Two recent OFAC enforcement actions highlight real-world challenges that financial institutions and other companies may face in their efforts to implement an effective sanctions compliance program.

First, OFAC announced on July 15 that a U.S. credit card services provider had agreed to pay $430,500 to settle apparent violations of the Foreign Narcotics Kingpin Sanctions Regulations. The settlement arose from 214 transactions totaling $155,189 that allegedly involved an individual who had been issued a supplemental credit card and was later named on OFAC's Specially Designated Nationals and Blocked Persons List (the "SDN List"). According to OFAC, the apparent violations were the result of a series of human errors and compliance program flaws, including: (i) erroneous closure of a "high confidence" alert in May 2018, which permitted the sanctioned individual to continue using the supplemental card on the account; (ii) improper removal of an account suspension by a customer service representative, one day after it was implemented on June 27, 2018; and (iii) a subsequent error by the firm's anti-money laundering team, which caught the customer service representative's mistake but then applied an incorrect suspension code to the account. As a result of using the incorrect code, seven additional transactions were processed in apparent violation of sanctions before the account was finally closed on July 6, 2018.

Second, OFAC issued a finding of violation in connection with 34 transactions totaling $604,000 processed by a U.S. bank on behalf of two individuals sanctioned under the Weapons of Mass Destruction Proliferators Sanctions Regulations. In its Enforcement Release, OFAC explained that the transactions were allowed to take place because the bank mistakenly understood that its third-party sanctions screening service provider was screening all of the bank's existing customer base against changes to the SDN List on a daily basis. In fact, screening was conducted for most customers monthly; only new customers, as well as existing customers with certain account changes, were screened daily. Accordingly, the bank did not learn of the two individuals' sanctions designation status until 14 days after their addition to the SDN List on September 21, 2020.

These enforcement actions underscore that effective compliance requires a long-term commitment to excellence − for example, through proper employee training and oversight. In addition, compliance procedures and systems – including those that are outsourced to third parties – should receive close, careful attention to ensure that any gaps are identified and addressed.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.