Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC warns of possible evasion of Russian oil price cap
On April 17, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) issued an alert warning U.S. persons regarding the possible evasion of the price cap set on crude oil of Russian origin, particularly oil exported through the Eastern Siberia Pacific Ocean pipeline and ports on the eastern coast of Russia. OFAC reminded U.S. persons providing covered services that they “are required to reject participating in an evasive transaction or a transaction that violates the price cap determinations” and must report such transactions to OFAC. In the alert, OFAC referenced recently issued guidance on the implementation of the price cap policy for Russian crude oil and petroleum products for additional information (covered by InfoBytes here).
OFAC sanctions chemical suppliers tied to Mexican drug cartel
On April 14, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 14059, against two Chinese entities and five individuals based in China and Guatemala for their roles in supplying precursor chemicals to Mexican drug cartels for the production of illicit fentanyl intended for U.S. markets. OFAC coordinated with the DEA and the DOJ to take this action. “Treasury, as part of the whole-of-government effort to respond to [the fentanyl] crisis, will continue to vigorously apply our tools to prevent the transfer of precursor chemicals and machinery necessary to produce this drug,” Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said in the announcement. The sanctions block all property and interests in property subject to U.S. jurisdiction belonging to the sanctioned persons and require such property, as well as “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons,” to be reported to OFAC. U.S. persons are also generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons. OFAC warned that “persons that engage in certain transactions with the individuals and entities designated today may themselves be exposed to sanctions or subject to an enforcement action.”
OFAC sanctions target Russian financial facilitators
On April 12, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), in coordination with the United Kingdom, announced sanctions targeting Russian financial facilitators to curb the country’s access to the international financial system. The sanctions, issued pursuant to Executive Order 14024, target 25 individuals and 29 entities with touchpoints in 20 jurisdictions, and include the facilitation network of one of Russia’s wealthiest billionaires who is subject to sanctions in multiple jurisdictions, OFAC said. The designations also serve to reinforce existing measures and further disrupt Russia’s ability to import critical technologies for use in its war against Ukraine. Concurrently, the State Department designated several entities operating in Russia’s defense sector, as well as entities supporting Russia’s war efforts against Ukraine and entities associated with the country’s energy exports. (See also State Department’s fact sheet here.) The Commerce Department also added 28 entities to its entity list. “Today’s action underscores our dedication to implementing the G7 commitment to impose severe costs on third-country actors who support Russia’s war,” Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson said in the announcement.
As a result of the sanctions, all property and interests in property belonging to the sanctioned persons that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons, unless authorized by a general or specific OFAC license, or otherwise exempt.
In conjunction with the sanctions, OFAC issued several Russia-related general licenses (see GLs 62, 63, 64, and 65), revoked GL 15, and published new FAQ 1122.
Multinational tech company to pay $3.3 million for OFAC and BIS violations
On April 6, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC), in consultation with the Department of Commerce’s Bureau of Industry and Security (BIS), announced a $3.3 million settlement with a multinational technology company to resolve potential civil liabilities stemming from the exportation of services or software from the United States to sanctioned jurisdictions and to Specially Designated Nationals (SDNs) or blocked persons. The settlement comprised an agreement with OFAC to pay a civil penalty of $2,980,264.86 and an administrative penalty of $624,013 with BIS. In light of the related OFAC action, the company was given a $276,382 credit by BIS contingent upon the company fulfilling its requirements under the OFAC settlement agreement, resulting in a combined overall penalty amount of $3,327,896.86.
According to OFAC’s web notice, the conduct underlying the administrative penalty imposed by BIS stemmed from certain conduct involving the company’s Russian subsidiary. The conduct underlying the settlement with OFAC took place between July 2012 and April 2019, when the company and certain subsidiaries allegedly “sold software licenses, activated software licenses, and/or provided related services from servers and systems located in the United States and Ireland to SDNs, blocked persons, and other end users located in Cuba, Iran, Syria, Russia, and the Crimea region of Ukraine.” The total value of the 1,339 apparent violations was more than $12 million. OFAC alleged that the causes of these apparent violations stemmed from a lack of complete or accurate information on end customers for the company’s products, and that during the relevant time period, there were shortcomings in the company’s restricted-party screening controls. Among other things, OFAC alleged that the company’s screening architecture did not aggregate identifying information across its various databases to identify SDNs or blocked persons, failed to screen and evaluate pre-existing customers in a timely fashion, and missed common variations of restricted party names.
