OFAC List Compliance Software Bridger Insight XG

OFAC, what is it? Does it worry you? Don't be like one banker who thought that OFAC was the name of a new NFL expansion team! Get informed!

OFAC stands for Office of Foreign Assets Control, and yes you should be worried. If you do not have a system in place to protect your bank from illegal money laundering by one of many SDN'S (Specially Designated Nationals) or transactions involving one of a number of blocked countries, you could be exposing your bank to substantial fines.

At a recent compliance seminar, a banker asked how long OFAC regulations had been around. The speaker replied, "about 200 years -- it's known as doing business with the enemy." A new twist, however, is that the U.S. Treasury Department now requires that all banks and other financial institutions monitor, block and report every attempted transaction by certain designated individuals and organizations or face stiff fines and prison sentences for non-compliance. This includes transactions involving U. S. currency, check processing, ACH activities, wire transfers and letters of credit.

Are you worried yet?

Quoting from an ALERT Bulletin published by the U. S. Treasury Department, "Is your cost/benefit analysis not winning any converts because OFAC has never fined your bank or even contacted you about a possible violation? It may just be a matter of time."

They continue, "Have you concluded that your small bank would simply not be exposed to the kind of transactions OFAC would be interested in? Think again. Small banks all over the country are being drawn into illegal transactions by their customers: individuals wiring family remittances to relatives in Cuba and Iraq, local exporters utilizing bank financing to cover prohibited shipments from Iran, and individuals routing financial contributions to terrorists and terrorist organizations, for example."

As examples, the U.S. Treasury ALERT bulletin reports the following cases of illegal activities:

"A small bank in Utah was fined $5,000 for merely advising a letter of credit involving commercial activity in Libya. Before your bank issues, confirms, amends or advises an L/C, the face of the credit should be examined for OFAC issues."

"A savings & loan in the Midwest took direct instructions from a customer whose own name actually included the word "Serbian." The S & L paid a civil monetary penalty of $9,000 after another U.S. bank caught the transfer and correctly blocked the funds before sanctions were suspended against the Federal Republic of Yugoslavia."

"A federal savings bank in California was fined $5,000 for attempting to transfer funds for a customer through the Arab Bank for Investment and Foreign Trade (ARBIFT) in Abu Dhabi."

"A credit union in Washington paid $9,000 for a similar transaction involving Arab Turkish Bank (ATB) in Istanbul."

OFAC is not limited to banks. Insurance companies, securities and investment firms, and import/export trading companies are also subject to OFAC regulations. For example, an insurance company could be fined for issuing a life insurance policy to an American citizen who named a Libyan citizen as one of the beneficiaries.

OFAC regulations provide for criminal prosecution with penalties ranging up to 10 years in prison and $1 million in corporate fines and $100,000 in individual fines, per incident. In addition, civil penalties can be assessed up to $50,000 per violation.

Bank examinations now include a review of written policies and operational procedures to assure compliance with OFAC. Banks must establish adequate internal controls to assure that the sanctions imposed by OFAC have not been violated. With over 2000 names and aliases currently listed, some of which are changing frequently, you need to consider a software interdiction system to protect your bank.

In addition, correspondent banks will be screening transactions between other banks and their bank for OFAC activities. The correspondent bank is required to report any violation on the part of any respondent to OFAC within 10 days which will result in penalties against the violating bank. This means if you miss one, your clearing bank has to report you to OFAC to be fined.

How to Find the Right System for Your Bank

When considering an interdiction software system for your bank, the following features should be an essential minimum before you make a decision to purchase:

The system must be accurate
It must find a correct match even if a name is entered incorrectly. For example, the system should be able to account for missing or extra letters, incorrect letters, transposed letters, names run together, and varying name order. The system should also check for initials, abbreviations, and alternate foreign transliterations. If a name is missed, your bank may still be liable.
The system should eliminate false positives
False positive matches can create a major waste of time if you have to check an extended list of names because each false positive must be checked manually. Current systems being marketed range from a high in excess of 1% (1000 false positives per 100,000 names checked) to a low of 1/10 of 1% (100 false positives per 100,000 names checked).
The system should be fast
The system you select should be able to check names very quickly, thereby reducing the intrusion in your work schedule. Current systems available range in speed from 7 names per second to 4000 names per second.
Automated updates of OFAC data
The system you select should update your watch list whenever new data is released by OFAC, so that you can be assured of always being current. The updating process should also be considered. Many interdiction solutions have a complex updating system that requires extensive training. Others are so user friendly, updating the system can be done in a matter of minutes.
Reports produced by the system
The system you select should produce comprehensive reports or be able to import the results into another database for further processing. Without reporting capabilities, your job will be much more difficult.
The cost of the system
The system should be relatively inexpensive, while providing the above minimum features. There are three principal approaches taken by OFAC compliance software developers, which are listed below along with survey price ranges for each:

Single name checking $300 to $2,000

Database checking $600 to $3,500

Annual update fees range from 30% to 100% of the original cost of the system.

It should now be evident that there are wide ranges of prices and complexity of systems. While OFAC regulations require that every financial transaction be checked, it is totally unrealistic for any bank to consider doing it manually. The choice is then to ignore the issue or to select the most cost effective system available that will keep the bank in compliance. We all know from experience that ignoring a law is not a viable option.

Most smaller banks don't really need the expensive, interactive, online systems which will do all the checking automatically. However, they can still protect themselves at a substantially lower cost by selecting a system that analyzes their entire database whenever new OFAC data is released. From that point on, only new customers need to be checked. There are low cost systems available that include the CIF review plus new customer checking with almost no impact on existing staff.

In summary, the system you select must be accurate, easy to implement, fast, and cost effective. While some bankers believe that OFAC will not affect them, they could be sitting on a time bomb, which could go off at any time. Like Reg Z, OFAC is here to stay and it does affect you! Whatever you do, don't be like one banker who said that his bank would rather budget for OFAC fines as opposed to spending money to acquire a system to interdict blocked persons. The only problem with that approach is that knowingly and willfully violating such a federal law would likely become a criminal matter with jail time in addition to fines.