OFAC Compliance How to Minimize

Document Sample
OFAC Compliance How to Minimize Powered By Docstoc
					OFAC Compliance: How to
 Minimize the Threat of
   Costly Violations
                  April 17, 2008

      This presentation is solely for informational
       purposes. It is not intended to constitute
           legal advice or create an attorney-
                   client relationship.
 Context
 Tools

 “OFAC”
  “Office of Foreign Assets Control,” an enforcement
    division of the United States Department of the
 OFAC’s Role
  Administers and enforces economic and trade sanctions
    against foreign governments and government officials
    and persons and entities identified on the SDN List as
    terrorists, drug traffickers, etc.
 SDN List
  “Specially Designated Nationals and Blocked
    Persons List”; identifies some 4,000 foreign
    nationals with whom transactions are
    prohibited; roughly 50 in U.S.
   OFAC does not enforce USA Patriot Act amendments
    to 1970 Bank Secrecy Act requiring life insurers and
    certain others with “stored value” (investment, cash,
    etc.) products to have anti-money laundering program
 Two primary statutory bases for OFAC regs:
   The Trading with the Enemy Act of 1917 (“TWEA”)
   International Emergency Economic Powers
    Act of 1977 (“IEEPA”)
 U.S. Presidents, Kennedy (Cuba) through
  Clinton ([country]) declared “national
  emergency” in reaction from which
  regulations arise
 Courts grant OFAC broad deference
 Allegations of OFAC arbitrariness
 OFAC does not enforce USA Patriot Act
  amendments to 1970 Bank Secrecy Act
  requiring life insurers and certain others with
  “stored value” (investment, cash, etc.) products
  to have anti-money laundering program

• Apply corporate to all          • Applies to certain categories of
  natural and persons subject       “financial institutions,” including
  to jurisdiction U.S.              whole life insurers and others with
• Prevent terrorists and drug       “stored value” products, but not
  traffickers from profiting        including reinsurers, P&C insurers
  through transactions with       • Prevents terrorists and drug
  “U.S. Persons” subject to         traffickers from profiting through
  U.S. jurisdiction                 money laundering activities with
• Objective standard: must          U.S. “financial institutions
  not deal with embargoed         • Subjective standard: totality of the
  countries, their residents or     circumstances and indicia of money
  citizens or SDNs                  laundering
• Require reinsurers to blocks    • Requires companies to seize assets
  assets of embargoed               used as part of suspected money
  natural persons and entities      laundering
• Report to OFAC and, in          • Report suspicious activity to
  general, inform person            Treasury and do not inform suspect
  whose assets are affected

 Unintentional Violations:
    Potentially forfeit the value of the contract or payment plus
     pay a fine
    Recent increase to $250,000 per IEEPA violation,
     retroactively applied
    Mitigating Factors include:
       Compliance Plan (25% - 50% reduction)
       First offense (25% - 50% reduction)
       Self-reported violations (50% or greater reduction)
 Intentional Violations: fine double the amount of
  transaction, plus criminal fines and imprisonment
 Reputation and Reporting Risks

 Broad Embargos
   Cuba                           Sudan
   Myanmar (Burma)

 Limited Embargos
   Rough Diamonds                 North Korea
   Ivory Coast (Côte d’Ivoire)    Syria
   Iraq                           Palestinian Authority
   Liberia                        Zimbabwe

 SDN List
   “Specially Designated Nationals and Blocked Persons” List of
     roughly 4,000 foreign nationals – terrorists, drug traffickers and
     others (less than 100 known U.S. residents)

 Compliance Program
   Company
   Foreign Affiliates
   Employees
 Education
 Systems

 OFAC does not require a compliance program
 Compliance is akin to strict liability
 A compliance program is favorably
  considered as a mitigating factor

   Designate Compliance Officer(s)
   Conduct risk assessment
   Establish systems and documentation
   Train personnel
   Audit the program

 Legal, investigative or other relevant
 Support from senior management
 Access to senior management and counsel
 Authority and resources to implement
 Consider collaboration with AML, privacy,
  and international compliance

 Strict compliance, but with statutory objectives
  in mind
 Statutory Objectives include:
    Do not facilitate terrorist activity or drug trafficking
    Do not facilitate trade with embargoed countries,
     entities or individuals
 Pragmatic approach: allocate compliance
  resources to greatest exposures first and
  lesser exposures later
 This approach will not necessarily avoid
  violation, but mitigates risk of harm
 Consider the nature of the transaction
   Could the transaction facilitate terrorist activity or
    drug trafficking?
   Sending funds to unfamiliar foreign client vs.
    claims payment to known U.S. client
 Consider the sums involved:
   $200 contract vs. $2,000,000 contract
 Not limited to insurance products
   Should evaluate Company’s investments and
    other transactions
   Potential focus: fund flow portals
 Those disqualified by designation:
   Approximately 100 records on the SDN List have
    U.S. addresses:
      60% full addresses
      Some with only name, city and state
      with name and country
 Those disqualified by status:
   Government officials of blocked countries
    primarily reside in foreign countries
   Nationals of blocked countries illegally in
    U.S. – identification issues?

