Office of Foreign Assets Control (OFAC)

Subscribe to Office of Foreign Assets Control (OFAC)

Second Post in a Two-Post Series

On March 19, 2020, Swedbank received its first sanction at the conclusion of parallel investigations by Swedish and Estonian authorities for its role in the seemingly non-stop Anti-Money Laundering (“AML”) debacle centered around Danske Bank and its now-notorious Estonian Branch. In the first of what will likely be multiple sanctions, Swedbank AB was ordered to pay a record 4 billion Swedish Krona ($38 million) and its subsidiary, Swedbank AS, has been ordered to improve its AML risk control systems to comply with applicable requirements.

In our first post, we discussed the various public AML-related investigations and enforcement actions plaguing Swedbank. In this post, we discuss the details and implication of the report of internal investigation regarding Swedbank’s alleged deficiencies in its AML processes performed by an outside law firm at the request of Swedbank, which has made the report publically available.

The Report is lengthy and detailed.  As we discuss, however, the Report highlights some basic, evergreen issues in AML compliance and enforcement: the need to implement adequate systems to manage high-risk customers; the need to identify beneficial ownership; the need for top management to understand and truly respect AML compliance; the need for transparency with regulators; and the need for transparency by financial institutions with investors and the public.


Continue Reading

AMA Details Components of a Strong AML/BSA Program for the Gaming Industry

Earlier this month, the American Gaming Association (“AGA”) released an updated Best Practices for Anti-Money Laundering (“AML”) Compliance (“Best Practices Guidance”) reflecting a heightened focus on risk assessment as well as Know Your Customer/Customer Due Diligence measures for the gaming industry.  This update amends the industry’s first set of comprehensive best practices for AML compliance, issued in 2014.  At the time, the best practices were well-received by the U.S. Department of Treasury’s Financial Crimes Enforcement Network (“FinCEN”).  These updated Best Practices have drawn from recent FinCEN guidance and enforcement actions, the Treasury Department’s National Money Laundering Risk Assessment, and the Office of Foreign Assets Control’s (“OFAC”) updated compliance guidelines and provide detailed guidance regarding how the industry can continue to be “a leader in compliance.”


Continue Reading

Organization Excels at Niche Branding but Stumbles in Avoiding Enforcement

The first paragraph of the press release sums it up:

Today the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) took action against Evil Corp, the Russia-based cybercriminal organization responsible for the development and distribution of the Dridex malware.  Evil Corp has used the Dridex malware to infect computers and harvest login credentials from hundreds of banks and financial institutions in over 40 countries, causing more than $100 million in theft.  This malicious software has caused millions of dollars of damage to U.S. and international financial institutions and their customers.  Concurrent with OFAC’s action, the Department of Justice charged two of Evil Corp’s members with criminal violations, and the Department of State announced a reward for information up to $5 million leading to the capture or conviction of Evil Corp’s leader.  These U.S. actions were carried out in close coordination with the United Kingdom’s National Crime Agency (NCA).  Additionally, based on information obtained by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN), the Treasury Department’s Office of Cybersecurity and Critical Infrastructure Protection (OCCIP) released previously unreported indicators of compromise associated with the Dridex malware and its use against the financial services sector.

The Department of Treasury press release is extremely detailed.  Summarized very broadly, it observes that OFAC’s designation targets 17 individuals and seven entities, including Evil Corp, its “core cyber operators, multiple businesses associated with a group member, and financial facilitators utilized by the group.”  The designation means that all property and interests in property of these persons subject to U.S. jurisdiction are blocked, and U.S. persons are generally prohibited in engaging in transactions with them.

