Tag: office of foreign asset control

What Can We Learn From OFAC Enforcement Actions?

The Office of Foreign Assets Control (OFAC) has closed eight enforcement actions so far in 2023. These enforcement actions targeted companies, financial institutions, and individuals in the United States and abroad, and they resulted in more than $550 million in settlements.

What can other companies, financial institutions, and individuals learn from these enforcement actions? OFAC publishes Enforcement Releases on its website, and these releases provide some notable insights into OFAC’s sanctions enforcement tactics and priorities. By understanding these tactics and priorities, potential targets of OFAC enforcement actions can take strategic steps to bolster their sanctions compliance programs and efforts and reduce their risk of facing OFAC scrutiny.
Notably, all eight of OFAC’s enforcement actions so far in 2023 resulted in settlements with the target. As discussed further below, the majority of these enforcement actions also resulted from voluntary self-disclosures—so it makes sense that the companies and financial institutions involved were interested in settling. There are several other notable consistencies among OFAC’s 2023 enforcement actions as well.

OFAC Enforcement Actions in 2023

Here is a brief summary of each of OFAC’s enforcement actions so far in 2023:

1. Godfrey Phillips India Limited

Statutory Maximum Civil Monetary Penalty (CMP): $1.78 million

Base Penalty Amount: $475,000 (non-egregious violation, no voluntary self-
disclosure)
Settlement Amount: $332,500

Godfrey Phillips India Limited (GPI) faced an enforcement action related to its use of U.S. financial institutions to process transactions for exporting tobacco to North Korea. According to OFAC, GPI “relied on several third-country intermediary parties to receive payment, which obscured the nexus to the DPRK and caused U.S. financial institutions to process these transactions.”

In agreeing to a $332,500 settlement with GPI, OFAC considered the following
aggravating factors under its Economic Sanctions Enforcement Guidelines:

  •  GPI acted “recklessly” and exercised a “minimal degree of caution or care for U.S. sanctions laws and regulations.”
  • Several company managers had actual knowledge that the conduct at issue “concerned the exportation of tobacco to [North Korea].”
  •  The company’s actions harmed U.S. foreign policy objectives “by providing a sought-after, revenue-generating good to the North Korean regime.”

    Mitigating factors in this case included:

  • GPI had not received a Penalty Notice or Finding of Violation from OFAC in the previous five years.
  •  GPI took remedial measures upon learning of the apparent violations, including implementing new know-your customer measures and recordkeeping requirements.
  •   GPI cooperated with OFAC during its investigation.

2. Wells Fargo Bank, N.A.

Statutory Maximum CMP: $1.066 billion

Base Penalty Amount: $533,369,211 (egregious violation, voluntary self-disclosure)

Settlement Amount: $30 million

Wells Fargo Bank, N.A. faced an enforcement action related to its predecessor Wachovia Bank’s decision to provide software to a foreign bank that used the software to process trade-finance transactions with sanctioned nations and entities. While noting multiple failures by the bank (including its failure to identify the issue for seven years “despite concerns raised internally within Wells Fargo on multiple occasions”), OFAC agreed to settle Wells Fargo’s potential half-billion-dollar liability for $30 million. Aggravating factors in this case included:

  •  Reckless disregard for U.S. sanctions requirements and failure to exercise a minimal degree of caution or care.
  • The fact that senior management “should reasonably have known” that the software was being used for transactions with sanctioned jurisdictions and entities.
  • Wells Fargo undermined the policy of OFAC’s sanctions programs for Iran, Sudan, and Syria by providing the software platform.

Mitigating factors in this case included:

  • Wells Fargo had a strong sanctions compliance program at the time of the apparent violations.
  • The “true magnitude of the sanctions harm underlying the conduct” is less than the total value of the transactions conducted using the software platform.
  • Wells Fargo had not received a Penalty Notice or Finding of Violation from OFAC in the previous five years and remediated the compliance issue immediately.

3. Uphold HQ Inc.

Statutory Maximum CMP: $44,468,494

Base Penalty Amount: $90,288 (non-egregious violation, voluntary self-disclosure)

Settlement Amount: $72,230

Uphold HQ Inc., a California-based money services business, faced an enforcement action related to its processing of transactions for customers who self-identified as being located in Iran or Cuba or as employees of the Government of Venezuela. The 152 transactions at issue involved a total value of $180,575. Aggravating factors in this case included:

  •  Failure to exercise due caution or care when conducting due diligence on customers who provided information indicating sanctions risks.
  • Uphold had reason to know that it was processing payments for customers in Iran and Cuba and who were employees of the Venezuelan government.

