In the last month, the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) has announced two significant settlements related to violations of U.S. economic sanctions laws by financial institutions. On October 20, 2015, OFAC announced a $329,593,585 settlement with the corporate and investment banking arm of Paris based Credit Agricole S.A., Credit Agricole Corporate and Investment Bank (“Credit Agricole”), relating to Credit Agricole’s alleged violations of various U.S. economic sanctions programs (the “CA Settlement Agreement”).1 On November 4, 2015, OFAC announced that Banco do Brasil, S.A., New York Branch (“BBNY”) agreed to pay $139,500 to settle potential civil liability for violations of the Iranian Transactions and Sanctions Regulations. These settlements highlight the focus of U.S. regulators on foreign banks that use the U.S. financial system to facilitate transactions with sanctioned persons or countries, as well as U.S. banks that do not properly diligence potential violations. They also reinforce the importance of maintaining robust and closely monitored compliance policies for all companies doing business in the United States. We have summarized below the major details of these enforcement actions and certain key takeaways for industry.
According to the CA Settlement Agreement, Credit Agricole and certain predecessor and subsidiary entities processed more than four thousand transactions between 2003 and 2008 to or through U.S. financial institutions involving countries, entities and individuals subject to U.S. economic sanctions. Credit Agricole employees used cover payments and implemented special procedures in order to mask the involvement of U.S.-sanctioned parties in the transactions. As a result of these practices and procedures, U.S. financial institutions reviewing the transactions for compliance with U.S. sanctions programs were not able to see the true nature of the parties involved in the transactions and were not able to detect violations.
The majority of the suspect transactions made use of cover payments and were processed by a Swiss subsidiary of Credit Agricole on behalf of Sudanese clients. Credit Agricole would debit the U.S. dollar account of a Sudanese bank on Credit Agricole’s books and then credit the account of a third-country beneficiary at a non-U.S. financial institution. Records relating to these transactions show that notations specified that Sudan should not be mentioned in the cover payment message sent to the U.S. financial institution.
When notified by the home office that business relationships with a Sudanese bank should be terminated, the Swiss subsidiary responded that the relationship was a long-standing and important one. Many at the Swiss subsidiary, including the legal department, expressed the belief that the subsidiary was not subject to U.S. sanctions laws, despite being told otherwise by the home office and having certain transaction requests rejected by the New York office for sanctions-related issues. A group specifically responsible for sanctions compliance at the Swiss subsidiary repeatedly approved Sudanese U.S. dollar transactions to be processed to or through the United States and noted to business units that outgoing payment messages to the United States must not include sanctions-identifying information.
In addition to the actions of Credit Agricole’s Swiss subsidiary, other branches of Credit Agricole were accused of violating U.S. sanctions with respect to Cuba, Burma and Iran and of processing transactions in a non-transparent manner that prevented U.S. intermediary banks from reviewing the payments for compliance. Although Credit Agricole maintained a policy on transactions with sanctioned persons, the company at times misinterpreted OFAC regulations and suffered from poor oversight. At one point, a Credit Agricole entity even maintained a policy to use cover payments for Iranian transactions. Credit Agricole cooperated with OFAC’s investigation and has taken remedial steps to improve its compliance practices.
Banco do Brasil
After a customer of BBNY’s Brazilian affiliate (“BB Brazil”) was repeatedly flagged during OFAC screening, BBNY manually added the customer to its “Good Guy Exception List” in order to avoid future flagging. BBNY concluded that the customer, Isfahan Internacional Importadora Ltda (“Isfahan”), was only flagged because Isfahan’s name included the name of a place in Iran. In reaching this conclusion, BBNY relied on the verbal representations made to BB Brazil by the customer. Isfahan, which imported rugs from various countries to Brazil, represented that its business did not involve goods exported from or imported to Iran.
Shortly after placing Isfahan on the list, BBNY processed three funds transfers originated by Isfahan’s account at BB Brazil and destined for a third-country beneficiary’s account at multiple third-country financial institutions. The aggregate amount of these funds transfers was $70,244.61 and they occurred between October 22, 2010 and February 11, 2011. Because Isfahan was on BBNY’s Good Guy Exception List, the bank cleared these transactions. However, later in 2011, BBNY processed a similar funds transfer for Isfahan and, while BBNY again did not flag the transaction for further review, another U.S. intermediary financial institution did. The intermediary financial institution requested that BBNY provide it with detailed information, including copies of any related invoices associated with the payment. BB Brazil provided BBNY with the requested information, including a copy of the invoice and bill of lading related to the payment. Although it noted that the document provided “was of poor quality,” BBNY did not request a better copy, concluded that the document did not reference Iran and sent it along to the U.S. intermediary financial institution. That financial institution reviewed the documents and determined to reject the funds “due to Iran involvement” based on references to Iran in the invoice.
Following the payment transfer and the communication between BBNY and the U.S. intermediary financial institution described above, BBNY processed another three funds transfers totaling $94,714.28 between November 14, 2011 and June 4, 2012 for Isfahan. These transfers were processed despite the fact that BBNY’s screening system flagged two of the transfers for manual review due to an address discrepancy. BBNY concluded that it did not need to request additional documents or detail from Isfahan in order to clear these transactions because its due diligence in connection with placing Isfahan on the Good Guy Exception List and its review of the invoice it previously received were sufficient. Because BBNY did not review and update its Good Guy Exception List, it processed transactions related to Iran after its interdiction software failed to flag Isfahan. In addition, BBNY was on notice that it should have reviewed these transactions more carefully due to the finding of the intermediary financial institution and the two transfers flagged for manual review.
Based on its investigation, OFAC concluded, among other things, that (i) BBNY did not voluntarily self- disclose the apparent violations, (ii) the apparent violations constitute a non-egregious case and (iii) BBNY may have been unaware of the risks associated with a false hit list that was not reviewed and updated regularly. In determining the amount of penalty, OFAC considered a number of aggravating factors, including that several BBNY employees failed to exercise a minimal degree of care and caution, as well as a number of mitigating factors, including that BBNY cooperated with the investigation and took remedial action as a result of its findings. Following the BBNY investigation, OFAC released guidance discussing how to properly administer a “Good Guy” or “False Hit” list.
Key Takeaways for Business
The Credit Agricole and Banco do Brasil enforcement actions emphasize the importance of compliance across a multinational organization with U.S. economic sanctions programs, even for non-U.S. companies whose only business in the United States is to clear U.S. dollar transactions through a correspondent bank. U.S. regulators continue to enforce their jurisdiction over foreign parties when they cause U.S. banks to unknowingly violate sanctions by masking the connection of U.S. dollar transactions to sanctioned persons and countries. This enforcement priority is part of a long-standing pattern of ensuring that the U.S. banking system is not used to facilitate transactions – even by foreign persons – that would be prohibited under U.S. sanctions laws. These settlements also highlight the need for multinational organizations to have a clear, consistent and well articulated approach to determining which entities and activities are subject to U.S. economic sanctions and what level of diligence is required with respect to potential violations.