Credit Suisse AG, a Switzerland-based bank, has agreed to a settlement with the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) under which it will pay the largest sanctions penalty of all time—$536 million. The penalty was announced December 16, 2009, by OFAC, the U.S. Attorney General, and the New York County’s District Attorney’s office, and represents the largest penalty to date in a long-running investigation into financial institutions involved with countries sanctioned by the United States. Earlier this year, London-based Lloyds TSB Bank plc (“Lloyds”) settled similar charges with the U.S. Department of Justice and the N.Y. County’s District Attorney’s office for $350 million. Shortly after the Credit Suisse settlement, OFAC announced a separate $217 million settlement with Lloyds for the same conduct, although the penalty was deemed satisfied by the $350 million settlement. These settlements indicate the significant risk that international entities subject to U.S. jurisdiction take in conducting business prohibited by U.S. law.

According to the Settlement Agreement, Credit Suisse processed approximately 5,000 electronic funds transfers (EFTs) on behalf of financial institutions or persons located in Iran, Cuba, Sudan, and Myanmar (Burma), among other countries, between 2002 and 2006. The EFTs and a number of securities transactions were allegedly processed through Credit Suisse’s U.S. subsidiary after information about the payment had been altered to prevent detection of the prohibited parties. The Settlement Agreement and statements by U.S. government officials describe an elaborate process of code names, procedures, and modifications to internal controls designed to prevent detection of the involvement of Iranian banks (the penalties relate overwhelming to Iranian activities) in financial transactions processed through the United States. The Settlement Agreement also indicates that a number of Credit Suisse executives and employees in Europe, including at least one individual with responsibility for compliance, knew of or participated in the activities.

Beginning as early as 1986, in response to sanctions imposed by the United States against Libya, the Settlement Agreement states that Credit Suisse implemented directives to cover payments for executing payment orders to third-country accounts in the United States or with U.S. banks abroad, without stating the name of the ordering party. This procedure allowed Credit Suisse to process payments through U.S. banks on behalf of Libyan banks and the Libyan government without detection. Over time, the Settlement Agreement describes the cover-payments scheme as developing into policies and procedures that were used to process payments involving persons sanctioned under a number of the sanctions programs, including Iran, Sudan, Myanmar (Burma), and Cuba. Among the procedures, review processes were allegedly modified to ensure that bank employees would manually review cover payments to avoid automatic detection at the bank’s payment office. According to the Settlement Agreement, Credit Suisse employees individually reviewed each transaction to ensure that no information would identify the involvement of a prohibited party or country, thereby avoiding detection when the transaction was processed by correspondent banks and others within Credit Suisse.

In 2006, Credit Suisse voluntarily notified OFAC that it was reviewing its processing of securities transactions for violations of U.S. sanctions programs. Credit Suisse did not notify OFAC that it was also investigating its activities as a U.S. dollar clearing bank for payments involving sanctioned countries and persons whose property and interests in property were blocked pursuant to OFAC regulations until later in 2007. By that point, the New York County’s District Attorney’s office had already launched its own investigation into several wire transfers. Under OFAC’s enforcement guidelines, Credit Suisse was therefore only eligible for mitigation credit for voluntarily notifying OFAC of the securities transactions, and not for its activities as a U.S. dollar clearing bank.

Unlike Credit Suisse, which involved its U.S. subsidiary in the prohibited transactions, Lloyds settled with OFAC for activities by its UK and Dubai operations that involved unaffiliated U.S. correspondent banks. Based on the settlement agreements, it appears that the U.S. government determined that both European banks deliberately removed material information to avoid detection of the prohibited transactions by the U.S. financial institutions.

OFAC implements, administers and enforces economic and trade sanctions imposed by Executive Order or specific legislation. The sanctions programs are designed to further U.S. foreign policy and national security goals by targeting particular countries, regimes, and those engaged in certain activities, including terrorism, proliferation of weapons of mass destruction, and narcotics trafficking. OFAC actively enforces sanctions programs against Iran, Sudan, and Cuba, among other countries, and has obtained significant penalties against persons dealing with these countries in the past two years—more than $750 million from Lloyds and Credit Suisse alone.

OFAC sanctions apply to all U.S. citizens, entities, and permanent residents, wherever located, and any person or entity located within the United States, including branches and subsidiaries of foreign entities. Outside the United States, OFAC sanctions apply to:

  • U.S. citizens or permanent residents (even when working for non-U.S. entities)
  • Foreign branches of U.S. companies
  • Foreign subsidiaries of U.S. companies (for Cuban sanctions)
  • Foreign persons and entities dealing in certain U.S.-origin goods in Iran

Sanctions against Iranian banks have been separately implemented in the European Union and the UK to varying degrees. These sanctions limit the ability of other international banks to handle payments and other transactions with sanctioned Iranian banks. The following banks are currently under U.S. sanctions: Bank Melli, Bank Sepah, Bank Mellat, Bank Saderat, and the Export Development Bank and Future Bank, Bahrain. The EU has imposed sanctions against Bank Melli and Bank Sepah. The UK has also sanctioned Bank Mellat. As a practical matter, there are issues in dealing with these currencies in Iran, also. No trades can be conducted in USD, and most EU banks will not clear EUR with Iranian banks. UK’s GDP also cannot be used in transactions with Bank Mellat.

The Credit Suisse and Lloyds settlements illustrate the risks associated with having an ineffective (or unutilized) compliance program for U.S. sanctions and embargoes. The Credit Suisse Settlement Agreement calls mention to the apparent knowledge of the violations by at least one person responsible for compliance and notes that the activities continued following an internal company review of OFAC compliance.

Credit Suisse failed to notify the U.S. government of its internal investigation of EFTs before the district attorney launched its own investigation—thereby resulting in a missed opportunity for voluntary disclosure credit (and a 50 percent reduction in fine under OFAC’s economic sanctions enforcement guidelines), and illustrating the importance of making a complete and prompt disclosure of suspected violations. It is clear from the Settlement Agreement that Credit Suisse’s subsequent “extensive and substantial cooperation” in the investigation, including “well-organized” and “timely” submissions, mitigated some portion of the potential penalty.

These embargoes and economic sanctions pose substantial risks for international organizations doing business in the United States and Iran. An effective program and policies that anticipate the application of various (or multiple) sanctions regimes to an international transaction is necessary to ensure compliance.