Mitigating factors in this case included:

  •  Uphold had not received a Penalty Notice or Finding of Violation from OFAC in the previous five years.
  • Uphold cooperated with OFAC’s investigation.
  •  Uphold undertook “numerous” remedial measures in response to OFAC’s investigation.

4. Microsoft Corporation

 
Statutory Maximum CMP: $404.6 million

Base Penalty Amount: $5.96 million (non-egregious violation, voluntary self-disclosure)

Settlement Amount: $2.98 million

Microsoft Corporation faced an enforcement action related to its exportation of “services or software” to Specially Designated Nationals (SDNs) and blocked persons in violation of OFAC’s Cuba, Iran, Syria, and Ukraine/Russia-related sanctions programs. According to OFAC’s Enforcement Release, “[t]he majority of the apparent violations . . . occurred as a result of [Microsoft’s] failure to identify and prevent the use of its products by prohibited parties.” Aggravating factors in this case included:

  • Microsoft demonstrated a reckless disregard for U.S. sanctions over a seven-year period.
  •  The apparent violations harmed U.S. foreign policy objectives by providing software and services to more than 100 SDNs or blocked persons, “including major Russian enterprises.”
  •  Microsoft is a “world-leading technology company operating globally with substantial experience and expertise in software and related services sales and transactions.”

Mitigating factors in this case included:

  • There was no evidence that anyone in Microsoft’s U.S. management was aware of the apparent violations at any time.
  • Microsoft cooperated with OFAC’s investigation.
  • Microsoft undertook “significant remedial measures and enhanced its sanctions compliance program through substantial investment” after learning of the apparent violations.

5. British American Tobacco P.L.C.

Statutory Maximum CMP: $508.61 billion

Base Penalty Amount: $508.61 billion (egregious violation, no voluntary self-
disclosure)
Settlement Amount: $508.61 billion

British American Tobacco P.L.C. entered into a settlement for the full statutory maximum CMP resulting from apparent violations of OFAC’s sanctions against North Korea. According to OFAC, the company engaged in a conspiracy “to export tobacco and related products to North Korea and receive payment for those exports through the U.S. financial system” by obscuring the source of the funds involved. Aggravating factors in this case included:

  •  The company “willfully conspired” to unlawfully transfer hundreds of millions of dollars from North Korea through U.S. banks.
  •  The company concealed its business in North Korea through “a complex remittance structure that relied on an opaque series of front companies and intermediaries.”
  • The company’s management had actual knowledge of the apparent conspiracy “from its inception through its termination.”
  •  The transactions at issue “helped North Korea establish and operate a cigarette manufacturing business . . . that has reportedly netted over $1 billion per year.”
  •  British American Tobacco is “a large and sophisticated international company operating in approximately 180 markets around the world.”

Mitigating factors in this case included:

  • British American Tobacco has not received a Penalty Notice or Finding of Violation in the past five years.
  •  British American Tobacco cooperated with OFAC’s investigation.

6. Poloniex, LLC

Statutory Maximum CMP: 19.69 billion

Base Penalty Amount: $99.23 million (non-egregious violation, voluntary self-disclosure)

Settlement Amount: $7.59 million

Poloniex, LLC, which operates an online trading platform in the United States, agreed to settle after it was discovered that the company committed 65,942 apparent violations of various sanctions programs by processing transactions with a combined value of over $15 million. In settling for a small fraction of the base penalty amount, OFAC noted that Poloniex was a “small start-up” when most of the apparent violations were committed and that its acquiring company had already adopted a more-robust OFAC compliance program.

7. Murad, LLC

Statutory Maximum CMP: $22.22 million

Base Penalty Amount: $11.11 million (egregious violation, voluntary self-disclosure)

Settlement Amount: $3.33 million

Murad, LLC, a California-based cosmetics company, faced an OFAC enforcement action after it self-disclosed that it had exported products worth $11 million to Iran. While OFAC found that the company acted willingly in violating its sanctions on Iran, as mitigating factors OFAC noted the company’s remedial response and the “benign
consumer nature” of the products involved.

8. Swedbank Latvia AS

Statutory Maximum CMP: $112.32 million

Base Penalty Amount: $6.24 million (non-egregious violation, no voluntary self-disclosure)

Settlement Amount: $3.43 million

Swedbank Latvia AS faced an enforcement action related to the use of its e-banking platform by a customer with a Crimean IP address to send payments to persons in Crimea through U.S. correspondent banks. While OFAC noted that Swedbank Latvia is “a sophisticated financial institution with over one million customers” and failed to exercise due caution or care, it also noted that the bank took “significant remedial action” in response to the apparent violations and “substantially cooperated” with its investigation.

