OFAC Compliance: How to Minimize the Threat of Costly Violations April 17, 2008 This presentation is solely for informational purposes. It is not intended to constitute legal advice or create an attorney- client relationship.
Context Tools 2
“OFAC” “Office of Foreign Assets Control,” an enforcement division of the United States Department of the Treasury OFAC’s Role Administers and enforces economic and trade sanctions against foreign governments and government officials and persons and entities identified on the SDN List as terrorists, drug traffickers, etc. SDN List “Specially Designated Nationals and Blocked Persons List”; identifies some 4,000 foreign nationals with whom transactions are prohibited; roughly 50 in U.S. OFAC does not enforce USA Patriot Act amendments to 1970 Bank Secrecy Act requiring life insurers and certain others with “stored value” (investment, cash, etc.) products to have anti-money laundering program 4
Two primary statutory bases for OFAC regs: The Trading with the Enemy Act of 1917 (“TWEA”) International Emergency Economic Powers Act of 1977 (“IEEPA”) U.S. Presidents, Kennedy (Cuba) through Clinton ([country]) declared “national emergency” in reaction from which regulations arise Courts grant OFAC broad deference Allegations of OFAC arbitrariness 5
OFAC does not enforce USA Patriot Act amendments to 1970 Bank Secrecy Act requiring life insurers and certain others with “stored value” (investment, cash, etc.) products to have anti-money laundering program 6
Apply corporate to all natural and persons subject to jurisdiction U.S. Prevent terrorists and drug traffickers from profiting through transactions with “U.S. Persons” subject to U.S. jurisdiction Objective standard: must not deal with embargoed countries, their residents or citizens or SDNs Require reinsurers to blocks assets of embargoed natural persons and entities Report to OFAC and, in general, inform person whose assets are affected 7 Applies to certain categories of “financial institutions,” including whole life insurers and others with “stored value” products, but not including reinsurers, P&C insurers Prevents terrorists and drug traffickers from profiting through money laundering activities with U.S. “financial institutions Subjective standard: totality of the circumstances and indicia of money laundering Requires companies to seize assets used as part of suspected money laundering Report suspicious activity to Treasury and do not inform suspect
Unintentional Violations: Potentially forfeit the value of the contract or payment plus pay a fine Recent increase to $250,000 per IEEPA violation, retroactively applied Mitigating Factors include: Compliance Plan (25% - 50% reduction) First offense (25% - 50% reduction) Self-reported violations (50% or greater reduction) Intentional Violations: fine double the amount of transaction, plus criminal fines and imprisonment Reputation and Reporting Risks 8
Broad Embargos CubaSudan Iran Myanmar (Burma) Limited Embargos Rough DiamondsNorth Korea Ivory Coast (Côte d’Ivoire)Syria IraqPalestinian Authority LiberiaZimbabwe SDN List “Specially Designated Nationals and Blocked Persons” List of roughly 4,000 foreign nationals – terrorists, drug traffickers and others (less than 100 known U.S. residents) 9
10
Compliance Program Company Foreign Affiliates Employees Education Systems 11
OFAC does not require a compliance program Compliance is akin to strict liability A compliance program is favorably considered as a mitigating factor 12
Designate Compliance Officer(s) Conduct risk assessment Establish systems and documentation Train personnel Audit the program 13
Legal, investigative or other relevant experience Support from senior management Access to senior management and counsel Authority and resources to implement program Consider collaboration with AML, privacy, and international compliance functions 14
Strict compliance, but with statutory objectives in mind Statutory Objectives include: Do not facilitate terrorist activity or drug trafficking Do not facilitate trade with embargoed countries, entities or individuals Pragmatic approach: allocate compliance resources to greatest exposures first and lesser exposures later This approach will not necessarily avoid violation, but mitigates risk of harm 15
Consider the nature of the transaction Could the transaction facilitate terrorist activity or drug trafficking? Sending funds to unfamiliar foreign client vs. claims payment to known U.S. client Consider the sums involved: $200 contract vs. $2,000,000 contract Not limited to insurance products Should evaluate Company’s investments and other transactions Potential focus: fund flow portals 16
