Southern Cross gave OFAC “correspondence relating to the potential sale, including direct email exchanges between the SC Ecuador Representative and the Iranian Businessman explicitly referenced in both of OFAC’s Administrative Subpoenas,” the notice said.

OFAC said Southern Cross violated the Reporting, Procedures and Penalties Regulations by failing to provide the information to the agency’s first subpoena. OFAC said aggravating factors included Southern Cross’ “reckless disregard” for U.S. sanctions and its failure to cooperate with OFAC’s investigation. Mitigating factors included the fact that Southern Cross “appears to be a small-to-medium-sized business,” it had “no prior OFAC sanctions history” and “the underlying potential sale in question does not appear to have occurred.”

OFAC Reaches Settlement With PACCAR Over Iran Sanctions Violations

The Treasury’s Office of Foreign Assets Control agreed on a $1.7 million settlement with PACCAR Inc., of Bellevue, Washington, for 63 violations of U.S. sanctions on Iran by PACCAR’s subsidiary, OFAC said in an Aug. 6 notice. The subsidiary, Netherlands-based DAF Trucks N.V., sold 63 trucks worth more than $5 million to European customers that DAF knew intended to sell the trucks to Iran, OFAC said.

In 2014, a German car dealer tried to buy 51 trucks from DAF for an Iranian company, OFAC said. After a DAF manager told the dealer that it could not sell the trucks for an intended end-user in Iran, the German dealer submitted a new order for trucks that listed its ultimate destination as Russia despite having “virtually identical specifications as the earlier order intended for Iran,” the notice said. The manager had “reason to know” the trucks were intended for Iran, OFAC said, and “failed to conduct an adequate inquiry.” DAF eventually sold the trucks to the dealer.

In another instance in 2013, an employee at DAF Trucks Frankfurt, a directly owned DAF dealer, sold two trucks to a Netherlands-based dealer who sold the trucks to Iran, OFAC said. DAF Frankfurt “knew or had reason to know” that the trucks were intended for Iran because the customer sent drafts of invoices that referenced Iran buyers, the agency said.

In 2014, DAF sold 10 trucks to a DAF dealer in Bulgaria that sold the cars to an affiliated rental company that then sold the trucks to Iran, OFAC said. A DAF employee “should have known that the trucks were intended for Iran prior to” the sale, the agency said.

OFAC said PACCAR voluntarily disclosed the violations and said they constituted a non-egregious case. OFAC said aggravating factors included DAF employees failing to “exercise a minimal degree of caution or care” when faced with warning signs of possible sanctions violations, the fact that DAF employees were likely aware of the violations in each case, the fact that the sales “conferred millions of dollars in economic benefits on Iran” and the fact that PACCAR is a “large sophisticated entity that engages extensively in international business.”

OFAC said mitigating factors included the fact that neither PACCAR nor DAF had committed a violation in the previous five years, the fact that DAF maintained a sanctions compliance program and the fact that DAF took “remedial action” by launching an investigation after discovering the violations, which included firing employees and canceling deliveries of 20 trucks. PACCAR and DAF also cooperated with OFAC’s investigation and confirmed that they have ended the business that led to the violations.

Both PACCAR and DAF agreed to take several compliance steps, including hiring a full-time compliance director, updating its European Union trade restrictions compliance manual, introducing a policy that allows only sales agreements to final end-users, sending a letter to their dealers reminding them of their compliance obligations, and making compliance training an annual requirement.

OFAC Announces Settlement With Spain-Based Company on Cuba Sanctions Violations

The Treasury’s Office of Foreign Assets Control announced a more than $220,000 settlement with Spain-based Hotelbeds USA for helping more than 700 people with Cuba-related travel services that violated the Cuba Assets Control Regulations, OFAC said in a June 13 enforcement notice.

Between 2011 and 2014, Hotelbeds “provided unauthorized Cuba-related travel services” to 702 non-U.S. residents, the notice said, which involved “knowingly” selling hotel rooms and giving “clients specific instructions to direct their payments for the Cuba-related transactions to an account in Spain.” OFAC said Hotelbeds was later reimbursed from that account.