Insights from OFAC’s 2023 Enforcement Actions To Date

As these recent enforcement actions show, OFAC appears to be willing to give substantial weight to companies’ and financial institutions’ good-faith compliance efforts as well as their remedial efforts after discovering apparent sanctions violations. Cooperation was a key factor in several of OFAC’s 2023 enforcement actions as well. When facing OFAC scrutiny or the need to make a voluntary self-disclosure, companies and financial institutions must work with their counsel to make informed decisions, and they must move forward with a strategic plan in place focused on achieving a favorable outcome in light of the facts at hand.

Oberheiden P.C. © 2023
By Dr. Nick Oberheiden of Oberheiden P.C.
For more news on OFAC Enforcement Actions, visit the NLR Corporate & Business Organizations section.

G7 Sanctions Enforcement Coordination Mechanism and Centralized EU Sanctions Watchdog Proposed

On Feb. 20, 2023, Dutch Minister of Foreign Affairs Wopke Hoekstra gave a speech titled “Building a secure European future” at the College of Europe in Bruges, Belgium where he made a plea to “(…) sail to the next horizon where sanctions are concerned.” The Dutch Foreign Minister said European Union (EU) “(…) sanctions are hurting the Russians like hell (…)” but at the same time the measures “(…) are being evaded on a massive scale.” Hoekstra believes this is in part because the EU has too little capacity to analyze, coordinate, and promote the sanctions. However, arguably, there is also a lack of capacity at the EU Member-State level to enforce sanctions.

Against this background the Dutch Foreign Minister proposed to set up a sanctions headquarters in Brussels, Belgium, i.e., a novel watchdog or body to tackle the circumvention of EU sanctions. Such a body might represent the nearest EU equivalent to the U.S. Office of Foreign Assets Control (OFAC). OFAC both implements and enforces U.S. economic sanctions (issuing regulations, licenses, and directives, as well as enforcing through issuing administrative subpoenas, civil and administrative monetary penalties, and making criminal referrals to the U.S. Department of Justice). In Hoekstra’s words:

“A place where [EU] Member States can pool information and resources on effectiveness and evasion. Where we do much more to fight circumvention by third countries. This new HQ would establish a watch list of sectors and trade flows with a high circumvention risk. Companies will be obliged to include end-use clauses in their contracts, so that their products don’t end up in the Russian war machine. And the EU should bring down the full force of its collective economic strength and criminal justice systems on those who assist in sanctions evasion. By naming, shaming, sanctioning, and prosecuting them.”

The Dutch Foreign Minister’s proposal – which is also set out in a separate non-paper – apparently is backed and supported by some 10 or so EU Member States, including Germany, France, Italy, and Spain.

Additionally, on Feb. 23, 2023, the press reported the international Group of Seven (G7) is set to create a new tool to coordinate their enforcement of existing sanctions against the Russian Federation (Russia). The aim of the tool, tentatively called the Enforcement Coordination Mechanism, would be to bolster information-sharing and other enforcement actions.

Background

Like other Members of the G7, the EU has adopted throughout 2022 many economic and other sanctions to target Russia’s economy and thwart its ability to continue with its aggression against Ukraine. Nevertheless, currently EU Member States have different definitions of what constitutes a breach of EU sanctions, and what penalties must be applied in case of a breach. This could lead to different degrees of enforcement and risk circumvention of EU sanctions.

As we have reported previously, on Nov. 28, 2022, the Council of the EU adopted a decision to add the violation of restrictive measures to the list of so-called “EU crimes” set out in the Treaty on the Functioning of the EU, which would uniformly criminalize sanctions violations across EU Member States. This proposal still needs the backing of EU Member States, which have traditionally been cautious about reforms that require amendments to their national criminal laws.

Next steps

The decision on when and how to enforce EU sanctions currently lies with individual EU Member States, who also decide on the introduction of the EU’s restrictive measures by unanimity. As such, the Dutch Foreign Minister’s proposal requires the backing and support of more EU Member States. If adopted, the new proposed body could send cases directly to the European Public Prosecutor’s Office (EPPO), assuming the separate “EU crimes” legislative piece was also adopted.

Notably, the Dutch Foreign Minister’s proposal appears to suggest a stronger targeting of third countries, which are not aligned with the EU’s sanctions against Russia or help in their circumvention (e.g., Turkey, China, etc.).

