What is The Office of Foreign Assets Control (OFAC)?
Every country must take proactive steps to protect its finances from foreign affairs. The U.S. Department of the Treasury has established a sanctions list against targeted individuals to control international transactions and contribute to national security. These rules are governed by the Office of Foreign Assets Control (OFAC).
The Office of Foreign Assets Control (OFAC) administers and enforces economic sanctions based on U.S. foreign policy. The goal is to enforce national security against targeted individuals and entities such as:
- Foreign and sanctioned countries
- International narcotics traffickers
It also includes anyone engaged in certain activities like transnational organized crime and the proliferation of weapons of mass destruction. OFAC acts under the executive order of Presidential wartime and national emergency powers to freeze assets under U.S. jurisdiction.
The Office of Foreign Assets Control has been delegated regulatory responsibility by the Secretary of the Treasury to develop, administer, and manage U.S. sanctions programs. Many of these regulations are based on United Nations and other global mandates and thus, are multilateral in scope. This means, enforcing these sanctions involves direct cooperation with allied governments.
Who is OFAC Applicable to?
Every U.S. person and business must comply with OFAC regulations. This includes:
- U.S. banks
- Bank holding companies
- Nonbank subsidiaries
Federal banking agencies continuously evaluate OFAC compliance programs to ensure all banks under their supervision comply with sanctions.
Unlike the Bank Secrecy Act (BSA), OFAC laws and regulations don’t just apply to U.S. persons and domestic agencies, they also apply to foreign branches and overseas subsidiaries. The organization encourages banks to take a risk-based approach when implementing an OFAC compliance program.
Specially Designated Nationals List
After the events of September 11, 2001, the OFAC set its attention on identifying terrorists. This is when the U.S. government created the Specially Designated Nationals List (SDN). This list is comprised of companies and individuals that are controlled or acting for other targeted groups or countries such as terrorists, narcotics traffickers, and foreign sanctions evaders.
The SDN list was created primarily for financial institutions but, as it grows, it’s been increasingly used by insurance companies and international organizations.
Although the list is available as a free download on the OFAC website, there are many issues with looking up a vendor or customer on your own. In most SDN searches, only a name appears. The birthdate, address, and even the country can all be missing. Additionally, the name listed may be an alias or the vendors may be referred to by multiple names. An employer attempting to run an OFAC check on their own could easily misidentify a candidate on the list.
What Bank Transactions are Subject to OFAC Regulations?
Every transaction that a United States financial institution engages in is subject to OFAC laws and regulations. If a bank processes a transaction from a list of specially designated nationals and blocked persons, it would be considered unlawful.
The U.S. law requires that any assets and accounts of an OFAC-specified individual, entity, or country be blocked when such property is located in the U.S., is held by U.S. individuals/entities, or comes into possession of U.S. individuals or entities.
For example, if an offshore bank transfer is routed through a U.S. bank to an offshore bank, and there is an OFAC-designated party involved, the transaction must be blocked.
The definition of assets and property is specifically defined within each sanction program, but it includes anything that is direct or indirect, present, future, or contingent value. This includes all bank transactions. All banks must block transactions that:
- Are going to or through a blocked individual or entity
- Are by or on behalf of a blocked individual or entity
- Are in connection with another transaction in which a blocked individual/entity has an interest
If a U.S. bank receives instructions to make a transfer that falls into one of these categories, it must first execute the payment order and then place the funds into a blocked account. After it is received, a payment order cannot be canceled or amended without an authorization from the OFAC.
In some cases, a transaction may be prohibited but there is no blockable interest. In other words, the transaction should not be accepted but there is no OFAC requirement to block the assets. In these cases, the transaction is simply rejected and not processed.
One example would be the Sudanese Sanctions Regulations (SSR) which does not support commercial activities in Sudan. So, even though a funds transfer between an American and Sudanese company isn’t against U.S. sanctions, it goes against Sudanese laws; despite neither party being part of the Specially Designated Nationals (SDN) or blocked persons list.
However, since the SSR requires blocking transactions with the government of Sudan, and exportation of services to Sudan is prohibited, the U.S. bank cannot process the transaction and it is rejected.
OFAC has the authority to permit certain transactions that would otherwise be prohibited under its regulations. This is done through a concise licensing process and is determined when a transaction does not undermine U.S. policy objectives. This also happens when a transaction is justified by U.S. national security or foreign policy objectives.
General OFAC License
OFAC offers a general license that authorizes categories of transactions. One example is allowing reasonable service charges on blocked accounts, without the need for a case-by-case review from the OFAC. General licenses can be found in the regulations for each sanctions program. Before processing these transactions, a bank will verify that a transaction meets the relevant criteria.
Specific OFAC License
The OFAC also issues specific licenses on a case-by-case basis. This is a written document that authorizes a particular transaction (or set of transactions) that are limited to a specific time period. To receive a specific license, a person or entity must submit an application to the OFAC.
If the transaction conforms to internal licensing policies and U.S foreign policy objectives, then the license is generally issued. If a customer claims to have a specific license, a bank must verify that the transaction conforms to the terms and conditions of the license. This includes the effective dates.
If a transaction is blocked or prohibited, a bank must report it to the OFAC within 10 business days. The blocked assets (as of June 30) must also be reported annually by September 30. Once any assets are blocked, they must be placed in a separate, blocked account.