As noted below, the U.S. government is alleging that these cyber criminals are working with the Russian government.  FinCEN and the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security also have issued an Alert to financial institutions regarding how to try to detect, mitigate and report the presence of the pernicious Dridex malware.
Continue Reading

The Pink Mosque in Shiraz, Iran

On October 25, 2019, FinCEN issued a final rule imposing the Fifth Special Measure against the Islamic Republic of Iran as a “jurisdiction of primary money laundering concern” (“Final Rule”) under Section 311 of the USA PATRIOT ACT.  The Final Rule will prohibit the opening or maintaining of a correspondent bank account in the U.S. for, or on behalf of, an Iranian financial institution.  It also will prohibit the correspondent accounts of foreign financial institutions at covered U.S. financial institutions from processing transactions involving Iranian financial institutions.
Continue Reading

The Hagia Sophia Church in Istanbul, Turkey

Indictment Alleges that Bank and its Officers Used Front Companies to Evade Prohibitions on Iran’s Access to the U.S. Financial System

The U.S. Attorney for the Southern District of New York has charged Turkish state-owned bank Halkbank (formally known as Türkiye Halk Bankasi A.S.) with money laundering, bank fraud and sanctions offenses under the International Emergency Economic Powers Act, or IEEPA, arising from the Bank’s alleged involvement in a multibillion-dollar scheme to evade U.S. sanctions on Iran. As alleged in the six-count indictment, senior officials at Halkbank designed and executed the Bank’s systemic and illicit movement of Iranian oil revenue moving through the Bank to give Iran access to the funds. This case is an extension of prosecutions initiated in late 2017 against nine individual defendants in the scheme, including bank employees and the former Turkish Minister of the Economy.
Continue Reading

Foreign Banks Reliant on U.S. Correspondent Services Should Take Note of New Rules

We are pleased to present this guest blog by Hdeel Abdelhady, who is a Washington, D.C.-based attorney and Principal at MassPoint Legal and Strategy Advisory PLLC, her boutique law and strategy firm. Ms. Abdelhady focuses on regulatory compliance and transactional matters, including cross-border trade and finance transactions and regulation.

As Ms. Abdelhady discusses, the Office of Foreign Assets Control (OFAC) issued on June 21, 2019 an interim final rule (the “IFR”) amending provisions of the Reporting, Procedures, and Penalties Regulations applicable to OFAC-administered sanctions programs at 31 C.F.R. Part 501. The IFR became effective upon publication in the Federal Register on June 21. OFAC has requested public comments, which are due by July 22, 2019. The IFR has many important potential consequences, including for foreign banks that rely on U.S. correspondent banking services, as well as U.S. financial institutions facing additional compliance burdens.

As legal counsel to U.S. and foreign banks, other financial services providers, and businesses, Ms. Abdelhady has advised on sanctions, anti-money laundering, anti-corruption, and counter-terrorism finance regulation and compliance under U.S. law and international standards, including the FATF Recommendations and Wolfsberg Standards. She has served as in-house counsel on secondment to banks in the United States and abroad, including in connection with the first major USA Patriot Act enforcement by the Comptroller of the Currency and Financial Crimes Enforcement Network (FinCEN). In addition, Ms. Abdelhady has advised on the establishment of money services businesses and Foreign Banking Organizations in the United States.

Ms. Abdelhady serves on the board of the Washington, D.C. Chapter of the Association of Certified Financial Crime Specialists (ACFCS), is a Fellow of the American Bar Foundation, and is an Adjunct Professor at The George Washington University Law School. Ms. Abdelhady writes frequently on banking, finance, and regulatory compliance matters. Among other publications, Reuters, the World Bank Legal Review, and Law360 has published her work.  We hope that you enjoy this discussion by Ms. Abdelhady of this important development.  –Peter Hardy

In addition to effectuating technical and conforming amendments, the IFR revises Trading With the Enemy Act (TWEA) penalties and amends reporting requirements and procedures applicable to initial and annual blocked property reports, unblocked property reports, and the unblocking of funds due to mistaken identity. Additionally, the IFR revises reporting requirements applicable to “rejected transactions.” The rejected transactions amendment is the most substantial of the revisions, and is the focus of this update.
Continue Reading

Testimony Supports Bill Requiring States to Collect Beneficial Ownership Information at Entity Formation

As we have blogged, the proposed Corporate Transparency Act of 2019 (the “Act”) seeks to ensure that persons who form legal entities in the U.S. disclose the beneficial owners of those entities. Specifically, the Act would amend the Bank Secrecy Act (“BSA”) to compel the Secretary of Treasury to set minimum standards for state incorporation practices. Thus, applicants forming a corporation or LLC would be required to report beneficial ownership information directly to FinCEN, and to continuously update such information.