Employees and supervisors appeared “to have had actual knowledge” of the violations, the notice said. During the violations, OFAC said, a senior manager was aware that a U.S. bank had blocked a payment related to a “Cuba-travel transaction” and that OFAC denied a “specific license application” filed by Hotelbeds “seeking the unblocking of funds” related to the transaction.

OFAC said some of the violations occurred because of a “reported misunderstanding and misinterpretation of the CACR” in which Hotels believed Cuba-related services were permitted “if the bookings involved only non-U.S. clients and payments were made to non-U.S. bank accounts.” In addition, Hotelbeds employees sent invoices and emails with disclaimers that said payments for the services “should not be sent to Hotelbeds USA or the United States,” OFAC said.

Hotelbeds did not self-disclose violations, the notice said. OFAC said aggravating factors included the fact that Hotelbeds employees were aware of the violations, Hotelbeds “caused harm” to U.S. sanctions violations, the company is “large” and “sophisticated,” and that it did not have an adequate compliance program. OFAC said mitigating actors included the fact that the violations composed less than 1 percent of the company’s “overall business over the same period of time,” Hotelbeds had not committed a violation in the previous five years, and the company took “remedial action” to address the violations. Hotelbeds agreed to implement an “enhanced third-party IT solution with a sanctions screening tool,” to pour more resources into compliance, and to hire and train more compliance personnel, the notice said.

OFAC Settles With Company That Organized Illegal Tours Through Cuba

The Treasury’s Office of Foreign Assets Control announced a $40,000 settlement with Cubasphere and an unnamed individual for violating the Cuban Assets Control Regulations, OFAC said in a June 13 enforcement notice.

OFAC said Cubasphere, which was acting on behalf of the unnamed individual, completed “unauthorized Cuba travel-related transactions” for 104 people on four separate trips in 2013 and 2014. Both the individual and Cubasphere acted as “full-service tour operators,” handled “itinerary planning” and “procured Cuban visas and cover letters for travelers from U.S. religious organizations,” in exchange for payments, OFAC said. But the “itineraries from the U.S. religious organizations did not match the itineraries that the Individual and Cubasphere offered their customers,” the notice said, and the “actual itineraries for the Cuba trips focused primarily on sightseeing and tourism activities rather than humanitarian or religious activities.” Despite being contacted by OFAC about the violations, Cubasphere and the individual continued the trips for “more than a year.”

Both the individual and Cubasphere urged clients to hide their travels to Cuba and “routinely suggested in writing that the customers should minimize their interactions with U.S. government officials” when they returned to the U.S., the notice said. Clients were also told to make sure they retained no receipts or schedules from the trip and asked to “give false statements” if they were asked about the trip.

The violations were not self-disclosed, OFAC said. OFAC said aggravating factors included the fact that the individual willfully violated sanctions and caused “significant harm” to the U.S. sanctions program. OFAC also said Cubasphere did not have an adequate compliance program and did not take “any remedial actions.” OFAC said mitigating factors included both the individual’s and company’s lack of “sanctions history” with OFAC, the fact that they are a “relatively small company with few employees,” and their sufficient cooperation with OFAC.

OFAC Settles With Expedia for Cuban Sanctions Violations

The Treasury’s Office of Foreign Assets Control announced a $325,000 settlement with Expedia Group Inc. for helping more than 2,000 people with “Cuba-related travel services” that OFAC said violated the Cuban Assets Control Regulations, according to a June 13 enforcement notice.

Between 2011 and 2014, OFAC said, Expedia helped about 2,221 people, some Cuban nationals, with travel services within Cuba or between Cuba and locations outside the U.S. OFAC said the violations occurred because certain Expedia foreign subsidiaries “lacked an understanding of and familiarity with U.S. economic sanctions,” and said employees “overlooked particular aspects of Expedia’s business that presented risks of noncompliance with sanctions.”

OFAC said some “electronically booked travel” resulted from “failures or gaps … in technical implementations” to avoid violations. Expedia did not inform a subsidiary that it was subject to U.S. sanctions compliance until about 15 months after it was acquired, the notice said. OFAC also said Expedia was “slow to integrate the subsidiary into the Expedia corporate family,” specifically with compliance policies, and said the subsidiary “continued operating independently during the integration period.”

