Bank’s Misunderstanding of Vendor Screening Led to Sanctions Violations, OFAC Says
MidFirst Bank violated the U.S. Weapons of Mass Destruction Proliferators Sanctions Regulations when it processed payments for two sanctioned people after they were designated by the Office of Foreign Assets Control, OFAC said in a July 21 enforcement notice. OFAC said the bank, headquartered in Oklahoma City, maintained accounts for the people and processed 34 of their payments in the two weeks after they were added to the Specially Designated Nationals List.
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
OFAC didn’t fine the bank and instead issued a “finding of violation” due to several mitigating factors, including the fact that the violations occurred within two weeks of the designations, and 98% of the value associated with the violations were for transactions that occurred within hours of the designations. The agency also said the bank had compliance procedures but misunderstood how frequently its vendor screened new names that were added to the SDN List against its existing customer base.
The violations began in September 2020, when MidFirst processed five transactions totaling $604,000 for accounts held by people who had been sanctioned by OFAC just hours earlier. MidFirst processed the 29 additional transactions over the next two weeks, which totaled nearly $10,000.
MidFirst told OFAC that it hadn’t been alerted to the sanctions until it was notified by its sanctions screening vendor on October 5, 2020, 14 days after their addition, the agency said. OFAC said the bank then “promptly” blocked the accounts.
Although MidFirst’s vendor conducted daily screenings of new and existing customers with certain “account changes” -- such as changes to a customer’s name or address -- the vendor only screened MidFirst’s entire customer base once a month, OFAC said. The agency said MidFirst “misunderstood” the scope of its contract with the vendor and “mistakenly” believed the daily screenings “would screen its entire customer base against additions and changes to the SDN List.” Depending on the timing of additions to the SDN List, MidFirst could be unaware for up to 30 days that it held the account of a blocked person on its books, OFAC said.
Although it didn’t issue a penalty, OFAC pointed to several aggravating factors, including the fact that the bank had reason to know that it maintained the accounts for blocked persons and that its vendor was not screening its entire accounts daily against changes to the SDN List. OFAC also said the two weeks of post-designation transactions could have “aided asset flight” for the sanctioned people.
OFAC also pointed to several mitigating factors, including the fact that the sanctions harm caused by the violations was “substantially less than the face amount of the violations,” mostly because two of the largest transactions were “internal book transfers” between one of the blocked person’s accounts. The agency also said the vendor began re-screening existing accounts more frequently after discovering the violations, and MidFirst implemented a “manual process” to be alerted to all OFAC list updates. The bank also cooperated with OFAC’s investigation and hadn’t received a penalty notice or finding of violation in the previous five years.
OFAC said the case “reaffirms” that financial institutions should take a “risk-based approach to sanctions compliance.” They should also make sure they understand the “scope and capabilities” of third-party sanctions compliance services to make sure they are “consistent with the financial institution’s assessment of its exposure to sanctions risks.” MidFirst couldn’t be reached for comment.