The Office of Foreign Assets Control (OFAC), the division of the Treasury Department responsible for administering and enforcing economic and trade sanctions based on U.S. foreign policy and national security, has released guidance regarding the opening of securities and futures accounts. This guidance included the possible risk factors to consider in developing proactive, risk-based compliance programs. This guidance is intended to assist firms in assessing the risks presented by the firm’s customer base, specific products and investments and the geographic locations in which the firm conducts business.
Regulations and sanctions issued by OFAC are broad and apply to all segments of the securities industry—both regulated and unregulated firms. Notably, although the regulations are rooted in strict liability, enforcement actions and sanctions take into account the due diligence efforts of the firm as a whole.
This new guidance was released in large part as a response to a request from the Securities Industry and Financial Markets Association (SIFMA) for a risk matrix for the banking industry. The guidance released is only a first step in defining concrete examples of products and transactions that might warrant increased scrutiny. In the next several weeks, OFAC expects to release a new revised brochure highlighting specific guidance for the securities industry.
Need for Due Diligence
In most cases, OFAC regulations require blocking all property and interests of sanctions targets, as well as prohibiting any dealings involving those targets. Property interests may be direct, indirect, present, future or contingent. Importantly, both new and existing customers can expose a financial institution to regulatory risk. Accordingly, in addition to measures that are taken when establishing a relationship with a new customer, measures should also be put in place to identify those products or services that may require added scrutiny.
Factors considered in a due diligence review should include
- the nature of the customer – location, market, products and any downstream customers;
- the type, purpose and activity of an account;
- the nature and duration of the relationship between the foreign institution and the U.S. entity;
- sanctions regulations governing the foreign institution; and
- information regarding the institution’s sanctions compliance record.
For any relationship or transaction, firms should know both who is actually undertaking the OFAC screening or monitoring and who owns the customer relationship.
OFAC lists many risk factors that may signal the need for a heightened level of scrutiny. Among these are
- a high number of international transactions, cross-border transactions or investments in a foreign investment fund or on a foreign exchange;
- customers located in or having accounts in high-risk jurisdictions, such as countries found to be of “primary money laundering concern” pursuant to the USA PATRIOT Act;
- accounts for unregistered or unregulated investment vehicles;
- accounts maintained at an offshore bank;
- lack of information regarding beneficial owners of securities;
- cross-border settlements involving the interaction of different settlement systems and laws in different countries;
- U.S. hedge fund with an offshore related fund where beneficial owners are offshore investors; and
- private banking accounts established or maintained for non-U.S. persons or services, or for wealthy clients who use offshore accounts for tax avoidance purposes.
For additional examples, see http://www.ustreas.gov/offices/enforcement/ofac/policy/securities_ risk_11052008.pdf.
OFAC recommends every securities and futures firm establish and maintain a compliance program. In the event of a violation, the severity of any sanction will likely be tempered by the adequacy of the company’s transaction processing system, as well as its overall OFAC compliance program.
Strong compliance programs consist of similar procedures to those found in brokerage firms’ Customer Identification Programs (CIPs). Before entering into any client relationship, firms should screen the client’s identification information and the proposed transactions against OFAC’s applicable sanctions programs and Specially Designated Nationals and Blocked Persons list (“SDN list”), available at http://www.treas.gov/offices/enforcement/ofac/sdn/index.shtml. A strong compliance program uses risk-based measures to verify the identity of each new customer who opens an account. A new customer’s identity should be verified either before the account is opened, or within a short time period afterward.
The Introducing/Clearing Relationship
Despite the similarity between the OFAC compliance requirements and CIP requirements, there are a number of distinctions. Most significantly, OFAC specifically rejects the ability of a firm to delegate responsibility for compliance with OFAC requirements to another firm. This is in contrast to FinCen1 guidance, which recognizes that a clearing firm may allocate compliance for CIP compliance to an introducing broker and that a futures commission merchant, acting as an executing broker in a give-up arrangement, is not subject to the CIP requirement because it does not establish a formal relationship with the customer.2 Thus, OFAC takes the position that, if a firm delegates its OFAC compliance responsibility to a second firm, both could be held liable for any OFAC violation arising from the negligence of the second firm. However, notwithstanding the strict liability nature of OFAC requirements, OFAC also stresses that it will examine the functions of a securities or futures firm and its relative use of customer information in the context of bringing enforcement cases.