InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
OFAC reaches $3.3 million settlement with cosmetics company for Iranian sanctions violations
The U.S Treasury Department’s Office of Foreign Assets Control (OFAC) recently announced settlements with a California-based cosmetics company and a former senior company executive to resolve potential civil liability stemming from allegations that the company participated in a conspiracy to export goods and services from the United States to Iran over roughly an eight-year period. According to OFAC’s web notice, the company entered into an exclusive agreement with an Iranian distributor to sell products in the Middle East, specifically in Iran, without ever receiving a specific license or other applicable OFAC guidance to do so. OFAC maintained that these exported products (for which the company requested a license), were neither generally authorized nor exempt from prohibition. During a later acquisition, the company again applied for, but did not receive, a specific license to export products to Iran. The company knew that an OFAC license was required to lawfully export the products to Iran but continued to do so through departments generally overseen by the former senior company executive, OFAC said, adding that prior to the acquisition, the company did not disclosure the exports or its involvement with Iran, nor was this conduct discovered during pre-acquisition due diligence. By conspiring to export approximately $11.1 million worth of goods to Iran over approximately eight years, the company allegedly violated the Iranian Transactions and Sanctions Regulations.
In arriving at the settlement amount, OFAC considered, among other things, that the company willfully violated U.S. sanctions by exporting its products and services to Iran, despite having knowledge that such conduct was prohibited, and that senior company officials had actual knowledge of the alleged misconduct. The $3.3 million settlement (of which the former senior company executive is responsible for $175,000) reflects that while the company voluntarily self-disclosed the apparent violations, the violations constitute an egregious case. OFAC also considered several mitigating factors, including that: (i) the company has undertaking remedial measures to prevent future misconduct; (ii) the overall percentage represented by its sales to Iran is small; (iii) the company has not received a penalty notice from OFAC in the preceding five years; (iv) the company cooperated with OFAC during the investigation and agreed to toll the statute of limitations; and (v) the former senior company executive’s violations involved the export of benign consumer goods.
Providing context for the settlement, OFAC said, among other things, that the “case highlights that U.S. sanctions on Iran encompass a wide range of potentially violative conduct, including the formation and execution of conspiracies to engage in prohibited activities such as exporting goods to Iran and causing such exports to occur.” OFAC reminded businesses that “placement of a U.S. entity under the compliance structure of a non-U.S. entity that may lack sufficient familiarity with U.S. sanctions laws could prevent the prompt identification of and response to potentially prohibited conduct.”
U.S. and EU enter bilateral sanctions partnership
On May 16, the United States and the European Union entered into a bilateral partnership to strengthen working relationships and share sanctions expertise to address foreign policy goals. The U.S.-EU partnership’s foundation is premised on a collaborative approach for financial sanctions, in which the U.S. Treasury Department’s Office of Foreign Assets Control, the European External Action Service, and the European Commission Directorate-General for Financial Stability, Financial Services and Capital Markets Union will continue to work closely with partners around the world to ensure financial sanctions are fully contributing to member countries’ policy goals. Emphasizing that “[s]anctions are most effective when coordinated with a broad range of international partners who can magnify the economic and political impact,” Treasury stressed the importance of multilateral implementation to maximize the effectiveness of sanctions while minimizing unintended costs and compliance burdens.
FinCEN, Commerce urge monitoring of attempts to evade Russian export controls
On May 19, FinCEN and the Department of Commerce’s Bureau of Industry and Security (BIS) issued a supplemental joint alert urging continued vigilance for potential Russian export control evasion attempts. The alert reinforces ongoing initiatives to further constrain and prevent Russia from accessing critical technology and goods to support its war-making efforts against Ukraine. It follows a joint alert issued last June which urged financial institutions to take a “risk-based approach” for identifying potentially suspicious activity, such as end-use certificates, export documents, or letters of credit-based trade financing. (Covered by InfoBytes here.) The supplemental alert provides information on new export control restrictions implemented since the last joint alert was issued, including evasion typologies, new high priority Harmonized System codes to inform U.S. financial institutions’ customer due diligence, and additional transactional and behavioral red flags to help identify suspicious transactions relating to possible export control evasion.