Whether or not an EU sanctions oversight body is established, the Dutch proposal signals the current appetite for enhanced multilateral coordination on economic sanctions implementation and tougher, more consistent enforcement of economic sanctions violations. The G7’s proposed Enforcement Coordination Mechanism points in the same direction.

©2023 Greenberg Traurig, LLP. All rights reserved.

OFAC Offers Guidance in the Wake of Tornado Cash Sanctions

The U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) updated its “frequently asked questions” (FAQs) Tuesday, providing guidance relating to the sanctions against Tornado Cash, the Ethereum “mixer” it blacklisted in August, following allegations that North Korea used Tornado Cash to launder stolen digital assets. The updated information from OFAC comes as a welcome snippet of communication, allowing for clarity on the scope of the action taken against Tornado Cash, as well as providing guidance for U.S. persons affected by the blacklisting who, through no fault of their own, were caught up in federal action.

The updated FAQs provide guidance on four points: (1) the ability to withdraw funds from wallets associated with the Tornado Cash blacklist; (2) whether the OFAC reporting obligations apply to “dusting” transactions; (3) whether U.S. persons can engage in transactions involving addresses implicated in the blacklist without a license; and (4) what, more generally, is prohibited in the wake of the OFAC blacklisting of Tornado Cash.

(1)        Withdrawing Funds

If a U.S. person sent virtual currency to Tornado Cash, but did not complete the mixing transaction or otherwise withdraw such virtual currency prior to August 8, 2022 (the effective date of the OFAC blacklist), such person can request a specific license from OFAC to engage in transactions involving that virtual currency (assuming such person conducts the contemplated transactions within U.S. jurisdiction).

In order to obtain this license, such persons will need to provide, “at a minimum, all relevant information regarding these transactions with Tornado Cash, including the wallet addresses for the remitter and beneficiary, transaction hashes, the date and time of the transaction(s), as well as the amount(s) of virtual currency.”

OFAC indicates that they will embrace a favorable licensing policy towards such applications, so long as the contemplated transactions did not involve conduct that it deems to be otherwise sanctionable, and that licensing requests can be submitted by visiting the following link: https://home.treasury.gov/policy-issues/financial-sanctions/ofac-license-application-page.

(2)        “Dusting” Transactions

Dusting is the act of sending unsolicited and nominal amounts of virtual currency or other digital assets to third parties. This can be done in order to cause consternation on the part of the recipient, particularly in a situation where there is confusion as to the legality of receiving such funds or actions.

OFAC indicates that it has been made aware of Dusting involving virtual currency or other virtual assets from Tornado Cash, and indicates that while, technically, OFAC’s regulations would apply to these transactions, to the extent that these Dusting transactions have no other sanctions associated with them other than Tornado Cash, “OFAC will not prioritize enforcement against the delayed receipt of initial blocking reports and subsequent annual reports of blocked property from such U.S. persons.”

In short, while not a desirable transaction to take place, OFAC does not intend to pursue action against persons simply because they are the target of Dusting.

(3)        Engaging in Transactions With Tornado Cash

OFAC clarified that, without explicit license from OFAC, U.S. persons are prohibited from engaging in any transaction involving Tornado Cash, including any transaction done via currency wallet addresses OFAC has identified as part of the blacklist.

Specifically, “[i]f U.S. persons were to initiate or otherwise engage in a transaction with Tornado Cash, including or through one of its wallet addresses, such a transaction would violate U.S. sanctions prohibitions, unless exempt or authorized by OFAC.”

(4)        Further Tornado Cash Guidance

Referencing FAQs 561 and 562, OFAC reemphasized their authority to include as identifiers on the Specially Designated Nationals and Blocked Persons List (SDN List) specific virtual currency wallet addresses associated with blocked persons, and that such SDN List entry for Tornado Cash included as identifiers certain virtual currency wallet addresses associated with Tornado Cash, as well as the URL address for Tornado Cash’s website.

While the Tornado Cash website has been deleted, it remains available through certain Internet archives, and accordingly OFAC emphasized that engaging in any transaction with Tornado Cash or its blocked property or interests in property is prohibited for U.S. persons.

Interacting with open-source code itself, in a way that does not involve a prohibited transaction with Tornado Cash, is not prohibited. By way of example, “U.S. persons would not be prohibited by U.S. sanctions regulations from copying the open-source code and making it available online for others to view, as well as discussing, teaching about, or including open-source code in written publications, such as textbooks, absent additional facts.  Similarly, U.S. persons would not be prohibited by U.S. sanctions regulations from visiting the Internet archives for the Tornado Cash historical website, nor would they be prohibited from visiting the Tornado Cash website if it again becomes active on the Internet.”

