Generali Global Assistance, Inc. (GGA), a New York-incorporated travel assistance services company that provides travel and claims services on behalf of clients that offer global medical expense and travel insurance policies, has agreed to remit $5,864,860 to settle its potential civil liability for 2,593 apparent violations of the Cuban Assets Control Regulations (“CACR”), 31 C.F.R. Part 515 (the “Apparent Violations”). GGA intentionally referred the Cuba-related payments to its Canadian affiliate, thereby avoiding processing reimbursement payments directly to Cuban parties and to travelers while they were located in Cuba. GGA then subsequently reimbursed its Canadian affiliate for those payments. GGA formally codified this indirect payment process in its procedures manual.
What Generali Did
Between at least June 26, 2010, and January 15, 2015, GGA served as a travel services provider on behalf of two Canadian insurers that offered medical expense, travel insurance, and emergency travel insurance policies for non-U.S. Canadian subscribers who travelled to Cuba (referred to herein as “Canadian travelers”). In particular, GGA provided medical expense claim processing and payment services in support of claims paid to Canadian travelers who were insured under a group insurance policy sold by one of the Canadian insurers (referred to herein as “Group Client 1”).
GGA dealt in blocked property in which Cuba or a Cuban national had an interest by (i) providing prohibited post-travel claim reimbursements directly to Canadian travelers who travelled to Cuba, and (ii) providing for the indirect payment of claims to Cuban service providers through a Canadian affiliate. With respect to the claim payments to Canadian travelers, GGA processed claims and made direct post-trip reimbursement payments to the travelers in the same manner as other travel destinations. For requests for payments intended for Cuban service providers, GGA intentionally referred those requests to a Canadian affiliate. GGA would then reimburse the Canadian affiliate after it had paid the Cuban service providers. GGA codified this referral process in its procedures manual, which provided instructions to GGA employees on how to service Canadian travelers’ policies. GGA drafted this policy in 2010 and updated it in 2013.
GGA engaged in the transactions covered by this settlement in support of Group Client 1’s policies between June 26, 2010, and January 15, 2015, which was prior to the Cuba sanctions regulatory changes enacted in January 2015. In servicing these policies, GGA processed 2,593 transactions with a value of $285,760 in apparent violation of § 515.201 of the CACR.
GGA had a sanctions compliance policy in place at the time of the Apparent Violations that required individuals and providers be screened against individuals or entities on OFAC’s List of Specially Designated Nationals and Blocked Persons (“SDN List”), but GGA’s procedures failed to require screening for countries and regions subject to OFAC prohibitions.
Penalty CalculationFor 2593 self-reported, but egregious violations of the Cuban Assets Control Regulations (CACR), the base penalty is only $84,272,500 (Cuba is sanctioned under the Trading with the Enemy Act authorities, which has a much lower penalty structure than the International Emergency Economic Powers Act (IEEPA), which is the authority for most other sanctions programs).
How did OFAC arrive at an over 90% reduction in the base penalty?
OFAC determined the following to be aggravating factors:
(1) GGA appears to have demonstrated recklessness when it intentionally avoided making direct payments to Cuban service providers and instead formalized a referral process to make reimbursement payments to those providers indirectly through a Canadian affiliate when it knew that it would be illegal to make those payments directly; and by providing prohibited post-travel claim reimbursements directly to unauthorized Canadian subscribers who travelled to Cuba;
(2) GGA was aware of the conduct at issue because its policy requiring that claims reimbursement for providers located in Cuba be referred to GGA’s Canadian affiliate was codified in GGA’s customer service procedures and was approved by its Chief Executive Officer;
(3) GGA is part of a large and sophisticated global organization that provides travel services to insurers and other corporate clients worldwide.
OFAC determined the following to be mitigating factors:
(1) With respect to harm caused to the CACR sanctions objectives, Cuba sanctions regulations were later amended to authorize some of GGA’s problematic conduct and the total transaction value of the Apparent Violations was relatively low;
(2) OFAC has not issued any prior penalties, findings of violations, or cautionary, warning, or evaluative letters, or any other administrative actions (including settlements), in the five years preceding the earliest date of the transactions giving rise to the Apparent Violations;
(3) GGA took remedial action in response to the Apparent Violations, including by enhancing its existing OFAC compliance policies and procedures, establishing a formal structure for compliance personnel, and conducting a new sanctions training for all GGA employees;
(4) GGA cooperated with OFAC’s investigation by voluntarily self-disclosing the conduct and signing a tolling agreement and multiple extensions to the agreement; and
(5) GGA has confirmed that it has terminated the conduct that led to the Apparent Violations and has undertaken the following measures as part of its compliance commitments to minimize the risk of recurrence of similar conduct in the future:
• GGA commits to ensuring that its senior management, including senior leadership, executives, or the board of directors, are committed to supporting GGA’s OFAC compliance program.
• GGA has designed and implemented written policies and procedures outlining its sanctions compliance plan and commits to enforcing the policies and procedures through internal or external audits.
• GGA commits to ensuring that its OFAC-related training program provides adequate information and instruction to employees and, as appropriate, stakeholders (for example, clients, suppliers, business partners, and counterparties) in order to support its sanctions compliance efforts.
I find the first mitigating factor problematic – other firms have been penalized for dealing with Sudan, which now has almost no sanctions imposed on it, and did not get such a statement in its enforcement action. Parties get leeway for potentially licensable transactions, but not for things that were actually illegal at the time.
Lesson to Learn
This enforcement action highlights the importance of ensuring that sanctions compliance policies and procedures address both direct and indirect sanctions compliance risks, and in particular, highlights the risks of implementing a procedure to process, indirectly, transactions whose direct processing would be prohibited by U.S. sanctions.