OFAC Transaction Blocking and Rejection Compliance: What Financial Institutions Need to Know
Financial institutions in the United States have an obligation to avoid processing transactions in violation of the Office of Foreign Assets Control’s (OFAC) sanctions programs. These sanctions programs prohibit transactions involving Specially Designated Nationals (SDNs) as well as transactions that have the end result of sending funds or property to a sanctioned nation (i.e., exporting goods or services to Iran).
Managing compliance with OFAC’s sanctions programs is not easy. Financial institutions (as broadly defined by the federal Bank Secrecy Act (BSA)) must implement several policies and procedures, and they must adopt internal controls that are effective at identifying transactions that need to be blocked or rejected. They must also have systems in place to block and reject prohibited transactions in the ordinary course, as well as to report blocked and rejected transactions to OFAC in a timely manner.
With this in mind, here are some key considerations for effectively managing financial institutions’ OFAC compliance obligations:
1. Know-Your-Customer (KYC) Compliance Under the BSA
While know-your-customer (KYC) compliance under the BSA is important for financial institutions generally, it also plays a key role in OFAC sanctions compliance. Financial institutions must implement comprehensive KYC protocols that are designed—among other things—to identify SDNs and their related parties. Under OFAC’s 50 Percent Rule, a party is considered to be “related” to an SDN if it owns an interest in property that is also “directly or indirectly owned 50 percent or more in the aggregate by one or more blocked persons.”
2. Identifying Transactions that Implicate OFAC Sanctions
OFAC has implemented several sanctions programs that fall into four broad categories: (i) country-based economic sanctions, (ii) list-based sanctions (including the SDN List), (iii) sector-based sanctions, and (iv) secondary sanctions that apply to entities that are affiliated or do business with SDNs. To maintain OFAC compliance (including blocking and rejecting transactions as necessary), financial institutions must have the requisite tools and systems in place to identify all transactions that implicate OFAC sanctions.
3. Blocking Transactions Involving SDNs (as Originators or Recipients)
The obligation to block transactions that involve SDNs and their related parties applies regardless of whether an SDN (or related party) is the originator or recipient of the property involved. As OFAC explains in its FAQ #32, blocking a transaction involves placing the SDN’s assets (or what would become the SDN’s assets) into an interest-bearing account. This can either be a stand-alone account or an “omnibus account” used to hold blocked assets, “so long as there is an audit trail which will allow specific funds to be unblocked with interest at any point in the future.”
4. Rejecting Transactions that Have Non-SDN-Related OFAC Sanctions Implications
Even if a financial institution cannot block a transaction because the institution is not in possession of funds owned (or to become owned) by an SDN or related party, it may still have an obligation to avoid executing the transaction under an OFAC sanctions program. In this scenario, the financial institution must “reject” the transaction in order to maintain compliance.
Unlike blocked transactions, financial institutions are not required to place funds held in connection with rejected transactions into an interest-bearing account. Rejecting a transaction involves declining to process it and returning any funds received to the originator.
5. Reporting Blocked and Rejected Transactions to OFAC
Financial institutions have an obligation to report all blocked and rejected transactions to OFAC. As OFAC explains in its FAQ #49, “31 C.F.R. Parts §§501.603 and 501.604 require blocking and reject reports to be submitted to OFAC within 10 business days of the date of the action.” Along with their transaction report forms, financial institutions must also submit copies of the original transfer instructions for all reported transactions.
6. Reporting Blocked Property to OFAC
In addition to reporting blocked and rejected transactions, financial institutions also have an obligation to report all blocked property to OFAC annually. Annual Reports of Blocked Property must be submitted no later than September 30, and financial institutions must use a standardized reporting form unless they obtain prior approval to use a different format from OFAC’s Sanctions Compliance and Evaluation Division.
7. Notifying Customers of Blocked and Rejected Transactions
Financial institutions may notify customers that their transactions have been blocked or rejected, although they do not have an affirmative obligation to do so. With respect to blocked transactions, once a customer learns that its transaction has been blocked (and the financial institution is holding the blocked funds in an interest-bearing account), it must apply to OFAC for a license to release the funds. The financial institution must continue to hold the blocked funds until it receives authorization from OFAC to release them.
8. Monitoring, Auditing, and Documenting OFAC Compliance
To ensure compliance with OFAC’s sanctions programs, financial institutions must continually monitor their compliance efforts on an ongoing basis. They must also conduct periodic audits focused on revisiting past transactions to determine whether any obligations to block or reject transactions have gone overlooked. Documentation of financial institutions’ ongoing compliance efforts is critical as well—as OFAC expects financial institutions to be able to produce this documentation during an examination.
9. Voluntarily Disclosing OFAC Sanctions Violations
If a financial institution’s monitoring or auditing efforts uncover an OFAC sanctions violation (i.e., a failure to block or reject a prohibited transaction), the financial institution must quickly engage with counsel to assess the need for voluntary self-disclosure. Under OFAC’s Sanctions Enforcement Guidelines, voluntary self-disclosure is required in many circumstances, and it can also substantially mitigate the maximum civil monetary penalties (CMP) at stake.
10. Responding to OFAC Inquiries
Finally, in addition to assessing the need for voluntary self-disclosure, financial institutions should also work with their counsel to ensure that they are prepared to respond to OFAC inquiries. When OFAC inquires about a suspect transaction, being able to proactively demonstrate compliance through the use of on-hand documentation can substantially mitigate both the risks and costs involved with facing scrutiny in relation to a transaction that OFAC agents believe may have been subject to blocking or rejection.
Dr. Nick Oberheiden, founder of Oberheiden P.C., focuses his litigation practice on white-collar criminal defense, government investigations, SEC & FCPA enforcement, and commercial litigation.