Expedia self-disclosed the violations, the notice said. OFAC said aggravating factors included Expedia’s failure “to exercise a minimal degree of caution or care” to avoid the violations,” the fact that the violations “harmed the sanctions program objectives of the CACR,” and that Expedia is a “sophisticated international travel service provider.” OFAC said mitigating factors included the fact that Expedia had not received a penalty in the previous five years, had implemented “significant remedial measures” and cooperated with OFAC’s investigation. Expedia agreed to “enhance” compliance procedures through several conditions, including installing a compliance management team and conducting “regular risk assessments.”

OFAC Announces Settlement With Western Union for Thousands of Terrorism Sanctions Violations

The Treasury’s Office of Foreign Assets Control announced a $400,000 settlement agreement with Western Union Financial Services after OFAC said Western Union committed nearly 5,000 violations of the Global Terrorism Sanctions Regulations, OFAC said in a June 7 notice. Western Union, headquartered in Colorado, processed transactions that involved the Kairaba Shopping Center (KSC) in The Gambia, a Specially Designated National, for more than four years after the entity was sanctioned by OFAC, the notice said. After Western Union discovered KSC was sanctioned, OFAC said, it “failed to deactivate” the entity’s access to Western Union “due to its mistaken belief that” the entity was “already inactive.” Western Union processed transactions worth about $ 1.275 million “to third-party, non-designated beneficiaries who chose to collect their remittances at KSC,” the notice said.

Between 2010 and 2015, Western Union used a bank in The Gambia as one of its “principal Master Agents” in the country, OFAC said. OFAC said the bank had “established a “Sub-Agent relationship” in 2006 with KSC, which was sanctioned by OFAC in 2010. Western Union failed to “screen location data for sanctions-related issues as part of its review process,” OFAC said.

Western Union first became aware that KSC was a potential sub-agent in February 2015, OFAC said, “but mistakenly believed” that KSC had operated from a single location that was “no longer active as of that date.” It wasn’t until the following month that Western Union “identified a second, active KSC location,” OFAC said, and ended its relationship with KSC.

OFAC said Western Union voluntarily disclosed the violations and said they constituted a “non-egregious case.” OFAC said aggravating factors included Western Union’s “reckless disregard” for U.S. sanctions and its four-year time period of processing transactions involving KSC. Western Union also “had reason to know” KSC was on Treasury’s SDN List, caused “substantial harm to” a U.S. sanctions program and is a “large and commercially sophisticated” company, the notice said.

OFAC said mitigating factors included the fact that Western Union had not committed a violation in the five previous years and had a sanctions program “that seemed to be effective except in this instance.” Western Union also fixed the gap in its compliance program and internal controls, the notice said, and “took additional remedial actions” relating to its screening procedures.

OFAC Announces Sanctions Violation but No Fine Against US Bank

The Treasury’s Office of Foreign Assets Control issued a “finding of violation” against U.S.-based State Street Bank and Trust Co. (SSBT) after it violated U.S.-imposed sanctions on Iran, OFAC said in a May 28 notice. The bank was not fined, OFAC said, partly because the bank’s managers were likely unaware of the violations and because the bank cooperated with OFAC and improved its compliance program.

Between 2012 and 2015, SSBT served as a trustee for a customer’s retirement plan, OFAC said, processing at least 45 pension payments valued at more than $11,000 for a U.S. citizen living in Iran. The part of the bank overseeing the payments, the Retiree Services Staff (RSS), “were part of the SSBT business unit that had the business relationship with the retirement plan” but used their own sanctions screening filter instead of SSBT’s main screening system, OFAC said. RSS’s procedures “dictated” that they refer all potential sanctions list matches to “compliance personnel aligned with the line of business … rather than SSBT’s central Sanctions Compliance unit staff who have specialized sanctions expertise,” OFAC said. As a result, even though the bank’s sanctions screening software “produced an alert on each of the 45 payments due to the Iranian address … it was the business-aligned compliance personnel who were responsible for manually reviewing potential matches and approving the processing of the payments,” the notice said.

SSBT discovered and voluntarily reported the “deficiency” in its compliance program to OFAC in 2015, the notice said, and changed its procedures to “ensure that all RSS payments are now screened by its central screening platform.” OFAC did not fine the bank for several other factors, including the fact that no managers or supervisors “appear to have been aware of the conduct,” the bank’s “screening filter did appropriately identify and alert staff,” the “payments at issue may not have actually been transferred to Iran, though they were made on behalf of a person in Iran” and because “there is a possibility that the funds transfers could have become licensed.”

