This case highlights the importance of robust OFAC compliance procedures for subsidiaries and M&As.

A U.S. stock exchange operator recently settled with the Office of Foreign Assets Control (OFAC) over apparent sanction violations that occurred through one of its subsidiaries. The New York-based financial services corporation agreed to pay US$4 million due to violating 2012 sanctions on the Iranian government.

The violation occurred through a subsidiary acquired during a 2008 purchase of a Swedish financial company, which in turn owned the Armenian Stock Exchange (ASE). During its ownership of the ASE, services were provided to Mellat Armenia, which is operated by the Iranian state-owned Bank Mellat — a sanctioned entity.

While ASE is no longer a subsidiary of the U.S. stock exchange operator, the violations occurred prior to being acquired by another company, so it was still responsible for the sanctions breaches.

The case highlights the necessity of enacting a thorough OFAC screening and compliance program, especially for subsidiaries and M&As, to avoid inadvertently violating OFAC sanctions.  What can other enterprises learn from this violation to avoid incurring fines and penalties? 

Key Takeaways

  • The subsidiary of a U.S. financial services corporation transacted with a sanctioned entity, resulting in a US$4 million fine.
  • The base level fine was lowered from $16 million to $4 million due to self-disclosing the violation and immediately implementing stringent policies to remain compliant.
  • This violation serves as a prime example of the necessity of comprehensive, ongoing, sanctioned party screening during mergers and acquisitions.
  • OFAC provides a framework to help organizations avoid violations, and Descartes gives you robust tools and comprehensive sanctions list content to perform accurate OFAC screening processes.

How the Actions of a Former Subsidiary Resulted in a Fine for OFAC Sanctions Violations

A recent OFAC enforcement release detailed a settlement between a widely recognized financial services company and OFAC for a sanction violation that occurred via a foreign subsidiary. The case is more complex than most as it involves subsidiaries on both sides of the violation, so let’s break down all the moving pieces.

Timeline of Events

In 2008, the stock exchange operator acquired a Swedish financial company, which operated the Armenian Stock Exchange (ASE).

In 2012, the Armenian subsidiary was required to adhere to sanctions against Iranian state-owned entities. 

However, it continued to provide ASE services to Mellat Armenia, which is owned by sanctioned Bank Mellat. The sanctioned entity was able to use ASE until 2014, committing 151 apparent violations of OFAC sanctions. 

A 2012 risk assessment noted Mellat Armenia participated in ASE and was a subsidiary of a sanctioned, Iranian state-owned entity — yet no action was taken. A similar event occurred again during a 2013 risk questionnaire.

Fortunately, the financial services corporation self-disclosed the OFAC sanctions violations to the agency in 2014. Additionally, it sold off the subsidiaries in 2018 but remained liable for previous violations which happened under its watch.

The organization also stated it implemented remedial measures by creating a sanctions working group, new training programs, adopting advanced screening software, and ongoing assessments of its compliance programs.

OFAC’s Fine Calculation and Comments

OFAC initially calculated the base penalty for the violation to be $16 million. However, the fine was reduced to $4,040,923 for the following reasons:

1. OFAC considered the breach non-egregious due to self-disclosure and full cooperation with the ensuing investigation.

2. They did not obtain the license that would have permitted ASE to continue some activities with Mellat Armenia.

3. The operator implemented organization-wide remedial measures to prevent future violations of OFAC sanctions.

Even though the penalty was reduced, OFAC described aggravating factors such as acknowledging the violation but not taking immediate action and that the organization is a large, sophisticated financial services corporation.

Lastly, OFAC commented on the complexity of sanctions in international mergers and acquisitions, stating that a robust compliance program is crucial to enable U.S. entities detect and counter any risks before they violate OFAC sanctions.

Subsidiaries and M&As Complicate OFAC Compliance

This infraction is a strong example of how M&As and subsidiaries substantially complicate sanctions compliance. This case also underlines the importance of having a thorough understanding of ownership rules and regulations to manage risks especially in M&As which present high exposure to potential sanctions violations, particularly those involving overseas entities.  

Organizations need to ensure that their overseas subsidiaries are compliant with OFAC sanctions, as being a subsidiary or an acquired company does not create exemptions. Creating comprehensive processes, adopting the right tools, and having accurate data to continuously screening for sanctioned / denied parties are critical to avoid non-compliance.

OFAC’s Sanctions Screening Framework Lays the Foundation for Compliance

OFAC provides a framework to help organizations establish or refine sanctions compliance programs (SCPs). While the agency acknowledges that subsidiaries and M&As complicate compliance, their response isn’t to decrease requirements but instead help entities remain compliant.

The framework is intended to help corporations evaluate their specific needs and build SCPs that avoid OFAC sanctions violations. The five-step recommendations are:

  1. Management commitment: The process begins with senior management’s commitment to establishing an ongoing SCP. Management should review and approve the program while taking steps to ensure compliance. The specific steps may vary but recommended actions include appointing an SCP officer and ensuring qualified personnel are in place.
  2. Risk assessment: Risks in this context are any vulnerabilities that open the door for violating OFAC’s screening regulations. While OFAC understands there isn’t a universal approach to risk assessment, this step should focus on a holistic, top-to-bottom review of the organization and how it interacts with external parties. 
  3. Internal controls: An SCP should describe detailed controls that focus on identifying, escalating, and reporting any current or potential violations. Organizations should develop written policies and procedures that describe these controls and detail who is responsible for them.
  4. Testing and auditing: This step involves evaluating current processes for effectiveness and identifying / implementing any necessary corrective actions. Tests and audits can be conducted for the overall SCP or focus on specific aspects of the program, both of which are recommended. 
  5. Training: Designing and implementing a comprehensive training program is critical to the lasting success of an SCP. Training should be periodically provided to all employees that is relevant to their job-specific requirements. OFAC recommends annual training at a minimum, with more frequent sessions being valuable for some departments. 

Additionally, the framework document ends by detailing the typical root causes of OFAC sanctions violations. These highly informed insights are an excellent asset for corporations to understand as they create or refine their compliance programs.

Descartes Visual Compliance Enables Comprehensive OFAC Sanctions Screening

Descartes’ Visual Compliance platform is designed to help organizations of all sizes screen against OFAC’s sanctioned and denied parties list to ensure you don’t incur fines, penalties, or reputation damage.

Our platform leverages our business intelligence capabilities to rapidly screen new and existing partners, clients, or customers against known denied parties. New sanctions are constantly emerging — accordingly, our compliance data sets are updated in near real time to help businesses maintain continuous compliance and avoid costly consequences.

Ready to create or strengthen your denied party screening process? Contact us today to speak to an OFAC sanctions compliance specialist. Additionally, you can learn more about how Visual Compliance supports OFAC screening  and help prevent inadvertently violating sanctions.

Also read what our customers are saying about Descartes Denied Party Screening on G2 – an online third- party business software review platform.