Your Sanctions Program is a Key Compliance Issue

The Office of Foreign Assets Control of the United States Department of the Treasury (“OFAC”), the New York State Department of Financial Services, and the Federal Reserve recently issued a series of enforcement actions against Mashreqbank PSC, Dubai, United Arab Emirates. The action all related to failures by the Bank to comply with certain sanction programs. John and Elliot discuss the orders, the specific violations, and the overall usefulness of enforcement actions.            

Your Sanctions Program is a Key Compliance Issue TRANSCRIPT

Elliot Berman: Hi, John, how are you today?

John Byrne: Hi, Elliot. I'm doing fine yourself.

Elliot Berman: Ah, I'm okay. I'm okay. We have a rainy fall day here, but that's okay. We've had a beautiful stretch of weather, so you've got to get a little rain too.

John Byrne: Well, I'll be in your backyard next week. So that's true.

Elliot Berman: So what would you like to talk about?

John Byrne: Well, you know, one of the things that we've talked about offline being in the AML space, dealing with sanctions issue sort of came late to us. Not that we didn't think it was important, but it wasn't seen as part of the sort of compliance regimen, if you will. But that obviously has changed for a number of years.

And what I thought was interesting because it really references both compliance and multiple agency enforcement actions is the recent action against what I'm going to say is, the name of the bank is Mashreqbank. This was a settlement done with the New York State Department Financial Services, the fed, and OFAC on a series of violations to Sudanese sanctions, which actually no longer are in place.

So I thought that was an interesting series of facts in this particular enforcement.

Elliot Berman: Yes, I saw that. It was interesting. The critical time period that they looked at was 2005 to 2009. So we're talking about, quite a while ago that was still turning through, which leads me to believe that there were some other things going on, and this had been hanging around to be used if needed.

John Byrne: Right. Part of the issue was that the payment message, well, I guess it was a London branch number one, and they had over 1700 payments going through institutions in the US, and that was obviously a violation of the Sudanese sanctions. They say in the OFAC enforcement action, they said, because the payment messages were sent to the US institutions, but they didn't include the originating Sudanese bank. Mashreq correspondence couldn't intersect the payment. So obviously, that was part of the problem. So they looked at a series of issues, you're right. It goes back to that many years, series of aggravating factors and mitigating factors.

[A] pretty short statement from OFAC is three pages, but I think it does give you some insight into, you know, both what can help you with a case. And part of the mitigating factor is cooperation. We've known that for a long time, but part of the aggravation obviously is. That at least according to the enforcement action.

And this has been agreed to by the bank. Some senior-level branch employees had actual knowledge of the conduct giving rise to the violations, which is obviously pretty important to note.

Elliot Berman: Yes. In terms of their, settlement. Well, I shouldn't say exactly settlement, but the Fed order is a cease and desist, pursuant to a consent order. There is on a looking forward basis; there are commitments to do a number of things in terms of US law compliance program. In the next 90 days, they have to submit an acceptable program. They have to be subject to an annual part of the assessment—a lot of things we've seen in other orders where compliance has failed.

But, again, this is all of the stuff in the federal order [that] is really about OFAC compliance. There isn't anything about, you know, what you, what you think of as sort of the standard, five-pillar compliance program. This is all focused on the sanctions component.

John Byrne: Right. To your point, this investigation started in 2015. And the reason for the mitigation is the series of things that were done before that. Highlighted is increasing their compliance function staff by over 400%, they closed all the US dollar accounts way back in 2009, they established a requirement organization-wide for originating bank.

And customer information to be included in those payment messages. And I think that's [a] good transition from manual screening to automated. And I thought this was interesting. They retained a law firm back in 2014 to conduct an OFAC risk assessment gap analysis. So they clearly did a lot of things. To use their words to mitigate, but to obviously fix the problem.

And those are clear considerations that OFAC and the other agencies involved; New York State Department was part of this as well. Look at, in terms of making a decision on the ultimate fine and penalty.

Elliot Berman: Yeah. You had mentioned earlier the fact that there were employees who were aware of the misconduct.

They also make a commitment in the consent order to not employ any of those people in the future directly or indirectly, any of those folks who were involved and were aware of it. Also, to fully cooperate, with, any future efforts by the regulators to pursue the individual employees.

As we know, in egregious cases, the regulators will often seek an order that says that those folks can no longer work for an insured depository institution in the United States. So there's certainly plenty of hinting here that there's more to come for those individuals beyond what's happened with the institution.

John Byrne: Which, in my mind, that should definitely happen given that they had actual knowledge.

So the last thing I mentioned very, very quickly. OFAC does reference their 2019 framework on compliance, that I know all you know. OFAC practitioners have been looking very carefully at utilizing for training purposes. So the fact that this is highlighted again in this action, I think it's always good to remind our colleagues.

If you haven't already looked at the framework and done a gap analysis [for] your own institution or your clients, this is a good time to do that.

Elliot Berman: Right. As you have said many, many times, the value of these types of public orders for those people who are not the targets of them is it's a chance to just do a quick gap analysis or, you know, take a look and go, hmm. Could we have those problems? And if so, you know, dispatch people to figure out if you do. Okay, so I'll do the shameless plug, and then you can do another shameless plug, and then I'm going to do our calendar. So first shameless plug, if you like this, we do it most weeks and, we do a lot of other great content.

You can find all the podcasts on Spotify [and] Apple Podcast or wherever you get your podcasts. So, please stay with us. And if you've got topics or things that you're interested in, that we could produce content on, certainly feel free to reach out to John or me. And we'll, certainly, take a look at that.

John Byrne: Right. Next week, on 16th on Tuesday, we're going to be having a webinar. We think it's going to be the first of its kind, certainly in our space for quite a while, or if at all, and that's having law enforcement and the financial sector, talk to us about how both sides can improve their investigative abilities by working together and what some of those issues are.

So, Criminal Investigations for FIS: A how-to for law enforcement and the financial sector on November 16th.

Elliot Berman: You can register by going to our website, and the calendar item is John; and I will be with you next week on the 19th, but we are going to take a long Thanksgiving holiday. So we're going to be off on the 26th.

There will not be an episode on the 26th, but we'll be back with you then on December 3rd. So everybody, have a great weekend. John, you stay healthy and, I'll see you here in Milwaukee next week. Sounds good.

John Byrne: Take care. Stay safe.

Elliot Berman: Bye-bye.