France fines facial recognition company additional €5.2 million for noncompliance
On May 10, the French data protection agency, Commission Nationale de l’Informatique et des Libertés (CNIL), fined a facial recognition company an overdue penalty payment in the amount of €5.2 million for failing to comply with an October order. As previously covered by InfoBytes, last fall CNIL imposed a €20 million penalty against the company for allegedly violating the EU’s General Data Protection Regulation (GDPR) after investigations found that the company allegedly processed personal biometric data without a legal basis (a breach of article 6 of the GDPR), and failed to take into account an individual’s rights in an “effective and satisfactory way”—particularly with respect to requests for access to their data (a breach of articles 12, 15 and 17 of the GDPR). CNIL reported that the company had two months after receiving the October order to stop collecting and processing data on individuals located in France “without any legal basis, and to delete the data of these individuals, after responding to requests for access it received.” Because the company did not submit proof of compliance within this time frame, CNIL imposed an additional fine on top of the original penalty.
EU court says non-material damages in unlawful data processing may be eligible for compensation
On May 4, the Court of Justice of the European Union (CJEU) issued a judgment concluding that while not every infringement of the EU’s data protection law gives rise, by itself, to a right to compensation, non-material damage resulting from unlawful processing of data can be eligible for compensation. The CJEU reviewed questions posed by the Austrian Supreme Court on whether a mere infringement of the GDPR is sufficient to confer the right to compensation for individuals suffering non-material damages, and whether such compensation is possible only if the non-material damage suffered reaches a certain degree of seriousness. The Austrian Supreme Court also asked the CJEU to clarify what the EU-law requirements are when determining the amount of damages.
The CJEU clarified that the General Data Protection Regulation (GDPR) does not set thresholds for the “seriousness” of damages needed to confer a right to compensation. “[I]t is clear that the right to compensation provided for by the GDPR is subject to three cumulative conditions: infringement of the GDPR, material or non-material damage resulting from that infringement and a causal link between the damage and the infringement,” the court said in the announcement. Limiting the right to compensation to non-material damage that reaches a certain threshold requirement would be contrary to the broad conception of “damage” outlined in EU law, the CJEU explained, pointing out that obtaining compensation based on a certain threshold would result in different outcomes depending on a court’s assessment. Moreover, the CJEU emphasized that because the GDPR does not contain any rules governing the assessment of damages, it is up to the each member state’s legal system to prescribe detailed rules for actions intended to safeguard individual’s rights under the GDPR, as well as the criteria for determining the amount of compensation, provided the determination complies with the principles of equivalence and effectiveness. The CJEU explained in its ruling that “an infringement of the GDPR does not necessarily result in damage, and [] that there must be a causal link between the infringement in question and the damage suffered by the data subject in order to establish a right to compensation.”
OFAC announces new Sudan E.O., issues and amends several sanctions general licenses and FAQs
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) recently announced several sanctions-related actions, including President Biden’s new Executive Order (E.O.) Imposing Sanctions on Certain Persons Destabilizing Sudan and Undermining the Goal of a Democratic Transition. The E.O. expands the scope of a 2006 Executive Order following the determination that recent events in Sudan “constitute[] an unusual and extraordinary threat to the national security and foreign policy of the United States.” The E.O. outlines specific prohibitions and provides that all property and interests in property that are in the U.S. or that later come in the U.S., or that are in the possession or control of any of the identified U.S. persons must be blocked and may not be transferred, paid, exported, withdrawn, or otherwise dealt in. Concurrently, OFAC issued a new FAQ clarifying which sanctions authorities are applicable to Sudan and the Sudanese government.
OFAC also issued Venezuela-related General License (GL) 42, which authorizes certain transactions related to the negotiation of settlement agreements with the IV Venezuelan National Assembly and certain other entities. The authorized transactions must relate to debt owed by the Venezuelan government, Petróleos de Venezuela, S.A., or any entity owned, directly or indirectly, 50 percent or more. GL 42 does not authorizes transactions involving the Venezuelan National Constituent Assembly convened by Nicolas Maduro or the National Assembly seated on January 5, 2021. OFAC also released three new related FAQs and one amended FAQ.
Additionally, OFAC released cyber-related GL 1C, which authorizes certain transactions with Russia’s Federal Security Service that would normally be prohibited by the Weapons of Mass Destruction Proliferators Sanctions Regulations, and issued three amended cyber-related FAQs. A few days later, OFAC issued Russia-related GL 8G, which authorizes certain transactions related to energy that would otherwise be prohibited by E.O. 14024, involving certain entities, including Russia’s central bank. OFAC clarified that GL 8G does not authorize prohibited transactions related to (i) certain sovereign debt of the Russian Federation; (ii) the “opening or maintaining of a correspondent account or payable-through account for or on behalf of any entity subject to Directive 2 under E.O. 14024, Prohibitions Related to Correspondent or Payable-Through Accounts and Processing of Transactions Involving Certain Foreign Financial Institutions”; and (iii) or “[a]ny debit to an account on the books of a U.S. financial institution of the Central Bank of the Russian Federation,” among others.