OFAC said factors that led to the finding of a violation include the fact that the bank’s RSS unit processed transactions for a person in Iran “after being alerted to the Iran connection,” “had actual knowledge that it was processing” those transactions and “caused harm to the sanctions program objectives and the integrity” to the Iranian Transactions and Sanctions Regulations. OFAC said other contributing factors included the fact that the bank “is a large and commercially sophisticated financial institution” and “had compliance screening issues that continued for a year after the Federal Reserve Bank of Boston notified the bank of a related issue pertaining to inadequate escalation procedures.”

OFAC Issues Guide on Sanctions Compliance

The Treasury’s Office of Foreign Assets Control published a 12-page guide on sanctions compliance for U.S. and foreign businesses, detailing what OFAC defines as effective compliance programs and outlining several “root causes” of sanctions violations. The guide, published May 2, delves into the level of compliance that OFAC expects from companies and how best to avoid sanctions violations. The guide covers five categories: management commitment, risk assessment, internal controls, testing and auditing, and training.

OFAC said management’s commitment to compliance “is one of the most important factors in determining its success,” helping to “legitimize the program” and “empower its personnel.” OFAC said all management should review and approve their organization’s compliance program, ensure the “existence of direct reporting lines” between the program and senior management and make sure the program has sufficient resources.

A lack of risk assessments can damage a business’ “reputation” and profits, OFAC said. The agency calls for companies to conduct “routine” assessment of “potential OFAC issues they are likely to encounter.” “While there is no 'one-size-fits all' risk assessment,” OFAC said, “the exercise should generally consist of a holistic review of the organization from top-to-bottom and assess its touchpoints to the outside world.” This may include assessments of “on-boarding” (including developing a “sanctions risk rating” for customers) and mergers and acquisitions (completing “appropriate due diligence” of new acquisitions).

Compliance programs should also include internal controls, OFAC said, which keep records of potentially sanctioned activity to “minimize the risks identified by the organization’s risk assessments.” This may also include keeping “written policies and procedures” for compliance programs.

OFAC also stressed the importance of testing and training. Specifically, employers should be auditing the “effectiveness of current processes” and checking “for inconsistencies between these and day-to-day operations” and providing employee training on a “periodic basis.”

In the guide’s appendix, OFAC details several main causes of violations, in an effort to help companies prevent them. While some of the causes are straightforward -- such as using U.S. banks to process payments involving sanctioned people or exporting goods to sanctioned countries -- others are more complex. Some common causes, OFAC said, are misinterpreting OFAC’s regulations, facilitating transactions by non-U.S. people or companies, faulty filters and screening software, improper due diligence and individual liability.

OFAC Reaches Settlement With US Company for Iran-Related Shipping Violations

The Treasury’s Office of Foreign Assets Control reached a settlement of about $870,000 with a New York-based shipbroking company that OFAC said violated weapons-related sanctions five times. The company, MID-SHIP Group LLC, violated the Weapons of Mass Destruction Proliferators Sanctions Regulations by negotiating contracts among ship owners and charterers worth about $470,000 between February and November 2011, OFAC said May 2. The ships used in the transfers were owned by the Islamic Republic of Iran Shipping Lines (IRISL), which was sanctioned by OFAC in 2008.

Although the charter agreements were negotiated by MID-SHIP’s subsidiaries in China and Turkey, the company’s accounting was performed in the U.S., and its New York office received commission payments from the contracts handled by its subsidiaries, OFAC said.

During the violations, MID-SHIP senior management became aware of an “increase in the level of scrutiny applied by” financial institutions with regard to OFAC compliance, according to the settlement agreement. Senior executives regularly sent emails throughout the company warning of OFAC restrictions on certain payments and telling employees to begin placing an “OFAC clause” into all contracts. Despite this, MID-SHIP did not implement its own sanctions compliance program, OFAC said, assuming that the clause was sufficient legal protection.