Those disqualified by designation: Approximately 100 records on the SDN List have U.S. addresses: 60% full addresses Some with only name, city and state with name and country Those disqualified by status: Government officials of blocked countries primarily reside in foreign countries Nationals of blocked countries illegally in U.S. – identification issues? 17
Company’s foreign offices and operations, including employees, outsourcing contractors, vendors Clients’ foreign offices and operations Individual clients residing in foreign countries Consider country of residence and nationality 18
Compliance Alternatives include: Manual with paper lists – audit trails? Manual with automated lookup tool Automated Filters Outsourcing Compliance Requirements Comprehensive and up-to-date OFAC database Reliable, robust and rapid access to data Catch actual matches Minimize false matches 19
Suggestions for final documentation set: Summary of OFAC regulations and compliance goals Screening, due diligence, reporting and training procedures Responsibilities of involved personnel Document retention protocol Disciplinary procedures for employee and business partner non-compliance 20
Internal audit is generally sufficient Consider “Independent” internal auditor Separate audit from compliance function Auditor reports directly to senior management Consider evaluating whether appropriate program elements are in place, such as: Compliance Officer Risk assessment Systems and Documentation Training 21
New clients and business partners screened? Existing databases periodically scrubbed? Appropriate due diligence for “hits”? Assets blocked when matches are found? Timely OFAC reporting: 10 days from blocking and September 30 annual report Employees informed of program? Compliance “tested” with actual hits? 22
Foreign Parent/Subsidiary Issues Avoiding Liability for Evading and Avoiding Conflicting Foreign Laws Application to U.S. Citizens Working Abroad 23
Foreign Parent/Subsidiary Issues Avoiding Liability for Evading and Avoiding Conflicting Foreign Laws Application to U.S. Citizens Working Abroad 24
U.S. operations are subject to OFAC regulations. U.S. offices cannot originate, underwrite, participate in or supervise any transactions with US embargoed countries or persons. U.S. company’s foreign branches also subject to OFAC regulations Non-U.S. parent of company: Overseas operations, to the extent those operations do not involve U.S. offices, are not subject to OFAC regulations. 25
Is the U.S. Company’s involvement with the foreign company sufficient to constitute “control” under the U.S. embargo laws? OFAC is likely to assert that a U.S. Company is “dealing” with embargoed countries or persons, if the U.S. Company’s personnel directly supervise the foreign company’s transactions with U.S. embargoed countries or persons or provide administrative support specifically for US embargoed transactions. 26
CACRs extend to “any person subject to the jurisdiction of the United States.” “Persons subject to the jurisdiction of the United States” includes: (1)any individual or entity within the U.S.; (2)any entity organized under the laws of the U.S.; and (3)any entity, wherever organized or doing business, that is owned or controlled by individuals or entities located in or organized under the laws of the U.S. CACRs apply extraterritorially to subsidiaries of U.S. entities 27
Most other OFAC regulations extend to “U.S. Persons” “U.S. Persons” include: (1)any citizen or individual or entity within the U.S.; and (2)any entity organized under the laws of the U.S., including foreign branches CACRs apply extraterritorially only to foreign branches of U.S. entities 28
General management control over a sister company unlikely sufficient to make sister company “subject to the jurisdiction of the United States” under CACRs. But foreign sister company might be considered a “person subject to the jurisdiction of the United States” if it were “controlled” by U.S. sister Or, if U.S. sister becomes sufficiently involved in foreign sister’s transactions with embargoed countries, then OFAC may view U.S. sister’s involvement as “dealings in” transactions with the embargoed countries 29
OFAC has broad latitude in its interpretation of its embargo regulations and the prohibition on “evading or avoiding” the prohibitions set forth in the regulations. Foreign Parent must originate and implement any organizational changes necessary to ensure that U.S. Company has no actual or structural control over transactions involving US embargoed countries. OFAC could potentially assert that U.S. Company was seeking to “evade or avoid” the regulations by reorganizing its management responsibility to carve out any transactions with US embargoed countries. Sudanese regulations expressly note that no U.S. Person can change its policies or procedures, or those of an affiliate or subsidiary, in order to enable a foreign entity owned or controlled by U.S. Persons to enter into otherwise prohibited transaction. 30