In arriving at the $2,980,265.86 settlement amount, OFAC considered various mitigating factors, including that (i) evidence did not show that persons located in U.S. offices or management were aware of the alleged activity at the time (the apparent violations were revealed during a self-initiated look back); (ii) upon identifying the apparent violations, the company self-disclosed the matter to OFAC, conducted a retrospective review of thousands of past transactions, cooperated with OFAC throughout the investigation, terminated the accounts of the SDNs or blocked persons, and updated internal procedures to disable access to products or services upon discovery of a sanctioned party; and (iii) the company “undertook significant remedial measures and enhanced its sanctions compliance program through substantial investment and structural changes.” OFAC outlined several compliance considerations for companies conducting business through foreign-based subsidiaries, distributors, and resellers, and reminded businesses that OFAC’s SDN List is dynamic, and that when changes to the list are made, “companies should evaluate their pre-existing trade relationships to avoid dealings with prohibited parties.”
OFAC sanctions former Haitian politician
On April 5, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 13818, against the former President of the Haitian Chamber of Deputies “for his extensive involvement in corruption in Haiti.” OFAC explained that the designated individual “is a current or former government official, or a person acting for or on behalf of such an official, who is responsible for or complicit in, or has directly or indirectly engaged in, corruption, including the misappropriation of state assets, the expropriation of private assets for personal gain, corruption related to government contracts or the extraction of natural resources, or bribery.” The sanctions follow the designation of two Haitian politicians last December for their involvement in activities or transactions that have materially contributed to, or pose a significant risk of materially contributing to, the international proliferation of illicit drugs or their means of production. (Covered by InfoBytes here.)
As a result of the sanctions, all property and interests in property belonging to the sanctioned individual subject to U.S. jurisdiction are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are also generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons unless authorized by a general or specific license, or exempt. Financial institutions and persons that engage in certain transactions with the designated individual may themselves be exposed to sanctions or subject to enforcement.
OFAC sanctions politically connected Lebanese individuals
On April 4, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 13441, against two politically connected Lebanese brothers who engaged in corrupt practices that contributed to the undermining of Lebanon’s democratic process. As a result of the sanctions, “all property and interests in property of the individuals named above, and of any entities that are owned, directly or indirectly, 50 percent or more by them, individually, or with other blocked persons, that are in the United States or in the possession or control of U.S. persons, must be blocked and reported to OFAC.” U.S. persons are generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons.
Treasury recommends stronger DeFi supervision
On April 6, the U.S. Treasury Department published a report on illicit finance risks in the decentralized finance (DeFi) sector, building upon Treasury’s other risk assessments, and continuing the work outlined in Executive Order 14067, Ensuring Responsible Development of Digital Assets (covered by InfoBytes here).
Written by Treasury’s Office of Terrorist Financing and Financial Crimes, in consultation with numerous federal agencies, the Illicit Finance Risk Assessment of Decentralized Finance is the first report of its kind in the world. The report explained that, while there is no generally accepted definition of DeFi, the term has broadly referred to virtual asset protocols and services that allow for automated peer-to-peer transactions through the use of blockchain technology. Used by a host of illicit actors to transfer and launder funds, the report found that “the most significant current illicit finance risk in this domain is from DeFi services that are not compliant with existing AML/CFT [anti-money laundering and countering the financing of terrorism] obligations.” These obligations include establishing effective AML programs, assessing illicit finance risks, and reporting suspicious activity, the report said.
The report made several recommendations for strengthening AML/CFT supervision and regulation of DeFi services, such as “closing any identified gaps in the [Bank Secrecy Act (BSA)] to the extent that they allow certain DeFi services to fall outside the scope of the BSA’s definition of financial institutions.” The report also recommended, “when relevant,” the “enforcement of virtual asset activities, including DeFi services, to increase compliance by virtual asset firms with BSA obligations,” and suggested continued research and engagement with the private sector on this subject.
In addition, the report pointed to a lack of implementation of international AML/CFT standards by foreign countries, “which enables illicit actors to use DeFi services with impunity in jurisdictions that lack AML/CFT requirements,” and commented that “poor cybersecurity practices by DeFi services, which enable theft and fraud of consumer assets, also present risks for national security, consumers, and the virtual asset industry.” To address these concerns, the report recommended “stepping up engagements with foreign partners to push for stronger implementation of international AML/CFT standards and advocating for improved cybersecurity practices by virtual asset firms to mitigate these vulnerabilities.” The report seeks input from the public sector to inform next steps.
National bank fined $98 million by OFAC, Fed for sanctions violations
On March 30, the U.S. Treasury Department’s Office of Foreign Assets (OFAC) announced a $30 million settlement with a national bank to resolve potential civil liabilities stemming from trade insourcing software that the bank and its predecessor bank provided to a foreign European bank between 2008 and 2015. According to OFAC’s web notice, at the direction of a mid-level manager, the predecessor bank customized the software for general use by the European bank, which the predecessor bank “knew or should have known would involve engaging in trade-finance transactions with sanctioned jurisdictions and persons.” The European bank used the software to manage 124 non-OFAC compliant transactions totaling approximately $532 million involving parties in jurisdictions subject at the time of the transactions to sanctions regulations.