In December 2010, a senior executive sent a company email that stressed the importance of the clause and urged all global offices to use it. “Many brokers outside the [New York] office may think [the OFAC clause] is not needed for them as their clients do not trade to/from the USA,” the email said, according to OFAC. “This is not a correct assumption.” The executive also mentioned two “big concerns” about the increased scrutiny: money transfers being “held up” and “fighting with the US government/bank to get the money released,” the agreement said. While the email “highlighted concerns” related to OFAC compliance, the agreement said, the company did not “appear to have taken any additional steps or measures to determine whether” its transactions with vessels “were subject to U.S. sanctions.”

In another instance in October 2011, a client tried to send a payment of roughly $190,000 to MID-SHIP’s subsidiary in China through MID-SHIP's account at a U.S. bank, but the transaction was blocked because it included the name of a sanctioned ship, the “M/V Haadi.” An employee from MID-SHIP China asked the client to resend the money without including the name of the ship, OFAC said, but the client refused to leave out the name of the ship. MID-SHIP management settled the payment by requesting that the client send the money in euros, according to OFAC.

As part of the settlement with OFAC, MID-SHIP agreed to several “compliance commitments,” including stopping the conduct that led to the sanctions, implementing a compliance program, conducting risk assessments, placing internal controls to stop future sanctions violations, appointing an OFAC compliance officer that “regularly publishes OFAC compliance statements to all [MID-SHIP] offices,” and conducting compliance testing and auditing and training. MID-SHIP must also annually “submit a certification” to OFAC annually for five years “confirming that [MID-SHIP] has implemented and continued to maintain the sanctions compliance measures.”

OFAC said “numerous organizations” violate sanctions because they simply misinterpret OFAC’s regulations, not understanding that the sanctions apply to them. “For example, several organizations have failed to appreciate or consider … the fact that OFAC sanctions applied to their organization based on their status as a U.S. person ... [or as] a U.S.-owned or controlled subsidiary,” OFAC said. OFAC also said conducting transactions with non-U.S. people or companies is a leading cause of sanctions violations because many are later discovered to be sanctioned. OFAC warned against failing to update sanctions screening software with updates to OFAC’s Specially Designated Nationals List or not accounting for alternative spellings of sanctioned people or entities. Other leading causes include improper due diligence and individual liability, in which certain company employees, such as those working at foreign-based affiliates, purposely violate sanctions and “conceal their activities from others within the corporate organization.”

OFAC Announces Settlement After US-Based Company Violated Ukraine-Related Sanctions

The Treasury’s Office of Foreign Assets Control announced a settlement of $75,375 with Haverly Systems, a New Jersey software company with offices in Texas and California, for violations of the Ukraine Related Sanctions regulations, OFAC said in an April 25 enforcement notice. Haverly violated the sanctions twice between May 2016 and January 2017 when it “dealt in new debt of greater than 90 days maturity” with JSC Rosneft, a Russian oil company that was designated under Ukraine-related sanctions, OFAC said.

In 2016, Rosneft attempted to pay Haverly for an invoice related to a software license purchase and the purchase of software support services, the notice said. The payments were rejected by financial institutions after they discovered the transactions were prohibited by OFAC’s “regulations as debt of greater than 90 days maturity” by an entity on OFAC’s Sectoral Sanctions Identification List, according to the notice. Haverly then received from Rosneft copies of messages from the Society for Worldwide Interbank Financial Telecommunication about the rejected transactions that said the “underlying activity may have a nexus to sectoral sanctions,” OFAC said.

Because Haverly did not have a sanctions compliance program in place, it “did not recognize that the delayed collection of payment was prohibited,” OFAC said. “Haverly did not approach OFAC for guidance or authorization, however, and instead explored various options to collect the payment” from Rosneft, according to the notice. Haverly received the payment in January 2017.

Haverly did not self-disclose the violations, OFAC said, and the violations were considered a non-egregious case. OFAC listed several aggravating factors related to the settlement, including Haverly’s “reckless disregard” for U.S. sanctions and “repeatedly ignoring warning signs that its conduct constituted or likely constituted a violation of OFAC’s regulations.” OFAC also said Haverly’s management was aware of the conduct that led to the violations but did not have a formal compliance program.

Mitigating factors included the fact that the violations “resulted in minimal actual harm to the sanctions program objectives,” Haverly had not committed a violation in the previous five years, Haverly is a “small company with a limited number of employees,” and Haverly created a sanctions compliance officer position and implemented a compliance program after the violations.

