Looking for Banker’s Toolbox? You are in the Right Place!

Banker’s Toolbox is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to Banker’s Toolbox Community Online.

Make yourself at home!

Looking for MainStreet Technologies? You are in the Right Place!

MainStreet Technologies is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the contact us button here, or the link in the top navigation, to reach product support for your MST products.

Make yourself at home!

Looking for Sageworks? You are in the Right Place!

Sageworks is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to your Sageworks products.

Make yourself at home!

Does Your Compliance Program Fit Within the OFAC Framework for Sanctions Compliance?

By: Terri Luttrell, CAMS-Audit

The U.S. Department of the Treasury recently published A Framework for OFAC Compliance Commitments to provide financial institutions and other organizations with OFAC’s perspective on the essential components of a sanctions program. Andrea M. Gacki, Director of the Office of Foreign Assets Control, stated that “OFAC developed this framework in our continuing effort to strengthen sanctions compliance practices across the board.”

OFAC has emphasized that a successful OFAC compliance program should be risk-based by developing a sanctions compliance program suitable for the size, risk profile, sophistication, products and services, customers, and geographic locations of the institution.

This newly published document mirrors what we know about the requirements of a sound BSA/AML program. The document highlights these five essential compliance components:

The publication also includes several root causes of recent OFAC enforcement actions in which deficiencies were identified. These include:

  • Lack of a formal OFAC Sanctions Compliance Program (SCP)
    • Although OFAC regulations do not require a formal SCP, OFAC encourages organizations to adopt a formal SCP, particularly if the organization engages in international trade or has clients located outside of the United States. Such guidance suggests that it would be prudent for financial institutions to have a Board approved SCP, as outlined in the FFIEC Exam Manual as being sound business practice.
  • Misinterpreting or not understanding OFAC’s regulations
    • Several organizations have committed sanctions violations simply by misinterpreting OFAC’s regulations. While many of the sanction programs can be complex, it is still the responsibility of each organization to know and understand the regulations. A financial institution’s OFAC Officer must be qualified to make important OFAC determinations regarding certain transactions. If your institution would like assistance with questions concerning certain transactions or your OFAC program in general, you may contact OFAC directly with the information provided here.
  • Facilitating transactions by non-U.S. persons (including through or by overseas subsidiaries or affiliates)
    • Many organizations have engaged in transactions that violated OFAC’s regulations by facilitating dealings between their organization’s non-U.S. locations and OFAC-sanctioned countries, regions, or persons. The root cause of these enforcement actions was due to the misinterpretation of OFAC regulations.
  • Exporting or re-exporting U.S.-origin goods, technology or services to OFAC sanctioned persons or countries
    • Non-U.S. persons have repeatedly purchased U.S. goods with the intention of exporting to a region covered by OFAC sanctions. Many of these organizations ignored warning signs that violations will be made if the transactions are conducted with the sanctioned countries.
  • Using the U.S. financial system or processing payments to or through U.S. financial institutions for commercial transactions involving OFAC-sanctioned persons or countries
    • Many non-U.S. persons have conducted sanctioned transactions by masking their identity which in turn end up in U.S. financial institutions. OFAC has generally posed enforcement actions on the individuals, unless a U.S. financial institution has failed to detect based on faulty procedures or willful blindness.
  • Sanctions screening software or filter faults
    • Some organizations have failed to update their sanctions screening software to incorporate updates to the SDN Lists or failed to include identifiers such as SWIFT Codes. In addition, some did not account for alternative spellings of prohibited countries or parties (i.e., Habana instead of Havana, Kuba instead of Cuba, Soudan instead of Sudan, etc.).
  • Improper due diligence on customers/clients (e.g., ownership, business dealings, etc.)
    • One of the cornerstones of an effective SCP is conducting customer due diligence. Various actions taken by OFAC involved improper or incomplete due diligence, such as ownership, geographic location(s), counterparties, and transactions.
  • De-centralized compliance functions and inconsistent application of an SCP
    • Several organizations have committed violations due to a de-centralized SCP, often with personnel and decision-makers scattered in various offices or business units. This has led to a lack of escalation processes and inefficient policies, procedures, and oversights functions.
  • Using non-standard payment or commercial practices
    • In many instances, organizations attempting to evade or circumvent OFAC sanctions or conceal their activity will implement non-traditional business methods in order to complete their transactions.
  • Individual liability
  • Several violations have occurred due to individual employees, usually in managerial or executive level positions, who have played integral roles in causing OFAC violations. In these cases, OFAC will consider posing enforcement actions against the individual rather than the organization.

Financial institutions have the tools needed to ensure a sound OFAC Compliance Program thanks to this new guidance. With the use of the FFIEC Exam manual coupled with OFACs input and root cause analysis, each financial institution should be able to develop a risk-based program sure to pass OFAC’s scrutiny. A strong culture of compliance is essential to both your OFAC and AML programs, from the top, to the middle, and all the way to the front line. There is no excuse not to be ready.

If you feel your institution is not ready or needs help bringing your compliance program up to speed, contact our Advisory Services team. They are experienced BSA professionals who can help ensure your compliance program fully complies with the OFAC standards.

About the Author

Terri Luttrell, CAMS-Audit

Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size. She has successfully worked with institutions in developing BSA/OFAC programs, optimizing various automated solutions, and streamlining processes while ensuring all regulatory requirements are met. As the Senior Manager of Strategy and Engagement at Abrigo, Terri provides insights that contribute and support long-term banking strategies based on analysis of market and industry trends, competitor developments, and financial and regulatory technology changes. She is an audit-certified anti-money laundering specialist and a board member of the Central Texas chapter of the Association of Certified Anti-Money Laundering Specialists (ACAMS). Terri earned her bachelor’s degree in business administration, specializing in business and finance, from the University of North Texas.

Full Bio

About Abrigo

Abrigo is a leading technology provider of compliance, credit risk, and lending solutions that community financial institutions use to manage risk and drive growth. Our software automates key processes — from anti-money laundering to fraud detection to lending solutions — empowering our customers by addressing their Enterprise Risk Management needs.

Make Big Things Happen.