While this update to FAQs come as a welcome bit of clarity, Web3 investors, entrepreneurs, and users should continue to tread carefully when engaging with opportunities and technologies on the periphery of Tornado Cash and the accompanying OFAC action. When questions arise, it is important to seek out informed counsel, to discuss the risks of proposed actions and how best to mitigate that risk while working to pioneer new and emerging technologies.

Article By David A. Lopez-Kurtz of Dinsmore & Shohl LLP

For more finance and cryptocurrency legal news, click here to visit the National Law Review.

© 2022 Dinsmore & Shohl LLP. All rights reserved.

Beware OFAC in a Time of Sanctions

On Monday, April 25, 2022, the U.S. Treasury Department’s Office of Foreign Asset Control (“OFAC”) announced a settlement with Toll Holdings Limited (“Toll”), an Australian freight forwarding and logistics company, with respect to Toll’s originations and/or receipt “of payments through the U.S. financial system involving sanctioned jurisdictions and persons.” Toll, which is not an American entity, and is neither owned by Americans nor located in the U.S. or any of its territories, was involved in almost 3000 transactions where payments were made in connection with sea, air, and rail shipments to, from, or through North Korea, Iran, or Syria, AND/OR involving the property of a person on OFAC’s Specially Designated Nationals and Blocked Persons List. OFAC did not have direct jurisdiction over Toll, BUT because the payments for Toll’s freight forwarding and logistics services flowed through U.S. financial institutions, Toll “caused the U.S. financial institutions to be engaged in prohibited activities with … sanctioned persons or jurisdictions.”

Each OFAC violation can be the basis of civil sanctions. Here the 2853 violation would have supported the imposition of civil sanctions totaling over $826 million. Toll was “happy” to settle OFAC’s enforcement action for $6 million. OFAC found that the Toll violations were “non-egregious,” in part due to the rapid growth of Toll after 2007 through acquisitions of smaller freight forwarding companies. OFAC noted that by 2017 Toll had almost 600 invoicing, data, payment, and other systems spread across its various units. OFAC also noted that Toll did not have adequate compliance procedures and procedures in place and did not attend to those issues until an unnamed bank threatened to cease doing business with Toll because Toll was using its U.S. dollar account to transact business with sanctioned jurisdictions and/or persons. OFAC took note of Toll’s voluntary self-disclosure, well-organized internal investigation, and extensive remedial measures.

OFAC traces its origins to the War of 1812, when the then Secretary of the Treasury imposed sanctions on the United Kingdom in retaliation for the impressment of American sailors. The Treasury Department has had a special office dealing with foreign assets since 1940 (and the outbreak of World War II), with statutory authority found in the Trading With The Enemy Act of 1917 (as World War I raged), and a series of federal laws involving embargoes and economic sanctions. OFAC received its current name as part of a Treasury Department order on October 15, 1962 (contemporaneous with the Cuban missile crisis).

The Toll settlement reflects the growing use by OFAC of public enforcement against foreign businesses for “causing” violations by involving U.S. payment systems. The use of U.S. dollars in any part of a transaction will typically involve the U.S. financial system, directly or indirectly – that subjects the entirety of the transaction to U.S regulatory jurisdiction, including that of OFAC. The Toll settlement evidences OFAC’s increasing willingness to exercise its expansive jurisdiction over foreign businesses, even those involving primarily extraterritorial transactions — for example, the increase in OFAC sanctions of foreign businesses seen as facilitating the Russian invasion of Ukraine.

Foreign businesses must give serious and continuing attention to having substantial policies and procedures in place to insure compliance with U.S. sanctions and, thereby, to avoid OFAC enforcement actions. Companies can start by reviewing OFAC’s Framework for Compliance Commitments and implementing the recommendations there. In addition, all parties to a transaction should be screened against sanction lists (OFAC’s, and also those of the U.K. and E.U.). Companies should consider adopting preventive measures, not only to deter violations, but also to demonstrate a vigorous compliance program.  Similarly, these issues MUST be considered as part of any merger or acquisition (as the Toll experience suggests).Finally, all counterparties, including financial intermediaries, should be evaluated for potential sanction list issues. Otherwise, a foreign business may have to “pay the Toll” for its shortcomings.

Experienced American business lawyers may prove helpful in designing and/or evaluating the compliance programs of non-U.S. companies.

Article By Peter D. Hutcheon of Norris McLaughlin P.A.

For more financial legal news, click here to visit the National Law Review.

©2022 Norris McLaughlin P.A., All Rights Reserved