On February 8, 2016, the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) announced a $2,485,890 settlement with Barclays Bank Plc (“Barclays”). According to the settlement announcement, Barclays processed 159 U.S.-dollar (“USD”)-denominated transactions on behalf of Barclays Bank of Zimbabwe Limited (“Barclays Zimbabwe”) between July 2008 and September 2013. OFAC stated that the transactions violated § 541.201 of the Zimbabwe Sanctions Regulations (“ZSR”), 31 C.F.R. Part 541 (prohibiting transactions involving blocked property).
Notably, the property at issue in this case was not that of an individual or entity specified on the List of Specially Designated Nationals and Blocked Persons (the “SDN List”), but rather was property of corporate customers that were over 50% owned by an SDN – Industrial Development Corporation of Zimbabwe (“IDCZ”). Such property is blocked under OFAC’s “50 Percent Rule.” According to the settlement announcement, Barclays processed USD transactions on behalf of three customers of which IDCZ was a beneficial owner. In pursuing this case, OFAC has reinforced the importance of maintaining adequate Know Your Customer (“KYC”) controls – even for non-US banks working abroad under local conditions that can make screening challenging– when transactions on behalf of those customers pass through US financial institutions.
OFAC’s web notice explains that beginning around 2005, local Zimbabwe restrictions precluded Barclays Zimbabwe from complying with economic sanctions, including by conducting sanctions screening. (The web notice does not specify what these restrictions were.) Due to these restrictions, Barclays’s operations in the United Kingdom (“Barclays UK”) assumed responsibility for screening Barclays Zimbabwe’s cross-border transactions. However, this screening was dependent on Barclays Zimbabwe’s capturing ownership information for its corporate customers, which was incomplete. Similarly, Barclays Zimbabwe’s own KYC requirements “were ambiguous and difficult to follow.” As a result, Barclays Zimbabwe failed to include beneficial ownership information in its customer files that would have allowed Barclays UK to conduct OFAC sanctions compliance screening. Barclays UK was aware of the difficulties Barclays Zimbabwe faced in capturing its customers’ information and implemented work-arounds to deal with this deficiency but as the bank informed OFAC, the work-arounds were “cumbersome to implement and little used.” Although Barclays Zimbabwe eventually identified IDCZ in its paper files as a beneficial owner for one of the three customers at issue in 2011, the bank failed to update its electronic system (on which Barclays UK relied to conduct screening) with this information and transactions on behalf of the customer continued.
In 2012, US financial institutions blocked four USD transactions relating to one of the blocked customers that Barclays’s New York branch (“Barclays NY”) had attempted to process. Although Barclays NY subsequently conducted an internal investigation and determined that IDCZ was a beneficial owner of the customer, the bank again failed to upload this information into its sanctions filter.
OFAC noted that Barclays not only failed to implement adequate controls (even after uncovering warning signs that a potential violation could occur), but also had actual knowledge or reason to know of the conduct at the supervisory and management levels. Barclays’ size and sophistication were also noted as additional aggravating factors. On the other hand, Barclays’ lack of violations over the past five years, its remedial actions, and its cooperation with OFAC’s investigation were noted as mitigating factors, as was the fact that the customers themselves had not been designated on the SDN List at the time the transactions were processed.
OFAC stated that enforcement action may be “particularly appropriate,” even if an individual or entity is not included on the SDN list, when:
- The violator “maintains direct customer relationships for entities that are beneficially owned, directly or indirectly, 50 percent or more by one or more SDNs, and is processing or routing transactions to or through the United States on behalf of such customers;”
- The institution’s records “clearly demonstrate or otherwise clarify the SDN ownership of the customer, but the institution failed to act on the information;” and/or
- Information relating to “the SDN ownership of the customer is publicly available and allows intermediary banks to identify and block such transactions.”
Also noteworthy in this case is the fact that OFAC focused its enforcement effort on Barclays, rather than the US banks that processed the transactions. Presumably, these banks could have conducted their own screening of Barclays’s customers, and therefore could have identified IDCZ as the beneficial owner. However, OFAC pursued enforcement only against Barclays. The web notice does not set forth OFAC’s theory of liability, but rather states only that Barclays violated section 541.201 of the ZSR. This provision prohibits U.S. persons from dealing in blocked property, including the receiving of funds from a blocked person and the provision of services to a blocked person. It is possible that OFAC’s charging of Barclays rests on a theory that Barclays exported financial services from the United States to the blocked Zimbabwean entities which would be similar to the theory of liability in other OFAC enforcement actions against non-U.S. banks. Alternatively, OFAC’s theory may have been that Barclays “caused” US banks to violate sanctions, which itself is a violation under the International Emergency Economic Powers Act (“IEEPA”), under which the ZSR and most other sanctions regimes are promulgated. While OFAC does not appear to have ever explicitly charged a non-U.S. person with “causing” an IEEPA violation, many of the recent OFAC banking cases seem to involve an element of “causing”.
Notably, this enforcement action seems to differ from most previous OFAC enforcement actions against non-US banks, which targeted the practice of “stripping”—i.e., removing information related to sanctioned countries or persons from payment messages in order to evade sanctions filters at US banks. The November 2015 settlement with Crédit Agricole is one of many examples of this over the last decade. Here, OFAC did not allege that Barclays engaged in any such deliberately misleading conduct. Rather, Barclays was held liable for violations that resulted from inadequate screening, even where local law in Zimbabwe appears to have made sanctions screening and data collection difficult.
This case is notable for OFAC’s penalization of Barclays despite (1) the apparent lack of misleading conduct that characterized other bank sanctions cases, and (2) the fact that local Zimbabwe law—which may have been a blocking statute akin to what the EU has enacted in the Cuba sanctions context—apparently prohibited Barclays Zimbabwe from conducting screening, which OFAC did not consider to be a mitigating factor in imposing the penalty.