As part of the settlement, Haverly agreed to several compliance conditions, including “regular risk assessments” of business dealings and to conduct “ongoing” sanction compliance training “throughout the organization.”

OFAC Announces $600 Million Sanctions Violations Settlements

The Treasury’s Office of Foreign Assets Control announced three settlements worth more than a combined $600 million with the German, Austrian and Italian branches of UniCredit Group banks, which violated multiple U.S. sanctions, OFAC said in an April 15 press release. The branches committed several violations of U.S.-imposed sanctions, including sanctions on Burma, Cuba, Iran, Libya, Sudan and Syria, OFAC said, and violated the Weapons of Mass Destruction Proliferators Sanctions Regulations. OFAC reached a roughly $550 million settlement with UniCredit Germany, a $20 million settlement with UniCredit Austria and a $37 million settlement with UniCredit Italy, an enforcement notice said.

In settlements for UniCredit Germany, Austria and Italy, all three branches agreed to extensive improvements of their compliance programs. “As the United States continues to enhance our sanctions programs, incorporating compliance commitments in OFAC settlement agreements is a key part of our broader strategy to ensure that the private sector implements strong and effective compliance programs that protect the U.S. financial system from abuse,” Sigal P. Mandelker, undersecretary for Terrorism and Financial Intelligence, said in a statement.

The “compliance commitments,” according to the settlements, involve ending the conduct that led to the violations, ensuring that senior management gives compliance programs “adequate resources,” conducting “risk assessments” and implementing “internal controls” on compliance procedures and requiring that a “senior-level executive” submit an annual certification to OFAC for five years confirming that the compliance measures are still being maintained.

OFAC said UniCredit Germany committed more than 2,000 violations of U.S.-imposed sanctions on Cuba, Burma, Sudan, Syria, Iran, Libya and the U.S.’s Global Terrorism Sanctions Regulations. The bank did not voluntarily disclose the violations, according to the enforcement notice, which constituted an egregious case. The bank processed more than 2,000 payments worth more than $500 million through U.S. “financial institutions” between 2007 and 2011, OFAC said, violating multiple U.S. sanction programs. During that same time, UniCredit operated accounts on behalf of Islamic Republic of Iran Shipping Lines (IRISL) and several companies associated with IRISL while trying to hide IRISL’s involvement, OFAC said. The bank continued processing transactions for IRISL for nearly two years after IRISL was added to OFAC’s Specially Designated Nationals List in 2008.

OFAC said UniCredit Austria committed 60 sanctions violations that constitute a non-egregious case and 67 that constituted an egregious case. The bank did not voluntarily disclose the violations, the notice said. The bank processed transactions through U.S. financial institutions for countries, entities and individuals subject to U.S. sanctions for several years, according to the notice, and tried to hide which entities and individuals it was working with. The payment messages used by the bank “did not reveal the involvement of sanctioned parties,” the notice said.

OFAC said UniCredit Italy did not disclose its violations and that they were an egregious case. Similar to the case of UniCredit Austria, the Italy branch also processed transactions on behalf of sanctioned parties through the U.S. and hid the involvement of the sanctioned parties, OFAC said.

OFAC included several aggravating factors in each settlement notice, including UniCredit’s “reckless disregard” for U.S. sanctions, the fact that it processed transactions for entities that were known to be sanctioned and hid the involvement of those entities, the bank’s “willful intent” to evade U.S. economic sanctions and the fact that the bank is a “large and commercially sophisticated financial institution.”

OFAC also included several mitigating factors, including the fact that the bank committed no violation in the previous five years, the bank’s cooperation with OFAC’s investigation, and the bank’s “remedial action” in response to the violations.

Trade Lawyers Say OFAC Sanctions Enforcements Becoming More Frequent, Aggressive

A recent fine on a U.S. company while simultaneously penalizing the manager of the company's foreign subsidiary after both violated sanctions on Iran seems reflective of the increasingly aggressive nature and number of U.S. enforcement actions taken on sanctions violations during the last few months, according to several Washington trade lawyers. The fine was called “unprecedented” in early February by the Department of the Treasury. After distributing just one penalty through the first eight months of 2018, the Office of Foreign Assets Control doled out six penalties during the last four months of 2018, according to the office's records. And two months through 2019, OFAC already has administered four penalties worth more than $7 million, according to the agency, including a $5.5 million penalty against the German subsidiary of an Illinois-based company on Feb. 14.

