This is in response to Ken's post in the response to the conference calls, but I thought it should be discussed:
Ken Wrote:
Very, very good example of a nugget. Your bank is expected to do an OFAC risk assessment. (See Appendix M in the new proceedures manual for some standards to apply.) Believe it or not, that's a good thing.
Although OFAC compliance is theoretically risk based, it's not being treated as that in the current examination process. Banks that have done an OFAC risk assessment will have a response to examiners who "suggest" that it is essential to check payees on official checks sold to customers or on-us checks cashed over the counter: "We did a risk assessment, established that we are low risk and have decided that is a risk we are going to take. We're not going to look at them."
I don't know how long it will take to get acceptance across to the examination staff, but there is no point in telling you to do a risk assessment and then saying you are not allowed to tolerate amounts of risk which you have determined to be miniscule. We'll see how it goes.
My response:
The guidance has not changed. Conduct a transaction with a prohibited party and OFAC will fine you. As always, the Board can determine that based upon their risk assessment of their customer base, they are willing to accept the risk and conduct the transactions without searching OFAC. But, that decision should be Board approved and noted in the minutes. OFAC fines still are a risk. I understand OFAC will review the bank's procedures when assessing the fine. Chose to do nothing in this area and you may be looked upon more harshly.