OFAC Enforcement Actions against JPMorgan Chase

Settlement Agreement between the U.S. Department of the Treasury’s Office of Foreign Assets Control and JPMorgan Chase Bank, N.A. (JPMC), and Finding of Violation issued to JPMC

 
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) today announced a $5,263,171 settlement with JPMorgan Chase Bank, N.A., to settle potential civil liability for 87 apparent violations of the Cuban Assets Control Regulations, 31 C.F.R. Part 515 (CACR); the Iranian Transactions and Sanctions Regulations, 31 C.F.R. Part 560 (ITSR); and the Weapons of Mass Destruction Proliferators Sanctions Regulations, 31 C.F.R. Part 544 (WMDPSR).  Specifically, the transactions were net settlement payments, of which a very small portion appears to have been attributable to interests of airlines that were at various times on OFAC’s List of Specially Designated Nationals and Blocked Persons (the “SDN List”), blocked pursuant to OFAC sanctions, or located in countries subject to the sanctions programs administered by OFAC.  These apparent violations do not include transactions that were exempt from the prohibitions of the International Emergency Economic Powers Act (IEEPA); for example, the apparent violations include transactions such as airline freight charges, which are not exempt.  OFAC has determined that JPMC voluntarily self-disclosed the apparent violations, and that the apparent violations constitute a non-egregious case.
 
Separately, OFAC has issued a Finding of Violation to JPMC regarding violations of the Foreign Narcotics Kingpin Sanctions Regulations, 31 C.F.R. part 598 (FNKSR), and the Syrian Sanctions Regulations, 31 C.F.R. part 542.  Specifically, OFAC determined that between August 4, 2011 and April 29, 2014, JPMC processed 85 transactions totaling $46,127.04 and maintained eight accounts on behalf of six customers who were contemporaneously identified on the SDN List.  OFAC determined that JPMC voluntarily disclosed the violations, and that the violations constitute a non-egregious case.

The value of the violating transactions is $1,500,000, and the base penalty is $7,797.290.

And from the Enforcement Information from the settlement:

JPMC operated a net settlement mechanism that resolved billings by and among various airlines and other participants in the airline industry on behalf of its client, a U.S. entity and its approximately 100 members, and a non-U.S. entity and its over 350 members. Between approximately January 3, 2008 and February 8, 2012, JPMC processed 87 transactions through the U.S. financial system that may have contained interests attributable to a sanctions-targeted party. Each of the transactions represented a net settlement payment between JPMC’s client and the non-U.S. person entity whose members included among its numerous airline industry participants eight airlines that were at various times on OFAC’s List of Specially Designated Nationals and Blocked Persons (the “SDN List”), blocked pursuant to OFAC sanctions, or located in countries subject to the sanctions programs administered by OFAC.

JPMC does not appear to have had, prior to January 2012, a process to independently evaluate the participating member entities of the non-U.S. person entity for OFAC sanctions risk, despite receiving red flag notifications regarding OFAC-sanctioned members on at least three occasions. As a result, for a number of years prior to February 2012, JPMC processed net settlement payments that appear to have violated sanctions programs administered by OFAC.

And: 

OFAC found the following to be aggravating factors in this case:

 JPMC appears to have acted with reckless disregard for its sanctions compliance obligations when, in its capacity as a clearing bank in a net settlement mechanism, the bank failed to screen participating member entities of the non-U.S. person entity that participated in the net settlement mechanism with JPMC’s clients for purposes of OFAC compliance, despite being in possession of the necessary information to enable screening;

 JPMC engaged in a pattern of conduct throughout the relevant period during which JPMC missed red flags and other warning signs on several occasions, including two separate occasions in 2011 when the bank received express notification from its client regarding OFAC- sanctioned entities participating in the settlement mechanism;

 the bank was aware that it processed net settlement transactions on behalf of the two member organizations on a weekly basis, and, given the bank’s involvement in reconciling the organizations’ billings against each other, JPMC staff members had actual knowledge of the individual members, including OFAC-sanctioned entities, involved in each transaction;

 JPMC’s activity conveyed economic benefit to several entities subject to OFAC sanctions and harmed the integrity of a number of OFAC sanctions programs; and JPMC is a large and commercially sophisticated financial institution.

