OFAC Enters $583,100 Settlement with Deutsche Bank Trust Company Americas for Apparent Violations of Ukraine-Related Sanctions Regulations and Executive Order 13685 of December 19, 2014, “Blocking Property of Certain Persons and Prohibiting Certain Transactions with Respect to the Crimea Region of Ukraine”
Deutsche Bank Trust Company Americas (DBTCA) agreed to pay $157,500 for processing a large payment, related to a series of purchases of fuel oil, through the United States that involved a property interest of a designated oil company in Cyprus. At the time it processed the payment, DBTCA had reason to know of the designated oil company’s potential interest, but did not conduct sufficient due diligence to determine whether the designated oil company’s interest in the payment had been extinguished. As a remedial measure, DBTCA committed to review the circumstances of the apparent violation with its U.S. sanctions compliance unit and to perform any necessary additional training or changes to the bank’s internal procedures.
Separately, DBTCA agreed to remit $425,600 for processing payments destined for accounts at a designated financial institution. DBTCA failed to stop the 61 payments because it had not included in its sanctions screening tool the designated financial institution’s Society for Worldwide Interbank Financial Telecommunication (SWIFT) Business Identifier Code (BIC) and DBTCA’s screening tool was calibrated so that only an exact match to a designated entity would trigger further manual review. In response to these apparent violations, DBTCA promptly implemented changes to its procedures for adding BICs to its screening tool.
Here’s the first set of violations – the details are worth repeating:
Deutsche Bank Trust Company Americas (DBTCA), a financial institution headquartered in New York, New York, has agreed to remit $157,500 to settle its potential civil liability for an apparent violation of the Ukraine Related Sanctions Regulations, 31 C.F.R. part 589 (URSR). DBTCA appears to have violated § 589.201 of the URSR when it dealt in the property or interests in property of IPP Oil Products (Cyprus) Limited (“IPP”), a blocked person identified on OFAC’s List of Specially Designated Nationals and Blocked Persons (the “SDN List”), by processing a large transaction on August 6, 2015 that involved IPP.
On or about August 6, 2015, DBTCA processed a $28,849,038.39 funds transfer through the United States involving a property interest of IPP, an entity designated by OFAC on July 30, 2015 pursuant to Executive Order 13661, “Blocking Property of Additional Persons Contributing to the Situation in Ukraine.” Although the payment instructions associated with this transaction did not contain an explicit reference to a person (individual or entity) on OFAC’s SDN List or to a country or region subject to comprehensive sanctions, the payment was related to a series of purchases of fuel oil that involved IPP. At the time it processed the transaction, DBTCA had reason to know of IPP’s potential interest in the transaction underlying the payment, which closely coincided with the date of IPP’s designation by OFAC, due to notice provided by the U.S. counsel of a non-accountholder party (“the Entity”). Those representations included statements indicating that title had passed from IPP to non- designated parties prior to OFAC’s designation of IPP. There were also indications in email communications from the U.S. counsel of the Entity that called into question whether IPP’s interest in the oil or funds had been extinguished. DBTCA did not conduct further due diligence to attempt to independently corroborate the statements of U.S. counsel for the Entity and processed the transaction based on its belief that IPP’s interest in the transaction had been extinguished.
On August 6, 2015, senior personnel within DBTCA’s anti-financial crime division, as well as a representative from its counsel’s office, received information from U.S. counsel for the Entity indicating that DBTCA would be receiving a high-value payment and a request that DBTCA acknowledge that it would process the payment onward. The Entity indicated that the payment had to be completed that day in order to meet a strict deadline. During the course of a phone call and subsequent email communications with the Entity, DBTCA became aware that the payment was related to a purchase of fuel oil in which IPP, at some point, had been involved. Despite verbal assurances made to DBTCA from the Entity’s U.S. counsel, that IPP’s title to the fuel oil had transferred to the Entity prior to IPP’s designation, OFAC has determined that IPP nonetheless had an interest in the transaction. DBTCA personnel involved in the exchanges appear to have accepted the verbal assurance from the Entity’s U.S. counsel and processed the transaction, the instructions for which did not contain an explicit reference to an entity on the SDN List, approximately one hour after the Entity first contacted DBTCA, without taking steps to independently corroborate the representations made by the Entity in order to ensure compliance with OFAC’s regulations.