 Company’s foreign offices and operations,
  including employees, outsourcing contractors,
 Clients’ foreign offices and operations
 Individual clients residing in foreign
   Consider country of residence and nationality

 Compliance Alternatives include:
     Manual with paper lists – audit trails?
     Manual with automated lookup tool
     Automated Filters
     Outsourcing
 Compliance Requirements
   Comprehensive and up-to-date OFAC database
   Reliable, robust and rapid access to data
        Catch actual matches
        Minimize false matches

 Suggestions for final documentation set:
   Summary of OFAC regulations and compliance
   Screening, due diligence, reporting and training
   Responsibilities of involved personnel
   Document retention protocol
   Disciplinary procedures for employee and
    business partner non-compliance

 Internal audit is generally sufficient
 Consider “Independent” internal auditor
   Separate audit from compliance function
   Auditor reports directly to senior management
 Consider evaluating whether appropriate
  program elements are in place, such as:
     Compliance Officer
     Risk assessment
     Systems and Documentation
     Training

 New clients and business partners screened?
 Existing databases periodically scrubbed?
 Appropriate due diligence for “hits”?
 Assets blocked when matches are found?
 Timely OFAC reporting: 10 days from
  blocking and September 30 annual report
 Employees informed of program?
 Compliance “tested” with actual hits?

   Foreign Parent/Subsidiary Issues
   Avoiding Liability for Evading and Avoiding
   Conflicting Foreign Laws
   Application to U.S. Citizens Working Abroad

   Foreign Parent/Subsidiary Issues
   Avoiding Liability for Evading and Avoiding
   Conflicting Foreign Laws
   Application to U.S. Citizens Working Abroad

 U.S. operations are subject to OFAC regulations.
 U.S. offices cannot originate, underwrite,
  participate in or supervise any transactions with
  US embargoed countries or persons.
 U.S. company’s foreign branches also subject to
  OFAC regulations
 Non-U.S. parent of company: Overseas
  operations, to the extent those operations do not
  involve U.S. offices, are not subject to OFAC

 Is the U.S. Company’s involvement with the
  foreign company sufficient to constitute
  “control” under the U.S. embargo laws?
 OFAC is likely to assert that a U.S. Company
  is “dealing” with embargoed countries or
  persons, if the U.S. Company’s personnel
  directly supervise the foreign company’s
  transactions with U.S. embargoed countries
  or persons or provide administrative support
  specifically for US embargoed transactions.

   CACRs extend to “any person subject to the
    jurisdiction of the United States.”
   “Persons subject to the jurisdiction of the United
    States” includes:
    (1) any individual or entity within the U.S.;
    (2) any entity organized under the laws of the U.S.; and
    (3) any entity, wherever organized or doing business,
        that is owned or controlled by individuals or entities
        located in or organized under the laws of the U.S.
   CACRs apply extraterritorially to subsidiaries of
    U.S. entities

   Most other OFAC regulations extend to
    “U.S. Persons”
   “U.S. Persons” include:
    (1) any citizen or individual or entity within the U.S.;
    (2) any entity organized under the laws of the U.S.,
        including foreign branches
   CACRs apply extraterritorially only to foreign
    branches of U.S. entities

 General management control over a sister
  company unlikely sufficient to make sister
  company “subject to the jurisdiction of the United
  States” under CACRs.
 But foreign sister company might be considered
  a “person subject to the jurisdiction of the United
  States” if it were “controlled” by U.S. sister
 Or, if U.S. sister becomes sufficiently involved in
  foreign sister’s transactions with embargoed
  countries, then OFAC may view U.S. sister’s
  involvement as “dealings in” transactions with the
  embargoed countries

 OFAC has broad latitude in its interpretation of its embargo
  regulations and the prohibition on “evading or avoiding” the
  prohibitions set forth in the regulations.
 Foreign Parent must originate and implement any organizational
  changes necessary to ensure that U.S. Company has no actual or
  structural control over transactions involving US embargoed
 OFAC could potentially assert that U.S. Company was seeking to
  “evade or avoid” the regulations by reorganizing its management
  responsibility to carve out any transactions with US embargoed
    Sudanese regulations expressly note that no U.S. Person can
      change its policies or procedures, or those of an affiliate or
      subsidiary, in order to enable a foreign entity owned or
      controlled by U.S. Persons to enter into otherwise prohibited

