On January 12, 2006, the Office of Foreign Assets Control (OFAC) issued an interim final rule (Interim Rule) to describe economic sanctions enforcement procedures for banking institutions. The Interim Rule, which applies to "banking institutions," which are depository institutions supervised or regulated by a federal banking regulator, provides a general explanation of the procedures that OFAC will follow with respect to economic sanctions violations. The Interim Rule addresses issues such as the circumstances under which OFAC will provide a depository institution an opportunity to respond to an alleged violation and the factors that OFAC will consider in deciding its course of action. One such factor is the "quality and effectiveness of the banking institution’s overall OFAC compliance program." The Interim Rule also includes two annexes. Annex A is a chart that lists different factors that indicate a low-, moderate- or high-risk for purposes of developing or assessing an OFAC compliance program. In part,Annex A is extracted from the FFIEC Bank Secrecy Act Anti-Money Laundering Examination Manual (BSA/AML Exam Manual). Annex B describes the components of a sound OFAC compliance program. It is not extracted from the BSA/AML Examination Manual. This Financial Institutions Update focuses on Annex B, which banking institutions may wish to use as a guide for assessing the adequacy of their OFAC compliance programs.

Components of a Sound OFAC Compliance Program

Annex B of the Interim Rule describes the following five areas that a sound OFAC compliance program will address.

Risk Assessment. Banking institutions should assess and identify which product lines present the most risk for OFAC compliance. The Interim Rule provides the following examples of areas that should be included in the risk assessment: retail operations, loans and other extensions of credit, funds transfers, trust, private and correspondent banking, international, foreign offices, over-the counter derivatives, internet banking, safe deposit, payable through accounts,money services businesses, and merchant credit card processing.

Internal Controls. Banking institutions should have internal controls for identifying suspicious accounts and transactions and reporting to OFAC. These internal controls should include:

  • Policies and procedures on OFAC screening of new accounts, established accounts and transactions
  • Procedures to ensure that sanctions information and OFAC lists used in the compliance program and are always current
  • Procedures to ensure that transactions are properly blocked or rejected and then reported to OFAC
  • Proper accounting and tracking of all blocked funds
  • Maintenance of customer’s OFAC licenses on file and procedures to obtain statements from such customers, where appropriate, regarding compliance of transaction with OFAC licenses

Testing. Banking institutions should have auditors, either internal or external, consultants or other qualified independent parties conduct an in-depth, comprehensive test of their OFAC compliance program at least once a year, unless the institution’s OFAC risk profile is very low. More frequent testing may be appropriate for banking institutions with a high OFAC risk profile. Any violations discovered during testing should be reported to OFAC and the institution’s banking regulator.

Compliance Officer. Banking institutions should designate a qualified and knowledgeable individual or individuals to be responsible for the day-to-day oversight of the OFAC compliance program and should designate at least one individual to be responsible for the oversight of blocked funds.

Training. Banking institutions should provide adequate training to appropriate employees. The scope and frequency of the training should be consistent with the OFAC risk profile and each employee’s responsibilities.

As of January 1, 2006, Sidley Austin Brown & Wood LLP changed its name to Sidley Austin LLP. In the United Kingdom and Hong Kong, the firm will be known as Sidley Austin, and in Tokyo, the firm will be known as Sidley Austin Gaikokuho Jimu Bengoshi Jimusho, in association with Nishikawa & Partners.

This article has been prepared by Sidley Austin LLP for informational purposes only and does not constitute legal advice. This information is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Readers should not act upon this without seeking professional counsel.