The right stuff: whose job is it to manage regulatory risk?

Work Session The Right Stuff

1 SWIFT Operations Forum Americas - March 5, 2013

James Wills

SWIFT

Scott Kinney

OFAC

Jeremy Sausser

Wells Fargo Bank

The right stuff: Whose job is it to manage regulatory risk?

v05

Jeremy Sausser – OFAC

Scott Kinney – Wells Fargo Bank

James Wills – SWIFT

The Problem Testing Tuning Demo

3

The Problem Testing Tuning Demo

The challenge (and costs) keeps growing…

Managing Frequent OFAC Updates

Jeremy Sausser Compliance Officer

“Instead of being a secondary measure, as in the past, economic sanctions have become a centerpiece of national security policy.” - Washington Post 03/23/2011

Who is OFAC? OFAC administers and enforces economic and trade sanctions against targeted:

Foreign governments Individuals

Entities Vessels

Practices

OFAC is Not a Bank Regulator OFAC cannot mandate compliance; however We can (and do) impose penalties for violations We work with the regulators in their role of ensuring compliance by U.S. financial institutions

Jurisdiction – To Whom Does OFAC Apply?

• Individuals located anywhere in the world, doing business in the United States or through U.S. persons

• Corporations located anywhere in the world, doing business in the United States or through U.S. persons

• Transactions: – Transactions by foreign persons to the extent that they involve the United

States; – Transactions in property of a blocked person that comes within the United

States; – In limited circumstances, transactions involving controlled U.S.-origin

goods or technology.

OFAC Terminology: Blocking v. Rejecting

BLOCKING “Freezing” assets under U.S. jurisdiction Across-the-board prohibitions against transfers or transactions regarding the blocked property Title of blocked property remains with sanctioned target

REJECTING Underlying transaction that is prohibited, but contains no “blockable” interest U.S. person must simply refuse to process the transaction

Blocked & Rejected Transactions Reports

- Due within 10 days of blocking/reject

- Filling Options – Voluntary forms are available on OFAC’s website

• May be mailed or faxed to 202-622-2426

- Annual Reports of Blocked Property due by September 30

Forms can be located on OFAC’s webpage at: http://www.treasury.gov/resource-

center/sanctions/Pages/forms-index.aspx

http://www.treasury.gov/resource-center/sanctions/Pages/forms-index.aspx

OFAC Terminology: Licenses General License Specific License

Regulatory provision authorizing otherwise prohibited transactions

Written authorization from OFAC on a case-by-case basis

• No separate or written authorization necessary

• Published in the regulations, and/or issued on OFAC’s website

Issued to a specific individual or company; allows a specific activity that would otherwise be prohibited

Non-prohibited Activities

Including exempt activities

Prohibited Activities

General

Licenses

Specific Licenses

SMART SANCTIONS: Devise, Develop, Implement & Enforce

Means and Strategies Objectives

TFI Goals

Devise •Craft new authorities through:

• Executive Orders • Engagement with Congress • Inter-agency collaboration

Develop

Implement & Enforce

•Issue financial sanctions regulations •Identify sanction targets •Develop policies on licenses or exemptions

•Designate targets •Conduct outreach to foreign governments, regulators, and other persons, including banks and exporters •Issue licenses (either general or specific licenses) •Identify apparent violations and apply appropriate enforcement actions

Targeting

OFAC targets the entire network engaging in certain activities, for instance, in the WMD context, OFAC targets proliferators, their supporters and support structures, and their assets:

WMD Proliferators

Financiers Front Company Logistical Support

Support Structures

Shipping Lines & Suppliers

Organization Individual

12

Specially Designated Nationals (SDN) List

OFAC’s prohibited parties list

Over 6,000 individuals and entities identified by OFAC

Individuals, entities, vessels, banks all over the globe who are owned, controlled by, or acting

on behalf of targeted governments or groups

UPDATED FREQUENLY

Active Sanctions Programs (23)

Sanctions Programs

Balkans Iran North Korea

Belarus Iraq Sudan

Burma Lebanon Syria

Cote d’Ivoire Liberia Somalia

Cuba Libya2 Transnational Criminal Organizations

Congo Kingpin Narcotics Yemen

Diamond Trading Narcotics Trafficking Zimbabwe

Global Terrorism NPWMD

Comprehensive Sanctions Programs

• Cuba

• Iran

• Sudan

• Syria

These countries have trade

restrictions!