Canadian law prohibits Canadian domiciled companies from acceding to demands to comply with the United States’ embargo of Cuba. EU, UK, Mexico and Argentina have similar countermeasures designed to prohibit EU, UK and Mexico domiciled companies from acceding to such demands 31
The Wal-Mart Conundrum? Or the Solution? U.S. Parent discovers Canadian Subsidiary selling pajamas made in Cuba Instructs Sub to remove from shelves Managers of Sub refuse based on Canadian Foreign Extraterritorial Measures Act and Canadian AG instructs Sub not to comply Did U.S. Parent have “control” of its Sub with respect to this transaction? 32
OFAC Sanctions Programs apply to U.S. Citizens working abroad as employees, managers, officers or directors of a Company U.S. Citizens, wherever located, can have no direct involvement in prohibited transactions 33
U.S. citizens will not be liable for the Company’s transactions with countries or persons embargoed by the U.S. if: The U.S. Citizen has no direct involvement in transactions with the embargoed country (i.e., does not vote on, approve, or otherwise become directly involved) and The Company’s transactions with embargoed countries are not a significant part of the Company’s business. 34
If the Company's transactions with embargoed countries are a significant part of the company’s business, then a U.S. Citizen’s involvement could be deemed to be direct involvement in the transactions. May become necessary to seek a specific license from OFAC for the management or board position. 35
Due Diligence OFAC Compliance Program SDN Screening systems Prior OFAC investigation/sanction history Language in contracts/agreements Warranty or Indemnity Protections Consider warranty affirming compliance with OFAC regulations 36
Consider contract wording: Minimally, include wording that all parties to the contract are in compliance with applicable law. Ideally, include more specific wording addressing compliance with TWEA, IEEPA and OFAC Regulations Potential benefits of contract wording Mitigation factor in event of violation Dialogue with business persons regarding OFAC Compliance Due diligence 37
License authorizes party to engage in otherwise prohibited transaction or activity General License Authorized under OFAC regulations, e.g., transactions with Cuban National legally residing in U.S. Specific License Issued by OFAC for specific activity, e.g., medical shipment to Iran 38
Apply to OFAC, identifying circumstances, interested parties and relevant documents After exhaustion of administrative remedies, denial of license application potentially appealable to U.S. District Court, but… OFAC has broad discretion Courts are unlikely to disturb OFAC’s decision, except in egregious circumstances 39
Source: Statement of OFAC Director, R. Richard Newcomb, before Senate Appropriations Committee Subcommittee on Treasury and General Government, May 10, 2001, U.S. Treasury Release No. PO
Sanctions now publicized on the Internet: Sanctions or proposed sanctions reported by OFAC: Major international insurer, March 2001 Cuban sanctions program Amount: Apx. $2.4 million Major Bank, May 2004 Cuban, Iranian, Libyan sanctions programs Amount: $100 million Major bank, January 2006 Iranian and former Libyan sanctions programs Funds transfers involving Iranian bank Amount: $40 million 41
Pre-penalty Notice and Response: similar in some respects to complaint and answer in litigation Options Pre-penalty settlement Alleged violator pays penalty in agreed amount OFAC withdraws claim and makes no final determination of violation Potential administrative hearing on alleged violation Discovery Presentation of evidence 42
Potential claims for failure to timely perform under valid contract due to defective compliance protocol e.g., slow or inadequate due diligence in response to SDN List “hit” Potential discrimination claim if systemic defects in compliance protocol lead to defacto redlining based on surnames (But note TWEA and IEEPA immunity provisions for “good faith” efforts to comply) Potential for claims by those injured in terrorist attack facilitated by non-compliance 43
44
OFAC’s Internet Site OFAC’s Compliance Hotline (202)
Scott Ostericher Hinkhouse Williams Walsh LLP 200 East Randolph Street 24 th Floor Chicago, Illinois (d) (m) 46