 Canadian law prohibits Canadian domiciled
  companies from acceding to demands to
  comply with the United States’ embargo of
 EU, UK, Mexico and Argentina have similar
  countermeasures designed to prohibit EU,
  UK and Mexico domiciled companies from
  acceding to such demands

 The Wal-Mart Conundrum? Or the Solution?
   U.S. Parent discovers Canadian Subsidiary selling
    pajamas made in Cuba
   Instructs Sub to remove from shelves
   Managers of Sub refuse based on Canadian
    Foreign Extraterritorial Measures Act and
    Canadian AG instructs Sub not to comply
   Did U.S. Parent have “control” of its Sub with
    respect to this transaction?

 OFAC Sanctions Programs apply to U.S.
  Citizens working abroad as employees,
  managers, officers or directors of a Company
 U.S. Citizens, wherever located, can have no
  direct involvement in prohibited transactions

 U.S. citizens will not be liable for the
  Company’s transactions with countries or
  persons embargoed by the U.S. if:
   The U.S. Citizen has no direct involvement in
    transactions with the embargoed country (i.e.,
    does not vote on, approve, or otherwise become
    directly involved) and
   The Company’s transactions with embargoed
    countries are not a significant part of the
    Company’s business.

 If   the    Company's     transactions   with
  embargoed countries are a significant part of
  the company’s business, then a U.S. Citizen’s
  involvement could be deemed to be direct
  involvement in the transactions.
 May become necessary to seek a specific
  license from OFAC for the management or
  board position.

 Due Diligence
     OFAC Compliance Program
     SDN Screening systems
     Prior OFAC investigation/sanction history
     Language in contracts/agreements
 Warranty or Indemnity Protections
   Consider warranty affirming compliance with
    OFAC regulations

 Consider contract wording:
   Minimally, include wording that all parties to the
    contract are in compliance with applicable law.
   Ideally, include more specific wording addressing
    compliance with TWEA, IEEPA and OFAC
 Potential benefits of contract wording
   Mitigation factor in event of violation
   Dialogue with business persons regarding OFAC
   Due diligence

 License authorizes party to engage in
  otherwise prohibited transaction or activity
 General License
    Authorized under OFAC regulations, e.g.,
     transactions with Cuban National legally residing
     in U.S.
 Specific License
    Issued by OFAC for specific activity, e.g.,
     medical shipment to Iran

 Apply to OFAC, identifying circumstances,
  interested parties and relevant documents
 After exhaustion of administrative remedies,
  denial of license application potentially
  appealable to U.S. District Court, but…
   OFAC has broad discretion
   Courts are unlikely to disturb OFAC’s decision,
    except in egregious circumstances

Source: Statement of OFAC Director, R. Richard Newcomb,
   before Senate Appropriations Committee Subcommittee
   on Treasury and General Government, May 10, 2001,      40
   U.S. Treasury Release No. PO-370
 Sanctions now publicized on the Internet:

 Sanctions or proposed sanctions reported by OFAC:
    Major international insurer, March 2001
        Cuban sanctions program
        Amount: Apx. $2.4 million
    Major Bank, May 2004
        Cuban, Iranian, Libyan sanctions programs
        Amount: $100 million
    Major bank, January 2006
        Iranian and former Libyan sanctions programs
        Funds transfers involving Iranian bank
        Amount: $40 million

 Pre-penalty Notice and Response: similar in
  some respects to complaint and answer in
 Options
  • Pre-penalty settlement
      Alleged violator pays penalty in agreed amount
      OFAC withdraws claim and makes no final determination
       of violation
  • Potential administrative hearing on alleged
      Discovery
      Presentation of evidence

 Potential claims for failure to timely perform under
  valid contract due to defective compliance protocol
  e.g., slow or inadequate due diligence in response to
  SDN List “hit”
 Potential discrimination claim if systemic defects in
  compliance protocol lead to defacto redlining based
  on surnames (But note TWEA and IEEPA immunity
  provisions for “good faith” efforts to comply)
 Potential for claims by those injured in terrorist
  attack facilitated by non-compliance

 OFAC’s Internet Site
   http://www.ustreas.gov/ofac
 OFAC’s Compliance Hotline
   (202) 622-2490

       Scott Ostericher
Hinkhouse Williams Walsh LLP
   200 East Randolph Street
          24th Floor
    Chicago, Illinois 60601
       312.729.1569 (d)
        312-505-3147 (m)