Limited Sanctions Programs

• Burma • North Korea

• Diamond Trading

List-Based Sanctions Programs: Regimes

• Balkans

• Belarus

• Congo

• Ivory Coast

• Iraq

•Liberia

• Libya

• Zimbabwe

List-Based Sanctions Programs: Activities

• Terrorism • Proliferation • Narcotics Trafficking • Lebanon •Yemen • Somali Piracy •Transnational Criminal Organizations

Sanctions Impact Iran – Under various Iran-related authorities, OFAC has designated over 360 individuals and entities linked to Iran’s weapons of mass destruction program, its support for terrorism, and sanctions target Iran’s energy and trade.

o As a result of U.S. sanctions and outreach: • Most foreign financial institutions have dramatically reduced their business w/ Iran. • Those foreign financial institutions that run afoul of U.S. sanctions risk having their

access to the U.S. banking system restricted or being cut off – Pursuant to CISADA, in July 2012 Treasury identified Kunlun Bank in China and

Elaf Islamic Bank in Iraq. • Reports indicate that Iranian oil-revenues have dropped by 50% translating into a

40% drop in Iran’s total revenue intake

Burma –Sanctions targeted the Burmese regime’s repression of democracy. o As Burma made progress in political reform Treasury has eased sanctions

• Sanctions no longer prohibit U.S. persons from engaging in new investment in Burma • Sanctions no longer prohibit U.S. banks from exporting financial services to Burma

Iran Transactions & Sanctions Regulations (ITSR)

• Replace the Iran Transactions Regulations • Include provisions for blocking all Iranian

Financial Institutions and the Government of Iran. (E.O. 13599)

• Contain new General Licenses and other changes

• Contain prohibitions applicable to foreign entities that are owned or controlled by U.S. persons.

But that’s not all… • Comprehensive Iran Sanctions, Accountability, and

Divestment Act of 2010 • National Defense Authorization Act for FY 2012 • Iran Threat Reduction & Syrian Human Rights Act • E.O.s 13606, 13608, 13622 and more! • Iran Freedom and Counter-Proliferation Act for

2012 • And….

Compliance Programs Risk

Assessment

Internal Controls/Due

Diligence

Testing/ Internal Audit

Training

Responsible Individuals

Enforcement

Strict Liability in a Risk-Based Environment

Enforcement Civil Penalties (Statutory Maximums): $65,000 Trading With the Enemy Act $250,000 International Emergency Economic Powers Act (or twice the value of the transaction) $1,075,000 Foreign Narcotics Kingpin Designation Act $55,000 Anti-Terrorism and Effective Death Penalty Act

Big Bank Cases - Total settlement value since 2005: over $3 billion

Enforcement How does OFAC learn about violations?

• Voluntary disclosures • Blocking and reject reports • Current investigations • On-site audits • Referrals from other agencies • Other publicly available information

INFORMATION GATHERING

Subpoena Authority (31 C.F.R. § 501.602):

• If OFAC determines that additional information regarding an apparent violation is needed, it may request further information from the Subject Person or third parties, including through an administrative subpoena.

• Every person is required to furnish under oath ... at any time as may be required ... complete information relative to any transaction ... subject to the provisions of this chapter or relative to any property in which any foreign country or any national thereof has any interest of any nature whatsoever, direct or indirect.

Your Preparation, Actions, and Responses

• Can you identify the relevant business units/employees & databases/systems that contain responsive information

• Procedures for the identification, collection, analysis, organization, & delivery of responsive documentation

• Case management system to track the status of cases – From Excel Spreadsheet to sophisticated

• Prepared to understand the underlying cause of the violation and undertake appropriate remedial action. • Confirmation of screening / audit trail • Documentation explaining the institution’s actions

2009 Enforcement Guidelines

Characteristics of the Violation - Willful or reckless - Sanctions harm - Timing of violation - Remediation - Awareness of conduct

Characteristics of the Institution - Individual characteristics - Compliance program - Cooperation with OFAC - Previous enforcement actions

- Future compliance/deterrent effect

Proportionality / Other relevant factors

Enforcement Guidelines – General Factors

A. Willful or Reckless Violation of Law

• Willfulness • Recklessness • Concealment • Pattern of Misconduct • Prior Notice • Management Involvement


B. Awareness of Conduct at Issue • Actual Knowledge

• Reason to Know

• Management Involvement

C. Harm to Sanctions Program Objectives • Economic or Other Benefit to the Sanctioned Individual, Entity, or

Country

• Implications for U.S. Policy

• License Eligibility

• Humanitarian Activity


D. Individual Characteristics

• Commercial Sophistication

• Size of Operations and Financial Condition

•Volume of Transactions

• Sanctions Violation History

Enforcement Guidelines – General Factors E. Compliance Program

• Existence and nature of OFAC compliance program

• Views of regulators

F. Remedial Response

• Steps taken • Conduct stopped?

• Compliance program implemented/improved?

• Thorough review to identify other possible violations?


G. Cooperation with OFAC

•Voluntarily Self-disclosure?