Pretty basic stuff, right? If there is reason to be suspicious, don’t take the word of the interested party…
Here are the aggravating factors:
At a minimum, DBTCA, including several senior managers within the bank’s anti-financial crime division, as well as a representative from its counsel’s office, failed to exercise a minimal degree of caution or care in connection with the conduct that led to the apparent violation;
Multiple DBTCA personnel, including several senior managers within the bank’s anti-financial crime division, as well as a representative from its counsel’s office, had actual knowledge of the conduct that led to the apparent violation;
DBTCA’s conduct could have resulted in significant harm to the sanctions program objectives of the URSR by conferring substantial economic benefit to a person subject to U.S. sanctions; and
DBTCA is a large and commercially sophisticated financial institution.
and mitigating factors:
DBTCA has not received a penalty notice or Finding of Violation from OFAC in the five years preceding the date of the transaction giving rise to the apparent violation;
DBTCA processes a large volume of transactions annually;
DBTCA maintained an OFAC compliance program at the time of the apparent violation;
DBTCA took remedial action in response to the apparent violation by committing to review
with its U.S. sanctions compliance unit the circumstances of the apparent violation and, as necessary, conduct additional training and implement changes to the bank’s internal procedures; and
DBTCA cooperated with OFAC’s investigation, including by submitting detailed and well- organized information to the agency.
The violation was not self-reported, but was not considered egregious.
Now, for the second set of violations – like I said, it’s the same basic info as the 2013 settlement:
Between December 22, 2015 and December 30, 2015, DBTCA processed 61 transactions totaling $276,742.90 destined for accounts with Krayinvestbank, a designated entity. Despite each payment containing Krayinvestbank’s Society for Worldwide Interbank Financial Telecommunication (SWIFT) Business Identifier Code (BIC) and an almost identical match to the bank’s name and address, all of which were included on the SDN List at the time of designation, DBTCA processed the majority of the payments on a straight-through basis without manual intervention.
Contrary to its internal procedures, DBTCA failed to include Krayinvestbank’s SWIFT BIC as an identifier when it originally added the bank’s information to its interdiction filter. In addition, at the time of the transactions, DBTCA’s filter was calibrated in such a way that only a payment with an exact SDN List match would trigger manual review.
although I should note that this was contrary to internal procedures, so this was, to some extent, human error. On the other hand, OFAC claims that they had a close match on the name…
Again, these 61 apparent violations were non-egregious but not self-reported. The base penalty was $640,000, and was settled for $425,600.
DBTCA failed to comply with existing internal policies and procedures when it failed to upload the SWIFT BIC of an OFAC-designated bank into its interdiction software at the time of the bank’s designation;
DBTCA should have known about the transactions at issue because each set of payment instructions contained the SWIFT BIC of the designated bank;
DBTCA undermined the integrity of the sanctions program at issue and caused harm to the sanctions program objectives by providing economic benefit to a designated bank;
DBTCA is a large and sophisticated financial institution; and
DBTCA’s past sanctions history includes a 2013 settlement with OFAC that involved almost
identical conduct to the apparent violations in this case. Specifically, DBTCA settled potential liability for an apparent violation of a different sanctions program that arose from the bank’s failure to include the BIC of a bank identified on the SDN List in its interdiction filter. In making its determination as to the appropriate enforcement response and amount of mitigation in that case, OFAC considered as a mitigating factor the fact that the bank “took appropriate remedial action” in response to the apparent violation.
DBTCA does not appear to have acted with willful intent to violate U.S. sanctions law or with a reckless disregard for its U.S. sanctions obligations;
No DBTCA supervisory or managerial level staff appear to have been aware of the conduct giving rise to the apparent violations;
The apparent violations represent a small percentage of the large volume of transactions DBTCA processes annually;
In response to the apparent violations, DBTCA promptly implemented changes to its procedures for adding BICs to its interdiction filter; and
DBTCA cooperated with OFAC’s investigation of the apparent violations by providing well- organized and user-friendly information in a prompt manner.
And the lessons to be learned:
As part of its settlement with OFAC, DBTCA has agreed to maintain robust compliance procedures by ensuring that its management team is committed to compliance; it conducts risk assessments in a manner, and with a frequency, that adequately account for potential risks; it implements internal controls that adequately address the results of its OFAC risk assessment and profile; and its OFAC- related training program provides adequate information and instruction to employees.
These enforcement actions highlight the risks associated with a U.S. person failing to take adequate steps to ensure that transactions being processed are compliant with U.S. economic sanctions laws– particularly in instances in which a U.S. person has actual knowledge or reason to know, prior to the transaction being effected, of an SDN’s present, future, or contingent interest in a transaction. In particular, U.S. persons should take due caution in accepting the oral or written representations of non- accountholder parties to a transaction where it relates to potential involvement of an SDN.