OFAC considered the following to be mitigating factors:

 no JPMC managers or supervisors appear to have been aware of the conduct or transactions that led to the apparent violations;

 the total harm caused to OFAC sanctions programs was significantly less than the total value of the transactions because the transactions represented net settlements between numerous parties, of which the sanctioned entities were only a few;

 JPMC cooperated with OFAC’s investigation of the apparent violations, including by entering into a retroactive tolling agreement (and multiple extensions thereof) to toll the statute of limitations;

 JPMC has taken the following steps as part of a risk-based sanctions compliance program to prevent similar apparent violations in the future:

o Between February 2012 and the termination of JPMC’s relationship with its U.S. entity client, JPMC screened all net settlement participants in order to prevent sanctioned entities from utilizing the net settlement process;

o JPMC has increased its compliance staff;

o JPMC has implemented new sanctions-screening software; and

o JPMC has enhanced employee training and has previously used these apparent violations as a case study for training purposes.

And the lesson from this:
 
This enforcement action highlights the risks associated with a U.S. person failing to take adequate steps to ensure that transactions that it processes are compliant with U.S. economic sanctions laws — particularly in instances in which a U.S. person has actual knowledge or reason to know, prior to the transaction being effected, of an SDN’s past, present, or future interest in such a transaction.

From the Finding of Violation:

Between August 4, 2011 and April 29, 2014, JPMC processed 85 transactions totaling $46,127.04 and maintained eight accounts on behalf of six customers who were contemporaneously identified on the List of Specially Designated Nationals and Blocked Persons (“SDN List”). From approximately 2007 to October 2013, JPMC used a vendor screening system that failed to identify these six customers as potential matches to the SDN List. The system’s screening logic capabilities failed to identify customer names with hyphens, initials, or additional middle or last names as potential matches to similar or identical names on the SDN List. Despite strong similarities between the accountholder’s names, addresses, and dates of birth in JPMC account documentation and on the SDN List, JPMC maintained accounts for, and/or processed transactions on behalf of, these six customers.

JPMC identified weaknesses in the screening tool’s capabilities as early as September 2010 and implemented a series of enhancements during the period 2010 to 2012. In 2013, JPMC transitioned to a new screening system. In November 2013, JPMC re-screened 188 million clients’ records through the new system, identified the transactions and accounts described above, and reported the violations to OFAC.

Not dissimilar to other previous small fines, like the one against Deutsche for not screening SWIFT addresses, and Wells Fargo for not leveraging its date of birth information.

Why it was a Finding of Violation:

The determination to issue a Finding of Violation to JPMC reflects OFAC’s consideration of the following facts and circumstances, pursuant to the General Factors under OFAC’s Economic Sanctions Enforcement Guidelines, 31 C.F.R. part 501, app. A. A Finding of Violation is appropriate given that JPMC facilitated and/or processed 85 transactions totaling $46,127.04, and maintained eight accounts on behalf of six customers on the SDN List; JPMC engaged in a pattern of conduct over a two-year period where the apparent violations stemmed from the same screening issue; although JPMC identified this screening issue and implemented multiple screening enhancements, it took over three years to fully address a known deficiency in the vendor-provided screening system; JPMC did not appear to have implemented adequate compensating controls to address the risk these screening deficiencies posed to the bank’s operation of existing accounts or opening of new accounts; and JPMC is a large, sophisticated financial institution. OFAC also considered that no JPMC personnel, including managers or supervisors, appear to have had actual knowledge of the conduct that led to the violations; JPMC has not received a penalty notice or Finding of Violation from OFAC relating to substantially similar violations in the five years preceding the date of the conduct giving rise to the violations; and JPMC cooperated with OFAC’s investigation, including by providing the initial disclosure of these violations, and executing a statute of limitations tolling agreement and an extension to the agreement.

And the lesson:

This enforcement action highlights the importance of financial institutions remediating known compliance program deficiencies in an expedient manner, and when that is not possible, the importance of implementing compensating controls to mitigate risk until a comprehensive solution can be deployed.

Links:

OFAC Notice

Enforcement Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s