• Provide all Information?

•Other Related Violations?

• Subpoena Required?

• Prompt Response?

• Tolling Agreement?

Enforcement Guidelines – Clarification Non-VSD, but substantial cooperation…

“in cases involving substantial cooperation with OFAC but no voluntary self-disclosure… but the Subject Person provides substantial additional information regarding the apparent violation and/or other violations, the base penalty amount generally will be reduced between 25 and 40%”


H. Timing of Apparent Violation in Relation to Imposition of Sanctions I. Other Enforcement Action

J. Future Compliance/Deterrence Effect K. Other Relevant Factors on a Case-by-Case Basis

Enforcement – Action Types

No Action

Cautionary Letter

Finding of Violation

Civil Penalty

Criminal Referral

Violations may also result in: • Blocked funds & Seized Goods • License Revocation • Negative Publicity, Loss of Business

37

Base Penalty Calculation

Penalty Amounts

• The base penalty amount may be adjusted to reflect applicable General Factors.

• Neither the Base Penalty nor the Proposed Penalty will exceed the applicable statutory maximum amount.

Aggravating

Mitigating

• Each factor may be mitigating or aggravating, resulting in a lower or higher proposed penalty amount.

License Applications • Fax and email applications are generally NOT accepted.

• Please note that the Licensing Division generally does NOT

answer hypothetical questions. • OFAC Licensing: Hotline: 202-622-2480 Address: OFAC Licensing Treasury Annex Building 1500 Pennsylvania Ave, NW Washington, DC. 20220

How OFAC can help prevent violations

• OFAC provides guidance to financial institutions, importers/exporters, other industry groups, and individuals through:

Written guidance

Telephone Hotline

E-Hotline

Public Presentations

Treasury’s Website for OFAC

Contact Information

OFAC Compliance Hotline: 202-622-2490 or 1-800-540-6322

Email: [email protected]

OFAC Licensing Division 202-622-2480

OFAC Licensing Division 1500 Pennsylvania Avenue

NW - Annex Washington, DC 20220

Common Challenges in Sanctions Management SWIFT Operations Forum - Americas

March 2013

List Management Challenges

a. Ensuring that products/platforms collect required data for scanning

b. Applying the correct list(s) to particular customers/transactions in multiple jurisdictions

c. Frequency of list and program updates i. In 2012, OFAC updated its programs, on average, every 3

days ii. In 2012, there were 7 instances where OFAC updated

multiple times intra-day (includes both list and program changes)

iii. Cascades of updates, for example, when OFAC additions are picked up by HMT, then EU.

d. Overall list volume (OFAC; for example, 5074 entities, 6878 aliases, and 8918 addresses and growing)

44

List Content Challenges

a.Indirect listings (or, listings that require the institution to do additional research in order to implement) For example: i. Listing of Tidewater required research into the specific ports which

they operated (Amir Abad, Assaluye, Anzali, Bandar Abbas, BIK, Busher, Chabahar, Khark Island, Khoramshahr, Mahshahr, Neka, and, Noshahr), as well as their vessel operations in Azerbaijan and Nigeria

ii. Listings that include “all other branches or offices worldwide” iii. Companies in which a listed entity has more than 50% interest. iv. Aircraft Listings (Tip: the first part of the registration gives the

country of original registration. The current listings contain; EK (Armenia), EP (Iran), EX (Kyrgyzstan), F (France), and UR (Ukraine))

v. Listed vessels changing names, countries of registration, ownership, management (Question; Bolivia, Moldova, and Mongolia have each registered Iranian vessels at some time. What do they have in common?)

45

Iran’s Phantom Flotilla Vessels Without a Real Country

46

Vessel Name IMO Category Vessel Name IMO CategoryAttar 9074092 General Cargo HUWAYZEH 9212888 Tanker VLCCCamellia 9171462 Crude Oil Tanker JUPITER 9187631 Crude Oil TankerCARMELA 9193185 Bulk Carrier Lantana 9172040 Crude Oil TankerChastity 9386500 General Cargo Magnolia 9172052 Crude Oil TankerClove 9171450 Crude Oil Tanker Pioneer 9362073 Crude Oil TankerCompanion 9357717 Crude Oil Tanker Sattar 9040479 General CargoCourage 9357389 Crude Oil Tanker Shaadi 9405978 Bulk CarrierDaisy 9172038 Crude Oil Tanker Sinin 9274941 General CargoDAMAVAND 9218478 Tanker VLCC Sonata 9569633 Crude Oil TankerDARAB 9218492 Tanker VLCC Songbird 9569645 Crude Oil TankerDAYLAM 9218466 Tanker VLCC Sunrise 9615092 LPG TankerDELVAR 9218454 Tanker VLCC Teen 9101649 General CargoDENA 9218480 Tanker VLCC Tongham 9305219 General CargoFreedom 9357406 Crude Oil Tanker Uppercourt 9305207 General Cargo

Valor 9212917 Crude Oil Tanker


b. Inconsistent listings (across lists) i. There are 112 spelling variations in Muammar Kaddafi’s name in print media ii. The OFAC list provides 8 of them. iii. The UN sanction uses only 1 form of the name. iv. The form used in the UN sanction does not match any of the 8 in the OFAC listing.