If passed, the Act would build significantly upon FinCEN’s May 11, 2018 regulation regarding beneficial ownership (“the BO Rule,” about which we blog frequently and have provided practical tips for compliance here and here). Very generally, the BO Rule requires covered financial institutions to identify and verify the identities of the beneficial owners of legal entity customers at account opening. The issue of beneficial ownership is at the heart of current global anti-money laundering efforts to enhance the transparency of financial transactions.

On May 21, the U.S. Senate Committee on Banking, Housing and Urban Affairs, held a hearing entitled: “Combating Illicit Financing by Anonymous Shell Companies Through the Collection of Beneficial Ownership Information.” This hearing, which provided fuel for passage of the Act, featured the exact same trio of speakers who had appeared before the Committee during a November 2018 hearing on “Combating Money Laundering and Other Forms of Illicit Finance: Regulator and Law Enforcement Perspectives on Reform,” which pertained to a broader set of potential changes to the BSA. The speakers were:

  • Grovetta Gardineer, Senior Deputy Comptroller for Bank Supervision Policy and Community Affairs at the Office of the Comptroller of the Currency (“OCC”) (written remarks here)
  • Kenneth A. Blanco, Director of FinCEN (written remarks here); and
  • Steven D’Antuono, Acting Deputy Assistant Director of the FBI (written remarks here).

Unlike the broader November 2018 hearing, which featured some distinct tensions between certain positions of the OCC and those of FinCEN and the FBI, this hearing reflected close alignment amongst the speakers. Every speaker stressed the advantages to be reaped by law enforcement, regulators and the public if a national database of beneficial owners was required and created. Only the OCC acknowledged the need to consider the issue and sometimes competing concern of the regulatory burden imposed on financial institutions by the current BSA/AML regime, and even the OCC seemed to assume that a national database on beneficial ownership would represent only a boon to financial institutions, as opposed to yet more data – however helpful – to be absorbed and acted upon to the satisfaction of regulators. None of the speakers addressed some of the potential ambiguities and problems inherent in the current language of the Act, such as the fact that the Act lacks precision and fails to define the critical terms “exercises substantial control” or “substantial interest,” both of which drive the determination of who represents a beneficial owner.
Continue Reading

UK-based Standard Chartered Bank (“SCB”) announced the terms of significant settlements last week with various U.S. and U.K. governmental agencies, resolving a series of related investigations into the bank’s alleged violations of international sanctions and concomitant failures of anti-money laundering (“AML”) controls over a period stretching from 2007 to 2014. The bank will pay a total of $1.1 billion in combined forfeitures and fines to various national and state agencies in the two countries — and extend, once again, its deferred prosecution agreements (“DPAs”) with the U.S. Department of Justice (“DOJ”) and the New York County District Attorney’s Office (“NYDA”).

Specifically, the bank will pay: a $480 million fine and a $240 million forfeiture to the DOJ; approximately $639 million to the U.S. Treasury Department Office of Foreign Assets Control (“OFAC”); over $292 million to the NYDA; almost $164 million to the Board of Governors of the Federal Reserve System; and $180 million to the New York Department of Financial Services.  The bank also will pay over £102 million (an amount approximately equal to over $133 million) to the U.K.’s Financial Conduct Authority (“FCA”).  After certain payments are credited against some of these penalties, the total will exceed $1 billion.


