On November 19, 2018, French international financial institution Société Générale entered into a global settlement agreement with several United States federal and state regulators and prosecutors[1] to resolve criminal and civil investigations into the bank’s alleged violations of U.S. economic sanctions. This agreement required Société Générale to enter into Deferred Prosecution Agreements, Consent Orders, and an OFAC Settlement Agreement, and to pay $1.34 billion in total criminal and civil penalties.

The Société Générale violations arise from the practice of “stripping,” or the systematic removal or omission of references to parties subject to U.S. sanctions from payment instructions sent to or through the U.S. financial system. Similar schemes by other European banks resulted in massive economic sanctions penalties.[2] Those widely reported settlements reflect OFAC’s enforcement priority toward willful circumvention of sanctions prohibitions. In addition to further demonstrating this well-known prioritization, the Société Générale settlement contains several sanctions compliance lessons applicable across all industries.

Timely Disclose Apparent Violations

The OFAC and SDNY settlement announcements reflect disagreement within the U.S. government as to whether Société Générale timely disclosed its apparent violations. OFAC concluded that the bank submitted a voluntary self-disclosure of the Cuba, Sudan, and Iran sanctions violations. Such disclosures reduce the applicable statutory maximum penalty by 50 percent in cases of egregious violations.

According to its press announcement, the SDNY concluded that Société Générale failed to timely disclose the Cuba-related violations, because it did not disclose those apparent violations “to OFAC or any other U.S. regulator or law enforcement agency until well after the commencement of the Government’s investigation.” The timeline of events as set forth in the settlement agreements and announcements supports this position.

  1. March 2012 – the U.S. government begins investigation after an unidentified third-party U.S. financial institution blocks two Sudan-related transactions processed by Société Générale.
  2. May 2012 – Société Générale submits an initial notification of apparent Sudan-related sanctions violations.
  3. February 2013 – Société Générale submits a voluntary self-disclosure of apparent Sudan-related sanctions violations, which identifies additional potential Sudan, Iran, and Cuba sanctions violations.
  4. Early 2014 – Société Générale agrees to expand the scope of its review of U.S. dollar transactions.
  5. October 2014 – Société Générale discloses its Cuban Credit Facilities, which total nearly 2,000 U.S. dollar transactions cumulatively worth about $10.3 billion.

According to the SDNY, the bank’s senior management and sanctions compliance department knew prior to March 2012 that the $10.3 billion Cuban Credit Facilities violated U.S. law. The bank did not disclose those violations, however, until late 2014 following a “detailed forensic analysis” of the transactions.

Businesses seeking to reduce monetary penalties through voluntary self-disclosures should disclose violations upon discovery in the form of initial notifications. If during the course of a lengthy internal investigation significant violations unrelated to those identified in the initial notification are discovered, the business should file additional notifications.

Monitor and Identify Previously Rejected Transactions

OFAC’s Settlement Agreement indicates that the New York branch of the bank properly rejected a $1.4 million payment from a German bank involving an Iranian credit facility. Following this rejection, however, Société Générale New York accepted a payment from the German bank in that same amount. The German bank simply resubmitted the rejected payment.

Banks generally use their automated anti-money laundering transaction monitoring systems to identify these evasion attempts. While this automation facilitates sanctions compliance for banks, a fully functioning sanctions compliance program will monitor and identify transactions that are resubmitted following a rejection, irrespective of the industry.

Centralize Sanctions Compliance

The OFAC Settlement Agreement notes that stripping violations continued after the bank rescinded the circumvention procedures. Apparently, several units within the bank did not receive the instruction to cease the stripping/obfuscation practice. A properly centralized sanctions compliance program mitigates the risk of such communication failures, which is crucial to maintaining enterprise-wide sanctions compliance.

We will continue to monitor OFAC enforcement actions and publish updates as significant developments arise.