Banks will keep a record of every rejected transaction for at least five years. For blocked assets, records will be maintained for the period they are blocked and for five years after that date.
How to Maintain OFAC Compliance
Do not get caught doing business with someone on the list. There are heavy OFAC fines and penalties. Banks typically establish an effective OFAC compliance program that is commensurate with an OFAC risk profile. This is based on a few datasets, which include:
- Nature of transactions
- Account age
- Geographic locations
The bank will look at high-risk areas, provide controls for screening and reporting, establish testing for compliance, and designate a specific employee to oversee OFAC compliance. The initial identification of high-risk customers for the OFAC is often performed as part of the bank’s CDD and CIP procedures.
Based on a bank’s OFAC risk profile for each area, it will establish policies and procedures for reviewing transactions and transaction parties. An effective risk assessment is comprised of multiple factors, which can all be weighed differently.
Although not a full list, some examples of products, services, customers, and geographic locations that have a high OFAC risk include:
- Foreign customer accounts
- International funds transfers
- Nonresident aliens accounts
- Cross-border ACH transactions
- International private banking
- Transactional electronic banking
- Commercial letter of credit or other trade finance items
- Foreign correspondent bank accounts
- Payable through accounts
- Overseas branches or subsidiaries
- Concentration accounts
What Accounts Payable Controls Can Businesses Employ?
Every business should have controls in place that ensure compliance with OFAC regulations. When dealing with a high volume of AP transactions, there should be some key rules in place to maintain controls:
It starts with training employees properly on the OFAC compliance process. The scope and training should be consistent with your risk profile and appropriate to each employee’s responsibilities.
Every business should designate a qualified individual that’s responsible for OFAC compliance. They should have the appropriate level of knowledge about OFAC regulations, including the sanctions list and blocked persons.
Know Your Customer
These days, it’s tough to know your suppliers face-to-face. Especially if your business regularly engages in global transactions. This is why KYC (know your customer) is important. Onboarding any partner must involve a background check, including screening on OFAC watchlist databases for:
- Anti-drug trafficking
- International anti-terror
- Anti-money laundering
It’s also appropriate to consider the banking information the supplier provides for their remittance. It’s perfectly acceptable to use this data to investigate a company’s business model and corporate structure.
Additionally, a company should not allow payments until a vendor has submitted their W-9/W-8 tax ID forms. This must be part of your standard onboarding workflow and can be done digitally. Always do what you can to ensure the supply chain is on the right side of the law.
Screen All Transactions
Even if you have been doing business with a vendor for months, every transaction must be monitored and screened. Fraud usually happens when there is a lapse, and not often on the first attempt. If something suddenly changes dramatically with your usual transactions or a contact is added to a blacklist, a company’s controls must account for this type of circumvention. Every point of contact should be a point to reverify or revalidate a payee.
Take a Proactive Approach
Many AP systems driven by business intelligence will give companies the option to flag bad actors themselves. This helps a business take a proactive, community-driven approach to enforcing OFAC rules.
Tipalti services transactions to 300,000+ entities in over 200 different countries and enables customers to benefit from crowd-sourced identification of fraudsters. As soon as the platform sees a red flag with a payee, an immediate investigation is launched and if necessary, authorities are contacted.
Every business should randomly conduct an independent test of its OFAC compliance program. This can be done in a few different ways, including an:
- Internal audit department
- Outside auditor
- Qualified independent party
The frequency and area of the independent tests should be based on the perceived business risk. The person responsible conducts a comprehensive evaluation of OFAC policies, processes, and procedures.
What are OFAC requirements?
The OFAC regulations require that banks do the following:
- Block any accounts and/or other property of specified individuals, entities, or countries
- Prohibit or reject unlicensed financial transactions with certain individuals, entities, or countries
What is an OFAC Check?
According to their site, an OFAC check is looking for:
“specially designated nationals, terrorists, narcotics traffickers, blocked persons and vessels and parties subject to various economic sanctioned programs who are forbidden from conducting business in the United States, as well as entities subject to license requirements because of their proliferation of weapons of mass destruction.”
The OFAC always determines whether an individual or company is authorized to do business in the United States. An OFAC check also includes economic and trade sanctions based on U.S. foreign policy. It’s monitoring the candidate to meet national security goals against foreign regimes, foreign countries, international drug traffickers, and terrorists.
An OFAC check is also looking for anyone who is recreating weapons of mass destruction. Anyone who works with a vendor or individual that does not pass an OFAC check can be criminally charged and fined under federal law. This can include $50,000 to $10 million in fines and up to 30 years in jail.
Targeted Groups in an OFAC Check
Here are groups that an OFAC check is looking for:
- International drug traffickers
- Diamond trading
- Threats to national security, U.S. economy, or foreign policy
- Those involved in the proliferation of weapons of mass destruction
Targeted Countries in an OFAC Check
Here are countries that an OFAC check is looking at:
- Cote D’Ivoire (Ivory Coast)
- North Korea
Targeted Businesses in an OFAC Check
Here are businesses that an OFAC check is looking at:
- Money services
The Future of the OFAC
So, what’s next for the OFAC? All updated financial sanctions of the OFAC are listed on the recent actions page. As global relations and events consistently change, the OFAC will continue to monitor and update the sanctions list. One thing that will always remain the same, however, is that the United States has some of the highest standards for sending and receiving money internationally.