Every country must establish proactive measures to protect its finances from illegal actions and apply sanctions toward hostile governments or people. In the USA, the Department of Treasure has created a sanctions list against any targeted individual, group, or company. It allows it to control all international transactions while also adding to national security. It is controlled by the Office of Foreign Assets Control or simply OFAC. In 2021, OFAC compliance imposed over $20,8 million of monetary penalties across 20 enforcement actions, with China and Russia being the toughest targets of the organization.
After reading this article, you will get an answer to such a critical question as 'What is OFAC compliance?'. Besides, we will outline the necessary steps of OFAC compliance for financial institutions as well as the purpose of the sanctions and define what OFAC stands for in banking. We will also present you with a helpful tool that will help you save lots of money and time on the checking process.
Interested? Then keep on reading.
What is OFAC?
Let's start with the basics.
So, what does OFAC mean? The Office of Foreign Assets Control, aka OFAC, is the American financial intelligence and enforcement body under the US Department of Treasury. It aims at applying both trade and economic sanctions toward various criminal targets. Among them are hostile foreign governments, drug traffickers, terrorists, or other people who are a threat to the national security or economy of the country.
OFAC also helps to prevent any type of financial crime with anti-money laundering regulations (AML). AML laws were created in 1970 together with the Currency and Foreign Transactions Reporting Act. According to them, banks and other financial organizations must file currency reports with the US and identify all the people engaged in the transactions. Since then, these laws have been updated several times to improve the customer identification mechanisms, procedures, and due diligence process.
OFAC and KYC
The first question financial organizations receive daily is, 'How well do you know your customers?' It is often casually called KYC, and it's a serious issue for every company that works in regulated industries.
So, what does OFAC stand for in banking in terms of KYC? That is how financial organizations get to know their customers directly. That is why it must be crucial to customer acquisition and retention policies for today's financial organizations.
Who is OFAC applicable to?
Let's now answer the question 'What is OFAC in banking?' and who must be OFAC compliant in the financial sphere. Any resident of the United States of America must comply with OFAC regulations. This applies to:
- US financial institutions and banks;
- Non-bank subsidiaries;
- Bank-holding companies.
Moreover, the national banking agencies constantly evaluate the OFAC programs so that all the banks under their supervision fully comply with the sanctions. OFAC regulations don't just apply to US residents and domestic companies (like in the case of the Bank Secrecy Act). They can also be applied to foreign subsidiaries and branches.
Key Difference between OFAC and OFSI
In simple words, the Office of Financial Sanctions Implementation or OFSI is basically the British version of OFAC with some slight nuances. Established on March 31, 2016, within the UK HM Treasury, it now works very closely with law enforcement. Its main goal is to make all the financial sanctions understood and implemented. The creation of the OFSI was mainly provoked to address the differences in sanction appliances between the US and UK governments.
What is the Purpose of OFAC in Banking?
But what is OFAC meaning in banking? OFAC is the direct successor to the Office of Foreign Funds Control, or simply FFC, founded in 1940, just before the beginning of World War II. At that time, its primary goal was to protect the assets on the occupied territories from the Nazis. When the United States joined the war, this organization took part in the economic warfare against all the enemy states, and it aimed at applying restrictions and freezing assets that pertained to foreign countries under the US jurisdiction.
Today, OFAC creates and maintains a list of all the targeted companies and people. Such a list is called Specially Designated Nationals or Blocked Persons (SDN). Besides, all the residents of the USA and national institutions are prohibited from any type of engagement with the people from this list.
What are Economic and Trade Sanctions?
Economic and trade sanctions are penalties applied to a person, group, or country to change their policies, decisions, or behavior. They are called so because their main aim is to block access to the financial system and markets of the United States. The most common outcomes of the economic and trade sanctions are trade restrictions, freezing of assets within the territory of the US, and travel bans.
Today, the United States has more than 30 active sanctions programs, some of which aim at specific countries or such illegal activities as terrorism or cybercrimes. Basically, sanctions serve as a cheaper and lower-risk course of action when choosing between war and diplomacy.
Sometimes, sanctions are applied before more punitive actions. Just remember the Iraq case, when in 1990, the United Nations Security Council used sanctions against this country after Saddam Hussein invaded Kuwait. The military response was authorized only a bit later.
Why Should Banks be OFAC-Compliant?
What does OFAC stand for in banking? And which transactions are subject to OFAC regulations? Every transaction made within the United States territory by a bank or financial institution goes through OFAC regulations. That is why when such a financial institution processes transactions from people or companies from the OFAC list. These actions are illegal.
Blocking the transactions
According to the current laws of the United States, any assets that a person, company, or government from the OFAC list owns in the USA must be blocked. For example, there is a transfer between two offshore banks. It goes through a US bank, and one of the banks (or both) is on the OFAC list. Then such a transaction must be blocked.