47

Qaddafi, Muammar Al-Gathafi, Muammar al-Qadhafi, Muammar Al Qathafi, Mu'ammar Al Qathafi, Muammar El Gaddafi, Moamar El Kadhafi, Moammar El Kazzafi, Moamer El Qathafi, Mu'Ammar Gadafi, Muammar Gaddafi, Moamar Gadhafi, Mo'ammar Gathafi, Muammar Ghadafi, Muammar Ghaddafi, Muammar Ghaddafy, Muammar Gheddafi, Muammar Gheddafi, Muhammar Kadaffi, Momar Kad'afi, Muàmar al- Kaddafi, Muamar Kaddafi, Muammar Kadhafi, Moammar Kadhafi, Mouammar Kazzafi, Moammar Khadafy, Moammar Khaddafi, Muammar Moamar al-Gaddafi Moamar el Gaddafi

Moamar El Kadhafi Moamar Gaddafi Moamer El Kazzafi Mo'ammar el-Gadhafi Moammar El Kadhafi Mo'ammar Gadhafi Moammar Kadhafi Moammar Khadafy Moammar Qudhafi Muàmar al-Kad'afi Mu'amar al-Kadafi Muamar Al-Kaddafi Muamar Kaddafi Muamer Gadafi Muammar Al-Gathafi Muammar al-Khaddafi Mu'ammar al-Qadafi Mu'ammar al-Qaddafi Muammar al-Qadhafi Mu'ammar al-Qadhdhafi Muàmmar al-Qadhdhāfī Mu'ammar Al Qathafi Muammar Al Qathafi Muammar Gadafi Muammar Gaddafi Muammar Ghadafi Muammar Ghaddafi Muammar Ghaddafy Muammar Gheddafi

Muammar Kaddafi Muammar Khaddafi Mu'ammar Qadafi Muammar Qaddafi Muammar Qadhafi Mu'ammar Qadhdhafi Muammar Quathafi Mulazim Awwal Mu'ammar Muhammad Abu Minyar al-Qadhafi Qadafi, Mu'ammar Qadhafi, Muammar Qadhdhāfī, Muàmmar Qathafi, Mu'Ammar el Quathafi, Muammar Qudhafi, Moammar Moamar AI Kadafi Maummar Gaddafi Moamar Gadhafi Moamer Gaddafi Moamer Kadhafi Moamma Gaddafi Moammar Gaddafi Moammar Gadhafi Moammar Ghadafi Moammar Khadaffy Moammar Khaddafi Moammar el Gadhafi Moammer Gaddafi Mouammer al Gaddafi

Muamar Gaddafi Muammar Al Ghaddafi Muammar Al Qaddafi Muammar Al Qaddafi Muammar El Qaddafi Muammar Gadaffi Muammar Gadafy Muammar Gaddhafi Muammar Gadhafi Muammar Ghadaffi Muammar Qadthafi Muammar al Gaddafi Muammar el Gaddafy Muammar el Gaddafi Muammar el Qaddafi Muammer Gadaffi Muammer Gaddafi Mummar Gaddafi Omar Al Qathafi Omar Mouammer Al Gaddafi Omar Muammar Al Ghaddafi Omar Muammar Al Qaddafi Omar Muammar Al Qathafi Omar Muammar Gaddafi Omar Muammar Ghaddafi Omar al Ghaddafi


48

Limited overlap among lists.

Graph courtesy of Omnicision

Understanding Software Capabilities

How might your software handle the following variations on the SDN “Daytona Pools, Inc.”? Daytona Pools Daytona Pools Incorporated DaytonaPools Daytona*Pools Daytona P001s Dayton A Pools Dayton Pool Inc. Daytona Pools & Company

Do you test the match quality of your software periodically? For example, after vendor updates.

49

QUESTIONS? If any questions arise, please contact: Scott Kinney, Compliance Manager at

[email protected]

Thank you


Please provide us with your feedback!

• Kindly complete the survey form and submit upon exiting


What’s next on the agenda

SWIFT Operations Forum Americas - March 5, 2013 53

What’s next on the agenda


Lunch in Plenary


Economy & Finance

The right stuff: whose job is it to manage regulatory risk?