OFAC announces drug cartel sanctions
On May 9, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 14059, against four individuals involved in the fentanyl trade, along with two related Mexico-based entities. According to OFAC, the sanctioned persons are part of a Sinaloa Cartel network responsible for trafficking a significant portion of fentanyl and other drugs into the United States. OFAC coordinated with the Mexican government, the FBI, the DEA, and Homeland Security to take this action. As a result of the sanctions, all property and interests in property belonging to the sanctioned individuals and entities subject to U.S. jurisdiction are blocked and must be reported to OFAC. U.S. persons are also generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons. Additionally, OFAC warned that “persons that engage in certain transactions with the individuals and entities designated today may themselves be exposed to sanctions or subject to an enforcement action.”
OFAC sanctions Iranian senior officials for wrongfully detaining U.S. nationals
On April 27, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 14078, against four senior officials of Iran’s Islamic Revolutionary Guard Corps Intelligence Organization (IRGC-IO). The IRGC-IO was concurrently designated by the State Department for its involvement in the hostage-taking or wrongful detention of U.S. nationals in Iran. OFAC also implemented the State Department’s designation of Russia’s Federal Security Service as well as the IRGC-IO for their role in wrongfully detaining U.S. nationals abroad. As a result of the sanctions, all property and interests in property of the designated persons that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked.” OFAC’s announcement further noted that its regulations “generally prohibit” U.S. persons from participating in transactions with designated persons unless exempt or otherwise authorized by a general or specific license. Financial institutions and persons that engage in certain transactions with the designated persons may themselves be exposed to sanctions or subject to enforcement.
OFAC, Turkey sanction terrorist financing facilitators
On May 2, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced, pursuant to Executive Order 13224, a joint action with the Republic of Turkey to designate two financial facilitators of Syria-based terrorist groups. The terrorist groups have both been sanctioned by the U.S. and the United Nations. The action demonstrates OFAC’s continued cooperation with Turkey to restrict the financing of terrorist groups that perpetuate violence and instability throughout the region. According to the announcement, the Turkish Ministry of Treasury and Finance and the Turkish Ministry of Interior concurrently implemented an asset freeze against the sanctioned individuals. As a result of the sanctions, all property interests belonging to the sanctioned individuals and entities that are in the U.S. or in the possession or control of U.S. persons are blocked and must be reported to OFAC, as well as “any entities that are owned, directly or indirectly, 50 percent or more by them, individually, or with other blocked persons.” U.S. persons are generally prohibited from engaging in any dealings involving the property interests of blocked or designated persons, and persons that engage in certain transactions with the designated individuals may themselves be exposed to sanctions. OFAC further stated that it “can prohibit or impose strict conditions on the opening or maintaining in the United States of a correspondent account or a payable-through account of a foreign financial institution that knowingly conducted or facilitated any significant transaction on behalf of a Specially Designated Global Terrorist.”
OFAC adds more sanctions linked to timeshare fraud
On April 27, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions, pursuant to Executive Order 14059, against seven individuals and 19 Mexican companies connected to timeshare fraud on behalf of the Cartel de Jalisco Nueva Generacion (CJNG). The CJNG—a Mexico-based organization responsible for trafficking a significant proportion of illicit fentanyl and other drugs that enter the U.S.—is also designated under E.O. 14059. OFAC explained that timeshare fraud often targets older U.S. citizens to scam victims of their life savings and is an important revenue stream for the group’s criminal enterprise. The designations build on sanctions imposed on several other companies in April (covered by InfoBytes here) and continue OFAC’s efforts to disrupt CJNG’s timeshare fraud network.
As a result of the sanctions, all property and interests in property of the designated persons located in the U.S. or held by U.S. persons are blocked and must be reported to OFAC. Further, “any entities that are owned, directly or indirectly, individually or in the aggregate, 50 percent or more by one or more blocked persons are also blocked.” U.S. persons are generally prohibited from engaging in any dealings involving the property or interests in property of blocked or designated persons unless authorized by an OFAC-issued general or specific license, or exempt. OFAC further warned that “U.S. persons may face civil or criminal penalties for violations of E.O. 14059 and the Kingpin Act.”