Continue Reading

As reported in Reuters and other media outlets, the partial government shutdown has impaired the ability of the U.S. Treasury to maintain many of its anti-money laundering and counter-terrorist financing (“AML/CTF”) efforts.  Specifically, the Financial Crimes Enforcement Network (“FinCEN”), the Office of Foreign Assets Controls (“OFAC”) and the Office of Terrorism and Financial Intelligence (“TFI”) 

Second Post in a Two-Part Series

NYDFS Action Highlights the Need for Good Monitoring – and Good Consultants

In part one of this two-part post, we provided some practical tips for financial institutions to increase the chances that their Anti-Money Laundering (“AML”) programs will withstand regulators’ scrutiny, including: (1) promoting a culture of AML/Bank Secrecy Act (“BSA”) compliance; (2) focusing on transaction monitoring; (3) improving information sharing; (4) identifying and handling high-risk accounts appropriately; and (5) knowing your risks and continually improving your AML program to control those risks.

In this post we’ll discuss the consequences of potentially failing to heed these practical tips in a specific case: the New York Department of Financial Services’ (DFS) recent enforcement action against Mashreqbank. Further, we look forward to discussing all of these issues in an upcoming podcast in Ballard Spahr’s Consumer Financial Monitor Podcast series. So please continue to stay tuned.

Mashreqbank is the oldest and largest private bank in the United Arab Emirates. Its New York branch is Mashreqbank’s only location in the United States. It offers correspondent banking and trade finance services and provides U.S. dollar clearing services to clients located in Southeast Asia, the Middle East and Northern Africa. In 2016, the branch cleared more than 1.2 million USD transactions with an aggregate value of over $367 billion. In 2017, the branch cleared more than one million USD transactions with an aggregate value of over $350 billion.

The DFS enforcement action asserted that Mashreqbank’s AML/BSA program was deficient in a number of respects and that the New York branch had failed to remediate identified compliance issues. The enforcement action began with a DFS safety and soundness examine in 2016. In 2017, DFS and the Federal Reserve Bank of New York (FRBNY) conducted a joint safety and soundness examination. DFS provided a report of its findings to which Mashreqbank submitted a response.

In a consent order signed on October 10, 2018, Mashreqbank admitted violations of New York laws and accepted a significant monetary penalty and increased oversight for deficiencies in its AML/BSA and Office of Foreign Assets Control (OFAC) programs. Regulators pursued the enforcement action despite the New York branch’s strong cooperation and demonstrated commitment to building an effective and sustainable compliance program. Among other things, Mashreqbank agreed to pay a $40 million fine; to hire a third-party compliance consultant to oversee and address deficiencies in the branch’s compliance function including compliance with AML/BSA requirements; and to develop written revised AML/BSA and OFAC compliance programs acceptable to DFS.

The DFS and FRBNY examination findings demonstrate Mashreqbank’s failure to follow the practical tips identified in part one of this post. Specifically, the regulators found that Mashreqbank failed to: (1) have appropriate transition monitoring; (2) identify and handle high-risk accounts appropriately; and (3) know its risk and improve its AML program to control those risks.

Further, and as our discussion will reflect, the Mashreqbank enforcement action is also notable in two other respects. First, the alleged AML failures pertain entirely to process and the general adequacy of the bank’s AML program – whereas the vast majority of other AML/BSA enforcement actions likewise discuss system failures, they usually also point to specific substantive violations, such as the failure to file Suspicious Activity Reports (“SARs”) regarding a particular customer or set of transactions. Second, although the use of external consultants usually represents a mitigating factor or even a potential reliance defense to financial institution defendants, the DFS turned what is typically a defense shield into a government sword and instead criticized Mashreqbank for using outside consultants who, according to DFS, were just not very rigorous. This alleged use of consultants performing superficial analysis became part of the allegations of affirmative violations against the bank, thereby underscoring how financial institutions must ensure that their AML/BSA auditors or other consultants are experienced, competent, and performing meaningful testing, particularly when addressing issues previously identified by regulators.
Continue Reading