Overall, all the banks operating in the territory of the USA must block transactions that:
- go to or through the blocked person/entity;
- are connected to the other transactions that involve the blocked person/entity;
- are by or on behalf of the blocked person/entity.
If the bank faces one of the abovementioned issues, it must complete the payment order and place these funds into the blocked account. After receiving it, this order can only be canceled with a permit from the OFAC.
Prohibition of the transactions
There are cases when the transactions can be prohibited even if there are no requirements for its blockage by OFAC. In this case, such transactions must be rejected and not further processed.
How is that possible? For example, let's look at SSR or Sudanese Sanctions Regulations. According to them, no commercial activity in Sudan must be supported. So, even if there is a funds transfer between the US and a Sudanese company (which is not against US sanctions), this goes against Sudanese laws. No matter if both parties aren't on the blocked list, the SSR does require securing such transactions within the USA. That is why US banks can't process such transactions.
OFAC Compliance Checklist for Banks
OFAC has outlined the necessary measures for OFAC compliance for banks in its work called A Framework for OFAC Compliance Commitment. Here are five elements of sanction compliance for all companies within US jurisdiction:
- Management commitment: the main duty of the senior management (both executives, board or directors, and leadership), according to the OFAC, is to build a strong culture of OFAC. And then stay aligned with this program on each level. The management should also give enough resources to the company's compliance department, hire a dedicated OFAC officer, and ensure that all the staff members implement and follow the OFAC program.
- Risk assessment: when creating and updating their sanctions programs, all financial institutions must use a risk-based approach. What does this mean? It means that they need to implement the risk assessment process to find out any potential issues regarding compliance and adjust their program to address those issues directly. The risk assessment must be performed in the due diligence of clients, transactions, customers' onboarding processes, mergers, and acquisitions. Those present the most common challenges for OFAC.
- Internal control: when you create a compliance program, make sure to create procedures and necessary policies regarding the OFAC sanctions: identifying, escalating, reporting, and keeping a record of them.
- Testing & auditing: having OFAC programs onboard requires constant testing and auditing processes. This way, you will be able to identify the program's effectiveness and weak points. You will also find out how exactly you need to update your software, systems, and technologies used for the effective performance of your compliance program.
- Training: OFAC requires all financial companies to conduct annual training on sanctions for those employees involved in the process. During them, you must communicate all the employee's responsibilities in the sanction compliance process and assess their knowledge.
Common violations of the OFAC program
We have already spoken about OFAC compliance, but what can strictly violate this program? Here we have collected the most popular violations among financial institutions that you should avoid:
- Lack of OFAC program;
- Transaction by non-US residents (for example, by overseas subsidiaries and affiliates);
- Export or re-export of US-based goods or services to people or countries from the OFAC list;
- Misunderstanding of how to apply OFAC regulations;
- Payments processing via US banks for commercial transactions with blocked by OFAC people or countries;
- Not updating sanctions software regularly;
- Improper due diligence (to both customers and clients);
- Liability of the managers, senior management, and supervisors;
- Implementation of unique payment and commercial practices.
Necessary steps to become OFAC-compliant
According to the OFAC, any bank or financial institution must abide by such OFAC regulations and laws as:
- Conduct due diligence;
- Block all the transactions (even from the new accounts) from people or countries from the SDN list;
- Reject any transactions that do not involve people or countries from the SDN list but are prohibited by sanctions laws;
- Provide a detailed report on blocked transactions annually by September 30;
- Make a report to OFAC about all the rejected and blocked transactions within 10 business days.
Technology and Procedures Banks Can Use to Ensure OFAC Compliance
Staying compliant with OFAC regulations is a challenge for many financial institutions today. Of course, on the surface, they seem pretty simple, as you must not violate the sanctions in foreign economics and trade set by the US government. However, you get a list of 20,000+ names of blocked people and organizations by these sanctions. But there are no official screening requirements suggested by OFAC.
As we already told you, the OFAC framework of compliance states that you must employ a risk-based approach to manage all the potential sanctions risks. They also encourage financial companies to deploy innovative sanctions compliance technologies to facilitate this process. Millions of dollars companies spend annually on specialized software which can help easily detect the blocked names on transactions.
Sanctions Check by Growthdot is a unique add-on to your Zendesk help desk that can save time and money and simplify the data-checking process. You do not need to pay third-party companies and spend the whole budget determining whether people or companies you work with are not on the OFAC list. Instead, everything you need is right in your Zendesk. You can even check everything in your ticket or use a search bar to find the needed person or company's name.
The financial industry has always been put under scrutiny and strict regulations. OFAC regulations are one of them. So if financial institutions operate within the USA, they must comply with it. But staying fully compliant can become quite a challenge. For this reason, many banks hire a dedicated OFAC officer or employ sanctions technology to prevent any possible risks. You can decide for yourself what works better in your case.
General Data Protection Regulation
Find out how to protect users' data