OFAC noted that the national bank inherited the trade insourcing relationships when it acquired the predecessor bank, claiming that the national bank “did not identify or stop the European bank’s use of the software platform for trade-finance transactions involving sanctioned jurisdictions and persons for seven years despite potential concerns raised internally” following the acquisition. OFAC also noted, however, that the national bank’s alleged failure to stop the violations “was not a result of a systemic compliance breakdown within the broader  organization,” which OFAC acknowledged has “a historically strong overall sanctions-compliance program.”
In arriving at the settlement amount, OFAC considered various mitigating factors, including that (i) the majority of the 124 apparent violations related to agriculture, medicine, and telecommunications and therefore may have been eligible for a general or specific license, thus mitigating the harm to sanctions policy objectives; (ii) the legacy business unit at the predecessor bank was relatively small and that there was no indication that senior management either directed or had actual knowledge that the predecessor bank provided the software to the European bank for such purpose; and (iii) upon identifying the alleged violations, the bank promptly terminated the European bank’s access, voluntarily disclosed the matter to OFAC, conducted an extensive internal investigation, produced the results to OFAC, cooperated with OFAC throughout the investigation, agreed to toll the statute of limitations, and took remedial measures.
Concurrently, the Federal Reserve Board issued an order fining the bank holding company in the amount of $67.8 million for allegedly engaging in unsafe or unsound practices related to its oversight of sanctions compliance risks at the national bank. The Fed noted that the national bank “no longer offers the trading platform to foreign banks” and has “strengthened firmwide compliance with OFAC regulations.”
OFAC sanctions darknet marketplace for selling stolen data
On April 5, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order (E.O.) 13694, as amended by E.O. 13757, against one of the world’s largest darknet marketplaces for its involvement in the theft and sale of device credentials and related sensitive information. According to OFAC, the marketplace accesses victims’ devices without authorization and sells the stolen data, including usernames and passwords, on the darknet. The action was taken in coordination with the DOJ and international partners from a dozen countries who are also taking action against market users across multiple jurisdictions and seizing associated website domains. The designation built upon previous actions taken against darknet marketplaces, including sanctions issued last year against the world’s most prominent darknet market. (Covered by InfoBytes here.) OFAC also referenced FinCEN’s 2019 Advisory on Illicit Activity Involving Convertible Virtual Currency, to warn “that darknet markets frequently include offers for the sale of illicit goods and services that use virtual currencies as a method of payment.” (Covered by InfoBytes here.) As a result of the sanctions, all property and interests in property belonging to the sanctioned entity in the U.S. must be blocked and reported to OFAC. OFAC noted that U.S. persons are prohibited from participating in transactions with sanctioned persons, and that “persons that engage in certain transactions with the entity designated today may themselves be exposed to sanctions.”
The DOJ stated in its press release that, along with its partners, it had “dismantled” the marketplace and “arrested many of its users around the world.” The DOJ explained that the marketplace “was also one also one of the most prolific initial access brokers  in the cybercrime world,” and “attract[ed] criminals looking to easily infiltrate a victim’s computer system.” The marketplace sold access to ransomware actors looking to attack computer networks in the United States and globally, the DOJ said, adding that the marketplace also sold device “fingerprints” used to trick third-party websites into thinking the marketplace user was the actual account owner.
OFAC settles with digital platform on sanctioned transactions
On March 31, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a $72,230 settlement with a global digital trading platform to resolve allegations that it processed transactions for customers who self-identified as being located in Iran or Cuba, or were employees of the Government of Venezuela (GoV). OFAC’s web notice stated that between March 2017 and May 2022, the company, or certain of its non-U.S. affiliates, allegedly maintained accounts for customers who submitted information showing their locations were in a sanctioned jurisdiction. OFAC further maintained that the company violated the Venezuela Sanctions Regulations by processing transactions on behalf of two customers who self-identified as employees of the GoV. OFAC claimed, among other things, that the company implemented inadequate compliance processes to identify, analyze, and address risks.
In its web notice, OFAC stated that it determined that “the violations were voluntarily self-disclosed and were non-egregious.” OFAC also considered various mitigating factors, including that the company has not received a penalty notice from OFAC in the preceding five years. Additionally, the company undertook numerous remedial measures upon learning of the alleged violations, cooperated with OFAC throughout the investigation, and agreed to toll the statute of limitations, the notice said.
The company issued the following response: “We appreciate that OFAC recognized our full cooperation and remediation of the issues involved in this matter. These were self-identified and self-reported matters that reflect the rigor of our compliance review processes.”
Orrick represented the company in this matter.