But lawyers said OFAC's enforcement against the Virginia-based Kollmorgen Corporation, announced Feb. 7, was its most aggressive in months. “It was a shot across the bow to U.S. investors of foreign subsidiaries,” said John Smith, a lawyer at Morrison & Foerster who resigned as OFAC director last year, confirming the move was the first of its kind.

Kollmorgen was fined about $13,000 after OFAC said it controlled a Turkish-based company that was illegally sending machine parts to Iran between 2013 and 2015. The Turkish company, Elsim Elektroteknik Sistemler Sanayi ve Ticaret Anonim Sirketi, was bought by Kollmorgen in 2013. For two years after being acquired by Kollmorgen, Elsim management traded with Iran and threatened to fire employees who wouldn’t travel there, according to an enforcement notice. Elsim also ordered employees to hide their business travels to Iran by listing them as vacation trips in corporate records, the notice said.

Kollmorgen found out about the violations when an Elsim employee contacted Kollmorgen’s ethics department. OFAC said Kollmorgen disclosed the violations to the U.S. government when it found out. Even though OFAC said Kollmorgen did not know Elsim was dealing with Iran, OFAC said it issued the Radford, Virginia-based company the $13,381 fine partly because it acquired Elsim despite its “specific risk profile, including that Elsim had previously engaged in business with Iran.”

OFAC placed Evren Kayakiran, the Turkish manager primarily responsible for the violations, on the U.S. Foreign Sanctions Evaders list, which prohibits any U.S. person or business from trading with him. The move, according to Smith, was far-reaching: It sent a stern warning to U.S.-based companies and represented an escalating step in the Trump administration's aggressive use of sanctions to enforce national security policy.

Trade lawyer Christopher Stagg said he also has noticed a sharp increase in sanctions enforcements during the last few months, which he said have been increasingly deployed by the administration as a “more active use of foreign policy means.”

But Smith said there is one significant change between sanctions being enforced under the Trump administration and those enforced by past administrations: their intensity. “What seems to be different is that everything is maximum sanctions pressure,” Smith said. “You've got a U.S. administration led by a president who likes to talk tough, act tough and be aggressive toward friend and foe alike in pursuit of U.S. national security. Combining the uncertainty and grave conditions that exist in the world with the aggressive administration means you have more aggressive enforcements.”

Stagg said one of the biggest issues his clients face is the wide array of penalties and sanctions being implemented by OFAC, which he said can be unpredictable, specifically for U.S. companies looking to remain in compliance with the latest guidelines. “The day-to-day fluctuations when it comes to embargoed countries, putting persons on the [Specially Designated Nationals List] -- it just creates a lot of uncertainty,” Stagg said. “Many take the conservative approach of ‘let’s stand down.’”

Robert Shapiro, a Washington-based trade lawyer with Thompson Coburn, agreed. “In terms of trade, things have rarely been like this,” Shapiro said. “There are new sanctioned regimes popping up all over the place.”

Greta Lichtenbaum, a trade compliance lawyer with O'Melveny & Myers, said OFAC's recent enforcement notices are “really a lesson-learned exercise,” with the agency warning other U.S. companies not to commit similar mistakes. But Lichtenbaum also said there has been a strong focus on enforcing penalties against foreign firms that violate sanctions. Of OFAC's last three civil settlements with sanctions violators, two have involved foreign companies. “They really want to send a very strong message to our trading partners that we are going to go after non-U.S. firms,” Lichtenbaum said.

Other trade lawyers are stressing to their clients to be mindful of the increased pressure from OFAC. During a February trade event on U.S. sanctions, Alexandre Lamy, a lawyer at Baker McKenzie, told a room of trade lawyers to heed the clear messages OFAC has been sending. “You’re really seeing that OFAC is setting the bar very high for compliance programs,” Lamy said, “especially for sophisticated multinational companies.”

Smith, along with several other Washington lawyers, said the trend will likely continue. “I expect that sanctions themselves will increase,” Smith said, “and enforcement of sanctions will increase too.”